@misterhuydo/sentinel 1.0.54 → 1.0.55

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/.cairn/session.json +2 -2
  2. package/package.json +1 -1
  3. package/python/sentinel/config_loader.py +2 -0
  4. package/python/sentinel/slack_bot.py +6 -0
  5. package/templates/sentinel.properties +6 -0
package/.cairn/session.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
- "message": "Auto-checkpoint at 2026-03-22T11:59:57.164Z",
3
- "checkpoint_at": "2026-03-22T11:59:57.165Z",
2
+ "message": "Auto-checkpoint at 2026-03-22T12:06:59.426Z",
3
+ "checkpoint_at": "2026-03-22T12:06:59.427Z",
4
4
  "active_files": [],
5
5
  "notes": [],
6
6
  "mtime_snapshot": {}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@misterhuydo/sentinel",
3
- "version": "1.0.54",
3
+ "version": "1.0.55",
4
4
  "description": "Sentinel — Autonomous DevOps Agent installer and manager",
5
5
  "bin": {
6
6
  "sentinel": "./bin/sentinel.js"
package/python/sentinel/config_loader.py CHANGED
@@ -61,6 +61,7 @@ class SentinelConfig:
61
61
  slack_app_token: str = "" # xapp-... (Socket Mode)
62
62
  slack_channel: str = "" # optional: restrict to one channel ID or name
63
63
  slack_watch_bot_ids: list[str] = field(default_factory=list) # pre-configured bot IDs to watch passively
64
+ slack_allowed_users: list[str] = field(default_factory=list) # if set, only these Slack user IDs can talk to Boss
64
65
  project_name: str = "" # optional: friendly name used by Sentinel Boss (e.g. "1881")
65
66
 
66
67
 
@@ -155,6 +156,7 @@ class ConfigLoader:
155
156
  c.slack_app_token = d.get("SLACK_APP_TOKEN", "")
156
157
  c.slack_channel = d.get("SLACK_CHANNEL", "")
157
158
  c.slack_watch_bot_ids = _csv(d.get("SLACK_WATCH_BOT_IDS", ""))
159
+ c.slack_allowed_users = _csv(d.get("SLACK_ALLOWED_USERS", ""))
158
160
  c.project_name = d.get("PROJECT_NAME", "")
159
161
  self.sentinel = c
160
162
 
package/python/sentinel/slack_bot.py CHANGED
@@ -293,6 +293,12 @@ async def _dispatch(event: dict, client, cfg_loader, store) -> None:
293
293
  if not text:
294
294
  return
295
295
 
296
+ # Allowlist check — if SLACK_ALLOWED_USERS is configured, silently ignore everyone else
297
+ allowed = cfg_loader.sentinel.slack_allowed_users
298
+ if allowed and user_id not in allowed:
299
+ logger.warning("Boss: ignoring message from unauthorised user %s", user_id)
300
+ return
301
+
296
302
  user_name = await _resolve_name(client, user_id)
297
303
 
298
304
  status, pos, session = await _queue.try_activate(user_id, user_name, channel)
package/templates/sentinel.properties CHANGED
@@ -36,6 +36,12 @@ WORKSPACE_DIR=./workspace
36
36
  # Note: requires conversations:read scope on the Slack App if using channel name
37
37
  # SLACK_CHANNEL=devops-sentinel
38
38
 
39
+ # Allowlist of Slack user IDs permitted to give Sentinel Boss commands (RECOMMENDED).
40
+ # If set, all other users are silently ignored — even in the configured channel.
41
+ # Find a user ID in Slack: click their profile → ⋯ More → Copy member ID (starts with U).
42
+ # Comma-separated. Leave unset to allow anyone who can reach the bot (less secure).
43
+ # SLACK_ALLOWED_USERS=U01AB2CD3EF, U09GH8IJ7KL
44
+
39
45
  # Passive bot watcher — seed the watch list on startup with known bot IDs.
40
46
  # Sentinel will passively queue every message from these bots as issues (no @mention needed).
41
47
  # You can also add bots at runtime: "@Sentinel listen to @alertbot for project 1881"