@misterhuydo/sentinel 1.0.52 → 1.0.54

package/.cairn/.hint-lock

@@ -1 +1 @@
-2026-03-22T10:41:20.633Z
+2026-03-22T12:03:28.852Z

package/.cairn/session.json

@@ -1,6 +1,6 @@
 {
-  "message": "Auto-checkpoint at 2026-03-22T10:44:11.780Z",
-  "checkpoint_at": "2026-03-22T10:44:11.781Z",
+  "message": "Auto-checkpoint at 2026-03-22T11:59:57.164Z",
+  "checkpoint_at": "2026-03-22T11:59:57.165Z",
   "active_files": [],
   "notes": [],
   "mtime_snapshot": {}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.0.52",
+  "version": "1.0.54",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/sentinel/config_loader.py

@@ -60,8 +60,7 @@ class SentinelConfig:
     slack_bot_token: str = ""        # xoxb-...
     slack_app_token: str = ""        # xapp-... (Socket Mode)
     slack_channel: str = ""          # optional: restrict to one channel ID or name
-    slack_watch_channels: list[str] = field(default_factory=list)  # channels to passively monitor for bot errors
-    slack_watch_bot_ids: list[str] = field(default_factory=list)   # optional: only watch these bot IDs
+    slack_watch_bot_ids: list[str] = field(default_factory=list)   # pre-configured bot IDs to watch passively
     project_name: str = ""           # optional: friendly name used by Sentinel Boss (e.g. "1881")
 
 
@@ -155,7 +154,6 @@ class ConfigLoader:
         c.slack_bot_token = d.get("SLACK_BOT_TOKEN", "")
         c.slack_app_token = d.get("SLACK_APP_TOKEN", "")
         c.slack_channel = d.get("SLACK_CHANNEL", "")
-        c.slack_watch_channels = _csv(d.get("SLACK_WATCH_CHANNELS", ""))
         c.slack_watch_bot_ids = _csv(d.get("SLACK_WATCH_BOT_IDS", ""))
         c.project_name = d.get("PROJECT_NAME", "")
         self.sentinel = c

package/python/sentinel/issue_watcher.py

@@ -89,8 +89,16 @@ def scan_issues(project_dir: Path) -> list[IssueEvent]:
     issues_dir = project_dir / "issues"
     issues_dir.mkdir(exist_ok=True)
 
+    def _priority(p: Path) -> tuple:
+        # slack-* (human) first, bot-* (bot) last, everything else in between
+        if p.name.startswith("slack-"):
+            return (0, p.name)
+        if p.name.startswith("bot-"):
+            return (2, p.name)
+        return (1, p.name)
+
     events = []
-    for f in sorted(issues_dir.iterdir()):
+    for f in sorted(issues_dir.iterdir(), key=_priority):
         if not f.is_file() or f.name.startswith("."):
             continue
         if f.suffix.lower() in _BINARY_EXTENSIONS:

package/python/sentinel/sentinel_boss.py

@@ -83,6 +83,22 @@ What you can do (tools available):
                        e.g. "fetch logs", "try fetch_log.sh for SSOLWA", "fetch logs with debug",
                             "grab latest logs from STS", "fetch logs without filter"
 
+15. watch_bot        — Register a Slack bot for passive monitoring. Every message it posts is
+                       auto-queued as an issue in the bot's registered project.
+                       ALWAYS requires a project — infer from context or ask the user first.
+                       e.g. "listen to @alertbot", "watch @bot1 @bot2 for project 1881", "monitor @errorbot"
+
+16. unwatch_bot      — Remove a Slack bot from the passive watch list.
+                       e.g. "stop watching @alertbot", "unwatch @errorbot"
+
+17. list_watched_bots — Show all Slack bots currently being passively monitored and which projects
+                        they are delivering to.
+                        e.g. "which bots are you watching?", "list monitored bots"
+
+18. upgrade_sentinel — Pull the latest Sentinel agent code, update Python deps, and restart the
+                       process. Safe to run at any time — no restart if already up to date.
+                       e.g. "upgrade sentinel", "update sentinel", "upgrade yourself"
+
 When someone asks what you can do, what you support, what your capabilities are, or how you can help,
 reply with a short summary grouped by category:
 
@@ -109,6 +125,14 @@ reply with a short summary grouped by category:
 • `pull_repo` — git pull on managed application repos — "pull latest code"
 • `pull_config` — git pull on Sentinel config dirs — "pull config for elprint"
 
+*Slack bot watching*
+• `watch_bot` — register a Slack bot for passive monitoring; its messages are auto-queued as issues — "listen to @alertbot"
+• `unwatch_bot` — stop monitoring a bot — "stop watching @errorbot"
+• `list_watched_bots` — show all bots currently being monitored — "which bots are you watching?"
+
+*Self-management*
+• `upgrade_sentinel` — git pull + pip install + restart — "upgrade sentinel", "update yourself"
+
 Tone: direct, professional, like a senior engineer who owns the system.
 Don't pad responses. Don't say "Great question!" or "Certainly!".
 If you don't know something, use a tool to find out before saying you don't know.
@@ -338,6 +362,71 @@ _TOOLS = [
             },
         },
     },
+    {
+        "name": "watch_bot",
+        "description": (
+            "Tell Sentinel to passively monitor a Slack bot — queuing its messages as issues. "
+            "Extract all <@UXXXXXX> user IDs from the message and pass them here. "
+            "Sentinel verifies each is actually a bot (not a human) before adding to the watch list. "
+            "IMPORTANT: a bot watcher is only useful if its issues can be delivered to a project. "
+            "Try to infer the project from context (bot name, prior messages, available projects). "
+            "If it cannot be determined, do NOT call this tool — instead ask the user which project "
+            "the bot's alerts belong to, then call this tool with the project filled in. "
+            "Use for: 'listen to @alertbot', 'watch @bot1 @bot2', 'monitor @errorbot'."
+        ),
+        "input_schema": {
+            "type": "object",
+            "properties": {
+                "user_ids": {
+                    "type": "array",
+                    "items": {"type": "string"},
+                    "description": "Slack user IDs to watch — extract from <@UXXXXXX> patterns in the message",
+                },
+                "project": {
+                    "type": "string",
+                    "description": "Project short name this bot's issues should be routed to (e.g. '1881', 'elprint'). Infer from context or ask user before calling.",
+                },
+            },
+            "required": ["user_ids"],
+        },
+    },
+    {
+        "name": "unwatch_bot",
+        "description": (
+            "Stop Sentinel from monitoring a Slack bot. "
+            "Use for: 'stop watching @alertbot', 'unwatch @bot', 'remove @errorbot from watchers'."
+        ),
+        "input_schema": {
+            "type": "object",
+            "properties": {
+                "user_ids": {
+                    "type": "array",
+                    "items": {"type": "string"},
+                    "description": "Slack user IDs to remove from the watch list",
+                },
+            },
+            "required": ["user_ids"],
+        },
+    },
+    {
+        "name": "list_watched_bots",
+        "description": (
+            "List all Slack bots Sentinel is currently monitoring passively. "
+            "Use for: 'who are you watching?', 'which bots are you monitoring?', 'list watched bots'."
+        ),
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    {
+        "name": "upgrade_sentinel",
+        "description": (
+            "Upgrade the Sentinel agent itself: git pull the latest code, update Python deps, "
+            "then restart the process. Safe to call at any time — if already up to date, "
+            "no restart is triggered. "
+            "Use for: 'upgrade sentinel', 'update sentinel', 'upgrade yourself', "
+            "'pull latest sentinel code', 'restart sentinel after upgrade'."
+        ),
+        "input_schema": {"type": "object", "properties": {}},
+    },
 ]
 
 
@@ -404,7 +493,7 @@ def _git_pull(path: Path) -> dict:
 
 # ── Tool execution ────────────────────────────────────────────────────────────
 
-def _run_tool(name: str, inputs: dict, cfg_loader, store) -> str:
+async def _run_tool(name: str, inputs: dict, cfg_loader, store, slack_client=None) -> str:
     if name == "get_status":
         hours = int(inputs.get("hours", 24))
         errors = store.get_recent_errors(hours)
@@ -700,6 +789,156 @@ def _run_tool(name: str, inputs: dict, cfg_loader, store) -> str:
 
         return json.dumps({"fetched": len(results), "results": results})
 
+    if name == "watch_bot":
+        user_ids    = inputs.get("user_ids", [])
+        project_arg = inputs.get("project", "").strip()
+        if not user_ids:
+            return json.dumps({"error": "No user_ids provided"})
+
+        # Resolve + validate project — required for bot issue routing
+        resolved_project = ""
+        if project_arg:
+            project_dirs = _find_project_dirs(project_arg)
+            if not project_dirs:
+                all_names = [_read_project_name(d) for d in _find_project_dirs()]
+                return json.dumps({
+                    "error": f"No project found matching '{project_arg}'",
+                    "available_projects": all_names,
+                    "action_needed": "Ask the user which project these bot alerts belong to.",
+                })
+            if len(project_dirs) > 1:
+                matches = [_read_project_name(d) for d in project_dirs]
+                return json.dumps({
+                    "error": f"Ambiguous project name '{project_arg}' — matches: {matches}",
+                    "action_needed": "Ask the user to clarify which project.",
+                })
+            resolved_project = _read_project_name(project_dirs[0])
+        else:
+            all_projects = _find_project_dirs()
+            if len(all_projects) == 1:
+                # Single project in workspace — auto-assign
+                resolved_project = _read_project_name(all_projects[0])
+            elif all_projects:
+                all_names = [_read_project_name(d) for d in all_projects]
+                return json.dumps({
+                    "error": "Cannot determine which project these bot alerts belong to.",
+                    "available_projects": all_names,
+                    "action_needed": "Ask the user to specify the project, then retry with project filled in.",
+                })
+
+        results = []
+        for uid in user_ids:
+            if not slack_client:
+                results.append({"user_id": uid, "status": "error", "reason": "no Slack client available"})
+                continue
+            try:
+                info = await slack_client.users_info(user=uid)
+                user = info.get("user", {})
+                if not user.get("is_bot", False):
+                    results.append({"user_id": uid, "status": "skipped", "reason": "not a bot — only bots can be watched passively"})
+                    continue
+                bot_name = user.get("real_name") or user.get("name") or uid
+                store.add_watched_bot(uid, bot_name, added_by="boss", project_name=resolved_project)
+                logger.info("Boss: now watching bot %s (%s) → project '%s'", bot_name, uid, resolved_project or "unset")
+                results.append({"user_id": uid, "bot_name": bot_name, "project": resolved_project, "status": "watching"})
+            except Exception as e:
+                results.append({"user_id": uid, "status": "error", "reason": str(e)})
+        return json.dumps({"results": results})
+
+    if name == "unwatch_bot":
+        user_ids = inputs.get("user_ids", [])
+        if not user_ids:
+            return json.dumps({"error": "No user_ids provided"})
+        results = []
+        for uid in user_ids:
+            removed = store.remove_watched_bot(uid)
+            logger.info("Boss: unwatch bot %s → %s", uid, "removed" if removed else "not found")
+            results.append({"user_id": uid, "status": "removed" if removed else "not found"})
+        return json.dumps({"results": results})
+
+    if name == "list_watched_bots":
+        bots = store.get_watched_bots()
+        return json.dumps({
+            "count": len(bots),
+            "bots": [
+                {
+                    "bot_id":   b["bot_id"],
+                    "bot_name": b["bot_name"],
+                    "project":  b.get("project_name") or "",
+                    "added_by": b["added_by"],
+                    "added_at": b["added_at"],
+                }
+                for b in bots
+            ],
+        })
+
+    if name == "upgrade_sentinel":
+        import threading
+        import signal as _sig
+
+        code_dir    = Path(__file__).resolve().parent.parent  # sentinel repo root
+        project_dir = Path(".").resolve()
+        steps: list[dict] = []
+
+        # Step 1: git pull the sentinel agent code
+        pull = _git_pull(code_dir)
+        steps.append({"step": "git_pull", **pull})
+        already_latest = "already up to date" in pull.get("detail", "").lower()
+
+        if pull["status"] == "error":
+            return json.dumps({"status": "error", "steps": steps,
+                                "note": "git pull failed — check network / SSH key"})
+
+        # Step 2: pip install (update Python deps)
+        venv_pip = code_dir / ".venv" / "bin" / "pip"
+        pip_cmd  = str(venv_pip) if venv_pip.exists() else "pip3"
+        req_file = code_dir / "requirements.txt"
+        if req_file.exists():
+            try:
+                r = subprocess.run(
+                    [pip_cmd, "install", "-q", "-r", str(req_file)],
+                    capture_output=True, text=True, timeout=120,
+                )
+                steps.append({
+                    "step":   "pip_install",
+                    "status": "ok" if r.returncode == 0 else "warn",
+                    "detail": (r.stderr or "").strip()[:200],
+                })
+            except Exception as e:
+                steps.append({"step": "pip_install", "status": "warn", "detail": str(e)})
+
+        if already_latest:
+            return json.dumps({
+                "status": "already_latest",
+                "steps":  steps,
+                "note":   "Sentinel is already up to date. No restart needed.",
+            })
+
+        # Step 3: restart — schedule after response is sent
+        stop_sh  = project_dir / "stop.sh"
+        start_sh = project_dir / "start.sh"
+        if stop_sh.exists() and start_sh.exists():
+            def _restart_scripts():
+                import time; time.sleep(2)
+                subprocess.Popen(
+                    f"bash {stop_sh} && sleep 2 && bash {start_sh}",
+                    shell=True,
+                )
+            threading.Thread(target=_restart_scripts, daemon=True).start()
+            restart_method = "stop.sh + start.sh"
+        else:
+            # SIGTERM self — systemd (Restart=always) will bring it back up
+            threading.Timer(2.0, lambda: os.kill(os.getpid(), _sig.SIGTERM)).start()
+            restart_method = "SIGTERM → systemd restart"
+
+        steps.append({"step": "restart", "status": "scheduled", "method": restart_method})
+        logger.info("Boss: upgrade_sentinel complete, restarting via %s", restart_method)
+        return json.dumps({
+            "status": "ok",
+            "steps":  steps,
+            "note":   "Upgrade complete. Sentinel is restarting — give it a few seconds then I'll be back.",
+        })
+
     return json.dumps({"error": f"unknown tool: {name}"})
 
 
@@ -713,10 +952,11 @@ async def _handle_with_cli(
     history: list,
     cfg_loader,
     store,
+    slack_client=None,
 ) -> tuple[str, bool]:
     """Fallback: use `claude --print` for users without an Anthropic API key."""
-    status_json = _run_tool("get_status", {"hours": 24}, cfg_loader, store)
-    prs_json    = _run_tool("list_pending_prs", {}, cfg_loader, store)
+    status_json = await _run_tool("get_status", {"hours": 24}, cfg_loader, store)
+    prs_json    = await _run_tool("list_pending_prs", {}, cfg_loader, store)
 
     # Pre-fetch log search if the message is a search request.
     # Use quoted strings as the query, or fall back to the full message.
@@ -726,7 +966,7 @@ async def _handle_with_cli(
     if any(kw in message.lower() for kw in _search_kws):
         quoted = re.findall(r'"([^"]+)"', message)
         query  = quoted[0] if quoted else message
-        search_json = _run_tool("search_logs", {"query": query}, cfg_loader, store)
+        search_json = await _run_tool("search_logs", {"query": query}, cfg_loader, store)
 
     paused = Path("SENTINEL_PAUSE").exists()
     repos  = list(cfg_loader.repos.keys())
@@ -784,7 +1024,7 @@ async def _handle_with_cli(
             action = json.loads(m.group(1))
             name   = action.pop("action", "")
             if name:
-                result_str = _run_tool(name, action, cfg_loader, store)
+                result_str = await _run_tool(name, action, cfg_loader, store)
                 logger.info("Boss CLI action: %s → %s", name, result_str[:80])
         except Exception as e:
             logger.warning("Boss action parse error: %s", e)
@@ -805,6 +1045,7 @@ async def handle_message(
     history: list,
     cfg_loader,
     store,
+    slack_client=None,
 ) -> tuple[str, bool]:
     """
     Process one user message through the Sentinel Boss (Claude with tool use).
@@ -830,7 +1071,7 @@ async def handle_message(
 
     api_key = cfg_loader.sentinel.anthropic_api_key or os.environ.get("ANTHROPIC_API_KEY", "")
     if not api_key:
-        return await _handle_with_cli(message, history, cfg_loader, store)
+        return await _handle_with_cli(message, history, cfg_loader, store, slack_client=slack_client)
 
     client = anthropic.Anthropic(api_key=api_key)
 
@@ -880,7 +1121,7 @@ async def handle_message(
         messages.append({"role": "assistant", "content": response.content})
         tool_results = []
         for tc in tool_blocks:
-            result = _run_tool(tc.name, tc.input, cfg_loader, store)
+            result = await _run_tool(tc.name, tc.input, cfg_loader, store, slack_client=slack_client)
             logger.info("Boss tool: %s(%s) → %s", tc.name, tc.input, result[:120])
             tool_results.append({
                 "type":        "tool_result",

package/python/sentinel/slack_bot.py

@@ -164,38 +164,11 @@ async def run_slack_bot(cfg_loader, store) -> None:
         if _allowed(event.get("channel", "")):
             await _dispatch(event, client, cfg_loader, store)
 
-    # ── Watch-channel resolver ────────────────────────────────────────────────
-    # Lazily resolves SLACK_WATCH_CHANNELS names → IDs on first message event
-    _watch_ids: set[str] = set()
-    _watch_resolved = [False]  # mutable cell (closure-friendly)
-
-    async def _resolve_watch_channels(client):
-        if _watch_resolved[0]:
-            return
-        _watch_resolved[0] = True
-        if not cfg.slack_watch_channels:
-            return
-        try:
-            resp = await client.conversations_list(
-                types="public_channel,private_channel", limit=1000
-            )
-            name_to_id = {ch["name"]: ch["id"] for ch in (resp.get("channels") or [])}
-        except Exception as e:
-            logger.warning("Could not list channels for watch resolution: %s", e)
-            name_to_id = {}
-        for raw in cfg.slack_watch_channels:
-            raw = raw.lstrip("#")
-            if raw.upper().startswith("C") and len(raw) >= 9:
-                _watch_ids.add(raw.upper())
-                logger.info("Sentinel watching channel (ID): %s", raw.upper())
-            elif raw in name_to_id:
-                _watch_ids.add(name_to_id[raw])
-                logger.info("Sentinel watching channel: #%s → %s", raw, name_to_id[raw])
-            else:
-                logger.warning("Watch channel '%s' not found — skipping", raw)
-
-    def _is_watch_channel(channel: str) -> bool:
-        return bool(_watch_ids) and channel in _watch_ids
+    # ── Passive bot watcher — seed DB from config on startup ─────────────────
+    for bot_id_cfg in cfg.slack_watch_bot_ids:
+        if bot_id_cfg and not store.is_watched_bot(bot_id_cfg):
+            store.add_watched_bot(bot_id_cfg, bot_id_cfg, added_by="config")
+            logger.info("Seeded watched bot from config: %s", bot_id_cfg)
 
     @app.event("message")
     async def on_message(event, client):
@@ -204,76 +177,80 @@ async def run_slack_bot(cfg_loader, store) -> None:
             await _dispatch(event, client, cfg_loader, store)
             return
 
-        # Passive bot watcher — bot messages in watched channels
-        if event.get("bot_id") and event.get("channel"):
-            if not _watch_resolved[0]:
-                await _resolve_watch_channels(client)
-            if _is_watch_channel(event["channel"]):
-                await _handle_bot_message(event, client, cfg_loader, store)
+        # Passive bot watcher — bot messages from DB-registered bots
+        bot_id = event.get("bot_id", "")
+        if bot_id and event.get("channel") and store.is_watched_bot(bot_id):
+            await _handle_bot_message(event, client, cfg_loader, store)
 
     # ── Start ─────────────────────────────────────────────────────────────────
 
     handler = AsyncSocketModeHandler(app, cfg.slack_app_token)
     logger.info("Sentinel Boss connected to Slack (Socket Mode)")
-    if cfg.slack_watch_channels:
-        logger.info("Sentinel will passively watch for bot errors in: %s", cfg.slack_watch_channels)
+    watched = store.get_watched_bots()
+    if watched:
+        logger.info("Sentinel passively watching %d bot(s): %s",
+                    len(watched), [b["bot_name"] for b in watched])
     await handler.start_async()
 
 
 # ── Bot-message watcher ───────────────────────────────────────────────────────
 
-import re as _re
 import uuid as _uuid
 from pathlib import Path as _Path
 
-# Patterns that indicate an error report worth queuing
-_ERROR_RE = _re.compile(
-    r"(?:exception|error|failed|failure|fatal|traceback|stacktrace"
-    r"|null\s*pointer|out\s*of\s*memory|stack\s*overflow"
-    r"|5\d\d\b.*(?:error|failed)"  # HTTP 5xx
-    r"|WARN|ERROR|FATAL|CRITICAL)",
-    _re.IGNORECASE,
-)
-
-
-def _looks_like_error(text: str) -> bool:
-    """Return True if the bot message appears to be an error report."""
-    return bool(_ERROR_RE.search(text))
-
 
 async def _handle_bot_message(event: dict, client, cfg_loader, store) -> None:
     """
-    Called when a bot posts in a watched channel.
-    If the message looks like an error, auto-queue it as a Sentinel issue.
+    Called when a watched bot posts a message.
+    Queues the message as an issue in the bot's registered project directory.
+    All messages from watched bots are queued — no error pre-filtering.
     """
-    cfg     = cfg_loader.sentinel
     bot_id  = event.get("bot_id", "")
     channel = event.get("channel", "")
     ts      = event.get("ts", "")
 
-    # Optional bot-ID filter: skip bots not on the allow-list
-    if cfg.slack_watch_bot_ids and bot_id not in cfg.slack_watch_bot_ids:
+    # Avoid duplicate issues
+    dedup_key = f"slack-watch:{channel}:{ts}"
+    if store.is_seen_dedup(dedup_key):
         return
+    store.mark_seen_dedup(dedup_key)
 
     # Flatten text (handle block-kit attachments too)
     text = event.get("text", "")
     for att in event.get("attachments", []):
         text += "\n" + att.get("text", "") + "\n" + att.get("fallback", "")
     text = text.strip()
-
-    if not text or not _looks_like_error(text):
+    if not text:
         return
 
-    # Avoid duplicate issues — skip if we've seen this exact ts from this bot
-    dedup_key = f"slack-watch:{channel}:{ts}"
-    if store.is_seen_dedup(dedup_key):
-        return
-    store.mark_seen_dedup(dedup_key)
+    # Find the project this bot is registered to
+    bots = store.get_watched_bots()
+    bot_info = next((b for b in bots if b["bot_id"] == bot_id), None)
+    project_name = (bot_info or {}).get("project_name") or ""
+
+    # Resolve the project issues directory
+    workspace = _Path(cfg_loader.sentinel.workspace_dir).parent
+    if project_name:
+        # workspace_dir is <sentinel_root>/workspace, project dirs are siblings
+        project_dirs = [
+            d for d in workspace.iterdir()
+            if d.is_dir() and d.name != "workspace"
+            and (d / "config" / "sentinel.properties").exists()
+        ]
+        matched = next(
+            (d for d in project_dirs
+             if d.name == project_name or
+             _read_project_name_from_dir(d) == project_name),
+            None,
+        )
+        issues_dir = (matched / "issues") if matched else (_Path(".") / "issues")
+    else:
+        issues_dir = _Path(".") / "issues"
+
+    issues_dir.mkdir(parents=True, exist_ok=True)
 
-    # Write the issue file so Sentinel picks it up on the next poll
-    issues_dir = _Path("issues")
-    issues_dir.mkdir(exist_ok=True)
-    fname = f"slack-watch-{_uuid.uuid4().hex[:8]}.txt"
+    uid = _uuid.uuid4().hex[:8]
+    fname = f"bot-{project_name or 'unknown'}-{uid}.txt"
     content = (
         f"SOURCE: Slack bot {bot_id} in channel {channel}\n"
         f"SLACK_TS: {ts}\n\n"
@@ -281,7 +258,7 @@ async def _handle_bot_message(event: dict, client, cfg_loader, store) -> None:
     )
     (issues_dir / fname).write_text(content, encoding="utf-8")
     _Path("SENTINEL_POLL_NOW").touch()
-    logger.info("Bot watcher queued issue from %s: %s", bot_id, fname)
+    logger.info("Bot watcher queued issue from %s → %s/%s", bot_id, issues_dir, fname)
 
     # React with 👀 so the team knows Sentinel noticed it
     if ts:
@@ -291,6 +268,21 @@ async def _handle_bot_message(event: dict, client, cfg_loader, store) -> None:
             pass  # reactions:write scope may not be granted — non-fatal
 
 
+def _read_project_name_from_dir(project_dir: _Path) -> str:
+    """Read PROJECT_NAME from a project's sentinel.properties, or return dir name."""
+    props = project_dir / "config" / "sentinel.properties"
+    if not props.exists():
+        return project_dir.name
+    try:
+        for line in props.read_text(encoding="utf-8").splitlines():
+            line = line.strip()
+            if line.upper().startswith("PROJECT_NAME="):
+                return line.split("=", 1)[1].partition("#")[0].strip()
+    except OSError:
+        pass
+    return project_dir.name
+
+
 # ── Dispatcher ────────────────────────────────────────────────────────────────
 
 async def _dispatch(event: dict, client, cfg_loader, store) -> None:
@@ -328,7 +320,8 @@ async def _run_turn(session: _Session, message: str, client, cfg_loader, store)
 
     try:
         reply, is_done = await handle_message(
-            message, session.history, cfg_loader, store
+            message, session.history, cfg_loader, store,
+            slack_client=client,
         )
     except Exception as e:
         logger.exception("Sentinel Boss error: %s", e)

package/python/sentinel/state_store.py

@@ -74,10 +74,11 @@ class StateStore:
     def _migrate(self):
         """Add new columns to existing DBs without breaking old installs."""
         migrations = [
-            ("add_sentinel_marker",  "ALTER TABLE fixes ADD COLUMN sentinel_marker TEXT"),
-            ("add_confirmed_at",     "ALTER TABLE fixes ADD COLUMN confirmed_at TEXT"),
-            ("add_fix_outcome",      "ALTER TABLE fixes ADD COLUMN fix_outcome TEXT"),
-            ("add_marker_seen_at",   "ALTER TABLE fixes ADD COLUMN marker_seen_at TEXT"),
+            ("add_sentinel_marker",       "ALTER TABLE fixes ADD COLUMN sentinel_marker TEXT"),
+            ("add_confirmed_at",          "ALTER TABLE fixes ADD COLUMN confirmed_at TEXT"),
+            ("add_fix_outcome",           "ALTER TABLE fixes ADD COLUMN fix_outcome TEXT"),
+            ("add_marker_seen_at",        "ALTER TABLE fixes ADD COLUMN marker_seen_at TEXT"),
+            ("add_watched_bots_project",  "ALTER TABLE watched_bots ADD COLUMN project_name TEXT"),
         ]
         with self._conn() as conn:
             done = {r[0] for r in conn.execute("SELECT name FROM _sentinel_migrations").fetchall()}
@@ -299,3 +300,42 @@ class StateStore:
                 "INSERT OR IGNORE INTO dedup (key, seen_at) VALUES (?, ?)",
                 (key, _now()),
             )
+
+    # ── Watched bots (Slack passive monitor) ─────────────────────────────────
+
+    def _ensure_watched_bots_table(self, conn):
+        conn.execute(
+            "CREATE TABLE IF NOT EXISTS watched_bots "
+            "(bot_id TEXT PRIMARY KEY, bot_name TEXT, added_by TEXT, added_at TEXT)"
+        )
+
+    def add_watched_bot(self, bot_id: str, bot_name: str, added_by: str = "config", project_name: str = ""):
+        with self._conn() as conn:
+            self._ensure_watched_bots_table(conn)
+            conn.execute(
+                "INSERT OR REPLACE INTO watched_bots (bot_id, bot_name, added_by, added_at, project_name) "
+                "VALUES (?, ?, ?, ?, ?)",
+                (bot_id, bot_name, added_by, _now(), project_name or None),
+            )
+
+    def remove_watched_bot(self, bot_id: str) -> bool:
+        """Returns True if a row was deleted."""
+        with self._conn() as conn:
+            self._ensure_watched_bots_table(conn)
+            cur = conn.execute("DELETE FROM watched_bots WHERE bot_id = ?", (bot_id,))
+            return cur.rowcount > 0
+
+    def is_watched_bot(self, bot_id: str) -> bool:
+        with self._conn() as conn:
+            self._ensure_watched_bots_table(conn)
+            return conn.execute(
+                "SELECT 1 FROM watched_bots WHERE bot_id = ?", (bot_id,)
+            ).fetchone() is not None
+
+    def get_watched_bots(self) -> list[dict]:
+        with self._conn() as conn:
+            self._ensure_watched_bots_table(conn)
+            rows = conn.execute(
+                "SELECT * FROM watched_bots ORDER BY added_at"
+            ).fetchall()
+            return [dict(r) for r in rows]

package/templates/sentinel.properties

@@ -36,12 +36,9 @@ WORKSPACE_DIR=./workspace
 # Note: requires conversations:read scope on the Slack App if using channel name
 # SLACK_CHANNEL=devops-sentinel
 
-# Passive bot watcher (optional) — Sentinel silently monitors these channels for error
-# reports from other bots (e.g. an app alerting bot on a secured server you can't SSH into).
-# When it detects an error message it auto-queues an issue — no @Sentinel mention needed.
-# It reacts with 👀 so the team sees Sentinel noticed it.
-# Comma-separated list of channel names or IDs.
-# SLACK_WATCH_CHANNELS=alerts-1881, errors-prod
-# Optional: only watch messages from specific bot IDs (comma-separated Slack bot IDs).
-# Omit to watch all bots in the channel.
+# Passive bot watcher — seed the watch list on startup with known bot IDs.
+# Sentinel will passively queue every message from these bots as issues (no @mention needed).
+# You can also add bots at runtime: "@Sentinel listen to @alertbot for project 1881"
+# Use "@Sentinel list watched bots" to see the current list.
+# Comma-separated list of Slack bot IDs (starts with B, not U).
 # SLACK_WATCH_BOT_IDS=B12345678, B87654321