@misterhuydo/sentinel 1.0.82 → 1.0.83

package/.cairn/.hint-lock

@@ -1 +1 @@
-2026-03-22T17:57:09.109Z
+2026-03-23T05:01:48.297Z

package/.cairn/minify-map.json

@@ -4,11 +4,5 @@
     "state": "compressed",
     "minifiedAt": 1774128147034.2527,
     "readCount": 1
-  },
-  "J:\\Projects\\Sentinel\\cli\\lib\\init.js": {
-    "tempPath": "J:\\Projects\\Sentinel\\cli\\.cairn\\views\\2a85cc_init.js",
-    "state": "compressed",
-    "minifiedAt": 1774189651415.41,
-    "readCount": 1
   }
 }

package/.cairn/session.json

@@ -1,6 +1,6 @@
 {
-  "message": "Auto-checkpoint at 2026-03-22T17:52:08.090Z",
-  "checkpoint_at": "2026-03-22T17:52:08.091Z",
+  "message": "Auto-checkpoint at 2026-03-23T05:07:15.110Z",
+  "checkpoint_at": "2026-03-23T05:07:15.111Z",
   "active_files": [],
   "notes": [],
   "mtime_snapshot": {}

package/lib/generate.js

@@ -96,7 +96,7 @@ rm -f "$PID_FILE"
 
 // ── Workspace-level startAll / stopAll ────────────────────────────────────────
 
-function generateWorkspaceScripts(workspace, smtpConfig = {}, slackConfig = {}) {
+function generateWorkspaceScripts(workspace, smtpConfig = {}, slackConfig = {}, authConfig = {}) {
   // Write shared sentinel.properties once (never overwrite existing)
   const workspaceProps = path.join(workspace, 'sentinel.properties');
   if (!fs.existsSync(workspaceProps)) {
@@ -108,6 +108,20 @@ function generateWorkspaceScripts(workspace, smtpConfig = {}, slackConfig = {})
     if (smtpConfig.password) tpl = tpl.replace('SMTP_PASSWORD=<app-password>',      'SMTP_PASSWORD=' + smtpConfig.password);
     fs.writeFileSync(workspaceProps, tpl);
   }
+  // Always upsert auth config so re-runs persist it
+  if (authConfig.apiKey || authConfig.claudeProForTasks !== undefined) {
+    let props = fs.readFileSync(workspaceProps, 'utf8');
+    if (authConfig.apiKey) {
+      const replaced = props.replace(/^#?\s*ANTHROPIC_API_KEY=.*/m, 'ANTHROPIC_API_KEY=' + authConfig.apiKey);
+      props = replaced !== props ? replaced : props.trimEnd() + '\nANTHROPIC_API_KEY=' + authConfig.apiKey + '\n';
+    }
+    if (authConfig.claudeProForTasks !== undefined) {
+      const val = authConfig.claudeProForTasks ? 'true' : 'false';
+      const replaced = props.replace(/^CLAUDE_PRO_FOR_TASKS=.*/m, 'CLAUDE_PRO_FOR_TASKS=' + val);
+      props = replaced !== props ? replaced : props.trimEnd() + '\nCLAUDE_PRO_FOR_TASKS=' + val + '\n';
+    }
+    fs.writeFileSync(workspaceProps, props);
+  }
   // Always upsert Slack tokens so re-runs persist them
   if (slackConfig.botToken || slackConfig.appToken) {
     let props = fs.readFileSync(workspaceProps, 'utf8');

package/lib/init.js

@@ -33,15 +33,26 @@ module.exports = async function init() {
     {
       type: 'select',
       name: 'authMode',
-      message: 'How will Claude Code authenticate?',
+      message: 'Claude authentication strategy',
+      hint: 'Boss = Slack AI; Fix Engine = autonomous code repair',
       choices: [
-        { title: 'API key  (Anthropic API account — recommended for servers)', value: 'apikey' },
-        { title: 'Claude Pro / OAuth  (will give you a URL to open in any browser)', value: 'oauth' },
-        { title: 'Skip  (I will configure this later)', value: 'skip' },
+        {
+          title: 'Both  (RECOMMENDED) — API key for Boss, Claude Pro for Fix Engine',
+          value: 'both',
+        },
+        {
+          title: 'API key only  — full Boss tools; Fix Engine billed per token',
+          value: 'apikey',
+        },
+        {
+          title: 'Claude Pro / OAuth only  — run `claude login`; Boss has limited tools',
+          value: 'oauth',
+        },
+        { title: 'Skip  (configure manually in sentinel.properties)', value: 'skip' },
       ],
     },
     {
-      type: prev => prev === 'apikey' ? 'password' : null,
+      type: prev => (prev === 'apikey' || prev === 'both') ? 'password' : null,
       name: 'anthropicKey',
       message: 'Anthropic API key (sk-ant-...)',
       validate: v => v.startsWith('sk-ant-') ? true : 'Key should start with sk-ant-',
@@ -147,12 +158,22 @@ module.exports = async function init() {
 
   // ── Claude Code auth ─────────────────────────────────────────────────────────
   step('Claude Code authentication…');
-  if (authMode === 'apikey' && anthropicKey) {
-    ok('API key will be written to each project\'s sentinel.properties');
+  if (authMode === 'both' && anthropicKey) {
+    ok('API key → Sentinel Boss (full tools, structured responses)');
+    ok('Claude Pro → Fix Engine + Ask Codebase (heavy coding, Pro subscription)');
+    info('Run `claude login` on this server now (or before starting projects)');
+    info('CLAUDE_PRO_FOR_TASKS=true written to workspace sentinel.properties');
+  } else if (authMode === 'apikey' && anthropicKey) {
+    ok('API key → all Claude usage (Boss + Fix Engine billed to your API quota)');
+    info('CLAUDE_PRO_FOR_TASKS=false written — Fix Engine will use API key');
+    warn('Heavy fix tasks will consume API tokens. Claude Pro is cheaper for those.');
   } else if (authMode === 'oauth') {
-    info('OAuth selected — start.sh will prompt for login if not yet authenticated');
+    ok('Claude Pro / OAuth → Fix Engine + Ask Codebase');
+    warn('Boss will use CLI fallback — some tools unavailable without an API key');
+    info('Run `claude login` on this server to authenticate');
   } else {
-    info('Skipping auth — start.sh will prompt for login if needed');
+    warn('No auth configured — add ANTHROPIC_API_KEY or run `claude login` before starting');
+    info('See: workspace sentinel.properties for full auth documentation');
   }
 
   // ── Slack Bot ────────────────────────────────────────────────────────────────
@@ -179,7 +200,11 @@ module.exports = async function init() {
 
   // ── Workspace start/stop scripts ─────────────────────────────────────────────
   step('Generating scripts…');
-  generateWorkspaceScripts(workspace, { host: smtpHost, user: smtpUser, password: effectiveSmtpPassword }, { botToken: effectiveSlackBotToken, appToken: effectiveSlackAppToken });
+  const authConfig = {};
+  if (anthropicKey) authConfig.apiKey = anthropicKey;
+  if (authMode === 'both' || authMode === 'oauth') authConfig.claudeProForTasks = true;
+  if (authMode === 'apikey') authConfig.claudeProForTasks = false;
+  generateWorkspaceScripts(workspace, { host: smtpHost, user: smtpUser, password: effectiveSmtpPassword }, { botToken: effectiveSlackBotToken, appToken: effectiveSlackAppToken }, authConfig);
   ok(`${workspace}/startAll.sh`);
   ok(`${workspace}/stopAll.sh`);
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.0.82",
+  "version": "1.0.83",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/scripts/patch_notify.js

@@ -0,0 +1,200 @@
+'use strict';
+const fs = require('fs');
+
+// ── fix_engine.py ─────────────────────────────────────────────────────────────
+{
+  const f = 'sentinel/fix_engine.py';
+  let c = fs.readFileSync(f, 'utf8').replace(/\r\n/g, '\n');
+
+  // 1. Add notify import
+  const OLD_IMPORT = 'from .config_loader import RepoConfig, SentinelConfig\nfrom .log_parser import ErrorEvent';
+  const NEW_IMPORT = 'from .config_loader import RepoConfig, SentinelConfig\nfrom .log_parser import ErrorEvent\nfrom .notify import alert_if_rate_limited, slack_alert';
+  if (!c.includes(OLD_IMPORT)) { console.error('fix_engine import not found'); process.exit(1); }
+  c = c.replace(OLD_IMPORT, NEW_IMPORT);
+
+  // 2. Only inject ANTHROPIC_API_KEY when claude_pro_for_tasks is False
+  //    (so when both are configured, heavy tasks use Claude Pro OAuth)
+  const OLD_ENV = `    import os as _os
+    env = _os.environ.copy()
+    if cfg.anthropic_api_key:
+        env["ANTHROPIC_API_KEY"] = cfg.anthropic_api_key`;
+  const NEW_ENV = `    import os as _os
+    env = _os.environ.copy()
+    # Inject API key only when Claude Pro is NOT preferred for tasks
+    # (when claude_pro_for_tasks=True and API key is set, let claude CLI use OAuth/Pro)
+    if cfg.anthropic_api_key and not cfg.claude_pro_for_tasks:
+        env["ANTHROPIC_API_KEY"] = cfg.anthropic_api_key`;
+  if (!c.includes(OLD_ENV)) { console.error('fix_engine env block not found'); process.exit(1); }
+  c = c.replace(OLD_ENV, NEW_ENV);
+
+  // 3. After getting output, check for rate limits and alert Slack
+  const OLD_OUTPUT = `    output = (result.stdout or "") + (result.stderr or "")
+
+    if output.strip().upper().startswith("SKIP:"):`;
+  const NEW_OUTPUT = `    output = (result.stdout or "") + (result.stderr or "")
+
+    # Alert Slack immediately on rate-limit / auth failure — never stay silent
+    alert_if_rate_limited(
+        cfg.slack_bot_token,
+        cfg.slack_channel,
+        source=f"fix_engine/{event.fingerprint}",
+        output=output,
+    )
+
+    if output.strip().upper().startswith("SKIP:"):`;
+  if (!c.includes(OLD_OUTPUT)) { console.error('fix_engine output block not found'); process.exit(1); }
+  c = c.replace(OLD_OUTPUT, NEW_OUTPUT);
+
+  // 4. Also alert on FileNotFoundError (claude CLI missing)
+  const OLD_NOTFOUND = `    except FileNotFoundError:
+        logger.error("Claude Code binary not found at '%s'", cfg.claude_code_bin)
+        return "error", None, ""`;
+  const NEW_NOTFOUND = '    except FileNotFoundError:\n'
+    + '        msg = (\n'
+    + '            f":warning: *Sentinel \u2014 Claude CLI not found*\\n"\n'
+    + '            f"`{cfg.claude_code_bin}` not found. Run: `npm install -g @anthropic-ai/claude-code`\\n"\n'
+    + '            f"Fix engine is disabled until this is resolved."\n'
+    + '        )\n'
+    + '        logger.error("Claude Code binary not found at \'%s\'", cfg.claude_code_bin)\n'
+    + '        slack_alert(cfg.slack_bot_token, cfg.slack_channel, msg)\n'
+    + '        return "error", None, ""';
+  if (!c.includes(OLD_NOTFOUND)) { console.error('fix_engine notfound block not found'); process.exit(1); }
+  c = c.replace(OLD_NOTFOUND, NEW_NOTFOUND);
+
+  fs.writeFileSync(f, c, 'utf8');
+  console.log('fix_engine.py done. Lines:', c.split('\n').length);
+}
+
+// ── sentinel_boss.py ──────────────────────────────────────────────────────────
+{
+  const f = 'sentinel/sentinel_boss.py';
+  let c = fs.readFileSync(f, 'utf8').replace(/\r\n/g, '\n');
+
+  // 1. Add notify import
+  const OLD_IMPORT = 'logger = logging.getLogger(__name__)';
+  const NEW_IMPORT = 'from .notify import alert_if_rate_limited, slack_alert, is_rate_limited\n\nlogger = logging.getLogger(__name__)';
+  if (!c.includes(OLD_IMPORT)) { console.error('boss import anchor not found'); process.exit(1); }
+  c = c.replace(OLD_IMPORT, NEW_IMPORT);
+
+  // 2. Revert auth priority: API key first, CLI fallback
+  //    Replace current handle_message body
+  const OLD_HM_BODY =
+`    # 1st priority: Claude Pro / OAuth via CLI
+    cli_reply, cli_done = await _handle_with_cli(
+        message, history, cfg_loader, store, slack_client=slack_client, user_name=user_name,
+        user_id=user_id, attachments=attachments,
+    )
+    if not cli_reply.startswith(":warning:"):
+        return cli_reply, cli_done
+
+    # CLI failed — try ANTHROPIC_API_KEY fallback
+    try:
+        import anthropic  # noqa: F401
+    except ImportError:
+        return (
+            ":warning: \`anthropic\` package not installed. Run: \`pip install anthropic\`",
+            True,
+        )
+
+    api_key = cfg_loader.sentinel.anthropic_api_key or os.environ.get("ANTHROPIC_API_KEY", "")
+    if not api_key:
+        return cli_reply, cli_done  # No fallback available
+
+    logger.info("Boss: CLI path failed (%s…), falling back to ANTHROPIC_API_KEY", cli_reply[:60])
+    return await _handle_with_api(
+        message, history, cfg_loader, store, slack_client=slack_client, user_name=user_name,
+        user_id=user_id, attachments=attachments,
+    )`;
+
+  const NEW_HM_BODY =
+`    api_key = cfg_loader.sentinel.anthropic_api_key or os.environ.get("ANTHROPIC_API_KEY", "")
+
+    # 1st priority: ANTHROPIC_API_KEY — full structured tools, cheap per-token for Boss queries
+    if api_key:
+        try:
+            import anthropic  # noqa: F401
+            return await _handle_with_api(
+                message, history, cfg_loader, store, slack_client=slack_client,
+                user_name=user_name, user_id=user_id, attachments=attachments,
+            )
+        except Exception as api_err:
+            err_str = str(api_err)
+            # Detect rate-limit / auth failure and alert Slack before falling through
+            cfg = cfg_loader.sentinel
+            if is_rate_limited(err_str):
+                from .notify import rate_limit_message
+                alert_if_rate_limited(cfg.slack_bot_token, cfg.slack_channel,
+                                      "sentinel_boss/api", err_str)
+            logger.warning("Boss: API key path failed (%s), trying CLI fallback", err_str[:80])
+
+    # 2nd priority: Claude Pro / OAuth via CLI (limited tools but no API key needed)
+    cli_reply, cli_done = await _handle_with_cli(
+        message, history, cfg_loader, store, slack_client=slack_client, user_name=user_name,
+        user_id=user_id, attachments=attachments,
+    )
+    if not cli_reply.startswith(":warning:"):
+        return cli_reply, cli_done
+
+    # Both paths failed — alert Slack and return error
+    cfg = cfg_loader.sentinel
+    err_output = cli_reply
+    alert_if_rate_limited(cfg.slack_bot_token, cfg.slack_channel,
+                          "sentinel_boss/cli", err_output)
+    if not api_key:
+        # No auth at all configured
+        no_auth_msg = (
+            ":warning: *Sentinel Boss — no Claude auth configured*\\n"
+            "Configure at least one of:\\n"
+            "\u2022 \`ANTHROPIC_API_KEY\` in \`sentinel.properties\` \u2014 full features\\n"
+            "\u2022 Claude Pro OAuth: run \`claude login\` on the server \u2014 required for fix_engine\\n"
+            "See: https://github.com/misterhuydo/Sentinel#authentication"
+        )
+        slack_alert(cfg.slack_bot_token, cfg.slack_channel, no_auth_msg)
+        return ":warning: No Claude authentication configured. See Slack for details.", True
+    return cli_reply, cli_done`;
+
+  if (!c.includes(OLD_HM_BODY)) { console.error('handle_message body not found'); process.exit(1); }
+  c = c.replace(OLD_HM_BODY, NEW_HM_BODY);
+
+  // 3. In _handle_with_cli, alert Slack on rate-limit detected in CLI output
+  const OLD_CLI_FAIL =
+`        if result.returncode != 0 and not output:
+            return f":warning: \`claude --print\` failed (exit {result.returncode}): {(result.stderr or '').strip()[:300]}", True`;
+  const NEW_CLI_FAIL =
+`        raw_err = (result.stderr or "").strip()
+        if result.returncode != 0 and not output:
+            full_err = f"exit {result.returncode}: {raw_err[:300]}"
+            cfg = cfg_loader.sentinel
+            alert_if_rate_limited(cfg.slack_bot_token, cfg.slack_channel,
+                                  "sentinel_boss/cli", raw_err or full_err)
+            return f":warning: \`claude --print\` failed ({full_err})", True`;
+  if (!c.includes(OLD_CLI_FAIL)) { console.error('cli fail block not found'); process.exit(1); }
+  c = c.replace(OLD_CLI_FAIL, NEW_CLI_FAIL);
+
+  // 4. Also alert in ask_codebase when claude --print fails
+  const OLD_ASK_FAIL = `                if r.returncode != 0 and not output:
+                    return {"repo": repo_name, "error": f"claude --print failed (rc={r.returncode}): {(r.stderr or '')[:200]}"}`;
+  const NEW_ASK_FAIL = `                if r.returncode != 0 and not output:
+                    raw_err = (r.stderr or "")
+                    alert_if_rate_limited(
+                        cfg.slack_bot_token, cfg.slack_channel,
+                        f"ask_codebase/{repo_name}", raw_err,
+                    )
+                    return {"repo": repo_name, "error": f"claude --print failed (rc={r.returncode}): {raw_err[:200]}"}`;
+  if (!c.includes(OLD_ASK_FAIL)) { console.error('ask_codebase fail block not found'); process.exit(1); }
+  c = c.replace(OLD_ASK_FAIL, NEW_ASK_FAIL);
+
+  // 5. ask_codebase: respect claude_pro_for_tasks (don't inject API key when Pro preferred)
+  const OLD_ASK_ENV = `        env = os.environ.copy()
+        if cfg.anthropic_api_key:
+            env["ANTHROPIC_API_KEY"] = cfg.anthropic_api_key`;
+  const NEW_ASK_ENV = `        env = os.environ.copy()
+        # Only inject API key when Claude Pro is NOT preferred for heavy tasks
+        if cfg.anthropic_api_key and not cfg.claude_pro_for_tasks:
+            env["ANTHROPIC_API_KEY"] = cfg.anthropic_api_key`;
+  if (!c.includes(OLD_ASK_ENV)) { console.error('ask_codebase env not found'); process.exit(1); }
+  c = c.replace(OLD_ASK_ENV, NEW_ASK_ENV);
+
+  fs.writeFileSync(f, c, 'utf8');
+  console.log('sentinel_boss.py done. Lines:', c.split('\n').length);
+}

package/python/sentinel/config_loader.py

@@ -63,6 +63,11 @@ class SentinelConfig:
     slack_watch_bot_ids: list[str] = field(default_factory=list)   # pre-configured bot IDs to watch passively
     slack_allowed_users: list[str] = field(default_factory=list)  # if set, only these Slack user IDs can talk to Boss
     project_name: str = ""           # optional: friendly name used by Sentinel Boss (e.g. "1881")
+    # Auth strategy:
+    #   ANTHROPIC_API_KEY  — used by Sentinel Boss conversation (structured tools, cheap per-token)
+    #   Claude Pro / OAuth — used by fix_engine + ask_codebase when CLAUDE_PRO_FOR_TASKS=true
+    #   At least one must be configured. Both = ideal split (Boss=API key, heavy tasks=Pro).
+    claude_pro_for_tasks: bool = True  # when True + API key set, fix_engine/ask_codebase use claude CLI (Pro billing)
 
 
 @dataclass
@@ -158,6 +163,7 @@ class ConfigLoader:
         c.slack_watch_bot_ids = _csv(d.get("SLACK_WATCH_BOT_IDS", ""))
         c.slack_allowed_users = _csv(d.get("SLACK_ALLOWED_USERS", ""))
         c.project_name = d.get("PROJECT_NAME", "")
+        c.claude_pro_for_tasks = d.get("CLAUDE_PRO_FOR_TASKS", "true").lower() != "false"
         self.sentinel = c
 
     def _load_log_sources(self):

package/python/sentinel/fix_engine.py

@@ -1,160 +1,177 @@
-"""
-fix_engine.py — Generate code fixes via Claude Code (headless).
-
-Invokes: claude --print "<prompt>" 2>&1
-
-Cairn MCP context is fetched automatically by Claude Code via its MCP tool
-connection — Sentinel does not need to query or inject it explicitly.
-"""
-
-import logging
-import re
-import subprocess
-import textwrap
-from pathlib import Path
-
-from .config_loader import RepoConfig, SentinelConfig
-from .log_parser import ErrorEvent
-
-logger = logging.getLogger(__name__)
-
-SUBPROCESS_TIMEOUT = 120
-MAX_FILES_IN_PATCH = 5
-MAX_LINES_IN_PATCH = 200
-
-_DIFF_BLOCK = re.compile(r"```(?:diff|patch)?\n(.*?)```", re.DOTALL)
-_DIFF_HEADER = re.compile(r"^diff --git|^---\s+\S+|^\+\+\+\s+\S+", re.MULTILINE)
-
-
-def _build_prompt(event, repo: RepoConfig, log_file, marker: str, stale_markers: list[str] = None) -> str:
-    if log_file and log_file.exists():
-        ctx = (
-            "LOG FILE: " + str(log_file) + "\n"
-            "Read this file first -- it contains the last 48h of logs from "
-            + event.source + ".\n"
-            "Use it to understand frequency, context, and preceding warnings."
-        )
-        step1 = "Read the log file above to understand what led up to this error."
-    else:
-        ctx = (
-            "SOURCE: " + event.source + "\n"
-            "No rolling log file available. The full issue description is below."
-        )
-        step1 = "Use the issue description above as your primary context."
-
-    marker_label = marker + " sentinel-auto-fix [safe to remove after verification]"
-    marker_instruction = "\n".join([
-        "For EVERY method and constructor you modify, add this as the FIRST executable line:",
-        f'  Java/Kotlin : log.info("{marker_label}");',
-        f'  Python      : logger.info("{marker_label}")',
-        f'  Node.js     : logger.info("{marker_label}")',
-        "Use the logger already present in the file. Do not add new imports.",
-        "This applies to ALL modified methods and constructors without exception.",
-    ])
-
-    cleanup = ""
-    if stale_markers:
-        marker_list = "\n".join(f"  - {m}" for m in stale_markers)
-        cleanup = (
-            "CLEANUP (do this first, before the fix):\n"
-            "Remove any log lines containing these stale Sentinel markers from the codebase:\n"
-            + marker_list + "\n"
-            "Commit the cleanup separately with message: 'chore(sentinel): remove stale markers'\n"
-        )
-
-    lines_out = [
-        f"You are fixing a production bug in the repository at {repo.local_path}.",
-        f"Repository: {repo.repo_name}",
-        "",
-    ]
-    if cleanup:
-        lines_out += [cleanup, ""]
-    lines_out += [
-        ctx,
-        "",
-        f"ISSUE TO FIX (from {event.source}):",
-        event.full_text(),
-        "",
-        "Task:",
-        f"1. {step1}",
-        "2. Use your available tools to explore the codebase and identify the root cause.",
-        f"3. {marker_instruction}",
-        "4. Output ONLY a unified diff patch (git diff format) fixing the issue.",
-        "5. Do not explain. Output only the patch.",
-        "6. If you cannot determine a safe fix, output: SKIP: <reason>",
-    ]
-    return "\n".join(lines_out)
-
-def _validate_patch(patch: str) -> tuple[bool, str]:
-    files_changed = len(re.findall(r"^diff --git", patch, re.MULTILINE))
-    lines_changed = len([
-        l for l in patch.splitlines()
-        if l.startswith(("+", "-")) and not l.startswith(("+++", "---"))
-    ])
-    if files_changed > MAX_FILES_IN_PATCH:
-        return False, f"Patch touches {files_changed} files (limit {MAX_FILES_IN_PATCH})"
-    if lines_changed > MAX_LINES_IN_PATCH:
-        return False, f"Patch changes {lines_changed} lines (limit {MAX_LINES_IN_PATCH})"
-    return True, ""
-
-
-def generate_fix(
-    event: ErrorEvent,
-    repo: RepoConfig,
-    cfg: SentinelConfig,
-    patches_dir: Path,
-) -> tuple[str, Path | None]:
-    """
-    Generate a fix for the given error event.
-
-    Returns:
-        (status, patch_path)
-        status: "patch" | "skip" | "error"
-    """
-    # Issues have source like "issues/filename" — no rolling log file exists
-    log_file = Path(cfg.workspace_dir) / "fetched" / f"{event.source}.log"
-    if not log_file.exists():
-        log_file = None
-    prompt = _build_prompt(event, repo, log_file)
-
-    logger.info("Invoking Claude Code for %s (fp=%s)", event.source, event.fingerprint)
-    import os as _os
-    env = _os.environ.copy()
-    if cfg.anthropic_api_key:
-        env["ANTHROPIC_API_KEY"] = cfg.anthropic_api_key
-    try:
-        result = subprocess.run(
-            ([cfg.claude_code_bin, "--dangerously-skip-permissions", "--print", prompt]
-            if os.getuid() != 0 else
-            [cfg.claude_code_bin, "--print", prompt]),
-            capture_output=True, text=True, timeout=SUBPROCESS_TIMEOUT, env=env,
-        )
-    except subprocess.TimeoutExpired:
-        logger.error("Claude Code timed out for %s", event.fingerprint)
-        return "error", None, ""
-    except FileNotFoundError:
-        logger.error("Claude Code binary not found at '%s'", cfg.claude_code_bin)
-        return "error", None, ""
-
-    output = (result.stdout or "") + (result.stderr or "")
-
-    if output.strip().upper().startswith("SKIP:"):
-        reason = output.strip()[5:].strip()
-        logger.info("Claude skipped fix for %s: %s", event.fingerprint, reason)
-        return "skip", None, ""
-
-    patch = _extract_patch(output)
-    if not patch:
-        logger.warning("No patch found in Claude output for %s", event.fingerprint)
-        return "error", None, ""
-
-    ok, reason = _validate_patch(patch)
-    if not ok:
-        logger.warning("Patch rejected for %s: %s", event.fingerprint, reason)
-        return "skip", None, ""
-
-    patches_dir.mkdir(parents=True, exist_ok=True)
-    patch_path = patches_dir / f"{event.fingerprint}.diff"
-    patch_path.write_text(patch, encoding="utf-8")
-    logger.info("Patch written to %s", patch_path)
-    return "patch", patch_path, marker
+"""
+fix_engine.py — Generate code fixes via Claude Code (headless).
+
+Invokes: claude --print "<prompt>" 2>&1
+
+Cairn MCP context is fetched automatically by Claude Code via its MCP tool
+connection — Sentinel does not need to query or inject it explicitly.
+"""
+
+import logging
+import re
+import subprocess
+import textwrap
+from pathlib import Path
+
+from .config_loader import RepoConfig, SentinelConfig
+from .log_parser import ErrorEvent
+from .notify import alert_if_rate_limited, slack_alert
+
+logger = logging.getLogger(__name__)
+
+SUBPROCESS_TIMEOUT = 120
+MAX_FILES_IN_PATCH = 5
+MAX_LINES_IN_PATCH = 200
+
+_DIFF_BLOCK = re.compile(r"```(?:diff|patch)?\n(.*?)```", re.DOTALL)
+_DIFF_HEADER = re.compile(r"^diff --git|^---\s+\S+|^\+\+\+\s+\S+", re.MULTILINE)
+
+
+def _build_prompt(event, repo: RepoConfig, log_file, marker: str, stale_markers: list[str] = None) -> str:
+    if log_file and log_file.exists():
+        ctx = (
+            "LOG FILE: " + str(log_file) + "\n"
+            "Read this file first -- it contains the last 48h of logs from "
+            + event.source + ".\n"
+            "Use it to understand frequency, context, and preceding warnings."
+        )
+        step1 = "Read the log file above to understand what led up to this error."
+    else:
+        ctx = (
+            "SOURCE: " + event.source + "\n"
+            "No rolling log file available. The full issue description is below."
+        )
+        step1 = "Use the issue description above as your primary context."
+
+    marker_label = marker + " sentinel-auto-fix [safe to remove after verification]"
+    marker_instruction = "\n".join([
+        "For EVERY method and constructor you modify, add this as the FIRST executable line:",
+        f'  Java/Kotlin : log.info("{marker_label}");',
+        f'  Python      : logger.info("{marker_label}")',
+        f'  Node.js     : logger.info("{marker_label}")',
+        "Use the logger already present in the file. Do not add new imports.",
+        "This applies to ALL modified methods and constructors without exception.",
+    ])
+
+    cleanup = ""
+    if stale_markers:
+        marker_list = "\n".join(f"  - {m}" for m in stale_markers)
+        cleanup = (
+            "CLEANUP (do this first, before the fix):\n"
+            "Remove any log lines containing these stale Sentinel markers from the codebase:\n"
+            + marker_list + "\n"
+            "Commit the cleanup separately with message: 'chore(sentinel): remove stale markers'\n"
+        )
+
+    lines_out = [
+        f"You are fixing a production bug in the repository at {repo.local_path}.",
+        f"Repository: {repo.repo_name}",
+        "",
+    ]
+    if cleanup:
+        lines_out += [cleanup, ""]
+    lines_out += [
+        ctx,
+        "",
+        f"ISSUE TO FIX (from {event.source}):",
+        event.full_text(),
+        "",
+        "Task:",
+        f"1. {step1}",
+        "2. Use your available tools to explore the codebase and identify the root cause.",
+        f"3. {marker_instruction}",
+        "4. Output ONLY a unified diff patch (git diff format) fixing the issue.",
+        "5. Do not explain. Output only the patch.",
+        "6. If you cannot determine a safe fix, output: SKIP: <reason>",
+    ]
+    return "\n".join(lines_out)
+
+def _validate_patch(patch: str) -> tuple[bool, str]:
+    files_changed = len(re.findall(r"^diff --git", patch, re.MULTILINE))
+    lines_changed = len([
+        l for l in patch.splitlines()
+        if l.startswith(("+", "-")) and not l.startswith(("+++", "---"))
+    ])
+    if files_changed > MAX_FILES_IN_PATCH:
+        return False, f"Patch touches {files_changed} files (limit {MAX_FILES_IN_PATCH})"
+    if lines_changed > MAX_LINES_IN_PATCH:
+        return False, f"Patch changes {lines_changed} lines (limit {MAX_LINES_IN_PATCH})"
+    return True, ""
+
+
+def generate_fix(
+    event: ErrorEvent,
+    repo: RepoConfig,
+    cfg: SentinelConfig,
+    patches_dir: Path,
+) -> tuple[str, Path | None]:
+    """
+    Generate a fix for the given error event.
+
+    Returns:
+        (status, patch_path)
+        status: "patch" | "skip" | "error"
+    """
+    # Issues have source like "issues/filename" — no rolling log file exists
+    log_file = Path(cfg.workspace_dir) / "fetched" / f"{event.source}.log"
+    if not log_file.exists():
+        log_file = None
+    prompt = _build_prompt(event, repo, log_file)
+
+    logger.info("Invoking Claude Code for %s (fp=%s)", event.source, event.fingerprint)
+    import os as _os
+    env = _os.environ.copy()
+    # Inject API key only when Claude Pro is NOT preferred for tasks
+    # (when claude_pro_for_tasks=True and API key is set, let claude CLI use OAuth/Pro)
+    if cfg.anthropic_api_key and not cfg.claude_pro_for_tasks:
+        env["ANTHROPIC_API_KEY"] = cfg.anthropic_api_key
+    try:
+        result = subprocess.run(
+            ([cfg.claude_code_bin, "--dangerously-skip-permissions", "--print", prompt]
+            if os.getuid() != 0 else
+            [cfg.claude_code_bin, "--print", prompt]),
+            capture_output=True, text=True, timeout=SUBPROCESS_TIMEOUT, env=env,
+        )
+    except subprocess.TimeoutExpired:
+        logger.error("Claude Code timed out for %s", event.fingerprint)
+        return "error", None, ""
+    except FileNotFoundError:
+        msg = (
+            f":warning: *Sentinel — Claude CLI not found*\n"
+            f"`{cfg.claude_code_bin}` not found. Run: `npm install -g @anthropic-ai/claude-code`\n"
+            f"Fix engine is disabled until this is resolved."
+        )
+        logger.error("Claude Code binary not found at '%s'", cfg.claude_code_bin)
+        slack_alert(cfg.slack_bot_token, cfg.slack_channel, msg)
+        return "error", None, ""
+
+    output = (result.stdout or "") + (result.stderr or "")
+
+    # Alert Slack immediately on rate-limit / auth failure — never stay silent
+    alert_if_rate_limited(
+        cfg.slack_bot_token,
+        cfg.slack_channel,
+        source=f"fix_engine/{event.fingerprint}",
+        output=output,
+    )
+
+    if output.strip().upper().startswith("SKIP:"):
+        reason = output.strip()[5:].strip()
+        logger.info("Claude skipped fix for %s: %s", event.fingerprint, reason)
+        return "skip", None, ""
+
+    patch = _extract_patch(output)
+    if not patch:
+        logger.warning("No patch found in Claude output for %s", event.fingerprint)
+        return "error", None, ""
+
+    ok, reason = _validate_patch(patch)
+    if not ok:
+        logger.warning("Patch rejected for %s: %s", event.fingerprint, reason)
+        return "skip", None, ""
+
+    patches_dir.mkdir(parents=True, exist_ok=True)
+    patch_path = patches_dir / f"{event.fingerprint}.diff"
+    patch_path.write_text(patch, encoding="utf-8")
+    logger.info("Patch written to %s", patch_path)
+    return "patch", patch_path, marker

package/python/sentinel/main.py

@@ -541,10 +541,45 @@ async def _upgrade_check_loop(cfg_loader: ConfigLoader):
 
 # ── Entry point ──────────────────────────────────────────────────────────────────────────────────
 
+def _log_auth_status(cfg: SentinelConfig) -> None:
+    """Log Claude auth configuration at startup and post to Slack if nothing is configured."""
+    has_api_key   = bool(cfg.anthropic_api_key)
+    has_claude_bin = bool(shutil.which(cfg.claude_code_bin))
+    pro_for_tasks = cfg.claude_pro_for_tasks
+
+    if has_api_key and pro_for_tasks:
+        logger.info(
+            "Claude auth: API key ✓ (Boss) + Claude Pro preferred for Fix Engine/Ask Codebase. "
+            "Run `claude login` if not already authenticated."
+        )
+    elif has_api_key and not pro_for_tasks:
+        logger.info(
+            "Claude auth: API key ✓ (Boss + Fix Engine). "
+            "CLAUDE_PRO_FOR_TASKS=false — all tasks billed to API quota."
+        )
+    elif not has_api_key and has_claude_bin:
+        logger.warning(
+            "Claude auth: no ANTHROPIC_API_KEY — Boss will use CLI fallback (limited tools). "
+            "Fix Engine uses Claude Pro via `claude` CLI."
+        )
+    else:
+        msg = (
+            ":warning: *Sentinel — no Claude authentication configured*\n"
+            "Sentinel needs at least one of:\n"
+            "• `ANTHROPIC_API_KEY` in `sentinel.properties` — full Boss tools, API billing\n"
+            "• Claude Pro OAuth: run `claude login` on the server — required for Fix Engine\n"
+            "See the auth section in your workspace `sentinel.properties` for guidance."
+        )
+        logger.error("Claude auth: NOTHING configured — Boss and Fix Engine will fail!")
+        from .notify import slack_alert
+        slack_alert(cfg.slack_bot_token, cfg.slack_channel, msg)
+
+
 async def run_loop(cfg_loader: ConfigLoader, store: StateStore):
     interval = cfg_loader.sentinel.poll_interval_seconds
     logger.info("Sentinel starting — poll interval: %ds, repos: %s",
                 interval, list(cfg_loader.repos.keys()))
+    _log_auth_status(cfg_loader.sentinel)
 
     results = await _startup_checks(cfg_loader)
 

package/python/sentinel/notify.py

@@ -0,0 +1,88 @@
+"""
+notify.py — Best-effort Slack alerts from any Sentinel module.
+
+Uses the Slack Web API directly (no Bolt / Socket Mode required).
+Calls never raise — failures are logged and silently dropped.
+"""
+
+import logging
+import re
+
+import requests
+
+logger = logging.getLogger(__name__)
+
+# ── Rate-limit / auth-failure detector ────────────────────────────────────────
+
+_RATE_LIMIT_RE = re.compile(
+    r"rate.?limit|usage.?limit|too many requests|quota.?exceeded"
+    r"|overloaded|credit.?balance|billing|529"
+    r"|not.?authenticated|invalid.?api.?key|authentication.?fail"
+    r"|claude\.ai subscription|pro.?plan|login required",
+    re.IGNORECASE,
+)
+
+
+def is_rate_limited(text: str) -> bool:
+    """Return True if the text contains a rate-limit or auth-failure signal."""
+    return bool(_RATE_LIMIT_RE.search(text))
+
+
+def rate_limit_message(source: str, raw: str) -> str:
+    """Produce a human-readable Slack alert for a rate-limit event."""
+    snippet = raw.strip()[:300].replace("\n", " ")
+    return (
+        f":warning: *Sentinel — Claude usage/auth problem ({source})*\n"
+        f"Claude returned an error that requires admin attention:\n"
+        f"```{snippet}```\n"
+        f"*What to check:*\n"
+        f"• API key: verify `ANTHROPIC_API_KEY` in `sentinel.properties` is valid and has credit\n"
+        f"• Claude Pro: run `claude login` on the server to refresh OAuth\n"
+        f"• Both: at least one auth method must be working\n"
+        f"Sentinel will retry on the next poll cycle."
+    )
+
+
+# ── Alert dispatcher ──────────────────────────────────────────────────────────
+
+def slack_alert(bot_token: str, channel: str, text: str) -> None:
+    """
+    Post a plain-text alert to a Slack channel.
+    Best-effort: logs on failure, never raises.
+    """
+    if not bot_token or not channel:
+        logger.debug("slack_alert: no token/channel configured — logging only: %s", text[:120])
+        return
+    try:
+        resp = requests.post(
+            "https://slack.com/api/chat.postMessage",
+            headers={
+                "Authorization": f"Bearer {bot_token}",
+                "Content-Type": "application/json",
+            },
+            json={"channel": channel, "text": text},
+            timeout=10,
+        )
+        data = resp.json()
+        if not data.get("ok"):
+            logger.warning("slack_alert: Slack API error: %s", data.get("error"))
+    except Exception as exc:
+        logger.warning("slack_alert: failed to post: %s", exc)
+
+
+def alert_if_rate_limited(
+    bot_token: str,
+    channel: str,
+    source: str,
+    output: str,
+) -> bool:
+    """
+    Check output for rate-limit / auth signals.
+    If found, post a Slack alert and return True.
+    """
+    if not is_rate_limited(output):
+        return False
+    msg = rate_limit_message(source, output)
+    logger.error("Claude rate-limit/auth failure in %s: %s", source, output[:200])
+    slack_alert(bot_token, channel, msg)
+    return True

package/python/sentinel/sentinel_boss.py

@@ -16,6 +16,8 @@ from datetime import datetime, timezone
 from pathlib import Path
 from typing import Optional
 
+from .notify import alert_if_rate_limited, slack_alert, is_rate_limited
+
 logger = logging.getLogger(__name__)
 
 # ── System prompt ────────────────────────────────────────────────────────────
@@ -1098,7 +1100,8 @@ async def _run_tool(name: str, inputs: dict, cfg_loader, store, slack_client=Non
 
         cfg = cfg_loader.sentinel
         env = os.environ.copy()
-        if cfg.anthropic_api_key:
+        # Only inject API key when Claude Pro is NOT preferred for heavy tasks
+        if cfg.anthropic_api_key and not cfg.claude_pro_for_tasks:
             env["ANTHROPIC_API_KEY"] = cfg.anthropic_api_key
 
         def _ask_one(repo_name, repo_cfg) -> dict:
@@ -1121,7 +1124,12 @@ async def _run_tool(name: str, inputs: dict, cfg_loader, store, slack_client=Non
                 output = (r.stdout or "").strip()
                 logger.info("Boss ask_codebase %s rc=%d len=%d", repo_name, r.returncode, len(output))
                 if r.returncode != 0 and not output:
-                    return {"repo": repo_name, "error": f"claude --print failed (rc={r.returncode}): {(r.stderr or '')[:200]}"}
+                    raw_err = (r.stderr or "")
+                    alert_if_rate_limited(
+                        cfg.slack_bot_token, cfg.slack_channel,
+                        f"ask_codebase/{repo_name}", raw_err,
+                    )
+                    return {"repo": repo_name, "error": f"claude --print failed (rc={r.returncode}): {raw_err[:200]}"}
                 return {"repo": repo_name, "answer": output[:3000]}
             except subprocess.TimeoutExpired:
                 return {"repo": repo_name, "error": "timed out after 180s"}
@@ -1412,8 +1420,13 @@ async def _handle_with_cli(
                 "Boss CLI call failed (rc=%d): stdout=%r stderr=%r",
                 result.returncode, output[:200], stderr[:200],
             )
+        raw_err = (result.stderr or "").strip()
         if result.returncode != 0 and not output:
-            return f":warning: `claude --print` failed (exit {result.returncode}): {(result.stderr or '').strip()[:300]}", True
+            full_err = f"exit {result.returncode}: {raw_err[:300]}"
+            cfg = cfg_loader.sentinel
+            alert_if_rate_limited(cfg.slack_bot_token, cfg.slack_channel,
+                                  "sentinel_boss/cli", raw_err or full_err)
+            return f":warning: `claude --print` failed ({full_err})", True
     except Exception as e:
         logger.error("Boss CLI call failed: %s", e)
         return f":warning: Boss unavailable: {e}", True
@@ -1545,7 +1558,27 @@ async def handle_message(
         is_done=True  → session complete, release the Slack queue slot.
         is_done=False → waiting for user follow-up, keep the slot.
     """
-    # 1st priority: Claude Pro / OAuth via CLI
+    api_key = cfg_loader.sentinel.anthropic_api_key or os.environ.get("ANTHROPIC_API_KEY", "")
+
+    # 1st priority: ANTHROPIC_API_KEY — full structured tools, cheap per-token for Boss queries
+    if api_key:
+        try:
+            import anthropic  # noqa: F401
+            return await _handle_with_api(
+                message, history, cfg_loader, store, slack_client=slack_client,
+                user_name=user_name, user_id=user_id, attachments=attachments,
+            )
+        except Exception as api_err:
+            err_str = str(api_err)
+            # Detect rate-limit / auth failure and alert Slack before falling through
+            cfg = cfg_loader.sentinel
+            if is_rate_limited(err_str):
+                from .notify import rate_limit_message
+                alert_if_rate_limited(cfg.slack_bot_token, cfg.slack_channel,
+                                      "sentinel_boss/api", err_str)
+            logger.warning("Boss: API key path failed (%s), trying CLI fallback", err_str[:80])
+
+    # 2nd priority: Claude Pro / OAuth via CLI (limited tools but no API key needed)
     cli_reply, cli_done = await _handle_with_cli(
         message, history, cfg_loader, store, slack_client=slack_client, user_name=user_name,
         user_id=user_id, attachments=attachments,
@@ -1553,21 +1586,20 @@ async def handle_message(
     if not cli_reply.startswith(":warning:"):
         return cli_reply, cli_done
 
-    # CLI failed — try ANTHROPIC_API_KEY fallback
-    try:
-        import anthropic  # noqa: F401
-    except ImportError:
-        return (
-            ":warning: `anthropic` package not installed. Run: `pip install anthropic`",
-            True,
-        )
-
-    api_key = cfg_loader.sentinel.anthropic_api_key or os.environ.get("ANTHROPIC_API_KEY", "")
+    # Both paths failed — alert Slack and return error
+    cfg = cfg_loader.sentinel
+    err_output = cli_reply
+    alert_if_rate_limited(cfg.slack_bot_token, cfg.slack_channel,
+                          "sentinel_boss/cli", err_output)
     if not api_key:
-        return cli_reply, cli_done  # No fallback available
-
-    logger.info("Boss: CLI path failed (%s…), falling back to ANTHROPIC_API_KEY", cli_reply[:60])
-    return await _handle_with_api(
-        message, history, cfg_loader, store, slack_client=slack_client, user_name=user_name,
-        user_id=user_id, attachments=attachments,
-    )
+        # No auth at all configured
+        no_auth_msg = (
+            ":warning: *Sentinel Boss — no Claude auth configured*\n"
+            "Configure at least one of:\n"
+            "• `ANTHROPIC_API_KEY` in `sentinel.properties` — full features\n"
+            "• Claude Pro OAuth: run `claude login` on the server — required for fix_engine\n"
+            "See: https://github.com/misterhuydo/Sentinel#authentication"
+        )
+        slack_alert(cfg.slack_bot_token, cfg.slack_channel, no_auth_msg)
+        return ":warning: No Claude authentication configured. See Slack for details.", True
+    return cli_reply, cli_done

package/templates/sentinel.properties

@@ -22,8 +22,10 @@ REPORT_INTERVAL_HOURS=1
 STATE_DB=./sentinel.db
 WORKSPACE_DIR=./workspace
 
-# Claude Code auth — set if using API key, leave blank for OAuth
+# Claude authentication — see workspace sentinel.properties for full documentation.
+# Override here only if this project needs different credentials than the workspace default.
 # ANTHROPIC_API_KEY=sk-ant-...
+# CLAUDE_PRO_FOR_TASKS=true
 
 # Slack Bot (optional) — Sentinel Boss conversational interface
 # Create a Slack App at api.slack.com, enable Socket Mode, add scopes:

package/templates/workspace-sentinel.properties

@@ -23,6 +23,39 @@ LOG_RETENTION_HOURS=48
 # Claude Code binary path
 CLAUDE_CODE_BIN=claude
 
+# ── Claude authentication ─────────────────────────────────────────────────────
+#
+# Sentinel uses Claude for two very different workloads:
+#
+#   • Sentinel Boss  — conversational AI in Slack (structured tools, many short queries)
+#   • Fix Engine     — autonomous code repair (long context, heavy token usage)
+#
+# Authentication options:
+#
+#   A) ANTHROPIC_API_KEY only  ← simplest setup
+#      Boss: full structured tools, all features ✅
+#      Fix Engine: billed per token against your API quota ⚠️  (can be expensive)
+#
+#   B) Claude Pro / OAuth only  ← run `claude login` on the server
+#      Boss: limited tools (CLI-based, no native image support) ⚠️
+#      Fix Engine: uses your Claude Pro subscription ✅  (no per-token cost)
+#
+#   C) Both API key + Claude Pro  ← RECOMMENDED for production
+#      Boss: full structured tools ✅
+#      Fix Engine: uses Claude Pro subscription ✅  (set CLAUDE_PRO_FOR_TASKS=true)
+#
+# At least one must be configured. Sentinel will alert Slack if neither is working.
+#
+# To set up Claude Pro OAuth:  run `claude login` on the server once.
+# To renew an expired session: run `claude login` again — Sentinel will detect the failure
+#   and post a Slack alert if it can't proceed.
+#
+# ANTHROPIC_API_KEY=sk-ant-...
+#
+# When true (default): fix_engine / ask_codebase use `claude` CLI (Claude Pro billing).
+# Set to false if you only have an API key and no Claude Pro subscription.
+CLAUDE_PRO_FOR_TASKS=true
+
 # Auto-upgrade: check npm for a newer @misterhuydo/sentinel every N hours and restart
 AUTO_UPGRADE=true
 UPGRADE_CHECK_HOURS=6

package/.cairn/views/2a85cc_init.js

@@ -1,275 +0,0 @@
-'use strict';
-const fs = require('fs-extra');
-const path = require('path');
-const os = require('os');
-const { execSync, spawnSync } = require('child_process');
-const prompts = require('prompts');
-const chalk = require('chalk');
-const { generateProjectScripts, generateWorkspaceScripts, writeExampleProject } = require('./generate');
-const ok   = msg => console.log(chalk.green('  ✔'), msg);
-const info = msg => console.log(chalk.cyan('  →'), msg);
-const warn = msg => console.log(chalk.yellow('  ⚠'), msg);
-const step = msg => console.log('\n' + chalk.bold.white(msg));
-module.exports = async function init() {
-  const defaultWorkspace = path.join(os.homedir(), 'sentinel');
-  const existing = readExistingConfig(defaultWorkspace);
-  if (Object.keys(existing).length) {
-    console.log(chalk.cyan('\n  → Existing workspace config found — showing current values as defaults\n'));
-  }
-  const answers = await prompts([
-    {
-      type: 'text',
-      name: 'workspace',
-      message: 'Workspace directory (each project lives here as a subdirectory)',
-      initial: path.join(os.homedir(), 'sentinel'),
-      format: v => v.replace(/^~/, os.homedir()),
-    },
-    {
-      type: 'select',
-      name: 'authMode',
-      message: 'How will Claude Code authenticate?',
-      choices: [
-        { title: 'API key  (Anthropic API account — recommended for servers)', value: 'apikey' },
-        { title: 'Claude Pro / OAuth  (will give you a URL to open in any browser)', value: 'oauth' },
-        { title: 'Skip  (I will configure this later)', value: 'skip' },
-      ],
-    },
-    {
-      type: prev => prev === 'apikey' ? 'password' : null,
-      name: 'anthropicKey',
-      message: 'Anthropic API key (sk-ant-...)',
-      validate: v => v.startsWith('sk-ant-') ? true : 'Key should start with sk-ant-',
-    },
-    {
-      type: 'confirm',
-      name: 'example',
-      message: 'Create an example project to show how to configure?',
-      initial: true,
-    },
-    {
-      type: 'confirm',
-      name: 'systemd',
-      message: 'Set up systemd service for auto-start on reboot?',
-      initial: process.platform === 'linux',
-    },
-    {
-      type: 'text',
-      name: 'smtpUser',
-      message: 'SMTP sender address',
-      initial: existing.SMTP_USER || 'sentinel@yourdomain.com',
-    },
-    {
-      type: prev => prev ? 'password' : null,
-      name: 'smtpPassword',
-      message: existing.SMTP_PASSWORD ? 'SMTP password / app password  (press Enter to keep current)' : 'SMTP password / app password',
-    },
-    {
-      type: prev => prev ? 'text' : null,
-      name: 'smtpHost',
-      message: 'SMTP host',
-      initial: existing.SMTP_HOST || 'smtp.gmail.com',
-    },
-    {
-      type: 'confirm',
-      name: 'setupSlack',
-      message: 'Set up Slack Bot (Sentinel Boss — conversational AI interface)?',
-      initial: !!(existing.SLACK_BOT_TOKEN),
-    },
-    {
-      type: prev => prev ? 'password' : null,
-      name: 'slackBotToken',
-      message: existing.SLACK_BOT_TOKEN ? 'Slack Bot Token  (press Enter to keep current)' : 'Slack Bot Token  (xoxb-...)',
-      validate: v => !v || v.startsWith('xoxb-') ? true : 'Should start with xoxb-',
-    },
-    {
-      type: (_, { setupSlack }) => setupSlack ? 'password' : null,
-      name: 'slackAppToken',
-      message: existing.SLACK_APP_TOKEN ? 'Slack App-Level Token  (press Enter to keep current)' : 'Slack App-Level Token  (xapp-...)',
-      validate: v => !v || v.startsWith('xapp-') ? true : 'Should start with xapp-',
-    },
-  ], { onCancel: () => process.exit(0) });
-  const { workspace, authMode, anthropicKey, example, systemd, smtpUser, smtpPassword, smtpHost, setupSlack, slackBotToken, slackAppToken } = answers;
-  const effectiveSmtpPassword  = smtpPassword  || existing.SMTP_PASSWORD  || '';
-  const effectiveSlackBotToken = slackBotToken || existing.SLACK_BOT_TOKEN || '';
-  const effectiveSlackAppToken = slackAppToken || existing.SLACK_APP_TOKEN || '';
-  const codeDir = path.join(workspace, 'code');
-  step('Checking Python…');
-  const python = findPython();
-  if (!python) {
-    console.error(chalk.red('  ✖ python3 not found. Install it first:'));
-    console.error('      sudo apt-get install -y python3 python3-pip python3-venv');
-    process.exit(1);
-  }
-  ok(`Python: ${run(python, ['--version']).trim()}`);
-  step('Installing Sentinel code…');
-  const bundledPython = path.join(__dirname, '..', 'python');
-  if (!fs.existsSync(bundledPython)) {
-    console.error(chalk.red('  ✖ Bundled Python source not found (run npm publish from the Sentinel repo)'));
-    process.exit(1);
-  }
-  fs.ensureDirSync(codeDir);
-  fs.copySync(bundledPython, codeDir, { overwrite: true });
-  ok(`Sentinel code → ${codeDir}`);
-  step('Setting up Python environment…');
-  const venv = path.join(codeDir, '.venv');
-  if (!fs.existsSync(venv)) {
-    info('Creating virtual environment…');
-    runLive(python, ['-m', 'venv', venv]);
-  }
-  const pip = path.join(venv, 'bin', 'pip3');
-  const pythonBin = path.join(venv, 'bin', 'python3');
-  info('Installing Python packages…');
-  runLive(pip, ['install', '--quiet', '--upgrade', 'pip']);
-  runLive(pip, ['install', '--quiet', '-r', path.join(codeDir, 'requirements.txt')]);
-  ok('Python packages installed');
-  step('Installing Node tools…');
-  installNpmGlobal('@misterhuydo/cairn-mcp', 'cairn');
-  installNpmGlobal('@anthropic-ai/claude-code', 'claude');
-  info('Hooking Cairn MCP into Claude Code…');
-  runLive('cairn', ['install']);
-  step('Claude Code authentication…');
-  if (authMode === 'apikey' && anthropicKey) {
-    ok('API key will be written to each project\'s sentinel.properties');
-  } else if (authMode === 'oauth') {
-    info('OAuth selected — start.sh will prompt for login if not yet authenticated');
-  } else {
-    info('Skipping auth — start.sh will prompt for login if needed');
-  }
-  if (effectiveSlackBotToken && effectiveSlackAppToken) {
-    step('Slack Bot (Sentinel Boss)…');
-    ok('Tokens will be written to workspace sentinel.properties');
-    info('Sentinel Boss starts automatically when the project starts');
-  } else if (setupSlack) {
-    warn('Slack tokens not provided — add them to config/sentinel.properties later');
-  }
-  step('Creating workspace…');
-  fs.ensureDirSync(workspace);
-  ok(`Workspace: ${workspace}`);
-  if (example) {
-    step('Creating example project…');
-    const exampleDir = path.join(workspace, 'my-project');
-    writeExampleProject(exampleDir, codeDir, pythonBin, anthropicKey || '', { botToken: effectiveSlackBotToken, appToken: effectiveSlackAppToken });
-    ok(`Example project: ${exampleDir}`);
-  }
-  step('Generating scripts…');
-  generateWorkspaceScripts(workspace, { host: smtpHost, user: smtpUser, password: effectiveSmtpPassword }, { botToken: effectiveSlackBotToken, appToken: effectiveSlackAppToken });
-  ok(`${workspace}/startAll.sh`);
-  ok(`${workspace}/stopAll.sh`);
-  if (systemd) {
-    step('Setting up systemd…');
-    setupSystemd(workspace);
-  }
-  console.log('\n' + chalk.bold.green('══ Done! ══') + '\n');
-  console.log(`${chalk.bold('Next steps:')}`);
-  if (example) {
-    console.log(`
-  1. Configure your first project:
-     ${chalk.cyan(`${workspace}/my-project/config/sentinel.properties`)}
-     ${chalk.cyan(`${workspace}/my-project/config/log-configs/`)}
-     ${chalk.cyan(`${workspace}/my-project/config/repo-configs/`)}
-  2. Start all projects (Sentinel clones repos, indexes, and monitors automatically):
-     ${chalk.cyan(`${workspace}/startAll.sh`)}
-  3. Stop all projects:
-     ${chalk.cyan(`${workspace}/stopAll.sh`)}
-`);
-  }
-  if (systemd) {
-    console.log(`  Auto-start is enabled. To manage:
-     ${chalk.cyan('sudo systemctl start sentinel')}
-     ${chalk.cyan('sudo systemctl status sentinel')}
-     ${chalk.cyan('journalctl -u sentinel -f')}
-`);
-  }
-  console.log(`  Add another project anytime:
-     ${chalk.cyan('sentinel add <project-name>')}
-`);
-};
-function readExistingConfig(workspace) {
-  const result = {};
-  _parsePropsInto(path.join(workspace, 'sentinel.properties'), result);
-  if (!result.SLACK_BOT_TOKEN || !result.SLACK_APP_TOKEN) {
-    try {
-      for (const entry of fs.readdirSync(workspace)) {
-        const p = path.join(workspace, entry, 'config', 'sentinel.properties');
-        const proj = {};
-        _parsePropsInto(p, proj);
-        if (!result.SLACK_BOT_TOKEN && proj.SLACK_BOT_TOKEN) result.SLACK_BOT_TOKEN = proj.SLACK_BOT_TOKEN;
-        if (!result.SLACK_APP_TOKEN && proj.SLACK_APP_TOKEN) result.SLACK_APP_TOKEN = proj.SLACK_APP_TOKEN;
-        if (result.SLACK_BOT_TOKEN && result.SLACK_APP_TOKEN) break;
-      }
-    } catch (_) {}
-  }
-  return result;
-}
-function _parsePropsInto(propsPath, result) {
-  if (!fs.existsSync(propsPath)) return;
-  try {
-    const lines = fs.readFileSync(propsPath, 'utf8').split(/\r?\n/);
-    for (const raw of lines) {
-      const line = raw.trim();
-      if (!line || line.startsWith('#')) continue;
-      const idx = line.indexOf('=');
-      if (idx === -1) continue;
-      result[line.slice(0, idx).trim()] = line.slice(idx + 1).trim();
-    }
-  } catch (_) {}
-}
-function findPython() {
-  for (const bin of ['python3', 'python']) {
-    try {
-      execSync(`${bin} --version`, { stdio: 'pipe' });
-      return bin;
-    } catch (_) {}
-  }
-  return null;
-}
-function run(bin, args) {
-  const r = spawnSync(bin, args, { encoding: 'utf8' });
-  return (r.stdout || '') + (r.stderr || '');
-}
-function runLive(bin, args) {
-  const r = spawnSync(bin, args, { stdio: 'inherit' });
-  if (r.status !== 0) {
-    console.error(chalk.red(`  ✖ Command failed: ${bin} ${args.join(' ')}`));
-    process.exit(1);
-  }
-}
-function installNpmGlobal(pkg, checkBin) {
-  try {
-    execSync(`${checkBin} --version`, { stdio: 'pipe' });
-    ok(`${pkg} already installed`);
-  } catch (_) {
-    info(`Installing ${pkg}…`);
-    runLive('npm', ['install', '-g', pkg]);
-    ok(`${pkg} installed`);
-  }
-}
-function setupSystemd(workspace) {
-  const user = os.userInfo().username;
-  const svc = `/etc/systemd/system/sentinel.service`;
-  const content = `[Unit]
-Description=Sentinel — Autonomous DevOps Agent
-After=network-online.target
-Wants=network-online.target
-[Service]
-Type=forking
-User=${user}
-WorkingDirectory=${workspace}
-ExecStart=${workspace}/startAll.sh
-ExecStop=${workspace}/stopAll.sh
-Restart=on-failure
-RestartSec=10
-[Install]
-WantedBy=multi-user.target
-`;
-  try {
-    fs.writeFileSync('/tmp/sentinel.service', content);
-    execSync(`sudo mv /tmp/sentinel.service ${svc}`);
-    execSync('sudo systemctl daemon-reload');
-    execSync('sudo systemctl enable sentinel');
-    ok('sentinel.service enabled');
-  } catch (e) {
-    warn(`Could not write systemd service (need sudo): ${e.message}`);
-    warn(`Manually create ${svc} to auto-start on reboot`);
-  }
-}