npm - @misterhuydo/sentinel - Versions diffs - 1.1.3 → 1.1.4 - Mend

@misterhuydo/sentinel 1.1.3 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/.cairn/session.json +2 -2
package/package.json +1 -1
package/python/sentinel/fix_engine.py +87 -22
package/python/sentinel/main.py +4 -3

package/.cairn/session.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
-  "message": "Auto-checkpoint at 2026-03-23T08:30:55.526Z",
-  "checkpoint_at": "2026-03-23T08:30:55.527Z",
+  "message": "Auto-checkpoint at 2026-03-23T08:33:20.221Z",
+  "checkpoint_at": "2026-03-23T08:33:20.223Z",
   "active_files": [],
   "notes": [],
   "mtime_snapshot": {}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.1.3",
+  "version": "1.1.4",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/sentinel/fix_engine.py CHANGED Viewed

@@ -99,42 +99,109 @@ def _validate_patch(patch: str) -> tuple[bool, str]:
     return True, ""
+_AUTH_ERROR_HINTS = (
+    "not logged in", "please run claude login", "authentication failed",
+    "api key is not set", "invalid x-api-key", "unauthorized", "please authenticate",
+    "unauthenticated", "auth_required", "no auth", "login required",
+)
+def _is_auth_error(output: str) -> bool:
+    low = output.lower()
+    return any(hint in low for hint in _AUTH_ERROR_HINTS)
+def _claude_cmd(bin_path: str, prompt: str) -> list[str]:
+    import os as _os
+    try:
+        skip = _os.getuid() != 0
+    except AttributeError:
+        skip = True  # Windows — always pass flag
+    if skip:
+        return [bin_path, "--dangerously-skip-permissions", "--print", prompt]
+    return [bin_path, "--print", prompt]
+def _run_claude_attempt(bin_path: str, prompt: str, env: dict) -> tuple[str, bool]:
+    """
+    Run claude CLI with the given env. Returns (output, timed_out).
+    Raises FileNotFoundError if binary is missing.
+    """
+    try:
+        result = subprocess.run(
+            _claude_cmd(bin_path, prompt),
+            capture_output=True, text=True, timeout=SUBPROCESS_TIMEOUT, env=env,
+        )
+        return (result.stdout or "") + (result.stderr or ""), False
+    except subprocess.TimeoutExpired:
+        return "", True
 def generate_fix(
     event: ErrorEvent,
     repo: RepoConfig,
     cfg: SentinelConfig,
     patches_dir: Path,
-) -> tuple[str, Path | None]:
+) -> tuple[str, Path | None, str]:
     """
     Generate a fix for the given error event.
     Returns:
-        (status, patch_path)
+        (status, patch_path, marker)
         status: "patch" | "skip" | "error"
+    Auth strategy — API key and Claude Pro (OAuth) are interchangeable:
+      Primary  : Claude Pro (OAuth) if claude_pro_for_tasks=True, else API key
+      Fallback : the other method, if primary fails with an auth error
+      On total auth failure: notify Slack admins + email report recipients
     """
-    # Issues have source like "issues/filename" — no rolling log file exists
+    import os as _os
+    marker   = f"sentinel-{event.fingerprint[:8]}"
     log_file = Path(cfg.workspace_dir) / "fetched" / f"{event.source}.log"
     if not log_file.exists():
         log_file = None
-    prompt = _build_prompt(event, repo, log_file)
+    prompt = _build_prompt(event, repo, log_file, marker)
     logger.info("Invoking Claude Code for %s (fp=%s)", event.source, event.fingerprint)
-    import os as _os
-    env = _os.environ.copy()
-    # Inject API key only when Claude Pro is NOT preferred for tasks
-    # (when claude_pro_for_tasks=True and API key is set, let claude CLI use OAuth/Pro)
-    if cfg.anthropic_api_key and not cfg.claude_pro_for_tasks:
-        env["ANTHROPIC_API_KEY"] = cfg.anthropic_api_key
+    base_env  = _os.environ.copy()
+    api_env   = {**base_env, "ANTHROPIC_API_KEY": cfg.anthropic_api_key} if cfg.anthropic_api_key else None
+    oauth_env = base_env  # relies on cached `claude login` session — no key injected
+    # Choose primary/fallback order based on config
+    if cfg.claude_pro_for_tasks and cfg.anthropic_api_key:
+        attempts = [("Claude Pro (OAuth)", oauth_env), ("API key", api_env)]
+    elif cfg.claude_pro_for_tasks:
+        attempts = [("Claude Pro (OAuth)", oauth_env)]
+    elif cfg.anthropic_api_key:
+        attempts = [("API key", api_env), ("Claude Pro (OAuth)", oauth_env)]
+    else:
+        attempts = [("Claude Pro (OAuth)", oauth_env)]
+    output = ""
     try:
-        result = subprocess.run(
-            ([cfg.claude_code_bin, "--dangerously-skip-permissions", "--print", prompt]
-            if os.getuid() != 0 else
-            [cfg.claude_code_bin, "--print", prompt]),
-            capture_output=True, text=True, timeout=SUBPROCESS_TIMEOUT, env=env,
-        )
-    except subprocess.TimeoutExpired:
-        logger.error("Claude Code timed out for %s", event.fingerprint)
-        return "error", None, ""
+        for label, env in attempts:
+            if env is None:
+                continue
+            logger.info("fix_engine: trying %s for %s", label, event.fingerprint)
+            output, timed_out = _run_claude_attempt(cfg.claude_code_bin, prompt, env)
+            if timed_out:
+                logger.error("Claude Code timed out for %s", event.fingerprint)
+                return "error", None, ""
+            if not _is_auth_error(output):
+                break
+            logger.warning("fix_engine: %s auth error for %s — trying next method", label, event.fingerprint)
+        else:
+            # All attempts failed with auth errors
+            msg = (
+                ":warning: *Sentinel — Fix Engine auth failure*\n"
+                f"Both API key and Claude Pro (OAuth) failed authentication for `{event.fingerprint}`.\n"
+                "• Check that `ANTHROPIC_API_KEY` is valid, or run `claude login` to refresh the OAuth session."
+            )
+            logger.error("fix_engine: all auth methods failed for %s", event.fingerprint)
+            slack_alert(cfg.slack_bot_token, cfg.slack_channel, msg)
+            return "error", None, ""
     except FileNotFoundError:
         msg = (
             f":warning: *Sentinel — Claude CLI not found*\n"
@@ -145,9 +212,7 @@ def generate_fix(
         slack_alert(cfg.slack_bot_token, cfg.slack_channel, msg)
         return "error", None, ""
-    output = (result.stdout or "") + (result.stderr or "")
-    # Alert Slack immediately on rate-limit / auth failure — never stay silent
+    # Alert Slack immediately on rate-limit — never stay silent
     alert_if_rate_limited(
         cfg.slack_bot_token,
         cfg.slack_channel,

package/python/sentinel/main.py CHANGED Viewed

@@ -549,13 +549,14 @@ def _log_auth_status(cfg: SentinelConfig) -> None:
     if has_api_key and pro_for_tasks:
         logger.info(
-            "Claude auth: API key ✓ (Boss) + Claude Pro preferred for Fix Engine/Ask Codebase. "
+            "Claude auth: API key ✓ + Claude Pro (OAuth) ✓ — "
+            "Fix Engine will try Claude Pro first, falls back to API key on auth error. "
             "Run `claude login` if not already authenticated."
         )
     elif has_api_key and not pro_for_tasks:
         logger.info(
-            "Claude auth: API key ✓ (Boss + Fix Engine). "
-            "CLAUDE_PRO_FOR_TASKS=false — all tasks billed to API quota."
+            "Claude auth: API key ✓ — Boss + Fix Engine use API key. "
+            "CLAUDE_PRO_FOR_TASKS=false; falls back to Claude Pro (OAuth) if key auth fails."
         )
     elif not has_api_key and has_claude_bin:
         logger.warning(