@misterhuydo/sentinel 1.0.66 → 1.0.67

package/.cairn/session.json

@@ -1,6 +1,6 @@
 {
-  "message": "Auto-checkpoint at 2026-03-22T16:04:55.232Z",
-  "checkpoint_at": "2026-03-22T16:04:55.233Z",
+  "message": "Auto-checkpoint at 2026-03-22T16:08:22.876Z",
+  "checkpoint_at": "2026-03-22T16:08:22.877Z",
   "active_files": [],
   "notes": [],
   "mtime_snapshot": {}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.0.66",
+  "version": "1.0.67",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/sentinel/sentinel_boss.py

@@ -100,6 +100,18 @@ What you can do (tools available):
                        process. Safe to run at any time — no restart if already up to date.
                        e.g. "upgrade sentinel", "update sentinel", "upgrade yourself"
 
+19. query_codebase   — Use Cairn MCP (via Claude Code) to analyse a managed repo. Operations:
+                       describe=summarize architecture & purpose, search=find by concept/symbol,
+                       outline=full structure + issue detection, security=vulnerability scan.
+                       e.g. "summarize the 1881 repo", "find PIN validation in elprint",
+                            "what does the cairn backend do?", "scan elprint for security issues"
+
+20. restart_project  — Stop and restart a specific project instance (stop.sh + start.sh).
+                       e.g. "restart 1881", "reboot elprint", "restart the cairn project"
+
+21. tail_log         — Fetch the last N lines of a log source live, without a grep filter.
+                       e.g. "show recent SSOLWA logs", "tail STS", "last 200 lines from 1881 logs"
+
 When someone asks what you can do, what you support, what your capabilities are, or how you can help,
 reply with a short summary grouped by category:
 
@@ -111,6 +123,13 @@ reply with a short summary grouped by category:
 *Log management*
 • `fetch_logs` — pull fresh logs from servers right now — "fetch logs for SSOLWA"
 • `search_logs` — live SSH grep on production servers — "search logs for illegal PIN in 1881"
+• `tail_log` — last N lines of a log source, no filter — "show recent SSOLWA logs"
+
+*Codebase intelligence (Cairn MCP)*
+• `query_codebase describe` — summarize what a repo does — "what does the 1881 backend do?"
+• `query_codebase search` — find classes/functions by concept — "find PIN validation in elprint"
+• `query_codebase outline` — full structure + issue detection — "outline the cairn repo"
+• `query_codebase security` — vulnerability scan — "scan elprint for security issues"
 
 *Fix management*
 • `get_fix_details` — full details of a specific fix — "show fix abc123"
@@ -131,6 +150,9 @@ reply with a short summary grouped by category:
 • `unwatch_bot` — stop monitoring a bot — "stop watching @errorbot"
 • `list_watched_bots` — show all bots currently being monitored — "which bots are you watching?"
 
+*Project control*
+• `restart_project` — stop + restart a specific project — "restart 1881"
+
 *Self-management*
 • `upgrade_sentinel` — git pull + pip install + restart — "upgrade sentinel", "update yourself"
 
@@ -433,6 +455,80 @@ _TOOLS = [
         ),
         "input_schema": {"type": "object", "properties": {}},
     },
+    {
+        "name": "query_codebase",
+        "description": (
+            "Use Cairn MCP (via Claude Code) to deeply understand a managed repo's codebase. "
+            "Operations: 'describe' — summarize what the repo does (architecture, key classes); "
+            "'search' — find classes/functions/components by name or concept; "
+            "'outline' — full structural overview + heuristic issue detection; "
+            "'security' — scan for XSS, SQLi, hardcoded secrets, weak crypto. "
+            "Use for: 'what does the 1881 backend do?', 'find the PIN validation code in elprint', "
+            "'summarize the cairn repo', 'scan elprint-sales for security issues', "
+            "'what classes handle auth in 1881?'"
+        ),
+        "input_schema": {
+            "type": "object",
+            "properties": {
+                "repo": {
+                    "type": "string",
+                    "description": "Repo name (partial match, e.g. '1881', 'elprint-sales')",
+                },
+                "operation": {
+                    "type": "string",
+                    "enum": ["describe", "search", "outline", "security"],
+                    "description": "describe=summarize, search=find by concept, outline=structure+issues, security=vuln scan",
+                    "default": "describe",
+                },
+                "query": {
+                    "type": "string",
+                    "description": "For 'search': the concept or symbol to look for (e.g. 'PIN validation', 'AuthService')",
+                },
+            },
+            "required": ["repo"],
+        },
+    },
+    {
+        "name": "restart_project",
+        "description": (
+            "Stop and restart a specific Sentinel project instance (runs stop.sh then start.sh). "
+            "Use when: 'restart 1881', 'restart elprint', 'reboot the cairn project'. "
+            "Safer than restarting all projects at once."
+        ),
+        "input_schema": {
+            "type": "object",
+            "properties": {
+                "project": {
+                    "type": "string",
+                    "description": "Project short name or dir name (e.g. '1881', 'elprint')",
+                },
+            },
+            "required": ["project"],
+        },
+    },
+    {
+        "name": "tail_log",
+        "description": (
+            "Fetch the last N lines of a log source's live production logs without any grep filter. "
+            "Use when: 'show me recent SSOLWA logs', 'tail STS', 'what's happening in 1881 logs right now', "
+            "'show last 100 lines from SSOLWA'. Different from search_logs — no pattern required."
+        ),
+        "input_schema": {
+            "type": "object",
+            "properties": {
+                "source": {
+                    "type": "string",
+                    "description": "Log source name (partial match against log-config filenames, e.g. 'SSOLWA', 'STS')",
+                },
+                "lines": {
+                    "type": "integer",
+                    "description": "Number of recent lines to fetch (default 100)",
+                    "default": 100,
+                },
+            },
+            "required": ["source"],
+        },
+    },
 ]
 
 
@@ -949,6 +1045,145 @@ async def _run_tool(name: str, inputs: dict, cfg_loader, store, slack_client=Non
             "note":   "Upgrade started — pulling latest version via npm and restarting. Give me ~30 seconds then I'll be back.",
         })
 
+    if name == "query_codebase":
+        repo_name = inputs.get("repo", "").lower()
+        operation = inputs.get("operation", "describe")
+        query     = inputs.get("query", "")
+
+        # Match repo by name
+        repo_cfg = next(
+            (r for rn, r in cfg_loader.repos.items() if repo_name in rn.lower()),
+            None,
+        )
+        if not repo_cfg:
+            available = list(cfg_loader.repos.keys())
+            return json.dumps({"error": f"Repo '{repo_name}' not found", "available": available})
+
+        local_path = Path(repo_cfg.local_path)
+        if not local_path.exists():
+            return json.dumps({"error": f"Repo not cloned yet at {local_path}. Run pull_repo first."})
+
+        # Build a targeted prompt for Claude Code + Cairn MCP
+        if operation == "describe":
+            prompt = (
+                f"You are analysing the codebase at: {local_path}\n"
+                f"Use the cairn_describe MCP tool to summarise what this project does — "
+                f"its purpose, main architecture, key classes/services, and tech stack. "
+                f"Be concise but informative. Output plain text only."
+            )
+        elif operation == "search":
+            if not query:
+                return json.dumps({"error": "query is required for operation=search"})
+            prompt = (
+                f"You are analysing the codebase at: {local_path}\n"
+                f"Use the cairn_search MCP tool to find '{query}'. "
+                f"List matching classes, functions, files, and a brief description of each. "
+                f"Output plain text only."
+            )
+        elif operation == "outline":
+            prompt = (
+                f"You are analysing the codebase at: {local_path}\n"
+                f"Use the cairn_outline MCP tool to give a full structural overview. "
+                f"Include key modules, packages, detected issues (god classes, gaps, etc.). "
+                f"Output plain text only."
+            )
+        elif operation == "security":
+            prompt = (
+                f"You are analysing the codebase at: {local_path}\n"
+                f"Use the cairn_security MCP tool to scan for vulnerabilities. "
+                f"List findings grouped by severity. Output plain text only."
+            )
+        else:
+            return json.dumps({"error": f"Unknown operation '{operation}'"})
+
+        cfg     = cfg_loader.sentinel
+        env     = os.environ.copy()
+        if cfg.anthropic_api_key:
+            env["ANTHROPIC_API_KEY"] = cfg.anthropic_api_key
+
+        try:
+            r = subprocess.run(
+                [cfg.claude_code_bin, "--dangerously-skip-permissions", "--print", prompt],
+                capture_output=True, text=True, timeout=180, env=env,
+                cwd=str(local_path),
+            )
+            output = (r.stdout or "").strip()
+            if r.returncode != 0 and not output:
+                return json.dumps({
+                    "error": f"`claude --print` failed (rc={r.returncode})",
+                    "stderr": (r.stderr or "").strip()[:300],
+                })
+            return json.dumps({
+                "repo":      repo_cfg.repo_name,
+                "operation": operation,
+                "result":    output[:4000],
+            })
+        except subprocess.TimeoutExpired:
+            return json.dumps({"error": "Cairn query timed out after 180s"})
+        except Exception as e:
+            return json.dumps({"error": str(e)})
+
+    if name == "restart_project":
+        project_arg = inputs.get("project", "").lower()
+        dirs = _find_project_dirs(project_arg)
+        if not dirs:
+            return json.dumps({"error": f"No project found matching '{project_arg}'"})
+        results = []
+        for d in dirs:
+            stop_sh  = d / "stop.sh"
+            start_sh = d / "start.sh"
+            if not stop_sh.exists() or not start_sh.exists():
+                results.append({"project": d.name, "status": "error", "detail": "stop.sh or start.sh not found"})
+                continue
+            try:
+                subprocess.run(["bash", str(stop_sh)],  cwd=str(d), timeout=30)
+                subprocess.run(["bash", str(start_sh)], cwd=str(d), timeout=30)
+                results.append({"project": d.name, "status": "restarted"})
+                logger.info("Boss: restarted project %s", d.name)
+            except Exception as e:
+                results.append({"project": d.name, "status": "error", "detail": str(e)})
+        return json.dumps({"results": results})
+
+    if name == "tail_log":
+        source      = inputs.get("source", "").lower()
+        lines       = int(inputs.get("lines", 100))
+        script      = Path(__file__).resolve().parent.parent / "scripts" / "fetch_log.sh"
+        log_cfg_dir = Path("config") / "log-configs"
+
+        if not script.exists():
+            return json.dumps({"error": "fetch_log.sh not found"})
+        if not log_cfg_dir.exists():
+            return json.dumps({"error": "config/log-configs/ not found"})
+
+        props_files = sorted(log_cfg_dir.glob("*.properties"))
+        if source:
+            props_files = [p for p in props_files if source in p.stem.lower()]
+        if not props_files:
+            return json.dumps({"error": f"No log-config found matching '{source}'"})
+
+        results = []
+        for props in props_files:
+            env = os.environ.copy()
+            env["TAIL"]        = str(lines)
+            env["GREP_FILTER"] = ""   # no filter — show everything
+            try:
+                r = subprocess.run(
+                    ["bash", str(script), str(props)],
+                    capture_output=True, text=True, timeout=60, env=env,
+                )
+                tail_lines = (r.stdout or "").strip().splitlines()[-lines:]
+                results.append({
+                    "source":  props.stem,
+                    "lines":   len(tail_lines),
+                    "content": "\n".join(tail_lines),
+                })
+                logger.info("Boss tail_log %s rc=%d lines=%d", props.stem, r.returncode, len(tail_lines))
+            except subprocess.TimeoutExpired:
+                results.append({"source": props.stem, "error": "timed out"})
+            except Exception as e:
+                results.append({"source": props.stem, "error": str(e)})
+        return json.dumps({"results": results})
+
     return json.dumps({"error": f"unknown tool: {name}"})