@misterhuydo/sentinel 1.0.3 → 1.0.5

package/lib/generate.js

@@ -1,127 +1,141 @@
-'use strict';
-
-const fs = require('fs-extra');
-const path = require('path');
-
-// ── Per-project files ─────────────────────────────────────────────────────────
-
-function writeExampleProject(projectDir, codeDir, pythonBin, anthropicKey = '') {
-  const configDir = path.join(projectDir, 'config', 'log-configs');
-  const repoDir   = path.join(projectDir, 'config', 'repo-configs');
-  fs.ensureDirSync(configDir);
-  fs.ensureDirSync(repoDir);
-
-  const tplDir = path.join(__dirname, '..', 'templates');
-  // Inject API key into sentinel.properties if provided
-  let sentinelProps = fs.readFileSync(path.join(tplDir, 'sentinel.properties'), 'utf8');
-  if (anthropicKey) {
-    sentinelProps += `\n# Anthropic API key for Claude Code (headless server auth)\nANTHROPIC_API_KEY=${anthropicKey}\n`;
-  } else {
-    sentinelProps += `\n# Anthropic API key — set this if using API key auth, or leave blank for OAuth\n# ANTHROPIC_API_KEY=sk-ant-...\n`;
-  }
-  fs.writeFileSync(path.join(projectDir, 'config', 'sentinel.properties'), sentinelProps);
-  fs.copySync(path.join(tplDir, 'log-configs', '_example.properties'), path.join(configDir, '_example.properties'));
-  fs.copySync(path.join(tplDir, 'repo-configs', '_example.properties'), path.join(repoDir,   '_example.properties'));
-
-  generateProjectScripts(projectDir, codeDir, pythonBin);
-}
-
-function generateProjectScripts(projectDir, codeDir, pythonBin) {
-  const name = path.basename(projectDir);
-
-  // init.sh
-  fs.writeFileSync(path.join(projectDir, 'init.sh'), `#!/usr/bin/env bash
-# First-time setup for this Sentinel project instance.
-#
-# What this does:
-#   - Clones any repos defined in config/repo-configs/ that don't exist locally yet
-#     (skips repos that are already cloned — safe to run multiple times)
-#   - Indexes each repo with Cairn MCP for codebase context
-#   - Tests SSH connectivity to each configured log source
-#   - Sends a test email to verify SMTP settings
-#
-# Note: ongoing repo management (git pull, conflict resolution) is handled
-# automatically by Sentinel on each fix cycle — you don't need to do it manually.
-set -euo pipefail
-cd "$(dirname "$0")"
-PYTHONPATH="${codeDir}" "${pythonBin}" -m sentinel.main --config ./config --init
-`, { mode: 0o755 });
-
-  // start.sh
-  fs.writeFileSync(path.join(projectDir, 'start.sh'), `#!/usr/bin/env bash
-# Start this Sentinel instance
-set -euo pipefail
-DIR="$(cd "$(dirname "$0")" && pwd)"
-PID_FILE="$DIR/sentinel.pid"
-
-if [[ -f "$PID_FILE" ]] && kill -0 "$(cat "$PID_FILE")" 2>/dev/null; then
-  echo "[sentinel] ${name} already running (PID $(cat "$PID_FILE"))"
-  exit 0
-fi
-
-mkdir -p "$DIR/logs" "$DIR/workspace/fetched" "$DIR/workspace/patches"
-cd "$DIR"
-PYTHONPATH="${codeDir}" "${pythonBin}" -m sentinel.main --config ./config \\
-  >> "$DIR/logs/sentinel.log" 2>&1 &
-echo $! > "$PID_FILE"
-echo "[sentinel] ${name} started (PID $!)"
-`, { mode: 0o755 });
-
-  // stop.sh
-  fs.writeFileSync(path.join(projectDir, 'stop.sh'), `#!/usr/bin/env bash
-# Stop this Sentinel instance
-set -euo pipefail
-DIR="$(cd "$(dirname "$0")" && pwd)"
-PID_FILE="$DIR/sentinel.pid"
-
-if [[ ! -f "$PID_FILE" ]]; then
-  echo "[sentinel] ${name} — no PID file, not running"
-  exit 0
-fi
-
-PID=$(cat "$PID_FILE")
-if kill -0 "$PID" 2>/dev/null; then
-  kill "$PID"
-  echo "[sentinel] ${name} stopped (PID $PID)"
-else
-  echo "[sentinel] ${name} — PID $PID not running"
-fi
-rm -f "$PID_FILE"
-`, { mode: 0o755 });
-}
-
-// ── Workspace-level startAll / stopAll ────────────────────────────────────────
-
-function generateWorkspaceScripts(workspace) {
-  // startAll.sh
-  fs.writeFileSync(path.join(workspace, 'startAll.sh'), `#!/usr/bin/env bash
-# Start all Sentinel project instances
-WORKSPACE="$(cd "$(dirname "$0")" && pwd)"
-started=0
-for project_dir in "$WORKSPACE"/*/; do
-  name=$(basename "$project_dir")
-  [[ "$name" == "code" ]] && continue
-  [[ -f "$project_dir/start.sh" ]] || continue
-  bash "$project_dir/start.sh"
-  started=$((started + 1))
-done
-echo "[sentinel] $started project(s) started"
-`, { mode: 0o755 });
-
-  // stopAll.sh
-  fs.writeFileSync(path.join(workspace, 'stopAll.sh'), `#!/usr/bin/env bash
-# Stop all Sentinel project instances
-WORKSPACE="$(cd "$(dirname "$0")" && pwd)"
-stopped=0
-for project_dir in "$WORKSPACE"/*/; do
-  name=$(basename "$project_dir")
-  [[ "$name" == "code" ]] && continue
-  [[ -f "$project_dir/stop.sh" ]] || continue
-  bash "$project_dir/stop.sh"
-  stopped=$((stopped + 1))
-done
-echo "[sentinel] $stopped project(s) stopped"
-`, { mode: 0o755 });
-}
-
-module.exports = { writeExampleProject, generateProjectScripts, generateWorkspaceScripts };
+'use strict';
+
+const fs = require('fs-extra');
+const path = require('path');
+
+// ── Per-project files ─────────────────────────────────────────────────────────
+
+function writeExampleProject(projectDir, codeDir, pythonBin, anthropicKey = '') {
+  const configDir = path.join(projectDir, 'config', 'log-configs');
+  const repoDir   = path.join(projectDir, 'config', 'repo-configs');
+  fs.ensureDirSync(configDir);
+  fs.ensureDirSync(repoDir);
+
+  const tplDir = path.join(__dirname, '..', 'templates');
+  // Inject API key into sentinel.properties if provided
+  let sentinelProps = fs.readFileSync(path.join(tplDir, 'sentinel.properties'), 'utf8');
+  if (anthropicKey) {
+    sentinelProps += `\n# Anthropic API key for Claude Code (headless server auth)\nANTHROPIC_API_KEY=${anthropicKey}\n`;
+  } else {
+    sentinelProps += `\n# Anthropic API key — set this if using API key auth, or leave blank for OAuth\n# ANTHROPIC_API_KEY=sk-ant-...\n`;
+  }
+  fs.writeFileSync(path.join(projectDir, 'config', 'sentinel.properties'), sentinelProps);
+  fs.copySync(path.join(tplDir, 'log-configs', '_example.properties'), path.join(configDir, '_example.properties'));
+  fs.copySync(path.join(tplDir, 'repo-configs', '_example.properties'), path.join(repoDir,   '_example.properties'));
+
+  generateProjectScripts(projectDir, codeDir, pythonBin);
+}
+
+function generateProjectScripts(projectDir, codeDir, pythonBin) {
+  const name = path.basename(projectDir);
+
+  // init.sh
+  fs.writeFileSync(path.join(projectDir, 'init.sh'), `#!/usr/bin/env bash
+# First-time setup for this Sentinel project instance.
+#
+# What this does:
+#   - Clones any repos defined in config/repo-configs/ that don't exist locally yet
+#     (skips repos that are already cloned — safe to run multiple times)
+#   - Indexes each repo with Cairn MCP for codebase context
+#   - Tests SSH connectivity to each configured log source
+#   - Sends a test email to verify SMTP settings
+#
+# Note: ongoing repo management (git pull, conflict resolution) is handled
+# automatically by Sentinel on each fix cycle — you don't need to do it manually.
+set -euo pipefail
+cd "$(dirname "$0")"
+PYTHONPATH="${codeDir}" "${pythonBin}" -m sentinel.main --config ./config --init
+`, { mode: 0o755 });
+
+  // start.sh
+  fs.writeFileSync(path.join(projectDir, 'start.sh'), `#!/usr/bin/env bash
+# Start this Sentinel instance
+set -euo pipefail
+DIR="$(cd "$(dirname "$0")" && pwd)"
+PID_FILE="$DIR/sentinel.pid"
+
+if [[ -f "$PID_FILE" ]] && kill -0 "$(cat "$PID_FILE")" 2>/dev/null; then
+  echo "[sentinel] ${name} already running (PID $(cat "$PID_FILE"))"
+  exit 0
+fi
+
+# Check Claude Code authentication
+AUTH_OUT=$(claude --print \"hi\" 2>&1 || true)
+if echo "$AUTH_OUT" | grep -Eqi "not logged in|/login"; then
+  echo ""
+  echo "[sentinel] Claude Code is not authenticated."
+  echo "  1. Open a new terminal and run: claude"
+  echo "  2. Type /login at the prompt"
+  echo "  3. Open the URL in any browser and log in"
+  echo "  4. Type /exit when done"
+  echo "  5. Re-run this script"
+  echo ""
+  exit 1
+fi
+
+mkdir -p "$DIR/logs" "$DIR/workspace/fetched" "$DIR/workspace/patches"
+cd "$DIR"
+PYTHONPATH="${codeDir}" "${pythonBin}" -m sentinel.main --config ./config \\
+  >> "$DIR/logs/sentinel.log" 2>&1 &
+echo $! > "$PID_FILE"
+echo "[sentinel] ${name} started (PID $!)"
+`, { mode: 0o755 });
+
+  // stop.sh
+  fs.writeFileSync(path.join(projectDir, 'stop.sh'), `#!/usr/bin/env bash
+# Stop this Sentinel instance
+set -euo pipefail
+DIR="$(cd "$(dirname "$0")" && pwd)"
+PID_FILE="$DIR/sentinel.pid"
+
+if [[ ! -f "$PID_FILE" ]]; then
+  echo "[sentinel] ${name} — no PID file, not running"
+  exit 0
+fi
+
+PID=$(cat "$PID_FILE")
+if kill -0 "$PID" 2>/dev/null; then
+  kill "$PID"
+  echo "[sentinel] ${name} stopped (PID $PID)"
+else
+  echo "[sentinel] ${name} — PID $PID not running"
+fi
+rm -f "$PID_FILE"
+`, { mode: 0o755 });
+}
+
+// ── Workspace-level startAll / stopAll ────────────────────────────────────────
+
+function generateWorkspaceScripts(workspace) {
+  // startAll.sh
+  fs.writeFileSync(path.join(workspace, 'startAll.sh'), `#!/usr/bin/env bash
+# Start all Sentinel project instances
+WORKSPACE="$(cd "$(dirname "$0")" && pwd)"
+started=0
+for project_dir in "$WORKSPACE"/*/; do
+  name=$(basename "$project_dir")
+  [[ "$name" == "code" ]] && continue
+  [[ -f "$project_dir/start.sh" ]] || continue
+  bash "$project_dir/start.sh"
+  started=$((started + 1))
+done
+echo "[sentinel] $started project(s) started"
+`, { mode: 0o755 });
+
+  // stopAll.sh
+  fs.writeFileSync(path.join(workspace, 'stopAll.sh'), `#!/usr/bin/env bash
+# Stop all Sentinel project instances
+WORKSPACE="$(cd "$(dirname "$0")" && pwd)"
+stopped=0
+for project_dir in "$WORKSPACE"/*/; do
+  name=$(basename "$project_dir")
+  [[ "$name" == "code" ]] && continue
+  [[ -f "$project_dir/stop.sh" ]] || continue
+  bash "$project_dir/stop.sh"
+  stopped=$((stopped + 1))
+done
+echo "[sentinel] $stopped project(s) stopped"
+`, { mode: 0o755 });
+}
+
+module.exports = { writeExampleProject, generateProjectScripts, generateWorkspaceScripts };

package/lib/init.js

@@ -101,22 +101,9 @@ module.exports = async function init() {
   if (authMode === 'apikey' && anthropicKey) {
     ok('API key will be written to each project\'s sentinel.properties');
   } else if (authMode === 'oauth') {
-    console.log(chalk.yellow(
-      '\n  Launching Claude Code login — type /login at the prompt to get your auth URL.\n' +
-      '  Open the URL in any browser, log in with your Claude Pro account,\n' +
-      '  then type /exit (or Ctrl-C) to return here.\n'
-    ));
-    spawnSync('claude', [], { stdio: 'inherit' });
-    // Verify auth succeeded after the user exits claude
-    const authCheck = spawnSync('claude', ['--print', 'hi'], { encoding: 'utf8', timeout: 15000 });
-    const authOut = (authCheck.stdout || '') + (authCheck.stderr || '');
-    if (authOut.toLowerCase().includes('not logged in') || authOut.toLowerCase().includes('/login')) {
-      warn('Not authenticated yet — run "claude" and type /login when ready');
-    } else {
-      ok('Claude Code authenticated via OAuth');
-    }
+    info('OAuth selected — start.sh will prompt for login if not yet authenticated');
   } else {
-    warn('Skipping auth — set ANTHROPIC_API_KEY in sentinel.properties or run "claude" to authenticate');
+    info('Skipping auth — start.sh will prompt for login if needed');
   }
 
   // ── Workspace structure ─────────────────────────────────────────────────────

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.0.3",
+  "version": "1.0.5",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/sentinel/config_loader.py

@@ -41,8 +41,9 @@ class SentinelConfig:
     smtp_port: int = 587
     smtp_user: str = ""
     smtp_password: str = ""
-    report_recipients: list[str] = field(default_factory=list)
+    mails: list[str] = field(default_factory=list)
     report_interval_hours: int = 6
+    send_health: bool = False
     state_db: str = "./sentinel.db"
     workspace_dir: str = "./workspace"
     claude_code_bin: str = "claude"
@@ -114,8 +115,9 @@ class ConfigLoader:
         c.smtp_port = int(d.get("SMTP_PORT", 587))
         c.smtp_user = d.get("SMTP_USER", "")
         c.smtp_password = d.get("SMTP_PASSWORD", "")
-        c.report_recipients = _csv(d.get("REPORT_RECIPIENTS", ""))
+        c.mails = _csv(d.get("MAILS", ""))
         c.report_interval_hours = int(d.get("REPORT_INTERVAL_HOURS", 6))
+        c.send_health = d.get("SEND_HEALTH", "disabled").lower() == "enabled"
         c.state_db = d.get("STATE_DB", "./sentinel.db")
         c.workspace_dir = d.get("WORKSPACE_DIR", "./workspace")
         c.claude_code_bin = d.get("CLAUDE_CODE_BIN", "claude")

package/python/sentinel/main.py

@@ -1,223 +1,237 @@
-"""
-main.py — Sentinel entry point and watch loop.
-
-Usage:
-  python -m sentinel.main           # run watch loop
-  python -m sentinel.main --init    # first-time setup
-"""
-
-import argparse
-import asyncio
-import logging
-import signal
-import subprocess
-import sys
-from datetime import datetime, timezone
-from pathlib import Path
-
-from .cairn_client import ensure_installed as cairn_installed, index_repo
-from .config_loader import ConfigLoader
-from .fix_engine import generate_fix
-from .git_manager import apply_and_commit, publish
-from .cicd_trigger import trigger as cicd_trigger
-from .log_fetcher import fetch_all
-from .log_parser import parse_all, ErrorEvent
-from .repo_router import route
-from .reporter import build_and_send
-from .state_store import StateStore
-
-logging.basicConfig(
-    level=logging.INFO,
-    format="%(asctime)s %(levelname)-7s %(name)s — %(message)s",
-    handlers=[
-        logging.StreamHandler(sys.stdout),
-        logging.FileHandler("logs/sentinel.log", encoding="utf-8"),
-    ],
-)
-logger = logging.getLogger("sentinel")
-
-_report_requested = False
-
-
-def _on_sigusr1(*_):
-    global _report_requested
-    _report_requested = True
-    logger.info("SIGUSR1 received — health report queued")
-
-
-def _register_signals():
-    try:
-        signal.signal(signal.SIGUSR1, _on_sigusr1)
-    except (OSError, AttributeError):
-        pass
-
-
-# ── Fix pipeline ──────────────────────────────────────────────────────────────
-
-async def _handle_error(event: ErrorEvent, cfg_loader: ConfigLoader, store: StateStore):
-    sentinel = cfg_loader.sentinel
-
-    repo = route(event, cfg_loader.repos)
-    if not repo:
-        return
-
-    if Path("SENTINEL_PAUSE").exists():
-        logger.info("SENTINEL_PAUSE present — fix activity halted")
-        return
-
-    if event.is_infra_issue:
-        logger.info("Infra issue for %s — log only", event.fingerprint)
-        store.record_fix(event.fingerprint, "skipped", repo_name=repo.repo_name)
-        return
-
-    if event.severity == "CRITICAL" and repo.auto_publish:
-        logger.warning("CRITICAL in auto-publish repo '%s' — flagging for human review", repo.repo_name)
-        store.record_fix(event.fingerprint, "skipped", repo_name=repo.repo_name)
-        build_and_send(sentinel, store)
-        return
-
-    if store.fix_attempted_recently(event.fingerprint, hours=24):
-        logger.debug("Fix already attempted recently for %s", event.fingerprint)
-        return
-
-    patches_dir = Path(sentinel.workspace_dir) / "patches"
-    status, patch_path = generate_fix(event, repo, sentinel, patches_dir)
-
-    if status != "patch" or patch_path is None:
-        store.record_fix(event.fingerprint, "skipped" if status == "skip" else "failed", repo_name=repo.repo_name)
-        return
-
-    commit_status, commit_hash = apply_and_commit(event, patch_path, repo, sentinel)
-    if commit_status != "committed":
-        store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
-        return
-
-    branch, pr_url = publish(event, repo, sentinel, commit_hash)
-    store.record_fix(
-        event.fingerprint,
-        "applied" if repo.auto_publish else "pending",
-        patch_path=str(patch_path),
-        commit_hash=commit_hash,
-        branch=branch,
-        pr_url=pr_url,
-        repo_name=repo.repo_name,
-    )
-
-    if repo.auto_publish:
-        cicd_trigger(repo, store, event.fingerprint)
-
-
-# ── Poll cycle ────────────────────────────────────────────────────────────────
-
-async def poll_cycle(cfg_loader: ConfigLoader, store: StateStore):
-    global _report_requested
-
-    sources = list(cfg_loader.log_sources.values())
-    if not sources:
-        logger.warning("No log-configs found")
-        return
-
-    logger.info("Fetching logs from %d source(s)...", len(sources))
-    fetched = await fetch_all(sources, cfg_loader.sentinel)
-
-    events = parse_all(fetched, cfg_loader.log_sources)
-    logger.info("Parsed %d error/warn events", len(events))
-
-    new_events = []
-    for event in events:
-        store.record_error(event.fingerprint, event.source, event.message)
-        if not store.fix_attempted_recently(event.fingerprint):
-            new_events.append(event)
-
-    logger.info("%d new event(s) to process", len(new_events))
-    await asyncio.gather(*[_handle_error(e, cfg_loader, store) for e in new_events], return_exceptions=True)
-
-    if _report_requested or _report_due(cfg_loader, store):
-        _report_requested = False
-        logger.info("Sending health report...")
-        build_and_send(cfg_loader.sentinel, store)
-
-
-def _report_due(cfg_loader: ConfigLoader, store: StateStore) -> bool:
-    last = store.last_report_time()
-    if last is None:
-        return True
-    elapsed = (datetime.now(timezone.utc) - last).total_seconds()
-    return elapsed >= cfg_loader.sentinel.report_interval_hours * 3600
-
-
-# ── Init ──────────────────────────────────────────────────────────────────────
-
-def run_init(cfg_loader: ConfigLoader):
-    sentinel = cfg_loader.sentinel
-    logger.info("=== Sentinel --init ===")
-
-    if not cairn_installed():
-        logger.error("Cairn not installed. Run: npm install -g @misterhuydo/cairn-mcp")
-
-    for name, repo in cfg_loader.repos.items():
-        local = Path(repo.local_path)
-        if not local.exists():
-            logger.info("Cloning %s → %s", repo.repo_url, repo.local_path)
-            r = subprocess.run(["git", "clone", repo.repo_url, str(local)], capture_output=True, text=True)
-            if r.returncode != 0:
-                logger.error("Clone failed for %s: %s", name, r.stderr)
-                continue
-        index_repo(repo)
-
-    for src_name, src in cfg_loader.log_sources.items():
-        if src.source_type == "ssh" and src.hosts:
-            host = src.hosts[0]
-            logger.info("Testing SSH to %s (%s)...", src_name, host)
-            r = subprocess.run(
-                ["ssh", "-i", src.key, "-o", "StrictHostKeyChecking=no",
-                 "-o", "ConnectTimeout=5", f"ec2-user@{host}", "echo ok"],
-                capture_output=True, text=True, timeout=15,
-            )
-            logger.info("  SSH %s: %s", host, "OK" if r.returncode == 0 else f"FAILED — {r.stderr.strip()}")
-
-    logger.info("Sending test email...")
-    try:
-        build_and_send(sentinel, StateStore(sentinel.state_db))
-    except Exception as e:
-        logger.error("Test email failed: %s", e)
-
-    logger.info("=== Init complete ===")
-
-
-# ── Entry point ───────────────────────────────────────────────────────────────
-
-async def run_loop(cfg_loader: ConfigLoader, store: StateStore):
-    interval = cfg_loader.sentinel.poll_interval_seconds
-    logger.info("Sentinel starting — poll interval: %ds, repos: %s", interval, list(cfg_loader.repos.keys()))
-    while True:
-        try:
-            await poll_cycle(cfg_loader, store)
-        except Exception as e:
-            logger.exception("Unhandled error in poll cycle: %s", e)
-        await asyncio.sleep(interval)
-
-
-def main():
-    Path("logs").mkdir(exist_ok=True)
-    Path("workspace/fetched").mkdir(parents=True, exist_ok=True)
-    Path("workspace/patches").mkdir(parents=True, exist_ok=True)
-
-    parser = argparse.ArgumentParser(description="Sentinel — Autonomous DevOps Agent")
-    parser.add_argument("--init", action="store_true", help="First-time setup")
-    parser.add_argument("--config", default="./config", help="Config directory path")
-    args = parser.parse_args()
-
-    cfg_loader = ConfigLoader(config_dir=args.config)
-    store = StateStore(cfg_loader.sentinel.state_db)
-    _register_signals()
-
-    if args.init:
-        run_init(cfg_loader)
-        return
-
-    asyncio.run(run_loop(cfg_loader, store))
-
-
-if __name__ == "__main__":
-    main()
+"""
+main.py — Sentinel entry point and watch loop.
+
+Usage:
+  python -m sentinel.main           # run watch loop
+  python -m sentinel.main --init    # first-time setup
+"""
+
+import argparse
+import asyncio
+import logging
+import signal
+import subprocess
+import sys
+from datetime import datetime, timezone
+from pathlib import Path
+
+from .cairn_client import ensure_installed as cairn_installed, index_repo
+from .config_loader import ConfigLoader
+from .fix_engine import generate_fix
+from .git_manager import apply_and_commit, publish
+from .cicd_trigger import trigger as cicd_trigger
+from .log_fetcher import fetch_all
+from .log_parser import parse_all, ErrorEvent
+from .repo_router import route
+from .reporter import build_and_send, send_fix_notification
+from .state_store import StateStore
+
+logging.basicConfig(
+    level=logging.INFO,
+    format="%(asctime)s %(levelname)-7s %(name)s — %(message)s",
+    handlers=[
+        logging.StreamHandler(sys.stdout),
+        logging.FileHandler("logs/sentinel.log", encoding="utf-8"),
+    ],
+)
+logger = logging.getLogger("sentinel")
+
+_report_requested = False
+
+
+def _on_sigusr1(*_):
+    global _report_requested
+    _report_requested = True
+    logger.info("SIGUSR1 received — health report queued")
+
+
+def _register_signals():
+    try:
+        signal.signal(signal.SIGUSR1, _on_sigusr1)
+    except (OSError, AttributeError):
+        pass
+
+
+# ── Fix pipeline ──────────────────────────────────────────────────────────────
+
+async def _handle_error(event: ErrorEvent, cfg_loader: ConfigLoader, store: StateStore):
+    sentinel = cfg_loader.sentinel
+
+    repo = route(event, cfg_loader.repos)
+    if not repo:
+        return
+
+    if Path("SENTINEL_PAUSE").exists():
+        logger.info("SENTINEL_PAUSE present — fix activity halted")
+        return
+
+    if event.is_infra_issue:
+        logger.info("Infra issue for %s — log only", event.fingerprint)
+        store.record_fix(event.fingerprint, "skipped", repo_name=repo.repo_name)
+        return
+
+    if event.severity == "CRITICAL" and repo.auto_publish:
+        logger.warning("CRITICAL in auto-publish repo '%s' — flagging for human review", repo.repo_name)
+        store.record_fix(event.fingerprint, "skipped", repo_name=repo.repo_name)
+        return
+
+    if store.fix_attempted_recently(event.fingerprint, hours=24):
+        logger.debug("Fix already attempted recently for %s", event.fingerprint)
+        return
+
+    patches_dir = Path(sentinel.workspace_dir) / "patches"
+    status, patch_path = generate_fix(event, repo, sentinel, patches_dir)
+
+    if status != "patch" or patch_path is None:
+        store.record_fix(event.fingerprint, "skipped" if status == "skip" else "failed", repo_name=repo.repo_name)
+        return
+
+    commit_status, commit_hash = apply_and_commit(event, patch_path, repo, sentinel)
+    if commit_status != "committed":
+        store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
+        return
+
+    branch, pr_url = publish(event, repo, sentinel, commit_hash)
+    store.record_fix(
+        event.fingerprint,
+        "applied" if repo.auto_publish else "pending",
+        patch_path=str(patch_path),
+        commit_hash=commit_hash,
+        branch=branch,
+        pr_url=pr_url,
+        repo_name=repo.repo_name,
+    )
+
+    send_fix_notification(sentinel, {
+        "source":       event.source,
+        "severity":     event.severity,
+        "fingerprint":  event.fingerprint,
+        "first_seen":   str(event.timestamp),
+        "message":      event.message,
+        "stack_trace":  getattr(event, "stack_trace", ""),
+        "repo_name":    repo.repo_name,
+        "commit_hash":  commit_hash,
+        "branch":       branch,
+        "pr_url":       pr_url,
+        "auto_publish": repo.auto_publish,
+        "files_changed": [],
+    })
+
+    if repo.auto_publish:
+        cicd_trigger(repo, store, event.fingerprint)
+
+
+# ── Poll cycle ────────────────────────────────────────────────────────────────
+
+async def poll_cycle(cfg_loader: ConfigLoader, store: StateStore):
+    global _report_requested
+
+    sources = list(cfg_loader.log_sources.values())
+    if not sources:
+        logger.warning("No log-configs found")
+        return
+
+    logger.info("Fetching logs from %d source(s)...", len(sources))
+    fetched = await fetch_all(sources, cfg_loader.sentinel)
+
+    events = parse_all(fetched, cfg_loader.log_sources)
+    logger.info("Parsed %d error/warn events", len(events))
+
+    new_events = []
+    for event in events:
+        store.record_error(event.fingerprint, event.source, event.message)
+        if not store.fix_attempted_recently(event.fingerprint):
+            new_events.append(event)
+
+    logger.info("%d new event(s) to process", len(new_events))
+    await asyncio.gather(*[_handle_error(e, cfg_loader, store) for e in new_events], return_exceptions=True)
+
+    if cfg_loader.sentinel.send_health and (_report_requested or _report_due(cfg_loader, store)):
+        _report_requested = False
+        logger.info("Sending health digest...")
+        build_and_send(cfg_loader.sentinel, store)
+
+
+def _report_due(cfg_loader: ConfigLoader, store: StateStore) -> bool:
+    last = store.last_report_time()
+    if last is None:
+        return True
+    elapsed = (datetime.now(timezone.utc) - last).total_seconds()
+    return elapsed >= cfg_loader.sentinel.report_interval_hours * 3600
+
+
+# ── Init ──────────────────────────────────────────────────────────────────────
+
+def run_init(cfg_loader: ConfigLoader):
+    sentinel = cfg_loader.sentinel
+    logger.info("=== Sentinel --init ===")
+
+    if not cairn_installed():
+        logger.error("Cairn not installed. Run: npm install -g @misterhuydo/cairn-mcp")
+
+    for name, repo in cfg_loader.repos.items():
+        local = Path(repo.local_path)
+        if not local.exists():
+            logger.info("Cloning %s → %s", repo.repo_url, repo.local_path)
+            r = subprocess.run(["git", "clone", repo.repo_url, str(local)], capture_output=True, text=True)
+            if r.returncode != 0:
+                logger.error("Clone failed for %s: %s", name, r.stderr)
+                continue
+        index_repo(repo)
+
+    for src_name, src in cfg_loader.log_sources.items():
+        if src.source_type == "ssh" and src.hosts:
+            host = src.hosts[0]
+            logger.info("Testing SSH to %s (%s)...", src_name, host)
+            r = subprocess.run(
+                ["ssh", "-i", src.key, "-o", "StrictHostKeyChecking=no",
+                 "-o", "ConnectTimeout=5", f"ec2-user@{host}", "echo ok"],
+                capture_output=True, text=True, timeout=15,
+            )
+            logger.info("  SSH %s: %s", host, "OK" if r.returncode == 0 else f"FAILED — {r.stderr.strip()}")
+
+    logger.info("Sending test email...")
+    try:
+        build_and_send(sentinel, StateStore(sentinel.state_db))
+    except Exception as e:
+        logger.error("Test email failed: %s", e)
+
+    logger.info("=== Init complete ===")
+
+
+# ── Entry point ───────────────────────────────────────────────────────────────
+
+async def run_loop(cfg_loader: ConfigLoader, store: StateStore):
+    interval = cfg_loader.sentinel.poll_interval_seconds
+    logger.info("Sentinel starting — poll interval: %ds, repos: %s", interval, list(cfg_loader.repos.keys()))
+    while True:
+        try:
+            await poll_cycle(cfg_loader, store)
+        except Exception as e:
+            logger.exception("Unhandled error in poll cycle: %s", e)
+        await asyncio.sleep(interval)
+
+
+def main():
+    Path("logs").mkdir(exist_ok=True)
+    Path("workspace/fetched").mkdir(parents=True, exist_ok=True)
+    Path("workspace/patches").mkdir(parents=True, exist_ok=True)
+
+    parser = argparse.ArgumentParser(description="Sentinel — Autonomous DevOps Agent")
+    parser.add_argument("--init", action="store_true", help="First-time setup")
+    parser.add_argument("--config", default="./config", help="Config directory path")
+    args = parser.parse_args()
+
+    cfg_loader = ConfigLoader(config_dir=args.config)
+    store = StateStore(cfg_loader.sentinel.state_db)
+    _register_signals()
+
+    if args.init:
+        run_init(cfg_loader)
+        return
+
+    asyncio.run(run_loop(cfg_loader, store))
+
+
+if __name__ == "__main__":
+    main()

package/python/sentinel/reporter.py

@@ -1,173 +1,138 @@
-"""
-reporter.py — Build and send HTML health-report emails.
-
-Scheduled every REPORT_INTERVAL_HOURS or triggered by SIGUSR1.
-"""
-
-import logging
-import smtplib
-from datetime import datetime, timezone
-from email.mime.multipart import MIMEMultipart
-from email.mime.text import MIMEText
-
-from jinja2 import Template
-
-from .config_loader import SentinelConfig
-from .state_store import StateStore
-
-logger = logging.getLogger(__name__)
-
-_HTML_TEMPLATE = Template("""\
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="utf-8">
-<style>
-  body { font-family: Arial, sans-serif; font-size: 14px; color: #222; }
-  h2 { color: #1a73e8; }
-  h3 { color: #444; border-bottom: 1px solid #ddd; padding-bottom: 4px; }
-  table { border-collapse: collapse; width: 100%; margin-bottom: 16px; }
-  th { background: #f1f3f4; text-align: left; padding: 6px 10px; }
-  td { padding: 5px 10px; border-bottom: 1px solid #eee; }
-  .ok   { color: #2e7d32; }
-  .fail { color: #c62828; }
-  .warn { color: #e65100; }
-  .pr-link { font-weight: bold; }
-  .mono { font-family: monospace; font-size: 12px; }
-</style>
-</head>
-<body>
-<h2>🤖 Sentinel Health Report</h2>
-<p>Generated: <strong>{{ generated_at }}</strong></p>
-
-<h3>Summary (last {{ hours }}h)</h3>
-<table>
-  <tr><th>Metric</th><th>Count</th></tr>
-  <tr><td>Errors detected</td><td>{{ stats.errors }}</td></tr>
-  <tr><td>Fixes applied</td><td class="ok">{{ stats.applied }}</td></tr>
-  <tr><td>Fixes failed</td><td class="fail">{{ stats.failed }}</td></tr>
-  <tr><td>Skipped</td><td class="warn">{{ stats.skipped }}</td></tr>
-</table>
-
-{% if open_prs %}
-<h3>⏳ Pending Review (AUTO_PUBLISH=false)</h3>
-<p>The following fixes are waiting for admin approval. Review and merge on GitHub:</p>
-<table>
-  <tr><th>Fingerprint</th><th>Branch</th><th>PR</th><th>Age</th></tr>
-  {% for pr in open_prs %}
-  <tr>
-    <td class="mono">{{ pr.fingerprint[:8] }}</td>
-    <td class="mono">{{ pr.branch }}</td>
-    <td><a class="pr-link" href="{{ pr.pr_url }}">{{ pr.pr_url }}</a></td>
-    <td>{{ pr.age }}</td>
-  </tr>
-  {% endfor %}
-</table>
-{% endif %}
-
-{% if recent_fixes %}
-<h3>Recent Fix Activity</h3>
-<table>
-  <tr><th>Time</th><th>Fingerprint</th><th>Status</th><th>Commit</th></tr>
-  {% for fix in recent_fixes %}
-  <tr>
-    <td>{{ fix.timestamp }}</td>
-    <td class="mono">{{ fix.fingerprint[:8] }}</td>
-    <td class="{{ 'ok' if fix.status == 'applied' else 'fail' if fix.status == 'failed' else 'warn' }}">
-      {{ fix.status }}
-    </td>
-    <td class="mono">{{ fix.commit_hash[:8] if fix.commit_hash else '-' }}</td>
-  </tr>
-  {% endfor %}
-</table>
-{% endif %}
-
-<hr>
-<small>Sentinel — Autonomous DevOps Agent</small>
-</body>
-</html>
-""")
-
-
-def _age(ts_str: str) -> str:
-    try:
-        ts = datetime.fromisoformat(ts_str)
-        if ts.tzinfo is None:
-            ts = ts.replace(tzinfo=timezone.utc)
-        delta = datetime.now(timezone.utc) - ts
-        hours = int(delta.total_seconds() // 3600)
-        if hours < 1:
-            return f"{int(delta.total_seconds() // 60)}m"
-        return f"{hours}h"
-    except Exception:
-        return "?"
-
-
-def build_and_send(cfg: SentinelConfig, store: StateStore):
-    hours = cfg.report_interval_hours
-    errors = store.get_recent_errors(hours)
-    fixes = store.get_recent_fixes(hours)
-    open_prs = store.get_open_prs()
-
-    stats = {
-        "errors": len(errors),
-        "applied": sum(1 for f in fixes if f["status"] == "applied"),
-        "failed": sum(1 for f in fixes if f["status"] == "failed"),
-        "skipped": sum(1 for f in fixes if f["status"] == "skipped"),
-    }
-
-    # Annotate PRs with human-readable age
-    for pr in open_prs:
-        pr["age"] = _age(pr.get("timestamp", ""))
-
-    html = _HTML_TEMPLATE.render(
-        generated_at=datetime.now(timezone.utc).strftime("%Y-%m-%d %H:%M UTC"),
-        hours=hours,
-        stats=stats,
-        open_prs=open_prs,
-        recent_fixes=fixes,
-    )
-
-    if not cfg.report_recipients:
-        logger.warning("No REPORT_RECIPIENTS configured — skipping email")
-        return
-
-    _send_email(cfg, html, stats)
-    store.record_report(
-        recipient_count=len(cfg.report_recipients),
-        summary=stats,
-    )
-
-
-def _send_email(cfg: SentinelConfig, html: str, stats: dict):
-    subject = (
-        f"[Sentinel] Health Report — "
-        f"{stats['applied']} fixed, {stats['failed']} failed, "
-        f"{stats['errors']} errors detected"
-    )
-
-    msg = MIMEMultipart("alternative")
-    msg["Subject"] = subject
-    msg["From"] = cfg.smtp_user
-    msg["To"] = ", ".join(cfg.report_recipients)
-    msg.attach(MIMEText(html, "html"))
-
-    if cfg.smtp_host.lower() == "ses":
-        _send_ses(cfg, msg)
-    else:
-        _send_smtp(cfg, msg)
-    logger.info("Health report sent to %d recipient(s)", len(cfg.report_recipients))
-
-
-def _send_smtp(cfg: SentinelConfig, msg: MIMEMultipart):
-    with smtplib.SMTP(cfg.smtp_host, cfg.smtp_port) as smtp:
-        smtp.ehlo()
-        smtp.starttls()
-        smtp.login(cfg.smtp_user, cfg.smtp_password)
-        smtp.sendmail(cfg.smtp_user, cfg.report_recipients, msg.as_string())
-
-
-def _send_ses(cfg: SentinelConfig, msg: MIMEMultipart):
-    # AWS SES via SMTP endpoint — same as SMTP with different host
-    # Set SMTP_HOST=email-smtp.us-east-1.amazonaws.com and use SES SMTP credentials
-    _send_smtp(cfg, msg)
+"""
+reporter.py -- Email notifications for Sentinel.
+
+Two modes:
+  1. Per-fix notification  -- sent immediately after every fix (always on).
+  2. Health digest         -- periodic summary, only if SEND_HEALTH=enabled.
+"""
+
+import logging
+import smtplib
+from datetime import datetime, timezone
+from email.mime.multipart import MIMEMultipart
+from email.mime.text import MIMEText
+
+from jinja2 import Template
+
+from .config_loader import SentinelConfig
+from .state_store import StateStore
+
+logger = logging.getLogger(__name__)
+
+# ---- Templates ---------------------------------------------------------------
+
+_FIX_TEMPLATE = Template('<!DOCTYPE html><html><head><meta charset="utf-8">\n<style>\n  body{font-family:Arial,sans-serif;font-size:14px;color:#222}\n  h2{color:#1a73e8;margin-bottom:4px}\n  h3{color:#444;border-bottom:1px solid #ddd;padding-bottom:4px}\n  table{border-collapse:collapse;width:100%;margin-bottom:16px}\n  th{background:#f1f3f4;text-align:left;padding:6px 10px}\n  td{padding:5px 10px;border-bottom:1px solid #eee;vertical-align:top}\n  .label{font-weight:bold;width:160px}\n  .ok{color:#2e7d32;font-weight:bold}\n  .mono{font-family:monospace;font-size:12px}\n  pre{background:#f8f8f8;border:1px solid #ddd;padding:10px;font-size:12px;white-space:pre-wrap}\n  .badge-a{background:#2e7d32;color:#fff;padding:2px 8px;border-radius:4px}\n  .badge-p{background:#e65100;color:#fff;padding:2px 8px;border-radius:4px}\n</style></head><body>\n<h2>Sentinel Fix Report</h2>\n<p>\n  <span class="{{ \'badge-a\' if auto_publish else \'badge-p\' }}">\n    {{ \'PUSHED TO \' + branch|upper if auto_publish else \'PENDING REVIEW\' }}\n  </span>\n  &nbsp;<strong>{{ repo_name }}</strong> &middot; {{ generated_at }}\n</p>\n<h3>Error Detected</h3>\n<table>\n  <tr><td class="label">Service</td><td class="mono">{{ source }}</td></tr>\n  <tr><td class="label">Severity</td><td class="mono">{{ severity }}</td></tr>\n  <tr><td class="label">Fingerprint</td><td class="mono">{{ fingerprint }}</td></tr>\n  <tr><td class="label">First seen</td><td>{{ first_seen }}</td></tr>\n  <tr><td class="label">Message</td><td class="mono">{{ message }}</td></tr>\n</table>\n{% if stack_trace %}<h3>Stack Trace</h3><pre>{{ stack_trace }}</pre>{% endif %}\n<h3>Fix Applied</h3>\n<table>\n  <tr><td class="label">Repository</td><td class="mono">{{ repo_name }}</td></tr>\n  <tr><td class="label">Commit</td><td class="mono">{{ commit_hash }}</td></tr>\n  <tr><td class="label">Branch</td><td class="mono">{{ branch }}</td></tr>\n  {% if pr_url %}\n  <tr><td class="label">Pull Request</td>\n      <td><a href="{{ pr_url }}">{{ pr_url }}</a> &mdash; review and merge to apply</td></tr>\n  {% else %}\n  <tr><td class="label">Status</td>\n      <td class="ok">Pushed directly to {{ branch }}</td></tr>\n  {% endif %}\n  {% if files_changed %}\n  <tr><td class="label">Files changed</td>\n      <td class="mono">{{ files_changed | join(\'<br>\') }}</td></tr>\n  {% endif %}\n</table>\n<hr><small>Sentinel &mdash; Autonomous DevOps Agent</small>\n</body></html>\n')
+
+_HEALTH_TEMPLATE = Template('<!DOCTYPE html><html><head><meta charset="utf-8">\n<style>\n  body{font-family:Arial,sans-serif;font-size:14px;color:#222}\n  h2{color:#1a73e8}\n  h3{color:#444;border-bottom:1px solid #ddd;padding-bottom:4px}\n  table{border-collapse:collapse;width:100%;margin-bottom:16px}\n  th{background:#f1f3f4;text-align:left;padding:6px 10px}\n  td{padding:5px 10px;border-bottom:1px solid #eee}\n  .ok{color:#2e7d32}.fail{color:#c62828}.warn{color:#e65100}\n  .mono{font-family:monospace;font-size:12px}\n</style></head><body>\n<h2>Sentinel Health Digest</h2>\n<p>Generated: <strong>{{ generated_at }}</strong></p>\n<h3>Summary (last {{ hours }}h)</h3>\n<table>\n  <tr><th>Metric</th><th>Count</th></tr>\n  <tr><td>Errors detected</td><td>{{ stats.errors }}</td></tr>\n  <tr><td>Fixes applied</td><td class="ok">{{ stats.applied }}</td></tr>\n  <tr><td>Fixes failed</td><td class="fail">{{ stats.failed }}</td></tr>\n  <tr><td>Skipped</td><td class="warn">{{ stats.skipped }}</td></tr>\n</table>\n{% if open_prs %}\n<h3>Pending Review (AUTO_PUBLISH=false)</h3>\n<table>\n  <tr><th>Repo</th><th>Branch</th><th>PR</th><th>Age</th></tr>\n  {% for pr in open_prs %}\n  <tr>\n    <td>{{ pr.repo_name }}</td>\n    <td class="mono">{{ pr.branch }}</td>\n    <td><a href="{{ pr.pr_url }}">{{ pr.pr_url }}</a></td>\n    <td>{{ pr.age }}</td>\n  </tr>\n  {% endfor %}\n</table>\n{% endif %}\n<hr><small>Sentinel &mdash; Autonomous DevOps Agent</small>\n</body></html>\n')
+
+
+# ---- Per-fix notification ----------------------------------------------------
+
+def send_fix_notification(cfg: SentinelConfig, fix: dict):
+    """
+    Send an immediate email after a fix is applied or a PR is opened.
+
+    fix dict keys:
+      source, severity, fingerprint, first_seen, message, stack_trace,
+      repo_name, commit_hash, branch, pr_url, auto_publish, files_changed
+    """
+    if not cfg.mails:
+        logger.warning("No MAILS configured -- skipping fix notification")
+        return
+
+    auto_publish = fix.get("auto_publish", False)
+    source       = fix.get("source", "unknown")
+    verb         = "fix" if auto_publish else "PR"
+    subject      = f"[Sentinel] {verb}({source}): {fix.get('message', '')[:80]}"
+
+    html = _FIX_TEMPLATE.render(
+        generated_at=datetime.now(timezone.utc).strftime("%Y-%m-%d %H:%M UTC"),
+        auto_publish=auto_publish,
+        repo_name=fix.get("repo_name", "unknown"),
+        source=source,
+        severity=fix.get("severity", "ERROR"),
+        fingerprint=fix.get("fingerprint", ""),
+        first_seen=fix.get("first_seen", ""),
+        message=fix.get("message", ""),
+        stack_trace=fix.get("stack_trace", ""),
+        commit_hash=fix.get("commit_hash", ""),
+        branch=fix.get("branch", "unknown"),
+        pr_url=fix.get("pr_url") or "",
+        files_changed=fix.get("files_changed") or [],
+    )
+    _send_email(cfg, subject, html)
+    logger.info("Fix notification sent to %d recipient(s)", len(cfg.mails))
+
+
+# ---- Health digest -----------------------------------------------------------
+
+def build_and_send(cfg: SentinelConfig, store: StateStore):
+    """Send periodic health digest. Only called if SEND_HEALTH=enabled."""
+    if not cfg.mails:
+        logger.warning("No MAILS configured -- skipping health digest")
+        return
+
+    hours    = cfg.report_interval_hours
+    errors   = store.get_recent_errors(hours)
+    fixes    = store.get_recent_fixes(hours)
+    open_prs = store.get_open_prs()
+
+    stats = {
+        "errors":  len(errors),
+        "applied": sum(1 for f in fixes if f["status"] == "applied"),
+        "failed":  sum(1 for f in fixes if f["status"] == "failed"),
+        "skipped": sum(1 for f in fixes if f["status"] == "skipped"),
+    }
+    for pr in open_prs:
+        pr["age"] = _age(pr.get("timestamp", ""))
+
+    html = _HEALTH_TEMPLATE.render(
+        generated_at=datetime.now(timezone.utc).strftime("%Y-%m-%d %H:%M UTC"),
+        hours=hours, stats=stats, open_prs=open_prs,
+    )
+    subject = (
+        f"[Sentinel] Health Digest -- "
+        f"{stats['applied']} fixed, {stats['failed']} failed, "
+        f"{stats['errors']} detected"
+    )
+    _send_email(cfg, subject, html)
+    store.record_report(recipient_count=len(cfg.mails), summary=stats)
+    logger.info("Health digest sent to %d recipient(s)", len(cfg.mails))
+
+
+# ---- Shared helpers ----------------------------------------------------------
+
+def _send_email(cfg: SentinelConfig, subject: str, html: str):
+    msg = MIMEMultipart("alternative")
+    msg["Subject"] = subject
+    msg["From"]    = cfg.smtp_user
+    msg["To"]      = ", ".join(cfg.mails)
+    msg.attach(MIMEText(html, "html"))
+    if cfg.smtp_host.lower() == "ses":
+        _send_ses(cfg, msg)
+    else:
+        _send_smtp(cfg, msg)
+
+
+def _send_smtp(cfg: SentinelConfig, msg: MIMEMultipart):
+    with smtplib.SMTP(cfg.smtp_host, cfg.smtp_port) as smtp:
+        smtp.ehlo()
+        smtp.starttls()
+        smtp.login(cfg.smtp_user, cfg.smtp_password)
+        smtp.sendmail(cfg.smtp_user, cfg.mails, msg.as_string())
+
+
+def _send_ses(cfg: SentinelConfig, msg: MIMEMultipart):
+    _send_smtp(cfg, msg)
+
+
+def _age(ts_str: str) -> str:
+    try:
+        ts = datetime.fromisoformat(ts_str)
+        if ts.tzinfo is None:
+            ts = ts.replace(tzinfo=timezone.utc)
+        delta = datetime.now(timezone.utc) - ts
+        hours = int(delta.total_seconds() // 3600)
+        return f"{int(delta.total_seconds() // 60)}m" if hours < 1 else f"{hours}h"
+    except Exception:
+        return "?"

package/templates/sentinel.properties

@@ -1,31 +1,32 @@
-# Sentinel master config
-
-# Schedule
-POLL_INTERVAL_SECONDS=120
-
-# Email reporting
-SMTP_HOST=smtp.gmail.com
-SMTP_PORT=587
-SMTP_USER=sentinel@yourdomain.com
-SMTP_PASSWORD=<app-password>
-REPORT_RECIPIENTS=huy@yourdomain.com
-REPORT_INTERVAL_HOURS=1
-
-# State DB
-STATE_DB=./sentinel.db
-
-# Workspace
-WORKSPACE_DIR=./workspace
-
-# Claude Code binary path
-CLAUDE_CODE_BIN=claude
-
-# GitHub token (required for opening PRs when AUTO_PUBLISH=false)
-GITHUB_TOKEN=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
-
-# Fix confidence threshold (0.0 - 1.0); fixes below this are skipped
-FIX_CONFIDENCE_THRESHOLD=0.7
-
-# Rolling log retention window — fetched logs older than this are pruned
-# Claude Code reads the full window for context when generating fixes
-LOG_RETENTION_HOURS=48
+# Sentinel master config
+
+# Schedule
+POLL_INTERVAL_SECONDS=120
+
+# Email reporting
+SMTP_HOST=smtp.gmail.com
+SMTP_PORT=587
+SMTP_USER=sentinel@yourdomain.com
+SMTP_PASSWORD=<app-password>
+MAILS=huy@yourdomain.com
+SEND_HEALTH=disabled
+REPORT_INTERVAL_HOURS=1
+
+# State DB
+STATE_DB=./sentinel.db
+
+# Workspace
+WORKSPACE_DIR=./workspace
+
+# Claude Code binary path
+CLAUDE_CODE_BIN=claude
+
+# GitHub token (required for opening PRs when AUTO_PUBLISH=false)
+GITHUB_TOKEN=<github-pat>
+
+# Fix confidence threshold (0.0 - 1.0); fixes below this are skipped
+FIX_CONFIDENCE_THRESHOLD=0.7
+
+# Rolling log retention window — fetched logs older than this are pruned
+# Claude Code reads the full window for context when generating fixes
+LOG_RETENTION_HOURS=48