@misterhuydo/sentinel 1.4.68 → 1.4.70

package/.cairn/.hint-lock

@@ -1 +1 @@
-2026-03-25T16:26:53.611Z
+2026-03-26T18:21:14.192Z

package/.cairn/session.json

@@ -1,6 +1,6 @@
 {
-  "message": "Auto-checkpoint at 2026-03-25T16:15:37.097Z",
-  "checkpoint_at": "2026-03-25T16:15:37.098Z",
+  "message": "Auto-checkpoint at 2026-03-26T18:22:50.768Z",
+  "checkpoint_at": "2026-03-26T18:22:50.770Z",
   "active_files": [],
   "notes": [],
   "mtime_snapshot": {}

package/lib/.cairn/minify-map.json

@@ -1,8 +1,8 @@
 {
-  "J:\\Projects\\Sentinel\\cli\\lib\\add.js": {
-    "tempPath": "J:\\Projects\\Sentinel\\cli\\lib\\.cairn\\views\\fc4a1a_add.js",
+  "J:\\Projects\\Sentinel\\cli\\lib\\upgrade.js": {
+    "tempPath": "J:\\Projects\\Sentinel\\cli\\lib\\.cairn\\views\\fb78ac_upgrade.js",
     "state": "edit-ready",
-    "minifiedAt": 1774403831187.837,
+    "minifiedAt": 1774409075884.3267,
     "readCount": 1
   }
 }

package/lib/.cairn/views/fb78ac_upgrade.js

@@ -91,6 +91,21 @@ module.exports = async function upgrade() {
     if (shFiles.length) spawnSync('chmod', ['+x', ...shFiles], { stdio: 'inherit' });
   }
   ok('Python source updated');
+  info('Updating Python packages...');
+  const venv = path.join(codeDir, '.venv');
+  const pip  = fs.existsSync(path.join(venv, 'bin', 'pip'))         ? path.join(venv, 'bin', 'pip')
+             : fs.existsSync(path.join(venv, 'Scripts', 'pip.exe')) ? path.join(venv, 'Scripts', 'pip.exe')
+             : null;
+  if (pip) {
+    const pipResult = spawnSync(pip, ['install', '--upgrade', '-r', path.join(codeDir, 'requirements.txt')], { stdio: 'inherit' });
+    if (pipResult.status !== 0) {
+      warn('pip install failed — some Python packages may be missing');
+    } else {
+      ok('Python packages up to date');
+    }
+  } else {
+    warn('venv not found — skipping pip install (run: sentinel init)');
+  }
   info('Patching Claude Code permissions…');
   ensureClaudePermissions();
   const { version: latest } = require(path.join(pkgDir, 'package.json'));
@@ -98,7 +113,7 @@ module.exports = async function upgrade() {
   info('Regenerating scripts...');
   const { generateProjectScripts, generateWorkspaceScripts } = require('./generate');
   generateWorkspaceScripts(defaultWorkspace);
-  const pythonBin = fs.existsSync('/usr/bin/python3') ? '/usr/bin/python3' : 'python3';
+  const pythonBin = path.join(venv, 'bin', 'python3');
   const NON_PROJECT_DIRS = new Set(['logs', 'code', 'repos', 'workspace', 'issues']);
   let regenerated = 0;
   try {

package/lib/add.js

@@ -277,35 +277,49 @@ async function addFromGit(gitUrl, workspace) {
     validate: v => VALID_NAME.test(v) || 'Use letters, numbers, hyphens only',
   }], { onCancel: () => process.exit(0) });
 
-  // ── 1. Generate deploy key for the primary (config) repo ───────────────────
+  // ── 1. Set up SSH access to the primary (config) repo ─────────────────────
   step(`[1/3] Setting up SSH access to ${repoSlug}`);
   ensureKnownHosts();
-  const { keyFile } = generateDeployKey(repoSlug);
-  printDeployKeyInstructions(orgRepo, keyFile);
 
-  await prompts({
-    type: 'text', name: '_', format: () => '',
-    message: chalk.bold(`Press Enter once you've added the deploy key to GitHub…`),
-  }, { onCancel: () => process.exit(0) });
+  // Check if the repo is already accessible via the existing SSH key/agent.
+  // This is the case when GIT_ACCESS=ssh_user_key is configured — no deploy key needed.
+  const existingAccess = validateAccess(gitUrl, null);
+  let keyFile = null;
 
-  // Validate primary repo
-  const primary = validateAccess(gitUrl, keyFile);
-  if (!primary.ok) {
-    console.error(chalk.red('  ✖ Cannot reach ' + gitUrl));
-    if (primary.stderr) console.error(chalk.red('    ' + primary.stderr));
-    console.error(chalk.yellow('  Check the deploy key has write access, then re-run.'));
-    process.exit(1);
+  if (existingAccess.ok) {
+    ok(`${repoSlug}: reachable via existing SSH key — skipping deploy key generation`);
+  } else {
+    const { keyFile: generatedKey } = generateDeployKey(repoSlug);
+    keyFile = generatedKey;
+    printDeployKeyInstructions(orgRepo, keyFile);
+
+    await prompts({
+      type: 'text', name: '_', format: () => '',
+      message: chalk.bold(`Press Enter once you've added the deploy key to GitHub…`),
+    }, { onCancel: () => process.exit(0) });
+
+    // Validate primary repo with deploy key
+    const primary = validateAccess(gitUrl, keyFile);
+    if (!primary.ok) {
+      console.error(chalk.red('  ✖ Cannot reach ' + gitUrl));
+      if (primary.stderr) console.error(chalk.red('    ' + primary.stderr));
+      console.error(chalk.yellow('  Check the deploy key has write access, then re-run.'));
+      process.exit(1);
+    }
+    ok(`${repoSlug}: reachable`);
   }
-  ok(`${repoSlug}: reachable`);
 
   // ── 2. Clone primary repo and discover additional repos ────────────────────
   const projectDir = path.join(workspace, name);
   step(`[2/3] Scanning repo-configs in ${repoSlug}…`);
 
   if (!fs.existsSync(projectDir)) {
+    const cloneEnv = keyFile
+      ? gitEnv({ GIT_SSH_COMMAND: `ssh -i ${keyFile} -o StrictHostKeyChecking=no -o BatchMode=yes` })
+      : gitEnv({});
     spawnSync(gitBin(), ['clone', '--depth', '1', gitUrl, projectDir], {
       stdio: 'inherit',
-      env: gitEnv({ GIT_SSH_COMMAND: `ssh -i ${keyFile} -o StrictHostKeyChecking=no -o BatchMode=yes` }),
+      env: cloneEnv,
     });
   }
 

package/lib/generate.js

@@ -75,8 +75,13 @@ if [[ "$_claude_pro" != "false" ]]; then
 fi
 mkdir -p "$DIR/logs" "$WORKSPACE/logs" "$DIR/workspace/fetched" "$DIR/workspace/patches" "$DIR/issues"
 cd "$DIR"
-# Ensure npm-global bin (cairn-mcp, claude) and ~/.local/bin (auto-installed tools) are on PATH
+# Auto-detect JAVA_HOME (needed for Maven)
+for _jdk in "$HOME"/jdk-* "$HOME"/.jdk /usr/lib/jvm/java-21-openjdk /usr/lib/jvm/java-11-openjdk; do
+  if [[ -d "$_jdk" ]] && [[ -x "$_jdk/bin/java" ]]; then export JAVA_HOME="$_jdk"; break; fi
+done
+# Ensure npm-global bin (cairn-mcp, claude), ~/.local/bin (auto-installed tools), and JAVA_HOME on PATH
 export PATH="$HOME/.npm-global/bin:$HOME/.local/bin:$PATH"
+[[ -n "$JAVA_HOME" ]] && export PATH="$JAVA_HOME/bin:$PATH"
 PYTHONPATH="${codeDir}" "${codeDir}/.venv/bin/python3" -m sentinel.main --config ./config \\
   >> "$DIR/logs/sentinel.log" 2>&1 &
 echo $! > "$PID_FILE"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.4.68",
+  "version": "1.4.70",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/scripts/fix_ask_codebase_context.py

@@ -0,0 +1,249 @@
+#!/usr/bin/env python3
+"""
+Improve ask_codebase:
+1. Enrich prompt with project context (all repos Sentinel manages, their paths/URLs)
+2. Add optional 'mode' param: explore (default) | issues
+3. 'issues' mode: Claude outputs structured GitHub issue suggestions
+4. Tool description updated to mention project-level discussions and issue raising
+"""
+import ast, sys
+
+BOSS = '/home/sentinel/sentinel/code/sentinel/sentinel_boss.py'
+
+with open(BOSS, 'r', encoding='utf-8') as f:
+    boss = f.read()
+
+# ── 1. Update tool definition ─────────────────────────────────────────────────
+
+OLD_DEF = '''        "name": "ask_codebase",
+        "description": (
+            "Ask any natural-language question about a managed codebase. "
+            "Accepts a repo name (e.g. 'STS', 'elprint-sales') OR a project name (e.g. '1881', 'elprint') "
+            "— if a project name is given and it has multiple repos, all are queried. "
+            "Claude Code answers using its full codebase knowledge — no need to specify how. "
+            "Use for: 'what does 1881 do?', 'TODOs in 1881', 'find PIN validation in STS', "
+            "'security issues in elprint-sales?', 'summarize the cairn repo'."
+        ),
+        "input_schema": {
+            "type": "object",
+            "properties": {
+                "repo": {
+                    "type": "string",
+                    "description": "Repo name (e.g. 'STS', 'elprint-sales') OR project name (e.g. '1881', 'elprint') — project name queries all its repos",
+                },
+                "question": {
+                    "type": "string",
+                    "description": "Natural language question about the codebase",
+                },
+            },
+            "required": ["repo", "question"],
+        },
+    },'''
+
+NEW_DEF = '''        "name": "ask_codebase",
+        "description": (
+            "Ask any natural-language question about a managed codebase — or discuss architecture, "
+            "extensions, and new features. Claude Code explores the repo(s) with full file access. "
+            "Accepts a repo name (e.g. 'STS', 'TypeLib') OR project name (e.g. '1881', 'Whydah') — "
+            "project name queries all its repos. "
+            "Use for: 'what does 1881 do?', 'describe the project structure', "
+            "'what should we implement next in STS?', 'find security issues in elprint-sales', "
+            "'what features could we add to TypeLib?', 'summarise the cairn architecture'. "
+            "Use mode=issues to make Claude output structured GitHub issue suggestions "
+            "(e.g. 'raise issues for improvements in STS', 'what bugs should we track in 1881?')."
+        ),
+        "input_schema": {
+            "type": "object",
+            "properties": {
+                "repo": {
+                    "type": "string",
+                    "description": "Repo name (e.g. 'STS', 'TypeLib') OR project name (e.g. '1881', 'Whydah')",
+                },
+                "question": {
+                    "type": "string",
+                    "description": "Natural language question, task, or discussion prompt about the codebase",
+                },
+                "mode": {
+                    "type": "string",
+                    "enum": ["explore", "issues"],
+                    "description": (
+                        "explore (default): answer freely, describe structure, discuss architecture. "
+                        "issues: Claude outputs structured GitHub issue suggestions "
+                        "(title + description + labels) that can be raised on GitHub."
+                    ),
+                },
+            },
+            "required": ["repo", "question"],
+        },
+    },'''
+
+if OLD_DEF not in boss:
+    print("ERROR: ask_codebase tool definition not found")
+    sys.exit(1)
+boss = boss.replace(OLD_DEF, NEW_DEF, 1)
+print("Step 1 OK: tool definition updated")
+
+# ── 2. Update handler — richer prompt + mode support ─────────────────────────
+
+OLD_HANDLER = '''        cfg = cfg_loader.sentinel
+        env = os.environ.copy()
+        # Only inject API key when Claude Pro is NOT preferred for heavy tasks
+        if cfg.anthropic_api_key and not cfg.claude_pro_for_tasks:
+            env["ANTHROPIC_API_KEY"] = cfg.anthropic_api_key
+
+        def _ask_one(repo_name, repo_cfg) -> dict:
+            local_path = Path(repo_cfg.local_path)
+            if not local_path.exists():
+                return {"repo": repo_name, "error": f"not cloned yet at {local_path}"}
+            prompt = (
+                f"You are a code analyst. Answer the following question about the codebase at: {local_path}\\n\\n"
+                f"Question: {question}\\n\\n"
+                f"Use whatever tools you need to answer accurately. Be concise and direct. Plain text only."
+            )
+            try:
+                r = subprocess.run(
+                    ([cfg.claude_code_bin, "--dangerously-skip-permissions", "--print", prompt]
+                    if os.getuid() != 0 else
+                    [cfg.claude_code_bin, "--print", prompt]),
+                    capture_output=True, text=True, timeout=180, env=env,
+                    cwd=str(local_path), stdin=subprocess.DEVNULL,
+                )
+                output = (r.stdout or "").strip()
+                logger.info("Boss ask_codebase %s rc=%d len=%d", repo_name, r.returncode, len(output))
+                if r.returncode != 0 and not output:
+                    raw_err = (r.stderr or "")
+                    alert_if_rate_limited(
+                        cfg.slack_bot_token, cfg.slack_channel,
+                        f"ask_codebase/{repo_name}", raw_err,
+                    )
+                    return {"repo": repo_name, "error": f"claude --print failed (rc={r.returncode}): {raw_err[:200]}"}
+                return {"repo": repo_name, "answer": output[:3000]}
+            except subprocess.TimeoutExpired:
+                return {"repo": repo_name, "error": "timed out after 180s"}
+            except Exception as e:
+                return {"repo": repo_name, "error": str(e)}
+
+        if len(matched) == 1:
+            result = _ask_one(*matched[0])
+            # Unwrap single-repo result for cleaner response
+            return json.dumps(result)
+
+        # Multiple repos — query each and combine
+        results = [_ask_one(rn, r) for rn, r in matched]
+        return json.dumps({"project": target, "repos_queried": len(results), "results": results})'''
+
+NEW_HANDLER = '''        mode = inputs.get("mode", "explore")
+
+        cfg = cfg_loader.sentinel
+        env = os.environ.copy()
+        # Only inject API key when Claude Pro is NOT preferred for heavy tasks
+        if cfg.anthropic_api_key and not cfg.claude_pro_for_tasks:
+            env["ANTHROPIC_API_KEY"] = cfg.anthropic_api_key
+
+        # Build project context block (all repos this Sentinel instance manages)
+        _project_name = _read_project_name(Path("."))
+        _all_repos_lines = []
+        for _rn, _rc in cfg_loader.repos.items():
+            _url = getattr(_rc, "repo_url", "") or ""
+            _path = getattr(_rc, "local_path", "") or ""
+            _prefixes = getattr(_rc, "package_prefixes", "") or ""
+            _all_repos_lines.append(
+                f"  - {_rn}: path={_path}"
+                + (f", url={_url}" if _url else "")
+                + (f", packages={_prefixes}" if _prefixes else "")
+            )
+        _project_ctx = (
+            f"Project: {_project_name}\\n"
+            f"Repos managed by this Sentinel instance:\\n"
+            + "\\n".join(_all_repos_lines)
+        )
+
+        def _ask_one(repo_name, repo_cfg) -> dict:
+            local_path = Path(repo_cfg.local_path)
+            if not local_path.exists():
+                return {"repo": repo_name, "error": f"not cloned yet at {local_path}"}
+
+            if mode == "issues":
+                _mode_instruction = (
+                    "Output a structured list of GitHub issues to raise for this codebase.\\n"
+                    "For each issue include:\\n"
+                    "  TITLE: <concise issue title>\\n"
+                    "  LABELS: <bug|enhancement|tech-debt|security|performance>\\n"
+                    "  DESCRIPTION: <2-4 sentences: what, why, suggested approach>\\n"
+                    "---\\n"
+                    "Focus on: bugs, missing error handling, performance bottlenecks, "
+                    "security gaps, missing tests, tech-debt, and useful new features.\\n"
+                    "Output plain text only — no markdown headers."
+                )
+            else:
+                _mode_instruction = (
+                    "Explore the codebase freely — read files, search for patterns, examine structure.\\n"
+                    "Answer thoroughly. You may discuss architecture, suggest extensions, "
+                    "describe design patterns, or analyse any aspect of the code.\\n"
+                    "Plain text only. Be concise but complete."
+                )
+
+            prompt = (
+                f"{_project_ctx}\\n\\n"
+                f"You are now analysing: {repo_name} at {local_path}\\n\\n"
+                f"{_mode_instruction}\\n\\n"
+                f"Question / Task: {question}"
+            )
+            try:
+                r = subprocess.run(
+                    ([cfg.claude_code_bin, "--dangerously-skip-permissions", "--print", prompt]
+                    if os.getuid() != 0 else
+                    [cfg.claude_code_bin, "--print", prompt]),
+                    capture_output=True, text=True, timeout=300, env=env,
+                    cwd=str(local_path), stdin=subprocess.DEVNULL,
+                )
+                output = (r.stdout or "").strip()
+                logger.info("Boss ask_codebase %s mode=%s rc=%d len=%d", repo_name, mode, r.returncode, len(output))
+                if r.returncode != 0 and not output:
+                    raw_err = (r.stderr or "")
+                    alert_if_rate_limited(
+                        cfg.slack_bot_token, cfg.slack_channel,
+                        f"ask_codebase/{repo_name}", raw_err,
+                    )
+                    return {"repo": repo_name, "error": f"claude --print failed (rc={r.returncode}): {raw_err[:200]}"}
+                return {"repo": repo_name, "answer": output[:4000]}
+            except subprocess.TimeoutExpired:
+                return {"repo": repo_name, "error": "timed out after 300s"}
+            except Exception as e:
+                return {"repo": repo_name, "error": str(e)}
+
+        if len(matched) == 1:
+            result = _ask_one(*matched[0])
+            # Unwrap single-repo result for cleaner response
+            return json.dumps(result)
+
+        # Multiple repos — query each and combine
+        results = [_ask_one(rn, r) for rn, r in matched]
+        return json.dumps({"project": target, "repos_queried": len(results), "results": results})'''
+
+if OLD_HANDLER not in boss:
+    print("ERROR: ask_codebase handler not found")
+    # Show context to help debug
+    idx = boss.find("def _ask_one")
+    if idx >= 0:
+        print(repr(boss[idx-200:idx+100]))
+    sys.exit(1)
+boss = boss.replace(OLD_HANDLER, NEW_HANDLER, 1)
+print("Step 2 OK: handler updated with richer prompt + mode support")
+
+with open(BOSS, 'w', encoding='utf-8') as f:
+    f.write(boss)
+print("Written OK")
+
+# ── Syntax check ──────────────────────────────────────────────────────────────
+with open(BOSS, 'r', encoding='utf-8') as f:
+    src = f.read()
+try:
+    ast.parse(src)
+    print("Syntax OK")
+except SyntaxError as e:
+    lines = src.splitlines()
+    print(f"SyntaxError at line {e.lineno}: {e.msg}")
+    for i in range(max(0, e.lineno-5), min(len(lines), e.lineno+3)):
+        print(f"  {i+1}: {lines[i]}")
+    sys.exit(1)

package/python/scripts/fix_ask_codebase_stdin.py

@@ -0,0 +1,49 @@
+#!/usr/bin/env python3
+"""Fix ask_codebase: add stdin=DEVNULL so claude --print doesn't hang waiting for stdin."""
+import ast, sys
+
+BOSS = '/home/sentinel/sentinel/code/sentinel/sentinel_boss.py'
+
+with open(BOSS, 'r', encoding='utf-8') as f:
+    content = f.read()
+
+OLD = (
+    '                r = subprocess.run(\n'
+    '                    ([cfg.claude_code_bin, "--dangerously-skip-permissions", "--print", prompt]\n'
+    '                    if os.getuid() != 0 else\n'
+    '                    [cfg.claude_code_bin, "--print", prompt]),\n'
+    '                    capture_output=True, text=True, timeout=180, env=env,\n'
+    '                    cwd=str(local_path),\n'
+    '                )'
+)
+
+NEW = (
+    '                r = subprocess.run(\n'
+    '                    ([cfg.claude_code_bin, "--dangerously-skip-permissions", "--print", prompt]\n'
+    '                    if os.getuid() != 0 else\n'
+    '                    [cfg.claude_code_bin, "--print", prompt]),\n'
+    '                    capture_output=True, text=True, timeout=180, env=env,\n'
+    '                    cwd=str(local_path), stdin=subprocess.DEVNULL,\n'
+    '                )'
+)
+
+if OLD not in content:
+    print("ERROR: target block not found")
+    # Show context
+    idx = content.find('capture_output=True, text=True, timeout=180')
+    if idx >= 0:
+        print(repr(content[idx-200:idx+100]))
+    sys.exit(1)
+
+content = content.replace(OLD, NEW, 1)
+
+with open(BOSS, 'w', encoding='utf-8') as f:
+    f.write(content)
+print("Fixed: stdin=DEVNULL added to ask_codebase subprocess call")
+
+try:
+    ast.parse(content)
+    print("Syntax OK")
+except SyntaxError as e:
+    print(f"SyntaxError at line {e.lineno}: {e.msg}")
+    sys.exit(1)

package/python/scripts/fix_chain_slack.py

@@ -0,0 +1,67 @@
+#!/usr/bin/env python3
+"""Fix the broken slack_alert block in chain_release handler."""
+import ast, py_compile, tempfile, os, sys
+
+TARGET = '/home/sentinel/sentinel/code/sentinel/sentinel_boss.py'
+
+with open(TARGET, 'r', encoding='utf-8') as f:
+    lines = f.readlines()
+
+# Find the broken block: look for doubled slack_alert lines near "Chain release"
+# Strategy: find line with "all_ok = all(r.get" and replace everything up to
+# "logger.info("Boss chain_release"
+
+start_idx = None
+end_idx = None
+for i, line in enumerate(lines):
+    if 'all_ok = all(r.get("status") in ("released", "no_cicd")' in line:
+        start_idx = i
+    if start_idx and 'logger.info("Boss chain_release' in line:
+        end_idx = i
+        break
+
+if start_idx is None or end_idx is None:
+    print(f"Could not find block: start={start_idx}, end={end_idx}")
+    # Print context
+    for i, line in enumerate(lines):
+        if 'chain_release' in line or 'all_ok' in line:
+            print(f"{i+1}: {line}", end='')
+    sys.exit(1)
+
+print(f"Replacing lines {start_idx+1}..{end_idx} (inclusive of logger line)")
+
+# Build the replacement lines (8 spaces indent = inside if name == "chain_release" block)
+replacement = '''\
+        all_ok = all(r.get("status") in ("released", "no_cicd") for r in results)
+        final  = "completed" if all_ok else "partial" if results else "failed"
+        _icon  = ":white_check_mark:" if all_ok else ":warning:"
+        _steps = ", ".join(
+            "`" + r["repo"] + "` " + ("\u2713" if r.get("status") in ("released", "no_cicd") else "\u2717")
+            for r in results
+        )
+        slack_alert(
+            cfg.slack_bot_token, cfg.slack_channel,
+            f"{_icon}: *Chain release {final}* \u2014 {_steps}",
+        )
+'''
+
+# Replace lines start_idx..end_idx-1 (keep the logger line)
+new_lines = lines[:start_idx] + [replacement] + lines[end_idx:]
+
+with open(TARGET, 'w', encoding='utf-8') as f:
+    f.writelines(new_lines)
+
+print("Replacement done.")
+
+# Syntax check
+with open(TARGET, 'r') as f:
+    src = f.read()
+try:
+    ast.parse(src)
+    print("Syntax OK")
+except SyntaxError as e:
+    print(f"SyntaxError line {e.lineno}: {e.msg}")
+    ls = src.splitlines()
+    for i in range(max(0, e.lineno-5), min(len(ls), e.lineno+3)):
+        print(f"{i+1}: {ls[i]}")
+    sys.exit(1)

package/python/scripts/fix_fstring.py

@@ -0,0 +1,51 @@
+#!/usr/bin/env python3
+"""Fix Python 3.9 f-string backslash issue in chain_release handler."""
+
+TARGET = '/home/sentinel/sentinel/code/sentinel/sentinel_boss.py'
+
+with open(TARGET, 'r', encoding='utf-8') as f:
+    content = f.read()
+
+# Replace the problematic f-string block
+old = (
+    "            f\":{'white_check_mark' if all_ok else 'warning'}: *Chain release {final}* \\u2014 \"\n"
+    "            + \", \".join(\n"
+    "                f\"`{r['repo']}` {'\\u2713' if r.get('status') in ('released', 'no_cicd') else '\\u2717'}\"\n"
+    "                for r in results\n"
+    "            ),"
+)
+
+new = (
+    "            (\":white_check_mark:\" if all_ok else \":warning:\") + f\": *Chain release {final}* \\u2014 \"\n"
+    "            + \", \".join(\n"
+    "                \"`\" + r[\"repo\"] + \"` \" + (\"\\u2713\" if r.get(\"status\") in (\"released\", \"no_cicd\") else \"\\u2717\")\n"
+    "                for r in results\n"
+    "            ),"
+)
+
+if old not in content:
+    # Try finding it
+    idx = content.find("white_check_mark' if all_ok")
+    if idx >= 0:
+        print("Context around match point:")
+        print(repr(content[idx-10:idx+300]))
+    else:
+        print("Pattern not found at all")
+    import sys; sys.exit(1)
+
+content = content.replace(old, new, 1)
+
+with open(TARGET, 'w', encoding='utf-8') as f:
+    f.write(content)
+
+print("Fixed f-string.")
+
+import ast, py_compile, tempfile, os
+with tempfile.NamedTemporaryFile(suffix='.py', delete=False, mode='w') as tmp:
+    tmp.write(content)
+    tmp_name = tmp.name
+try:
+    py_compile.compile(tmp_name, doraise=True)
+    print("Syntax OK")
+finally:
+    os.unlink(tmp_name)