@misterhuydo/sentinel 1.2.8 → 1.3.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.2.8",
+  "version": "1.3.0",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/scripts/gen_deploy_keys.sh

@@ -0,0 +1,94 @@
+#!/bin/bash
+# gen_deploy_keys.sh — Generate one ed25519 deploy key per GitHub repo.
+#
+# Usage:
+#   ./gen_deploy_keys.sh org/repo1 org/repo2 ...
+#
+# What it does:
+#   1. Generates ~/.ssh/<repo>.key and ~/.ssh/<repo>.key.pub for each repo
+#   2. Adds a Host block to ~/.ssh/config so git uses the right key per repo
+#   3. Adds github.com to known_hosts (if not already there)
+#   4. Prints each public key for pasting into GitHub → Settings → Deploy keys
+#
+# After running:
+#   - Add each printed public key to its repo on GitHub (allow write access)
+#   - Use the SSH alias in git URLs:  git@github-<repo>:org/repo.git
+#   - Test with:  ssh -T github-<repo>
+
+set -euo pipefail
+
+if [[ $# -eq 0 ]]; then
+  echo "Usage: $0 org/repo1 org/repo2 ..."
+  echo "  e.g. $0 Opplysningen1881/sentinel-1881 Opplysningen1881/1881-SSOLoginWebApp"
+  exit 1
+fi
+
+SSH_DIR="$HOME/.ssh"
+mkdir -p "$SSH_DIR"
+chmod 700 "$SSH_DIR"
+
+# Add GitHub host key once
+if ! grep -q "github.com" "$SSH_DIR/known_hosts" 2>/dev/null; then
+  echo "Adding GitHub to known_hosts..."
+  ssh-keyscan github.com >> "$SSH_DIR/known_hosts" 2>/dev/null
+fi
+
+touch "$SSH_DIR/config"
+chmod 600 "$SSH_DIR/config"
+
+for repo_path in "$@"; do
+  repo="${repo_path##*/}"   # strip org/ prefix → just the repo name
+  keyfile="$SSH_DIR/${repo}.key"
+
+  echo ""
+  echo "══════════════════════════════════════════════"
+  echo "  Repo:    $repo_path"
+  echo "  Keyfile: $keyfile"
+  echo "══════════════════════════════════════════════"
+
+  # Generate (skip if key already exists)
+  if [[ -f "$keyfile" ]]; then
+    echo "  Key already exists — skipping generation (delete $keyfile to regenerate)"
+  else
+    ssh-keygen -t ed25519 -C "sentinel@${repo}" -f "$keyfile" -N "" -q
+    echo "  Key generated."
+  fi
+
+  # Add SSH config block (skip if Host already configured)
+  if ! grep -q "Host github-${repo}" "$SSH_DIR/config" 2>/dev/null; then
+    cat >> "$SSH_DIR/config" << EOF
+
+Host github-${repo}
+    HostName github.com
+    User git
+    IdentityFile ${keyfile}
+    IdentitiesOnly yes
+EOF
+    echo "  SSH config block added."
+  else
+    echo "  SSH config block already exists — skipping."
+  fi
+
+  echo ""
+  echo "  ┌─ Add this deploy key to GitHub ─────────────────────────────────────┐"
+  echo "  │  $repo_path → Settings → Deploy keys → Add deploy key"
+  echo "  │  Title: sentinel@$(hostname)"
+  echo "  │  Allow write access: ✓"
+  echo "  └──────────────────────────────────────────────────────────────────────┘"
+  echo ""
+  cat "$keyfile.pub"
+done
+
+echo ""
+echo "══════════════════════════════════════════════"
+echo "Done. After adding keys on GitHub, test each:"
+for repo_path in "$@"; do
+  repo="${repo_path##*/}"
+  echo "  ssh -T github-${repo}"
+done
+echo ""
+echo "Use SSH aliases in sentinel add:"
+for repo_path in "$@"; do
+  repo="${repo_path##*/}"
+  echo "  sentinel add git@github-${repo}:${repo_path}.git"
+done

package/python/scripts/setup_deploy_keys.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+# Usage: ./setup_deploy_keys.sh repo1 repo2 ...
+# Generates one deploy key per repo, prints each public key for GitHub.
+
+set -e
+
+if [[ $# -eq 0 ]]; then
+  echo "Usage: $0 repo1 repo2 ..."
+  exit 1
+fi
+
+SSH_DIR="$HOME/.ssh"
+
+# Wipe known state
+echo "Cleaning ~/.ssh ..."
+rm -f "$SSH_DIR"/known_hosts "$SSH_DIR"/known_hosts.old
+for f in "$SSH_DIR"/*.pub "$SSH_DIR"/config; do
+  [[ -f "$f" ]] && rm -f "$f" "${f%.pub}"
+done
+rm -f "$SSH_DIR"/config
+
+# Re-fetch GitHub host key once
+ssh-keyscan github.com >> "$SSH_DIR/known_hosts" 2>/dev/null
+echo "GitHub host key added."
+echo ""
+
+# Fresh SSH config
+CONFIG="$SSH_DIR/config"
+
+for repo in "$@"; do
+  keyfile="$SSH_DIR/$repo"
+
+  echo "──────────────────────────────────────────"
+  echo "Repo: $repo"
+
+  # Generate key
+  ssh-keygen -t ed25519 -C "sentinel@$repo" -f "$keyfile" -N "" -q
+
+  # Append SSH config block
+  cat >> "$CONFIG" << EOF
+
+Host github-$repo
+    HostName github.com
+    User git
+    IdentityFile $keyfile
+    IdentitiesOnly yes
+EOF
+
+  echo ""
+  echo "Deploy key for: github.com/Opplysningen1881/$repo"
+  echo "→ GitHub: Settings → Deploy keys → Add deploy key (allow write access)"
+  echo ""
+  cat "$keyfile.pub"
+  echo ""
+done
+
+chmod 600 "$CONFIG"
+
+echo "──────────────────────────────────────────"
+echo "Done. After adding keys on GitHub, test with:"
+for repo in "$@"; do
+  echo "  ssh -T github-$repo"
+done

package/python/sentinel/fix_engine.py

@@ -155,6 +155,7 @@ def generate_fix(
     repo: RepoConfig,
     cfg: SentinelConfig,
     patches_dir: Path,
+    store=None,
 ) -> tuple[str, Path | None, str]:
     """
     Generate a fix for the given error event.

package/python/sentinel/main.py

@@ -90,27 +90,31 @@ async def _handle_error(event: ErrorEvent, cfg_loader: ConfigLoader, store: Stat
     if status != "patch" or patch_path is None:
         outcome = "skipped" if status in ("skip", "needs_human") else "failed"
         store.record_fix(event.fingerprint, outcome, repo_name=repo.repo_name)
-        submitter_uid = getattr(event, "submitter_user_id", "")
+        # For log-detected errors: NEEDS_HUMAN -> DM/channel; SKIP -> email only (not spam)
         if status == "needs_human":
-            # marker holds the reason string for needs_human
             notify_fix_blocked(sentinel, event.source, event.message,
                                reason=marker, repo_name=repo.repo_name,
-                               submitter_user_id=submitter_uid)
+                               submitter_user_id="")
         else:
-            notify_fix_blocked(sentinel, event.source, event.message,
-                               reason=f"Claude Code returned {status.upper()}",
-                               repo_name=repo.repo_name,
-                               submitter_user_id=submitter_uid)
+            send_failure_notification(sentinel, {
+                "source":    event.source,
+                "message":   event.message,
+                "repo_name": repo.repo_name,
+                "reason":    f"Claude Code returned {status.upper()}",
+                "body":      event.full_text()[:500],
+            })
         return
 
     commit_status, commit_hash = apply_and_commit(event, patch_path, repo, sentinel)
     if commit_status != "committed":
         store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
-        submitter_uid = getattr(event, "submitter_user_id", "")
-        notify_fix_blocked(sentinel, event.source, event.message,
-                           reason="Patch was generated but commit/tests failed",
-                           repo_name=repo.repo_name,
-                           submitter_user_id=submitter_uid)
+        send_failure_notification(sentinel, {
+            "source":    event.source,
+            "message":   event.message,
+            "repo_name": repo.repo_name,
+            "reason":    "Patch was generated but commit/tests failed",
+            "body":      event.full_text()[:500],
+        })
         return
 
     branch, pr_url = publish(event, repo, sentinel, commit_hash)
@@ -184,16 +188,12 @@ async def _handle_issue(event: IssueEvent, cfg_loader: ConfigLoader, store: Stat
     if status != "patch" or patch_path is None:
         store.record_fix(event.fingerprint, "skipped" if status in ("skip", "needs_human") else "failed",
                          repo_name=repo.repo_name)
+        # For user-submitted issues: always notify (person is waiting)
         submitter_uid = getattr(event, "submitter_user_id", "")
-        if status == "needs_human":
-            notify_fix_blocked(sentinel, event.source, event.message,
-                               reason=marker, repo_name=repo.repo_name,
-                               submitter_user_id=submitter_uid)
-        else:
-            notify_fix_blocked(sentinel, event.source, event.message,
-                               reason=f"Claude Code returned {status.upper()}",
-                               repo_name=repo.repo_name,
-                               submitter_user_id=submitter_uid)
+        reason_text = marker if status == "needs_human" else f"Claude Code returned {status.upper()}"
+        notify_fix_blocked(sentinel, event.source, event.message,
+                           reason=reason_text, repo_name=repo.repo_name,
+                           submitter_user_id=submitter_uid)
         mark_done(event.issue_file)
         return
 
@@ -307,21 +307,31 @@ async def poll_cycle(cfg_loader: ConfigLoader, store: StateStore):
 
     # -- Health URL checks -------------------------------------------------------
     if cfg_loader.repos:
-        health_results = evaluate_repos(
-            cfg_loader.repos, cfg_loader.log_sources, cfg_loader.sentinel.workspace_dir,
-            store=store,
+        import asyncio as _asyncio
+        _loop = _asyncio.get_event_loop()
+        health_results = await _loop.run_in_executor(
+            None,
+            lambda: evaluate_repos(
+                cfg_loader.repos, cfg_loader.log_sources,
+                cfg_loader.sentinel.workspace_dir, store=store,
+            )
         )
         for hr in health_results:
             if hr["action"] == "fix":
                 fp = f"health-{hr['repo_name']}"
                 store.record_error(fp, f"health_checker/{hr['repo_name']}", hr["message"])
                 if not store.fix_attempted_recently(fp, hours=6):
-                    synth = ErrorEvent(
+                    from .log_parser import ErrorEvent as _EE
+                    from datetime import datetime, timezone as _tz
+                    synth = _EE(
                         source=f"health_checker/{hr['repo_name']}",
-                        severity="ERROR",
-                        message=f"App startup failure: {hr['message']}",
-                        raw_lines=[hr["startup_failure_line"]],
-                        timestamp=None,
+                        log_file="",
+                        timestamp=datetime.now(_tz.utc).isoformat(),
+                        level="ERROR",
+                        thread="health_checker",
+                        logger_name="health_checker",
+                        message=f"App startup failure detected: {hr['message']}",
+                        stack_trace=[hr["startup_failure_line"]] if hr["startup_failure_line"] else [],
                     )
                     synth.fingerprint = fp
                     await _handle_error(synth, cfg_loader, store)