@misterhuydo/sentinel 1.4.51 → 1.4.53

package/.cairn/.hint-lock

@@ -1 +1 @@
-2026-03-25T11:19:33.099Z
+2026-03-25T11:51:07.142Z

package/.cairn/session.json

@@ -1,6 +1,6 @@
 {
-  "message": "Auto-checkpoint at 2026-03-25T11:34:55.696Z",
-  "checkpoint_at": "2026-03-25T11:34:55.697Z",
+  "message": "Auto-checkpoint at 2026-03-25T11:57:04.683Z",
+  "checkpoint_at": "2026-03-25T11:57:04.684Z",
   "active_files": [],
   "notes": [],
   "mtime_snapshot": {}

package/lib/.cairn/views/2a85cc_init.js

@@ -0,0 +1,372 @@
+'use strict';
+const fs = require('fs-extra');
+const path = require('path');
+const os = require('os');
+const { execSync, spawnSync } = require('child_process');
+const prompts = require('prompts');
+const chalk = require('chalk');
+const { generateProjectScripts, generateWorkspaceScripts, writeExampleProject } = require('./generate');
+const ok   = msg => console.log(chalk.green('  ✔'), msg);
+const info = msg => console.log(chalk.cyan('  →'), msg);
+const warn = msg => console.log(chalk.yellow('  ⚠'), msg);
+const step = msg => console.log('\n' + chalk.bold.white(msg));
+module.exports = async function init() {
+  const defaultWorkspace = path.join(os.homedir(), 'sentinel');
+  const existing = readExistingConfig(defaultWorkspace);
+  if (Object.keys(existing).length) {
+    console.log(chalk.cyan('\n  → Existing workspace config found — showing current values as defaults\n'));
+  }
+  const answers = await prompts([
+    {
+      type: 'text',
+      name: 'workspace',
+      message: 'Workspace directory (each project lives here as a subdirectory)',
+      initial: path.join(os.homedir(), 'sentinel'),
+      format: v => v.replace(/^~/, os.homedir()),
+    },
+    {
+      type: 'select',
+      name: 'authMode',
+      message: 'Claude authentication strategy',
+      hint: 'Boss = Slack AI; Fix Engine = autonomous code repair',
+      choices: [
+        {
+          title: 'Both  (RECOMMENDED) — API key for Boss, Claude Pro for Fix Engine',
+          value: 'both',
+        },
+        {
+          title: 'API key only  — full Boss tools; Fix Engine billed per token',
+          value: 'apikey',
+        },
+        {
+          title: 'Claude Pro / OAuth only  — run `claude login`; Boss has limited tools',
+          value: 'oauth',
+        },
+        { title: 'Skip  (configure manually in sentinel.properties)', value: 'skip' },
+      ],
+    },
+    {
+      type: prev => (prev === 'apikey' || prev === 'both') ? 'password' : null,
+      name: 'anthropicKey',
+      message: existing.ANTHROPIC_API_KEY
+        ? 'Anthropic API key  (press Enter to keep current)'
+        : 'Anthropic API key (sk-ant-...)',
+      validate: v => !v || v.startsWith('sk-ant-') ? true : 'Key should start with sk-ant-',
+    },
+    {
+      type: 'confirm',
+      name: 'example',
+      message: 'Create an example project to show how to configure?',
+      initial: true,
+    },
+    {
+      type: 'confirm',
+      name: 'systemd',
+      message: 'Set up systemd service for auto-start on reboot?',
+      initial: process.platform === 'linux',
+    },
+    {
+      type: 'text',
+      name: 'smtpUser',
+      message: 'SMTP sender address',
+      initial: existing.SMTP_USER || 'sentinel@yourdomain.com',
+    },
+    {
+      type: prev => prev ? 'password' : null,
+      name: 'smtpPassword',
+      message: existing.SMTP_PASSWORD ? 'SMTP password / app password  (press Enter to keep current)' : 'SMTP password / app password',
+    },
+    {
+      type: prev => prev ? 'text' : null,
+      name: 'smtpHost',
+      message: 'SMTP host',
+      initial: existing.SMTP_HOST || 'smtp.gmail.com',
+    },
+    {
+      type: 'confirm',
+      name: 'setupSlack',
+      message: 'Set up Slack Bot (Sentinel Boss — conversational AI interface)?',
+      initial: !!(existing.SLACK_BOT_TOKEN),
+    },
+    {
+      type: prev => prev ? 'password' : null,
+      name: 'slackBotToken',
+      message: existing.SLACK_BOT_TOKEN ? 'Slack Bot Token  (press Enter to keep current)' : 'Slack Bot Token  (xoxb-...)',
+      validate: v => !v || v.startsWith('xoxb-') ? true : 'Should start with xoxb-',
+    },
+    {
+      type: (_, { setupSlack }) => setupSlack ? 'password' : null,
+      name: 'slackAppToken',
+      message: existing.SLACK_APP_TOKEN ? 'Slack App-Level Token  (press Enter to keep current)' : 'Slack App-Level Token  (xapp-...)',
+      validate: v => !v || v.startsWith('xapp-') ? true : 'Should start with xapp-',
+    },
+  ], { onCancel: () => process.exit(0) });
+  const { workspace, authMode, anthropicKey, example, systemd, smtpUser, smtpPassword, smtpHost, setupSlack, slackBotToken, slackAppToken } = answers;
+  const effectiveAnthropicKey  = anthropicKey  || existing.ANTHROPIC_API_KEY || '';
+  const effectiveSmtpPassword  = smtpPassword  || existing.SMTP_PASSWORD     || '';
+  const effectiveSlackBotToken = slackBotToken || existing.SLACK_BOT_TOKEN   || '';
+  const effectiveSlackAppToken = slackAppToken || existing.SLACK_APP_TOKEN   || '';
+  const codeDir = path.join(workspace, 'code');
+  step('Checking npm permissions…');
+  ensureNpmUserPrefix();
+  step('Checking Python…');
+  const python = findPython();
+  if (!python) {
+    console.error(chalk.red('  ✖ python3 not found. Install it first:'));
+    console.error('      sudo apt-get install -y python3 python3-pip python3-venv');
+    process.exit(1);
+  }
+  ok(`Python: ${run(python, ['--version']).trim()}`);
+  step('Installing Sentinel code…');
+  const bundledPython = path.join(__dirname, '..', 'python');
+  if (!fs.existsSync(bundledPython)) {
+    console.error(chalk.red('  ✖ Bundled Python source not found (run npm publish from the Sentinel repo)'));
+    process.exit(1);
+  }
+  fs.ensureDirSync(codeDir);
+  fs.copySync(bundledPython, codeDir, { overwrite: true });
+  ok(`Sentinel code → ${codeDir}`);
+  step('Setting up Python environment…');
+  const venv = path.join(codeDir, '.venv');
+  if (!fs.existsSync(venv)) {
+    info('Creating virtual environment…');
+    runLive(python, ['-m', 'venv', venv]);
+  }
+  const pip = path.join(venv, 'bin', 'pip3');
+  const pythonBin = path.join(venv, 'bin', 'python3');
+  info('Installing Python packages…');
+  runLive(pip, ['install', '--quiet', '--upgrade', 'pip']);
+  runLive(pip, ['install', '--quiet', '-r', path.join(codeDir, 'requirements.txt')]);
+  ok('Python packages installed');
+  step('Installing Node tools…');
+  installNpmGlobal('@misterhuydo/cairn-mcp', 'cairn');
+  step('Hooking Cairn MCP into Claude Code…');
+  runLive('cairn', ['install']);
+  ok('cairn install complete');
+  installNpmGlobal('@anthropic-ai/claude-code', 'claude');
+  step('Patching Claude Code permissions…');
+  ensureClaudePermissions();
+  step('Claude Code authentication…');
+  if (authMode === 'both' && effectiveAnthropicKey) {
+    ok('API key → Sentinel Boss (full tools, structured responses)');
+    ok('Claude Pro → Fix Engine + Ask Codebase (heavy coding, Pro subscription)');
+    info('Run `claude login` on this server now (or before starting projects)');
+    info('CLAUDE_PRO_FOR_TASKS=true written to workspace sentinel.properties');
+  } else if (authMode === 'apikey' && effectiveAnthropicKey) {
+    ok('API key → all Claude usage (Boss + Fix Engine billed to your API quota)');
+    info('CLAUDE_PRO_FOR_TASKS=false written — Fix Engine will use API key');
+    warn('Heavy fix tasks will consume API tokens. Claude Pro is cheaper for those.');
+  } else if (authMode === 'oauth') {
+    ok('Claude Pro / OAuth → Fix Engine + Ask Codebase');
+    warn('Boss will use CLI fallback — some tools unavailable without an API key');
+    info('Run `claude login` on this server to authenticate');
+  } else {
+    warn('No auth configured — add ANTHROPIC_API_KEY or run `claude login` before starting');
+    info('See: workspace sentinel.properties for full auth documentation');
+  }
+  if (effectiveSlackBotToken && effectiveSlackAppToken) {
+    step('Slack Bot (Sentinel Boss)…');
+    ok('Tokens will be written to workspace sentinel.properties');
+    info('Sentinel Boss starts automatically when the project starts');
+  } else if (setupSlack) {
+    warn('Slack tokens not provided — add them to config/sentinel.properties later');
+  }
+  step('Creating workspace…');
+  fs.ensureDirSync(workspace);
+  ok(`Workspace: ${workspace}`);
+  if (example) {
+    step('Creating example project…');
+    const exampleDir = path.join(workspace, 'my-project');
+    writeExampleProject(exampleDir, codeDir, pythonBin, effectiveAnthropicKey, { botToken: effectiveSlackBotToken, appToken: effectiveSlackAppToken });
+    ok(`Example project: ${exampleDir}`);
+  }
+  step('Generating scripts…');
+  const authConfig = {};
+  if (effectiveAnthropicKey) authConfig.apiKey = effectiveAnthropicKey;
+  if (authMode === 'both' || authMode === 'oauth') authConfig.claudeProForTasks = true;
+  if (authMode === 'apikey') authConfig.claudeProForTasks = false;
+  generateWorkspaceScripts(workspace, { host: smtpHost, user: smtpUser, password: effectiveSmtpPassword }, { botToken: effectiveSlackBotToken, appToken: effectiveSlackAppToken }, authConfig);
+  ok(`${workspace}/startAll.sh`);
+  ok(`${workspace}/stopAll.sh`);
+  if (systemd) {
+    step('Setting up systemd…');
+    setupSystemd(workspace);
+  }
+  console.log('\n' + chalk.bold.green('══ Done! ══') + '\n');
+  console.log(`${chalk.bold('Next steps:')}`);
+  if (example) {
+    console.log(`
+  1. Configure your first project:
+     ${chalk.cyan(`${workspace}/my-project/config/sentinel.properties`)}
+     ${chalk.cyan(`${workspace}/my-project/config/log-configs/`)}
+     ${chalk.cyan(`${workspace}/my-project/config/repo-configs/`)}
+  2. Start all projects (Sentinel clones repos, indexes, and monitors automatically):
+     ${chalk.cyan(`${workspace}/startAll.sh`)}
+  3. Stop all projects:
+     ${chalk.cyan(`${workspace}/stopAll.sh`)}
+`);
+  }
+  if (systemd) {
+    console.log(`  Auto-start is enabled. To manage:
+     ${chalk.cyan('sudo systemctl start sentinel')}
+     ${chalk.cyan('sudo systemctl status sentinel')}
+     ${chalk.cyan('journalctl -u sentinel -f')}
+`);
+  }
+  console.log(`  Add another project anytime:
+     ${chalk.cyan('sentinel add <project-name>')}
+`);
+};
+function readExistingConfig(workspace) {
+  const result = {};
+  _parsePropsInto(path.join(workspace, 'sentinel.properties'), result);
+  if (!result.SLACK_BOT_TOKEN || !result.SLACK_APP_TOKEN) {
+    try {
+      for (const entry of fs.readdirSync(workspace)) {
+        const p = path.join(workspace, entry, 'config', 'sentinel.properties');
+        const proj = {};
+        _parsePropsInto(p, proj);
+        if (!result.SLACK_BOT_TOKEN && proj.SLACK_BOT_TOKEN) result.SLACK_BOT_TOKEN = proj.SLACK_BOT_TOKEN;
+        if (!result.SLACK_APP_TOKEN && proj.SLACK_APP_TOKEN) result.SLACK_APP_TOKEN = proj.SLACK_APP_TOKEN;
+        if (result.SLACK_BOT_TOKEN && result.SLACK_APP_TOKEN) break;
+      }
+    } catch (_) {}
+  }
+  return result;
+}
+function _parsePropsInto(propsPath, result) {
+  if (!fs.existsSync(propsPath)) return;
+  try {
+    const lines = fs.readFileSync(propsPath, 'utf8').split(/\r?\n/);
+    for (const raw of lines) {
+      const line = raw.trim();
+      if (!line || line.startsWith('#')) continue;
+      const idx = line.indexOf('=');
+      if (idx === -1) continue;
+      result[line.slice(0, idx).trim()] = line.slice(idx + 1).trim();
+    }
+  } catch (_) {}
+}
+function findPython() {
+  for (const bin of ['python3', 'python']) {
+    try {
+      execSync(`${bin} --version`, { stdio: 'pipe' });
+      return bin;
+    } catch (_) {}
+  }
+  return null;
+}
+function run(bin, args) {
+  const r = spawnSync(bin, args, { encoding: 'utf8' });
+  return (r.stdout || '') + (r.stderr || '');
+}
+function runLive(bin, args) {
+  const r = spawnSync(bin, args, { stdio: 'inherit' });
+  if (r.status !== 0) {
+    console.error(chalk.red(`  ✖ Command failed: ${bin} ${args.join(' ')}`));
+    process.exit(1);
+  }
+}
+function installNpmGlobal(pkg, checkBin) {
+  try {
+    execSync(`${checkBin} --version`, { stdio: 'pipe' });
+    ok(`${pkg} already installed`);
+  } catch (_) {
+    info(`Installing ${pkg}…`);
+    runLive('npm', ['install', '-g', pkg]);
+    ok(`${pkg} installed`);
+  }
+}
+function ensureClaudePermissions() {
+  const settingsPath = require('path').join(require('os').homedir(), '.claude', 'settings.json');
+  const required = ['Read(**)', 'Write(**)', 'Edit(**)', 'Bash(**)'];
+  let settings = {};
+  try {
+    if (fs.existsSync(settingsPath)) {
+      settings = JSON.parse(fs.readFileSync(settingsPath, 'utf8'));
+    }
+  } catch (e) {
+    warn('Could not read ' + settingsPath + ': ' + e.message);
+    return;
+  }
+  if (!settings.permissions) settings.permissions = {};
+  if (!Array.isArray(settings.permissions.allow)) settings.permissions.allow = [];
+  const existing = new Set(settings.permissions.allow);
+  const added = [];
+  for (const perm of required) {
+    if (!existing.has(perm)) {
+      settings.permissions.allow.push(perm);
+      added.push(perm);
+    }
+  }
+  if (added.length === 0) {
+    ok('Claude Code permissions already configured');
+    return;
+  }
+  try {
+    fs.ensureDirSync(require('path').dirname(settingsPath));
+    fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
+    ok('Claude Code permissions patched: ' + added.join(', '));
+  } catch (e) {
+    warn('Could not write ' + settingsPath + ': ' + e.message);
+  }
+}
+function ensureNpmUserPrefix() {
+  try {
+    const currentPrefix = execSync('npm config get prefix', { encoding: 'utf8' }).trim();
+    const homeDir = os.homedir();
+    if (currentPrefix.startsWith(homeDir)) {
+      ok(`npm prefix: ${currentPrefix} (user-owned, no sudo needed)`);
+      return;
+    }
+    try { fs.accessSync(currentPrefix, fs.constants.W_OK); ok('npm prefix writable'); return; }
+    catch (_) {}
+    const userPrefix = path.join(homeDir, '.npm-global');
+    fs.ensureDirSync(userPrefix);
+    execSync(`npm config set prefix "${userPrefix}"`, { encoding: 'utf8' });
+    ok(`npm prefix set to ${userPrefix} (no sudo needed for upgrades)`);
+    const exportLine = `export PATH="${userPrefix}/bin:$PATH"`;
+    for (const rc of ['.bashrc', '.profile', '.zshrc']) {
+      const rcPath = path.join(homeDir, rc);
+      if (!fs.existsSync(rcPath)) continue;
+      const content = fs.readFileSync(rcPath, 'utf8');
+      if (!content.includes(userPrefix)) {
+        fs.appendFileSync(rcPath, `\n# Added by sentinel init\n${exportLine}\n`);
+        ok(`PATH updated in ~/${rc}`);
+      }
+    }
+    warn(`Run: export PATH="${userPrefix}/bin:$PATH"  (or open a new shell)`);
+    warn(`Then reinstall: npm install -g @misterhuydo/sentinel`);
+  } catch (e) {
+    warn(`Could not check npm prefix: ${e.message}`);
+  }
+}
+function setupSystemd(workspace) {
+  const user = os.userInfo().username;
+  const svc = `/etc/systemd/system/sentinel.service`;
+  const content = `[Unit]
+Description=Sentinel — Autonomous DevOps Agent
+After=network-online.target
+Wants=network-online.target
+[Service]
+Type=forking
+User=${user}
+WorkingDirectory=${workspace}
+ExecStart=${workspace}/startAll.sh
+ExecStop=${workspace}/stopAll.sh
+Restart=on-failure
+RestartSec=10
+[Install]
+WantedBy=multi-user.target
+`;
+  try {
+    fs.writeFileSync('/tmp/sentinel.service', content);
+    execSync(`sudo mv /tmp/sentinel.service ${svc}`);
+    execSync('sudo systemctl daemon-reload');
+    execSync('sudo systemctl enable sentinel');
+    ok('sentinel.service enabled');
+  } catch (e) {
+    warn(`Could not write systemd service (need sudo): ${e.message}`);
+    warn(`Manually create ${svc} to auto-start on reboot`);
+  }
+}

package/lib/init.js

@@ -94,20 +94,30 @@ module.exports = async function init() {
       message: 'Set up Slack Bot (Sentinel Boss — conversational AI interface)?',
       initial: !!(existing.SLACK_BOT_TOKEN),
     },
+  ], { onCancel: () => process.exit(0) });
+
+  // ── Slack app creation helper (shown before token prompts) ───────────────────
+  if (answers.setupSlack && !existing.SLACK_BOT_TOKEN) {
+    printSlackSetupGuide();
+  }
+
+  const tokenAnswers = await prompts([
     {
-      type: prev => prev ? 'password' : null,
+      type: answers.setupSlack ? 'password' : null,
       name: 'slackBotToken',
       message: existing.SLACK_BOT_TOKEN ? 'Slack Bot Token  (press Enter to keep current)' : 'Slack Bot Token  (xoxb-...)',
       validate: v => !v || v.startsWith('xoxb-') ? true : 'Should start with xoxb-',
     },
     {
-      type: (_, { setupSlack }) => setupSlack ? 'password' : null,
+      type: answers.setupSlack ? 'password' : null,
       name: 'slackAppToken',
       message: existing.SLACK_APP_TOKEN ? 'Slack App-Level Token  (press Enter to keep current)' : 'Slack App-Level Token  (xapp-...)',
       validate: v => !v || v.startsWith('xapp-') ? true : 'Should start with xapp-',
     },
   ], { onCancel: () => process.exit(0) });
 
+  Object.assign(answers, tokenAnswers);
+
   const { workspace, authMode, anthropicKey, example, systemd, smtpUser, smtpPassword, smtpHost, setupSlack, slackBotToken, slackAppToken } = answers;
   const effectiveAnthropicKey  = anthropicKey  || existing.ANTHROPIC_API_KEY || '';
   const effectiveSmtpPassword  = smtpPassword  || existing.SMTP_PASSWORD     || '';
@@ -190,7 +200,8 @@ module.exports = async function init() {
     ok('Tokens will be written to workspace sentinel.properties');
     info('Sentinel Boss starts automatically when the project starts');
   } else if (setupSlack) {
-    warn('Slack tokens not provided — add them to config/sentinel.properties later');
+    warn('Slack tokens not provided — add them to sentinel.properties later');
+    info('Re-run  sentinel init  after creating the app to fill in the tokens');
   }
 
   // ── Workspace structure ─────────────────────────────────────────────────────
@@ -390,6 +401,97 @@ function ensureNpmUserPrefix() {
   }
 }
 
+function buildSlackManifest() {
+  return {
+    display_information: {
+      name: 'Sentinel',
+      description: 'Autonomous DevOps Agent — monitors logs, fixes bugs, manages deployments',
+      background_color: '#1a1a2e',
+    },
+    features: {
+      bot_user: {
+        display_name: 'Sentinel',
+        always_online: true,
+      },
+    },
+    oauth_config: {
+      scopes: {
+        bot: [
+          'app_mentions:read',    // receive @Sentinel mentions
+          'channels:history',     // read public channel messages
+          'channels:read',        // list channels
+          'chat:write',           // post messages
+          'chat:write.customize', // post with custom name/icon
+          'chat:write.public',    // post in channels without joining
+          'files:read',           // read files shared with the bot
+          'files:write',          // upload files (DB exports, reports)
+          'groups:history',       // read private channel messages
+          'groups:read',          // list private channels
+          'im:history',           // read DM messages
+          'im:read',              // list DMs
+          'im:write',             // open DM channels (for user notifications)
+          'mpim:history',         // read multi-person DMs
+          'mpim:read',            // list multi-person DMs
+          'reactions:write',      // add emoji reactions
+          'users:read',           // look up user info / timezone
+          'users:read.email',     // look up user by email
+          'usergroups:read',      // resolve @here / @channel for admin checks
+        ],
+      },
+    },
+    settings: {
+      event_subscriptions: {
+        bot_events: [
+          'app_mention',      // @Sentinel in any channel
+          'message.channels', // messages in public channels (thread replies)
+          'message.groups',   // messages in private channels (thread replies)
+          'message.im',       // direct messages to Sentinel
+          'message.mpim',     // multi-person DMs
+        ],
+      },
+      interactivity: { is_enabled: false },
+      org_deploy_enabled: false,
+      socket_mode_enabled: true,   // no public URL needed
+      token_rotation_enabled: false,
+    },
+  };
+}
+
+function printSlackSetupGuide() {
+  const manifest = buildSlackManifest();
+  const manifestJson = JSON.stringify(manifest);
+  const encoded = encodeURIComponent(manifestJson);
+  const createUrl = `https://api.slack.com/apps?new_app=1&manifest_json=${encoded}`;
+
+  step('Setting up Slack Bot (Sentinel Boss)…');
+  console.log(`
+  ${chalk.bold('One-click Slack app setup:')}
+
+  ${chalk.cyan(createUrl)}
+
+  ${chalk.bold('Steps after clicking the link:')}
+  ${chalk.white('1.')} Slack opens with all permissions pre-filled → click ${chalk.green('"Create App"')}
+  ${chalk.white('2.')} Click ${chalk.green('"Install to Workspace"')} → Allow
+  ${chalk.white('3.')} Copy ${chalk.yellow('Bot Token')}  (OAuth & Permissions → Bot User OAuth Token → xoxb-...)
+  ${chalk.white('4.')} Go to ${chalk.cyan('Settings → Basic Information → App-Level Tokens')}
+       → ${chalk.green('"Generate Token and Scopes"')}  name it anything, add scope: ${chalk.yellow('connections:write')}
+       → Copy ${chalk.yellow('App-Level Token')}  (xapp-...)
+  ${chalk.white('5.')} Paste both tokens below ↓
+`);
+
+  // Try to open in browser (Linux/Mac/WSL)
+  try {
+    const { execSync: _exec } = require('child_process');
+    const opener = process.platform === 'darwin' ? 'open'
+      : process.platform === 'win32' ? 'start'
+      : 'xdg-open';
+    _exec(`${opener} "${createUrl}"`, { stdio: 'ignore' });
+    console.log(chalk.green('  ✔') + ' Opened in your browser\n');
+  } catch (_) {
+    // Silently ignore if browser open fails
+  }
+}
+
 function setupSystemd(workspace) {
   const user = os.userInfo().username;
   const svc = `/etc/systemd/system/sentinel.service`;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.4.51",
+  "version": "1.4.53",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/sentinel/sentinel_boss.py

@@ -240,9 +240,16 @@ Don't pad responses. Don't say "Great question!" or "Certainly!".
 If you don't know something, use a tool to find out before saying you don't know.
 
 When to act vs. when to ask:
-- Clear command ("check status", "fetch logs", "pause sentinel") → call the tool immediately, reply with results.
-- Ambiguous or exploratory ("what does get_repo_status do?", "tell me about search_logs") → explain the tool naturally, then ask: "Want me to run it?"
-- Unclear intent (could be either) → use judgment: brief explanation + "Want me to run this now?"
+- Any read/investigate tool (ask_codebase, filter_logs, search_logs, get_status, tail_log, ask_logs,
+  get_fix_details, list_pending_prs, check_auth_status, list_projects, my_stats, get_repo_status,
+  list_recent_commits) → call immediately without asking permission. Never say "Want me to check?" —
+  just check and report results. If you think it's worth doing, do it.
+- Write/action tools (create_issue, trigger_poll, pull_repo, pause_sentinel, install_tool, merge_pr,
+  retry_issue, post_file) → act immediately for clear commands; confirm only when intent is ambiguous
+  (e.g. unclear which project or repo to target).
+- Explaining a tool ("what does X do?") → explain naturally, then offer to run it if relevant.
+- NEVER gate investigation on user approval. If diagnosing a problem, run all relevant read tools
+  first, then present findings. Asking "Want me to look?" wastes a round trip.
 - Prefer filter_logs over search_logs when synced logs are available — it's instant and never causes session timeout.
   Use search_logs only when the user explicitly wants live/real-time data or synced logs are not yet available.
 - If a tool call will take a moment (search, fetch, pull), prefix your reply with a brief "working" line ending in "..." before the results, e.g. "Searching SSOLWA for TryDig activity..." then the actual output.

package/python/sentinel/slack_bot.py

@@ -8,7 +8,7 @@ Setup (api.slack.com):
   1. Create a Slack App → Enable Socket Mode → copy App-Level Token (xapp-...)
   2. Add Bot Token Scopes: app_mentions:read, chat:write, im:history,
      channels:history, users:read, files:read
-  3. Enable Events: app_mention, message.im, message.channels
+  3. Enable Events: app_mention, message.im, message.channels, message.groups
   4. Install to workspace → copy Bot Token (xoxb-...)
   5. Add to sentinel.properties:
        SLACK_BOT_TOKEN=xoxb-...