@misterhuydo/sentinel 1.2.4 → 1.2.6

package/.cairn/.hint-lock

@@ -1 +1 @@
-2026-03-23T09:57:32.803Z
+2026-03-23T11:11:25.885Z

package/.cairn/session.json

@@ -1,6 +1,6 @@
 {
-  "message": "Auto-checkpoint at 2026-03-23T09:50:06.054Z",
-  "checkpoint_at": "2026-03-23T09:50:06.055Z",
+  "message": "Auto-checkpoint at 2026-03-23T11:34:06.855Z",
+  "checkpoint_at": "2026-03-23T11:34:06.857Z",
   "active_files": [],
   "notes": [],
   "mtime_snapshot": {}

package/package.json

@@ -1,21 +1,21 @@
-{
-  "name": "@misterhuydo/sentinel",
-  "version": "1.2.4",
-  "description": "Sentinel — Autonomous DevOps Agent installer and manager",
-  "bin": {
-    "sentinel": "./bin/sentinel.js"
-  },
-  "scripts": {
-    "prepublishOnly": "node scripts/bundle.js"
-  },
-  "dependencies": {
-    "chalk": "^4.1.2",
-    "fs-extra": "^11.2.0",
-    "prompts": "^2.4.2"
-  },
-  "engines": {
-    "node": ">=16"
-  },
-  "author": "misterhuydo",
-  "license": "MIT"
-}
+{
+  "name": "@misterhuydo/sentinel",
+  "version": "1.2.6",
+  "description": "Sentinel — Autonomous DevOps Agent installer and manager",
+  "bin": {
+    "sentinel": "./bin/sentinel.js"
+  },
+  "scripts": {
+    "prepublishOnly": "node scripts/bundle.js"
+  },
+  "dependencies": {
+    "chalk": "^4.1.2",
+    "fs-extra": "^11.2.0",
+    "prompts": "^2.4.2"
+  },
+  "engines": {
+    "node": ">=16"
+  },
+  "author": "misterhuydo",
+  "license": "MIT"
+}

package/python/sentinel/config_loader.py

@@ -69,6 +69,10 @@ class SentinelConfig:
     #   Claude Pro / OAuth — used by fix_engine + ask_codebase when CLAUDE_PRO_FOR_TASKS=true
     #   At least one must be configured. Both = ideal split (Boss=API key, heavy tasks=Pro).
     claude_pro_for_tasks: bool = True  # when True + API key set, fix_engine/ask_codebase use claude CLI (Pro billing)
+    sync_enabled: bool = True
+    sync_interval_seconds: int = 300
+    sync_retention_days: int = 30    # delete synced log files older than this many days
+    sync_max_file_mb: int = 200      # truncate synced log files exceeding this size (MB)
 
 
 @dataclass
@@ -85,8 +89,10 @@ class LogSourceConfig:
     tail: Optional[int] = None
     head: Optional[int] = None
     # Cloudflare
+    target_repo: str = "auto"  # explicit repo name, or "auto" for stack-trace routing
     cf_url: str = ""
     cf_token: str = ""
+    sync_enabled: bool = True
 
 
 @dataclass
@@ -98,6 +104,7 @@ class RepoConfig:
     auto_publish: bool = False
     cicd_type: str = ""
     cicd_job_url: str = ""
+    health_url: str = ""     # optional: HTTP endpoint returning {"Status": "true"}
     cicd_token: str = ""
 
 
@@ -166,6 +173,10 @@ class ConfigLoader:
         c.slack_admin_users = _csv(d.get("SLACK_ADMIN_USERS", ""))
         c.project_name = d.get("PROJECT_NAME", "")
         c.claude_pro_for_tasks = d.get("CLAUDE_PRO_FOR_TASKS", "true").lower() != "false"
+        c.sync_enabled = d.get("SYNC_ENABLED", "true").lower() != "false"
+        c.sync_interval_seconds = int(d.get("SYNC_INTERVAL_SECONDS", 300))
+        c.sync_retention_days = int(d.get("SYNC_RETENTION_DAYS", 30))
+        c.sync_max_file_mb = int(d.get("SYNC_MAX_FILE_MB", 200))
         self.sentinel = c
 
     def _load_log_sources(self):
@@ -190,6 +201,8 @@ class ConfigLoader:
             s.head = int(d["HEAD"]) if "HEAD" in d else None
             s.cf_url = d.get("CF_URL", "")
             s.cf_token = d.get("CF_TOKEN", "")
+            s.target_repo = d.get("TARGET_REPO", "auto")
+            s.sync_enabled = d.get("SYNC_ENABLED", "true").lower() != "false"
             self.log_sources[s.name] = s
 
     def _load_repos(self):
@@ -210,6 +223,7 @@ class ConfigLoader:
             r.cicd_type = d.get("CICD_TYPE", "")
             r.cicd_job_url = d.get("CICD_JOB_URL", "")
             r.cicd_token = d.get("CICD_TOKEN", "")
+            r.health_url = d.get("HEALTH_URL", "")
             self.repos[r.repo_name] = r
 
     def _register_sighup(self):

package/python/sentinel/fix_engine.py

@@ -1,242 +1,259 @@
-"""
-fix_engine.py — Generate code fixes via Claude Code (headless).
-
-Invokes: claude --print "<prompt>" 2>&1
-
-Cairn MCP context is fetched automatically by Claude Code via its MCP tool
-connection — Sentinel does not need to query or inject it explicitly.
-"""
-
-import logging
-import re
-import subprocess
-import textwrap
-from pathlib import Path
-
-from .config_loader import RepoConfig, SentinelConfig
-from .log_parser import ErrorEvent
-from .notify import alert_if_rate_limited, slack_alert
-
-logger = logging.getLogger(__name__)
-
-SUBPROCESS_TIMEOUT = 120
-MAX_FILES_IN_PATCH = 5
-MAX_LINES_IN_PATCH = 200
-
-_DIFF_BLOCK = re.compile(r"```(?:diff|patch)?\n(.*?)```", re.DOTALL)
-_DIFF_HEADER = re.compile(r"^diff --git|^---\s+\S+|^\+\+\+\s+\S+", re.MULTILINE)
-
-
-def _build_prompt(event, repo: RepoConfig, log_file, marker: str, stale_markers: list[str] = None) -> str:
-    if log_file and log_file.exists():
-        ctx = (
-            "LOG FILE: " + str(log_file) + "\n"
-            "Read this file first -- it contains the last 48h of logs from "
-            + event.source + ".\n"
-            "Use it to understand frequency, context, and preceding warnings."
-        )
-        step1 = "Read the log file above to understand what led up to this error."
-    else:
-        ctx = (
-            "SOURCE: " + event.source + "\n"
-            "No rolling log file available. The full issue description is below."
-        )
-        step1 = "Use the issue description above as your primary context."
-
-    marker_label = marker + " sentinel-auto-fix [safe to remove after verification]"
-    marker_instruction = "\n".join([
-        "For EVERY method and constructor you modify, add this as the FIRST executable line:",
-        f'  Java/Kotlin : log.info("{marker_label}");',
-        f'  Python      : logger.info("{marker_label}")',
-        f'  Node.js     : logger.info("{marker_label}")',
-        "Use the logger already present in the file. Do not add new imports.",
-        "This applies to ALL modified methods and constructors without exception.",
-    ])
-
-    cleanup = ""
-    if stale_markers:
-        marker_list = "\n".join(f"  - {m}" for m in stale_markers)
-        cleanup = (
-            "CLEANUP (do this first, before the fix):\n"
-            "Remove any log lines containing these stale Sentinel markers from the codebase:\n"
-            + marker_list + "\n"
-            "Commit the cleanup separately with message: 'chore(sentinel): remove stale markers'\n"
-        )
-
-    lines_out = [
-        f"You are fixing a production bug in the repository at {repo.local_path}.",
-        f"Repository: {repo.repo_name}",
-        "",
-    ]
-    if cleanup:
-        lines_out += [cleanup, ""]
-    lines_out += [
-        ctx,
-        "",
-        f"ISSUE TO FIX (from {event.source}):",
-        event.full_text(),
-        "",
-        "Task:",
-        f"1. {step1}",
-        "2. Use your available tools to explore the codebase and identify the root cause.",
-        f"3. {marker_instruction}",
-        "4. Output ONLY a unified diff patch (git diff format) fixing the issue.",
-        "5. Do not explain. Output only the patch.",
-        "6. If you cannot determine a safe fix, output: SKIP: <reason>",
-    ]
-    return "\n".join(lines_out)
-
-def _validate_patch(patch: str) -> tuple[bool, str]:
-    files_changed = len(re.findall(r"^diff --git", patch, re.MULTILINE))
-    lines_changed = len([
-        l for l in patch.splitlines()
-        if l.startswith(("+", "-")) and not l.startswith(("+++", "---"))
-    ])
-    if files_changed > MAX_FILES_IN_PATCH:
-        return False, f"Patch touches {files_changed} files (limit {MAX_FILES_IN_PATCH})"
-    if lines_changed > MAX_LINES_IN_PATCH:
-        return False, f"Patch changes {lines_changed} lines (limit {MAX_LINES_IN_PATCH})"
-    return True, ""
-
-
-_AUTH_ERROR_HINTS = (
-    "not logged in", "please run claude login", "authentication failed",
-    "api key is not set", "invalid x-api-key", "unauthorized", "please authenticate",
-    "unauthenticated", "auth_required", "no auth", "login required",
-)
-
-
-def _is_auth_error(output: str) -> bool:
-    low = output.lower()
-    return any(hint in low for hint in _AUTH_ERROR_HINTS)
-
-
-def _claude_cmd(bin_path: str, prompt: str) -> list[str]:
-    import os as _os
-    try:
-        skip = _os.getuid() != 0
-    except AttributeError:
-        skip = True  # Windows — always pass flag
-    if skip:
-        return [bin_path, "--dangerously-skip-permissions", "--print", prompt]
-    return [bin_path, "--print", prompt]
-
-
-def _run_claude_attempt(bin_path: str, prompt: str, env: dict) -> tuple[str, bool]:
-    """
-    Run claude CLI with the given env. Returns (output, timed_out).
-    Raises FileNotFoundError if binary is missing.
-    """
-    try:
-        result = subprocess.run(
-            _claude_cmd(bin_path, prompt),
-            capture_output=True, text=True, timeout=SUBPROCESS_TIMEOUT, env=env,
-        )
-        return (result.stdout or "") + (result.stderr or ""), False
-    except subprocess.TimeoutExpired:
-        return "", True
-
-
-def generate_fix(
-    event: ErrorEvent,
-    repo: RepoConfig,
-    cfg: SentinelConfig,
-    patches_dir: Path,
-) -> tuple[str, Path | None, str]:
-    """
-    Generate a fix for the given error event.
-
-    Returns:
-        (status, patch_path, marker)
-        status: "patch" | "skip" | "error"
-
-    Auth strategy — API key and Claude Pro (OAuth) are interchangeable:
-      Primary  : Claude Pro (OAuth) if claude_pro_for_tasks=True, else API key
-      Fallback : the other method, if primary fails with an auth error
-      On total auth failure: notify Slack admins + email report recipients
-    """
-    import os as _os
-
-    marker   = f"sentinel-{event.fingerprint[:8]}"
-    log_file = Path(cfg.workspace_dir) / "fetched" / f"{event.source}.log"
-    if not log_file.exists():
-        log_file = None
-    prompt = _build_prompt(event, repo, log_file, marker)
-
-    logger.info("Invoking Claude Code for %s (fp=%s)", event.source, event.fingerprint)
-
-    base_env  = _os.environ.copy()
-    api_env   = {**base_env, "ANTHROPIC_API_KEY": cfg.anthropic_api_key} if cfg.anthropic_api_key else None
-    oauth_env = base_env  # relies on cached `claude login` session — no key injected
-
-    # Choose primary/fallback order based on config
-    if cfg.claude_pro_for_tasks and cfg.anthropic_api_key:
-        attempts = [("Claude Pro (OAuth)", oauth_env), ("API key", api_env)]
-    elif cfg.claude_pro_for_tasks:
-        attempts = [("Claude Pro (OAuth)", oauth_env)]
-    elif cfg.anthropic_api_key:
-        attempts = [("API key", api_env), ("Claude Pro (OAuth)", oauth_env)]
-    else:
-        attempts = [("Claude Pro (OAuth)", oauth_env)]
-
-    output = ""
-    try:
-        for label, env in attempts:
-            if env is None:
-                continue
-            logger.info("fix_engine: trying %s for %s", label, event.fingerprint)
-            output, timed_out = _run_claude_attempt(cfg.claude_code_bin, prompt, env)
-            if timed_out:
-                logger.error("Claude Code timed out for %s", event.fingerprint)
-                return "error", None, ""
-            if not _is_auth_error(output):
-                break
-            logger.warning("fix_engine: %s auth error for %s — trying next method", label, event.fingerprint)
-        else:
-            # All attempts failed with auth errors
-            msg = (
-                ":warning: *Sentinel — Fix Engine auth failure*\n"
-                f"Both API key and Claude Pro (OAuth) failed authentication for `{event.fingerprint}`.\n"
-                "• Check that `ANTHROPIC_API_KEY` is valid, or run `claude login` to refresh the OAuth session."
-            )
-            logger.error("fix_engine: all auth methods failed for %s", event.fingerprint)
-            slack_alert(cfg.slack_bot_token, cfg.slack_channel, msg)
-            return "error", None, ""
-    except FileNotFoundError:
-        msg = (
-            f":warning: *Sentinel — Claude CLI not found*\n"
-            f"`{cfg.claude_code_bin}` not found. Run: `npm install -g @anthropic-ai/claude-code`\n"
-            f"Fix engine is disabled until this is resolved."
-        )
-        logger.error("Claude Code binary not found at '%s'", cfg.claude_code_bin)
-        slack_alert(cfg.slack_bot_token, cfg.slack_channel, msg)
-        return "error", None, ""
-
-    # Alert Slack immediately on rate-limit — never stay silent
-    alert_if_rate_limited(
-        cfg.slack_bot_token,
-        cfg.slack_channel,
-        source=f"fix_engine/{event.fingerprint}",
-        output=output,
-    )
-
-    if output.strip().upper().startswith("SKIP:"):
-        reason = output.strip()[5:].strip()
-        logger.info("Claude skipped fix for %s: %s", event.fingerprint, reason)
-        return "skip", None, ""
-
-    patch = _extract_patch(output)
-    if not patch:
-        logger.warning("No patch found in Claude output for %s", event.fingerprint)
-        return "error", None, ""
-
-    ok, reason = _validate_patch(patch)
-    if not ok:
-        logger.warning("Patch rejected for %s: %s", event.fingerprint, reason)
-        return "skip", None, ""
-
-    patches_dir.mkdir(parents=True, exist_ok=True)
-    patch_path = patches_dir / f"{event.fingerprint}.diff"
-    patch_path.write_text(patch, encoding="utf-8")
-    logger.info("Patch written to %s", patch_path)
-    return "patch", patch_path, marker
+"""
+fix_engine.py — Generate code fixes via Claude Code (headless).
+
+Invokes: claude --print "<prompt>" 2>&1
+
+Cairn MCP context is fetched automatically by Claude Code via its MCP tool
+connection — Sentinel does not need to query or inject it explicitly.
+"""
+
+import logging
+import re
+import subprocess
+import textwrap
+from pathlib import Path
+
+from .config_loader import RepoConfig, SentinelConfig
+from .log_parser import ErrorEvent
+from .notify import alert_if_rate_limited, slack_alert
+
+logger = logging.getLogger(__name__)
+
+SUBPROCESS_TIMEOUT = 120
+MAX_FILES_IN_PATCH = 5
+MAX_LINES_IN_PATCH = 200
+
+_DIFF_BLOCK = re.compile(r"```(?:diff|patch)?\n(.*?)```", re.DOTALL)
+_DIFF_HEADER = re.compile(r"^diff --git|^---\s+\S+|^\+\+\+\s+\S+", re.MULTILINE)
+
+
+def _build_prompt(event, repo: RepoConfig, log_file, marker: str, stale_markers: list[str] = None) -> str:
+    if log_file and log_file.exists():
+        ctx = (
+            "LOG FILE: " + str(log_file) + "\n"
+            "Read this file first -- it contains the last 48h of logs from "
+            + event.source + ".\n"
+            "Use it to understand frequency, context, and preceding warnings."
+        )
+        step1 = "Read the log file above to understand what led up to this error."
+    else:
+        ctx = (
+            "SOURCE: " + event.source + "\n"
+            "No rolling log file available. The full issue description is below."
+        )
+        step1 = "Use the issue description above as your primary context."
+
+    marker_label = marker + " sentinel-auto-fix [safe to remove after verification]"
+    marker_instruction = "\n".join([
+        "For EVERY method and constructor you modify, add this as the FIRST executable line:",
+        f'  Java/Kotlin : log.info("{marker_label}");',
+        f'  Python      : logger.info("{marker_label}")',
+        f'  Node.js     : logger.info("{marker_label}")',
+        "Use the logger already present in the file. Do not add new imports.",
+        "This applies to ALL modified methods and constructors without exception.",
+    ])
+
+    cleanup = ""
+    if stale_markers:
+        marker_list = "\n".join(f"  - {m}" for m in stale_markers)
+        cleanup = (
+            "CLEANUP (do this first, before the fix):\n"
+            "Remove any log lines containing these stale Sentinel markers from the codebase:\n"
+            + marker_list + "\n"
+            "Commit the cleanup separately with message: 'chore(sentinel): remove stale markers'\n"
+        )
+
+    lines_out = [
+        f"You are fixing a production bug in the repository at {repo.local_path}.",
+        f"Repository: {repo.repo_name}",
+        "",
+    ]
+    if cleanup:
+        lines_out += [cleanup, ""]
+    lines_out += [
+        ctx,
+        "",
+        f"ISSUE TO FIX (from {event.source}):",
+        event.full_text(),
+        "",
+        "Task:",
+        f"1. {step1}",
+        "2. Use your available tools to explore the codebase and identify the root cause.",
+        f"3. {marker_instruction}",
+        "4. Output ONLY a unified diff patch (git diff format) fixing the issue.",
+        "5. Do not explain. Output only the patch.",
+        "6. If you cannot determine a safe fix, output: SKIP: <reason>",
+    ]
+    return "\n".join(lines_out)
+
+def _validate_patch(patch: str) -> tuple[bool, str]:
+    files_changed = len(re.findall(r"^diff --git", patch, re.MULTILINE))
+    lines_changed = len([
+        l for l in patch.splitlines()
+        if l.startswith(("+", "-")) and not l.startswith(("+++", "---"))
+    ])
+    if files_changed > MAX_FILES_IN_PATCH:
+        return False, f"Patch touches {files_changed} files (limit {MAX_FILES_IN_PATCH})"
+    if lines_changed > MAX_LINES_IN_PATCH:
+        return False, f"Patch changes {lines_changed} lines (limit {MAX_LINES_IN_PATCH})"
+    return True, ""
+
+
+_AUTH_ERROR_HINTS = (
+    "not logged in", "please run claude login", "authentication failed",
+    "api key is not set", "invalid x-api-key", "unauthorized", "please authenticate",
+    "unauthenticated", "auth_required", "no auth", "login required",
+)
+
+
+def _is_auth_error(output: str) -> bool:
+    low = output.lower()
+    return any(hint in low for hint in _AUTH_ERROR_HINTS)
+
+
+def _claude_cmd(bin_path: str, prompt: str) -> list[str]:
+    import os as _os
+    try:
+        skip = _os.getuid() != 0
+    except AttributeError:
+        skip = True  # Windows — always pass flag
+    if skip:
+        return [bin_path, "--dangerously-skip-permissions", "--print", prompt]
+    return [bin_path, "--print", prompt]
+
+
+def _run_claude_attempt(bin_path: str, prompt: str, env: dict) -> tuple[str, bool]:
+    """
+    Run claude CLI with the given env. Returns (output, timed_out).
+    Raises FileNotFoundError if binary is missing.
+    """
+    try:
+        result = subprocess.run(
+            _claude_cmd(bin_path, prompt),
+            capture_output=True, text=True, timeout=SUBPROCESS_TIMEOUT, env=env,
+        )
+        return (result.stdout or "") + (result.stderr or ""), False
+    except subprocess.TimeoutExpired:
+        return "", True
+
+
+def generate_fix(
+    event: ErrorEvent,
+    repo: RepoConfig,
+    cfg: SentinelConfig,
+    patches_dir: Path,
+) -> tuple[str, Path | None, str]:
+    """
+    Generate a fix for the given error event.
+
+    Returns:
+        (status, patch_path, marker)
+        status: "patch" | "skip" | "error"
+
+    Auth strategy — API key and Claude Pro (OAuth) are interchangeable:
+      Primary  : Claude Pro (OAuth) if claude_pro_for_tasks=True, else API key
+      Fallback : the other method, if primary fails with an auth error
+      On total auth failure: notify Slack admins + email report recipients
+    """
+    import os as _os
+
+    marker   = f"sentinel-{event.fingerprint[:8]}"
+    log_file = Path(cfg.workspace_dir) / "fetched" / f"{event.source}.log"
+    if not log_file.exists():
+        log_file = None
+    prompt = _build_prompt(event, repo, log_file, marker)
+
+    # -- Cross-source dedup: skip if fingerprint already fixed in recent git commits ------
+    if repo.local_path:
+        import subprocess as _sp
+        try:
+            git_result = _sp.run(
+                ["git", "log", "--oneline", "-50", f"--grep={event.fingerprint[:8]}"],
+                cwd=repo.local_path, capture_output=True, text=True, timeout=15,
+            )
+            if git_result.returncode == 0 and git_result.stdout.strip():
+                logger.info(
+                    "fix_engine: fingerprint %s already in recent git commits — skipping: %s",
+                    event.fingerprint[:8], git_result.stdout.splitlines()[0],
+                )
+                return "skip", None, ""
+        except Exception as _e:
+            logger.debug("fix_engine: git log check failed: %s", _e)
+
+    logger.info("Invoking Claude Code for %s (fp=%s)", event.source, event.fingerprint)
+
+    base_env  = _os.environ.copy()
+    api_env   = {**base_env, "ANTHROPIC_API_KEY": cfg.anthropic_api_key} if cfg.anthropic_api_key else None
+    oauth_env = base_env  # relies on cached `claude login` session — no key injected
+
+    # Choose primary/fallback order based on config
+    if cfg.claude_pro_for_tasks and cfg.anthropic_api_key:
+        attempts = [("Claude Pro (OAuth)", oauth_env), ("API key", api_env)]
+    elif cfg.claude_pro_for_tasks:
+        attempts = [("Claude Pro (OAuth)", oauth_env)]
+    elif cfg.anthropic_api_key:
+        attempts = [("API key", api_env), ("Claude Pro (OAuth)", oauth_env)]
+    else:
+        attempts = [("Claude Pro (OAuth)", oauth_env)]
+
+    output = ""
+    try:
+        for label, env in attempts:
+            if env is None:
+                continue
+            logger.info("fix_engine: trying %s for %s", label, event.fingerprint)
+            output, timed_out = _run_claude_attempt(cfg.claude_code_bin, prompt, env)
+            if timed_out:
+                logger.error("Claude Code timed out for %s", event.fingerprint)
+                return "error", None, ""
+            if not _is_auth_error(output):
+                break
+            logger.warning("fix_engine: %s auth error for %s — trying next method", label, event.fingerprint)
+        else:
+            # All attempts failed with auth errors
+            msg = (
+                ":warning: *Sentinel — Fix Engine auth failure*\n"
+                f"Both API key and Claude Pro (OAuth) failed authentication for `{event.fingerprint}`.\n"
+                "• Check that `ANTHROPIC_API_KEY` is valid, or run `claude login` to refresh the OAuth session."
+            )
+            logger.error("fix_engine: all auth methods failed for %s", event.fingerprint)
+            slack_alert(cfg.slack_bot_token, cfg.slack_channel, msg)
+            return "error", None, ""
+    except FileNotFoundError:
+        msg = (
+            f":warning: *Sentinel — Claude CLI not found*\n"
+            f"`{cfg.claude_code_bin}` not found. Run: `npm install -g @anthropic-ai/claude-code`\n"
+            f"Fix engine is disabled until this is resolved."
+        )
+        logger.error("Claude Code binary not found at '%s'", cfg.claude_code_bin)
+        slack_alert(cfg.slack_bot_token, cfg.slack_channel, msg)
+        return "error", None, ""
+
+    # Alert Slack immediately on rate-limit — never stay silent
+    alert_if_rate_limited(
+        cfg.slack_bot_token,
+        cfg.slack_channel,
+        source=f"fix_engine/{event.fingerprint}",
+        output=output,
+    )
+
+    if output.strip().upper().startswith("SKIP:"):
+        reason = output.strip()[5:].strip()
+        logger.info("Claude skipped fix for %s: %s", event.fingerprint, reason)
+        return "skip", None, ""
+
+    patch = _extract_patch(output)
+    if not patch:
+        logger.warning("No patch found in Claude output for %s", event.fingerprint)
+        return "error", None, ""
+
+    ok, reason = _validate_patch(patch)
+    if not ok:
+        logger.warning("Patch rejected for %s: %s", event.fingerprint, reason)
+        return "skip", None, ""
+
+    patches_dir.mkdir(parents=True, exist_ok=True)
+    patch_path = patches_dir / f"{event.fingerprint}.diff"
+    patch_path.write_text(patch, encoding="utf-8")
+    logger.info("Patch written to %s", patch_path)
+    return "patch", patch_path, marker