@misterhuydo/sentinel 1.0.0

package/python/sentinel/reporter.py

@@ -0,0 +1,173 @@
+"""
+reporter.py — Build and send HTML health-report emails.
+
+Scheduled every REPORT_INTERVAL_HOURS or triggered by SIGUSR1.
+"""
+
+import logging
+import smtplib
+from datetime import datetime, timezone
+from email.mime.multipart import MIMEMultipart
+from email.mime.text import MIMEText
+
+from jinja2 import Template
+
+from .config_loader import SentinelConfig
+from .state_store import StateStore
+
+logger = logging.getLogger(__name__)
+
+_HTML_TEMPLATE = Template("""\
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8">
+<style>
+  body { font-family: Arial, sans-serif; font-size: 14px; color: #222; }
+  h2 { color: #1a73e8; }
+  h3 { color: #444; border-bottom: 1px solid #ddd; padding-bottom: 4px; }
+  table { border-collapse: collapse; width: 100%; margin-bottom: 16px; }
+  th { background: #f1f3f4; text-align: left; padding: 6px 10px; }
+  td { padding: 5px 10px; border-bottom: 1px solid #eee; }
+  .ok   { color: #2e7d32; }
+  .fail { color: #c62828; }
+  .warn { color: #e65100; }
+  .pr-link { font-weight: bold; }
+  .mono { font-family: monospace; font-size: 12px; }
+</style>
+</head>
+<body>
+<h2>🤖 Sentinel Health Report</h2>
+<p>Generated: <strong>{{ generated_at }}</strong></p>
+
+<h3>Summary (last {{ hours }}h)</h3>
+<table>
+  <tr><th>Metric</th><th>Count</th></tr>
+  <tr><td>Errors detected</td><td>{{ stats.errors }}</td></tr>
+  <tr><td>Fixes applied</td><td class="ok">{{ stats.applied }}</td></tr>
+  <tr><td>Fixes failed</td><td class="fail">{{ stats.failed }}</td></tr>
+  <tr><td>Skipped</td><td class="warn">{{ stats.skipped }}</td></tr>
+</table>
+
+{% if open_prs %}
+<h3>⏳ Pending Review (AUTO_PUBLISH=false)</h3>
+<p>The following fixes are waiting for admin approval. Review and merge on GitHub:</p>
+<table>
+  <tr><th>Fingerprint</th><th>Branch</th><th>PR</th><th>Age</th></tr>
+  {% for pr in open_prs %}
+  <tr>
+    <td class="mono">{{ pr.fingerprint[:8] }}</td>
+    <td class="mono">{{ pr.branch }}</td>
+    <td><a class="pr-link" href="{{ pr.pr_url }}">{{ pr.pr_url }}</a></td>
+    <td>{{ pr.age }}</td>
+  </tr>
+  {% endfor %}
+</table>
+{% endif %}
+
+{% if recent_fixes %}
+<h3>Recent Fix Activity</h3>
+<table>
+  <tr><th>Time</th><th>Fingerprint</th><th>Status</th><th>Commit</th></tr>
+  {% for fix in recent_fixes %}
+  <tr>
+    <td>{{ fix.timestamp }}</td>
+    <td class="mono">{{ fix.fingerprint[:8] }}</td>
+    <td class="{{ 'ok' if fix.status == 'applied' else 'fail' if fix.status == 'failed' else 'warn' }}">
+      {{ fix.status }}
+    </td>
+    <td class="mono">{{ fix.commit_hash[:8] if fix.commit_hash else '-' }}</td>
+  </tr>
+  {% endfor %}
+</table>
+{% endif %}
+
+<hr>
+<small>Sentinel — Autonomous DevOps Agent</small>
+</body>
+</html>
+""")
+
+
+def _age(ts_str: str) -> str:
+    try:
+        ts = datetime.fromisoformat(ts_str)
+        if ts.tzinfo is None:
+            ts = ts.replace(tzinfo=timezone.utc)
+        delta = datetime.now(timezone.utc) - ts
+        hours = int(delta.total_seconds() // 3600)
+        if hours < 1:
+            return f"{int(delta.total_seconds() // 60)}m"
+        return f"{hours}h"
+    except Exception:
+        return "?"
+
+
+def build_and_send(cfg: SentinelConfig, store: StateStore):
+    hours = cfg.report_interval_hours
+    errors = store.get_recent_errors(hours)
+    fixes = store.get_recent_fixes(hours)
+    open_prs = store.get_open_prs()
+
+    stats = {
+        "errors": len(errors),
+        "applied": sum(1 for f in fixes if f["status"] == "applied"),
+        "failed": sum(1 for f in fixes if f["status"] == "failed"),
+        "skipped": sum(1 for f in fixes if f["status"] == "skipped"),
+    }
+
+    # Annotate PRs with human-readable age
+    for pr in open_prs:
+        pr["age"] = _age(pr.get("timestamp", ""))
+
+    html = _HTML_TEMPLATE.render(
+        generated_at=datetime.now(timezone.utc).strftime("%Y-%m-%d %H:%M UTC"),
+        hours=hours,
+        stats=stats,
+        open_prs=open_prs,
+        recent_fixes=fixes,
+    )
+
+    if not cfg.report_recipients:
+        logger.warning("No REPORT_RECIPIENTS configured — skipping email")
+        return
+
+    _send_email(cfg, html, stats)
+    store.record_report(
+        recipient_count=len(cfg.report_recipients),
+        summary=stats,
+    )
+
+
+def _send_email(cfg: SentinelConfig, html: str, stats: dict):
+    subject = (
+        f"[Sentinel] Health Report — "
+        f"{stats['applied']} fixed, {stats['failed']} failed, "
+        f"{stats['errors']} errors detected"
+    )
+
+    msg = MIMEMultipart("alternative")
+    msg["Subject"] = subject
+    msg["From"] = cfg.smtp_user
+    msg["To"] = ", ".join(cfg.report_recipients)
+    msg.attach(MIMEText(html, "html"))
+
+    if cfg.smtp_host.lower() == "ses":
+        _send_ses(cfg, msg)
+    else:
+        _send_smtp(cfg, msg)
+    logger.info("Health report sent to %d recipient(s)", len(cfg.report_recipients))
+
+
+def _send_smtp(cfg: SentinelConfig, msg: MIMEMultipart):
+    with smtplib.SMTP(cfg.smtp_host, cfg.smtp_port) as smtp:
+        smtp.ehlo()
+        smtp.starttls()
+        smtp.login(cfg.smtp_user, cfg.smtp_password)
+        smtp.sendmail(cfg.smtp_user, cfg.report_recipients, msg.as_string())
+
+
+def _send_ses(cfg: SentinelConfig, msg: MIMEMultipart):
+    # AWS SES via SMTP endpoint — same as SMTP with different host
+    # Set SMTP_HOST=email-smtp.us-east-1.amazonaws.com and use SES SMTP credentials
+    _send_smtp(cfg, msg)

package/python/sentinel/state_store.py

@@ -0,0 +1,164 @@
+"""
+state_store.py — SQLite-backed persistence for errors, fixes, and reports.
+"""
+
+import json
+import sqlite3
+import logging
+from contextlib import contextmanager
+from datetime import datetime, timezone
+
+logger = logging.getLogger(__name__)
+
+
+def _now() -> str:
+    return datetime.now(timezone.utc).isoformat()
+
+
+class StateStore:
+    def __init__(self, db_path: str = "./sentinel.db"):
+        self.db_path = db_path
+        self._init_db()
+
+    @contextmanager
+    def _conn(self):
+        conn = sqlite3.connect(self.db_path)
+        conn.row_factory = sqlite3.Row
+        try:
+            yield conn
+            conn.commit()
+        finally:
+            conn.close()
+
+    def _init_db(self):
+        with self._conn() as conn:
+            conn.executescript("""
+                CREATE TABLE IF NOT EXISTS errors (
+                    fingerprint   TEXT PRIMARY KEY,
+                    first_seen    TEXT NOT NULL,
+                    last_seen     TEXT NOT NULL,
+                    count         INTEGER NOT NULL DEFAULT 1,
+                    source        TEXT,
+                    message       TEXT
+                );
+
+                CREATE TABLE IF NOT EXISTS fixes (
+                    id            INTEGER PRIMARY KEY AUTOINCREMENT,
+                    fingerprint   TEXT NOT NULL,
+                    status        TEXT NOT NULL,   -- pending|applied|failed|skipped
+                    patch_path    TEXT,
+                    commit_hash   TEXT,
+                    branch        TEXT,
+                    pr_url        TEXT,
+                    repo_name     TEXT,
+                    timestamp     TEXT NOT NULL
+                );
+
+                CREATE TABLE IF NOT EXISTS reports (
+                    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+                    sent_at         TEXT NOT NULL,
+                    recipient_count INTEGER NOT NULL DEFAULT 0,
+                    summary_json    TEXT
+                );
+            """)
+        logger.debug("StateStore initialised at %s", self.db_path)
+
+    # ── Errors ────────────────────────────────────────────────────────────────
+
+    def seen(self, fingerprint: str) -> bool:
+        with self._conn() as conn:
+            row = conn.execute(
+                "SELECT fingerprint FROM errors WHERE fingerprint = ?", (fingerprint,)
+            ).fetchone()
+            return row is not None
+
+    def record_error(self, fingerprint: str, source: str, message: str):
+        now = _now()
+        with self._conn() as conn:
+            existing = conn.execute(
+                "SELECT count FROM errors WHERE fingerprint = ?", (fingerprint,)
+            ).fetchone()
+            if existing:
+                conn.execute(
+                    "UPDATE errors SET last_seen=?, count=count+1 WHERE fingerprint=?",
+                    (now, fingerprint),
+                )
+            else:
+                conn.execute(
+                    "INSERT INTO errors (fingerprint, first_seen, last_seen, count, source, message) "
+                    "VALUES (?, ?, ?, 1, ?, ?)",
+                    (fingerprint, now, now, source, message),
+                )
+
+    def get_recent_errors(self, hours: int = 6) -> list[dict]:
+        with self._conn() as conn:
+            rows = conn.execute(
+                "SELECT * FROM errors WHERE last_seen >= datetime('now', ? || ' hours') "
+                "ORDER BY last_seen DESC",
+                (f"-{hours}",),
+            ).fetchall()
+            return [dict(r) for r in rows]
+
+    # ── Fixes ─────────────────────────────────────────────────────────────────
+
+    def record_fix(
+        self,
+        fingerprint: str,
+        status: str,
+        patch_path: str = "",
+        commit_hash: str = "",
+        branch: str = "",
+        pr_url: str = "",
+        repo_name: str = "",
+    ):
+        with self._conn() as conn:
+            conn.execute(
+                "INSERT INTO fixes (fingerprint, status, patch_path, commit_hash, branch, pr_url, repo_name, timestamp) "
+                "VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
+                (fingerprint, status, patch_path, commit_hash, branch, pr_url, repo_name, _now()),
+            )
+
+    def get_open_prs(self) -> list[dict]:
+        """Returns fixes pushed as PRs that have not yet been merged (no commit_hash on main)."""
+        with self._conn() as conn:
+            rows = conn.execute(
+                "SELECT * FROM fixes WHERE status='pending' AND pr_url != '' "
+                "ORDER BY timestamp DESC"
+            ).fetchall()
+            return [dict(r) for r in rows]
+
+    def get_recent_fixes(self, hours: int = 6) -> list[dict]:
+        with self._conn() as conn:
+            rows = conn.execute(
+                "SELECT * FROM fixes WHERE timestamp >= datetime('now', ? || ' hours') "
+                "ORDER BY timestamp DESC",
+                (f"-{hours}",),
+            ).fetchall()
+            return [dict(r) for r in rows]
+
+    def fix_attempted_recently(self, fingerprint: str, hours: int = 24) -> bool:
+        with self._conn() as conn:
+            row = conn.execute(
+                "SELECT id FROM fixes WHERE fingerprint=? "
+                "AND timestamp >= datetime('now', ? || ' hours')",
+                (fingerprint, f"-{hours}"),
+            ).fetchone()
+            return row is not None
+
+    # ── Reports ───────────────────────────────────────────────────────────────
+
+    def record_report(self, recipient_count: int, summary: dict):
+        with self._conn() as conn:
+            conn.execute(
+                "INSERT INTO reports (sent_at, recipient_count, summary_json) VALUES (?, ?, ?)",
+                (_now(), recipient_count, json.dumps(summary)),
+            )
+
+    def last_report_time(self) -> datetime | None:
+        with self._conn() as conn:
+            row = conn.execute(
+                "SELECT sent_at FROM reports ORDER BY sent_at DESC LIMIT 1"
+            ).fetchone()
+            if row:
+                return datetime.fromisoformat(row["sent_at"])
+            return None

package/templates/log-configs/_example.properties

@@ -0,0 +1,47 @@
+# log-configs/_example.properties
+#
+# One file per log stream (SSH server or Cloudflare worker).
+# The filename stem must match the corresponding repo-configs/<stem>.properties
+# so Sentinel knows which repository to fix errors from this log source.
+#
+# Copy this file to e.g. "elprint-salescore.properties" and fill in the values.
+#
+# ── Source type ───────────────────────────────────────────────────────────────
+
+# ssh | cloudflare
+SOURCE_TYPE=ssh
+
+# ── SSH source (SOURCE_TYPE=ssh) ──────────────────────────────────────────────
+
+# Path to the SSH private key (.pem) used to connect to the remote hosts
+KEY=/home/<user>/.ssh/<key>.pem
+
+# Comma-separated list of hostnames or user@host entries.
+# Hosts without a user@ prefix default to ec2-user@<host>
+HOSTS=ec2-xx-xx-xx-xx.eu-north-1.compute.amazonaws.com, ec2-xx-xx-xx-xx.eu-north-1.compute.amazonaws.com
+
+# Comma-separated list of log file paths relative to /home/<REMOTE_SERVICE_USER>/
+LOGS=logs/AppService.log, logs/alarm.log, logs/warning.log
+
+# The Linux user owning the log files on the remote host (used to build the path)
+REMOTE_SERVICE_USER=MyServiceUser
+
+# Lines to fetch (tail -n N). Takes precedence over HEAD if both set.
+TAIL=500
+
+# Lines to fetch from the top instead (head -n N). Only used if TAIL is not set.
+# HEAD=100
+
+# Keep only lines matching this regex (grep -E)
+GREP_FILTER=WARN|ERROR
+
+# Drop lines matching this regex (grep -iv)
+GREP_EXCLUDE=SSLTool|CommandValidate|hystrix
+
+# ── Cloudflare source (SOURCE_TYPE=cloudflare) ────────────────────────────────
+
+# Full URL of the Cloudflare Worker log endpoint
+# CF_URL=https://logs.<worker>.workers.dev/<service>
+
+# Bearer token for the Cloudflare Worker
+# CF_TOKEN=<bearer-token>

package/templates/repo-configs/_example.properties

@@ -0,0 +1,37 @@
+# repo-configs/_example.properties
+#
+# One file per GitHub repository that this Sentinel instance manages.
+# The filename stem (e.g. "elprint-salescore") is used as the repo identifier.
+# It must match the corresponding log-configs/<stem>.properties file for
+# log-to-repo linking to work.
+#
+# Copy this file to e.g. "elprint-salescore.properties" and fill in the values.
+#
+# ── Required ──────────────────────────────────────────────────────────────────
+
+# SSH clone URL of the GitHub repository
+REPO_URL=git@github.com:<org>/<repo>.git
+
+# Absolute path where Sentinel will clone/manage this repo on the local machine
+LOCAL_PATH=/home/<user>/sentinel/repos/<repo-name>
+
+# Branch to pull from and push fixes to
+BRANCH=main
+
+# false → Sentinel opens a GitHub PR for admin review (recommended)
+# true  → Sentinel pushes directly to BRANCH and triggers CI/CD
+AUTO_PUBLISH=false
+
+# ── CI/CD (optional) ──────────────────────────────────────────────────────────
+# Leave blank if this repo has no deploy pipeline (e.g. shared libraries)
+
+# jenkins | github_actions | (blank)
+CICD_TYPE=jenkins
+
+# Full URL of the Jenkins job or GitHub Actions workflow
+# Jenkins:        https://jenkins.example.com/job/<job-name>
+# GitHub Actions: https://github.com/<org>/<repo>  (dispatch event used)
+CICD_JOB_URL=https://jenkins.example.com/job/<job-name>
+
+# Jenkins API token or GitHub PAT with workflow scope
+CICD_TOKEN=<token>

package/templates/sentinel.properties

@@ -0,0 +1,31 @@
+# Sentinel master config
+
+# Schedule
+POLL_INTERVAL_SECONDS=120
+
+# Email reporting
+SMTP_HOST=smtp.gmail.com
+SMTP_PORT=587
+SMTP_USER=sentinel@yourdomain.com
+SMTP_PASSWORD=<app-password>
+REPORT_RECIPIENTS=huy@yourdomain.com
+REPORT_INTERVAL_HOURS=1
+
+# State DB
+STATE_DB=./sentinel.db
+
+# Workspace
+WORKSPACE_DIR=./workspace
+
+# Claude Code binary path
+CLAUDE_CODE_BIN=claude
+
+# GitHub token (required for opening PRs when AUTO_PUBLISH=false)
+GITHUB_TOKEN=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
+
+# Fix confidence threshold (0.0 - 1.0); fixes below this are skipped
+FIX_CONFIDENCE_THRESHOLD=0.7
+
+# Rolling log retention window — fetched logs older than this are pruned
+# Claude Code reads the full window for context when generating fixes
+LOG_RETENTION_HOURS=48