@misterhuydo/sentinel 1.4.68 → 1.4.70

package/python/scripts/fix_merge_confirm.py

@@ -0,0 +1,295 @@
+#!/usr/bin/env python3
+"""
+Add confirmed=false/true confirmation step to merge_pr.
+On confirmed=false (default): fetch PR details, show plan, ask for confirmation.
+On confirmed=true: execute the merge.
+"""
+import ast, sys
+
+BOSS = '/home/sentinel/sentinel/code/sentinel/sentinel_boss.py'
+
+with open(BOSS, 'r', encoding='utf-8') as f:
+    boss = f.read()
+
+# ── 1. Update tool definition — add confirmed param ──────────────────────────
+
+OLD_DEF = '''        "name": "merge_pr",
+        "description": (
+            "ADMIN ONLY. Merge an open Sentinel PR into the main branch. "
+            "Use when AUTO_PUBLISH=false and you are satisfied with the fix after review. "
+            "Handles rebase conflicts automatically if possible. "
+            "e.g. 'merge the fix for Whydah-TypeLib', 'sync fix abc123 to main', "
+            "'merge the open PR for elprint-sales-core-service'"
+        ),
+        "input_schema": {
+            "type": "object",
+            "properties": {
+                "repo_name": {
+                    "type": "string",
+                    "description": "Repository name (must match a repo in config/repos/)",
+                },
+                "fingerprint": {
+                    "type": "string",
+                    "description": "Optional 8-char fingerprint to target a specific fix PR. "
+                                   "If omitted, merges the most recent open PR for the repo.",
+                },
+                "pr_number": {
+                    "type": "integer",
+                    "description": "Merge a specific PR by number (e.g. a Renovate PR). "
+                                   "When set, repo_name is still required but fingerprint is ignored.",
+                },
+            },
+            "required": ["repo_name"],
+        },
+    },'''
+
+NEW_DEF = '''        "name": "merge_pr",
+        "description": (
+            "ADMIN ONLY. Merge a PR into the main branch. "
+            "ALWAYS call with confirmed=false first to show PR details for admin review — "
+            "never merge without showing the plan first. "
+            "Use for Sentinel fix PRs (AUTO_PUBLISH=false) or Renovate/external PRs by number. "
+            "confirmed=false fetches and shows PR details; confirmed=true executes the merge. "
+            "e.g. 'merge the fix for Whydah-TypeLib', 'merge TypeLib PR #247'"
+        ),
+        "input_schema": {
+            "type": "object",
+            "properties": {
+                "repo_name": {
+                    "type": "string",
+                    "description": "Repository name (must match a repo in config/repos/)",
+                },
+                "fingerprint": {
+                    "type": "string",
+                    "description": "Optional 8-char fingerprint to target a specific Sentinel fix PR.",
+                },
+                "pr_number": {
+                    "type": "integer",
+                    "description": "Merge a specific PR by number (e.g. a Renovate PR). "
+                                   "When set, repo_name is still required but fingerprint is ignored.",
+                },
+                "confirmed": {
+                    "type": "boolean",
+                    "description": (
+                        "false (default) = fetch PR details and show plan for review, do NOT merge yet. "
+                        "true = execute the merge after admin has seen and approved the plan."
+                    ),
+                },
+            },
+            "required": ["repo_name"],
+        },
+    },'''
+
+if OLD_DEF not in boss:
+    print("ERROR: merge_pr tool definition not found")
+    sys.exit(1)
+boss = boss.replace(OLD_DEF, NEW_DEF, 1)
+
+# ── 2. Update handler — add plan phase before both paths ─────────────────────
+
+OLD_HANDLER_START = '''        if name == "merge_pr":
+            import re as _re
+            import requests as _req
+            repo_name    = inputs.get("repo_name", "").strip()
+            fingerprint  = inputs.get("fingerprint", "").strip()
+            pr_number_in = inputs.get("pr_number")   # explicit PR number (e.g. Renovate PR)
+            github_token = cfg_loader.sentinel.github_token
+            if not github_token:
+                return json.dumps({"error": "GITHUB_TOKEN not configured"})
+
+            headers = {
+                "Authorization": f"Bearer {github_token}",
+                "Accept": "application/vnd.github+json",
+            }
+
+            # Fuzzy-match repo name against known configs
+            if repo_name not in cfg_loader.repos:
+                for rname in cfg_loader.repos:
+                    if repo_name.lower() in rname.lower():
+                        repo_name = rname
+                        break
+
+            # ── Path A: explicit pr_number — merge directly via GitHub API ────
+            if pr_number_in:'''
+
+NEW_HANDLER_START = '''        if name == "merge_pr":
+            import re as _re
+            import requests as _req
+            repo_name    = inputs.get("repo_name", "").strip()
+            fingerprint  = inputs.get("fingerprint", "").strip()
+            pr_number_in = inputs.get("pr_number")   # explicit PR number (e.g. Renovate PR)
+            confirmed    = bool(inputs.get("confirmed", False))
+            github_token = cfg_loader.sentinel.github_token
+            if not github_token:
+                return json.dumps({"error": "GITHUB_TOKEN not configured"})
+
+            headers = {
+                "Authorization": f"Bearer {github_token}",
+                "Accept": "application/vnd.github+json",
+            }
+
+            # Fuzzy-match repo name against known configs
+            if repo_name not in cfg_loader.repos:
+                for rname in cfg_loader.repos:
+                    if repo_name.lower() in rname.lower():
+                        repo_name = rname
+                        break
+
+            # ── Path A: explicit pr_number — fetch details, then merge ────────
+            if pr_number_in:'''
+
+if OLD_HANDLER_START not in boss:
+    print("ERROR: merge_pr handler start not found")
+    sys.exit(1)
+boss = boss.replace(OLD_HANDLER_START, NEW_HANDLER_START, 1)
+
+# ── 3. After fetching PR details in Path A, add plan phase before merge ───────
+
+OLD_PATH_A_MERGE = '''                pr_data = pr_resp.json()
+                if pr_data.get("state") != "open":
+                    return json.dumps({"error": f"PR #{pr_number_in} is already {pr_data.get('state')} — nothing to merge"})
+                pr_url  = pr_data.get("html_url", "")
+                branch  = pr_data.get("head", {}).get("ref", "")
+                pr_title = pr_data.get("title", "")
+
+                merge_resp = _req.put('''
+
+NEW_PATH_A_MERGE = '''                pr_data = pr_resp.json()
+                if pr_data.get("state") != "open":
+                    return json.dumps({"error": f"PR #{pr_number_in} is already {pr_data.get('state')} — nothing to merge"})
+                pr_url   = pr_data.get("html_url", "")
+                branch   = pr_data.get("head", {}).get("ref", "")
+                pr_title = pr_data.get("title", "")
+                pr_author = pr_data.get("user", {}).get("login", "unknown")
+                pr_body   = (pr_data.get("body") or "")[:300]
+                files_changed = pr_data.get("changed_files", "?")
+                additions     = pr_data.get("additions", "?")
+                deletions     = pr_data.get("deletions", "?")
+                mergeable     = pr_data.get("mergeable")
+
+                # ── Plan phase — always show before merging ───────────────────
+                if not confirmed:
+                    return json.dumps({
+                        "plan": f"Merge PR #{pr_number_in} into {repo_name}",
+                        "pr_number":     pr_number_in,
+                        "pr_url":        pr_url,
+                        "title":         pr_title,
+                        "author":        pr_author,
+                        "branch":        branch,
+                        "files_changed": files_changed,
+                        "additions":     additions,
+                        "deletions":     deletions,
+                        "mergeable":     mergeable,
+                        "description":   pr_body or "(no description)",
+                        "confirm_prompt": (
+                            f"This will squash-merge PR #{pr_number_in} (\\"{pr_title}\\") "
+                            f"from {pr_author} into {repo_name}. Reply with confirmed=true to proceed."
+                        ),
+                    })
+
+                merge_resp = _req.put('''
+
+if OLD_PATH_A_MERGE not in boss:
+    print("ERROR: Path A merge block not found")
+    sys.exit(1)
+boss = boss.replace(OLD_PATH_A_MERGE, NEW_PATH_A_MERGE, 1)
+
+# ── 4. Add plan phase for Path B (state_store PRs) ────────────────────────────
+
+OLD_PATH_B = '''            # ── Path B: state_store lookup (Sentinel-managed PRs) ─────────────
+            open_prs = store.get_open_prs()
+            candidates = [p for p in open_prs if p.get("repo_name") == repo_name]
+            if fingerprint:
+                candidates = [p for p in candidates if p.get("fingerprint", "").startswith(fingerprint)]
+            if not candidates:
+                return json.dumps({"error": f"No open Sentinel PR found for repo \'{repo_name}\'"
+                                            + (f" with fingerprint \'{fingerprint}\'" if fingerprint else "")})
+            fix = candidates[0]  # most recent
+            pr_url = fix.get("pr_url", "")
+            branch = fix.get("branch", "")
+            fp     = fix.get("fingerprint", "")
+
+            # Parse owner/repo and PR number from pr_url
+            m = _re.search(r"github\\.com/([^/]+/[^/]+)/pull/(\\d+)", pr_url)
+            if not m:
+                return json.dumps({"error": f"Cannot parse PR URL: {pr_url}"})
+            owner_repo = m.group(1)
+            pr_number  = m.group(2)'''
+
+NEW_PATH_B = '''            # ── Path B: state_store lookup (Sentinel-managed PRs) ─────────────
+            open_prs = store.get_open_prs()
+            candidates = [p for p in open_prs if p.get("repo_name") == repo_name]
+            if fingerprint:
+                candidates = [p for p in candidates if p.get("fingerprint", "").startswith(fingerprint)]
+            if not candidates:
+                return json.dumps({"error": f"No open Sentinel PR found for repo \'{repo_name}\'"
+                                            + (f" with fingerprint \'{fingerprint}\'" if fingerprint else "")})
+            fix = candidates[0]  # most recent
+            pr_url = fix.get("pr_url", "")
+            branch = fix.get("branch", "")
+            fp     = fix.get("fingerprint", "")
+
+            # Parse owner/repo and PR number from pr_url
+            m = _re.search(r"github\\.com/([^/]+/[^/]+)/pull/(\\d+)", pr_url)
+            if not m:
+                return json.dumps({"error": f"Cannot parse PR URL: {pr_url}"})
+            owner_repo = m.group(1)
+            pr_number  = m.group(2)
+
+            # Fetch live PR details for the plan
+            pr_resp2 = _req.get(
+                f"https://api.github.com/repos/{owner_repo}/pulls/{pr_number}",
+                headers=headers, timeout=15,
+            )
+            pr_detail = pr_resp2.json() if pr_resp2.status_code == 200 else {}
+            pr_title2    = pr_detail.get("title", fix.get("fingerprint", ""))
+            pr_state2    = pr_detail.get("state", "unknown")
+            files_changed2 = pr_detail.get("changed_files", "?")
+            additions2     = pr_detail.get("additions", "?")
+            deletions2     = pr_detail.get("deletions", "?")
+            pr_body2       = (pr_detail.get("body") or "")[:300]
+
+            if pr_state2 != "open" and pr_state2 != "unknown":
+                return json.dumps({"error": f"PR #{pr_number} is already {pr_state2} — nothing to merge"})
+
+            # ── Plan phase — always show before merging ───────────────────────
+            if not confirmed:
+                return json.dumps({
+                    "plan":          f"Merge Sentinel fix PR #{pr_number} into {repo_name}",
+                    "pr_number":     pr_number,
+                    "pr_url":        pr_url,
+                    "title":         pr_title2,
+                    "fingerprint":   fp[:8],
+                    "branch":        branch,
+                    "files_changed": files_changed2,
+                    "additions":     additions2,
+                    "deletions":     deletions2,
+                    "description":   pr_body2 or "(no description)",
+                    "confirm_prompt": (
+                        f"This will squash-merge Sentinel fix PR #{pr_number} (\\"{pr_title2}\\") "
+                        f"into {repo_name}/{fix.get('branch', 'main')}. "
+                        f"Reply with confirmed=true to proceed."
+                    ),
+                })'''
+
+if OLD_PATH_B not in boss:
+    print("ERROR: Path B block not found")
+    sys.exit(1)
+boss = boss.replace(OLD_PATH_B, NEW_PATH_B, 1)
+
+with open(BOSS, 'w', encoding='utf-8') as f:
+    f.write(boss)
+print("Confirmation step added to merge_pr")
+
+# ── Syntax check ──────────────────────────────────────────────────────────────
+with open(BOSS, 'r', encoding='utf-8') as f:
+    src = f.read()
+try:
+    ast.parse(src)
+    print("Syntax OK")
+except SyntaxError as e:
+    lines = src.splitlines()
+    print(f"SyntaxError at line {e.lineno}: {e.msg}")
+    for i in range(max(0, e.lineno-5), min(len(lines), e.lineno+3)):
+        print(f"  {i+1}: {lines[i]}")
+    sys.exit(1)

package/python/scripts/fix_permission_messages.py

@@ -0,0 +1,78 @@
+#!/usr/bin/env python3
+"""
+Make admin permission denial messages more descriptive — tell the user
+exactly which operation they tried and how to get help.
+"""
+import ast, sys
+
+BOSS = '/home/sentinel/sentinel/code/sentinel/sentinel_boss.py'
+
+with open(BOSS, 'r', encoding='utf-8') as f:
+    boss = f.read()
+
+replacements = [
+    # list_prs
+    (
+        '        if name == "list_prs":\n            if not is_admin:\n                return json.dumps({"error": "Admin access required."})',
+        '        if name == "list_prs":\n            if not is_admin:\n                return json.dumps({"error": "list_prs is admin-only. Ask a Sentinel admin (SLACK_ADMIN_USERS) to run this for you."})',
+    ),
+    # drop_pr
+    (
+        '        if name == "drop_pr":\n            if not is_admin:\n                return json.dumps({"error": "Admin access required."})',
+        '        if name == "drop_pr":\n            if not is_admin:\n                return json.dumps({"error": "drop_pr is admin-only. Ask a Sentinel admin to drop this PR for you."})',
+    ),
+    # merge_pr confirmed=false check
+    (
+        '            if not is_admin:\n                return json.dumps({"error": "Admin access required."})\n\n            headers = {',
+        '            if not is_admin:\n                return json.dumps({"error": "merge_pr is admin-only. Ask a Sentinel admin to merge this PR."})\n\n            headers = {',
+    ),
+    # watch_bot
+    (
+        'return json.dumps({"error": "Admin access required to register bots for monitoring."})',
+        'return json.dumps({"error": "watch_bot is admin-only. Ask a Sentinel admin to register this bot."})',
+    ),
+    # unwatch_bot
+    (
+        'return json.dumps({"error": "Admin access required to remove bots from monitoring."})',
+        'return json.dumps({"error": "unwatch_bot is admin-only. Ask a Sentinel admin to remove this bot."})',
+    ),
+    # upgrade
+    (
+        'return json.dumps({"error": "Admin access required to upgrade Sentinel."})',
+        'return json.dumps({"error": "upgrade is admin-only. Ask a Sentinel admin to perform the upgrade."})',
+    ),
+    # restart_project
+    (
+        'return json.dumps({"error": "Admin access required to restart a project."})',
+        'return json.dumps({"error": "restart_project is admin-only. Ask a Sentinel admin to restart the project."})',
+    ),
+    # export_db (generic SLACK_ADMIN_USERS message)
+    (
+        'return json.dumps({"error": "Admin access required. You are not in SLACK_ADMIN_USERS."})',
+        'return json.dumps({"error": "This operation is admin-only (SLACK_ADMIN_USERS). Contact a Sentinel admin if you need access."})',
+    ),
+]
+
+changed = 0
+for old, new in replacements:
+    if old in boss:
+        boss = boss.replace(old, new, 1)
+        changed += 1
+    else:
+        print(f"WARNING: pattern not found — {old[:60]!r}")
+
+print(f"Applied {changed}/{len(replacements)} replacements")
+
+with open(BOSS, 'w', encoding='utf-8') as f:
+    f.write(boss)
+print("Written OK")
+
+try:
+    ast.parse(boss)
+    print("Syntax OK")
+except SyntaxError as e:
+    lines = boss.splitlines()
+    print(f"SyntaxError at line {e.lineno}: {e.msg}")
+    for i in range(max(0, e.lineno-3), min(len(lines), e.lineno+3)):
+        print(f"  {i+1}: {lines[i]}")
+    sys.exit(1)

package/python/scripts/fix_pr_check_head_detect.py

@@ -0,0 +1,84 @@
+#!/usr/bin/env python3
+"""Add HEAD-change detection to _pr_check_loop in main.py."""
+import ast, sys
+
+MAIN = '/home/sentinel/sentinel/code/sentinel/main.py'
+
+with open(MAIN, 'r', encoding='utf-8') as f:
+    src = f.read()
+
+OLD = '''                # Mark PRs in DB that are no longer open on GitHub
+                all_tracked = store.get_prs(repo_name=repo_name, state="open")
+                for tracked in all_tracked:
+                    if tracked["pr_number"] not in seen_nums:
+                        store.close_pr(repo_name, tracked["pr_number"], state="closed")
+                        logger.info("PR check: closed PR %s #%d (no longer open on GitHub)",
+                                    repo_name, tracked["pr_number"])
+
+            except Exception as _e:
+                logger.debug("PR check error for %s: %s", repo_name, _e)
+                continue'''
+
+NEW = '''                # Mark PRs in DB that are no longer open on GitHub
+                all_tracked = store.get_prs(repo_name=repo_name, state="open")
+                for tracked in all_tracked:
+                    if tracked["pr_number"] not in seen_nums:
+                        store.close_pr(repo_name, tracked["pr_number"], state="closed")
+                        logger.info("PR check: closed PR %s #%d (no longer open on GitHub)",
+                                    repo_name, tracked["pr_number"])
+
+                # Detect HEAD change on default branch -> invalidate knowledge cache
+                try:
+                    import subprocess as _sp2
+                    _lp = getattr(repo_cfg, "local_path", None)
+                    _branch = getattr(repo_cfg, "branch", "main") or "main"
+                    if _lp:
+                        _fetch = _sp2.run(
+                            ["git", "fetch", "--quiet", "origin"],
+                            cwd=str(_lp), capture_output=True, timeout=30,
+                        )
+                        if _fetch.returncode == 0:
+                            _local = _sp2.run(
+                                ["git", "rev-parse", "--short", "HEAD"],
+                                cwd=str(_lp), capture_output=True, text=True, timeout=5,
+                            ).stdout.strip()
+                            _remote = _sp2.run(
+                                ["git", "rev-parse", "--short", f"origin/{_branch}"],
+                                cwd=str(_lp), capture_output=True, text=True, timeout=5,
+                            ).stdout.strip()
+                            if _local and _remote and _local != _remote:
+                                _deleted = store.invalidate_knowledge(repo_name)
+                                if _deleted:
+                                    logger.info(
+                                        "PR check: HEAD changed for %s (%s->%s), "
+                                        "invalidated %d cached knowledge entries",
+                                        repo_name, _local, _remote, _deleted,
+                                    )
+                except Exception as _ce:
+                    logger.debug("HEAD-change check failed for %s: %s", repo_name, _ce)
+
+            except Exception as _e:
+                logger.debug("PR check error for %s: %s", repo_name, _e)
+                continue'''
+
+if OLD not in src:
+    print("ERROR: close_pr block not found in main.py")
+    idx = src.find("no longer open on GitHub")
+    if idx >= 0:
+        print(repr(src[max(0,idx-100):idx+300]))
+    sys.exit(1)
+
+src = src.replace(OLD, NEW, 1)
+with open(MAIN, 'w', encoding='utf-8') as f:
+    f.write(src)
+print("Step 5 OK: HEAD-change detection added to _pr_check_loop")
+
+try:
+    ast.parse(src)
+    print("main.py Syntax OK")
+except SyntaxError as e:
+    lines = src.splitlines()
+    print(f"SyntaxError line {e.lineno}: {e.msg}")
+    for i in range(max(0, e.lineno-5), min(len(lines), e.lineno+3)):
+        print(f"  {i+1}: {lines[i]}")
+    sys.exit(1)

package/python/scripts/fix_pr_msg_newlines.py

@@ -0,0 +1,57 @@
+#!/usr/bin/env python3
+"""Fix broken f-string literal newlines in _pr_check_loop notification block."""
+import ast, sys
+
+MAIN = '/home/sentinel/sentinel/code/sentinel/main.py'
+with open(MAIN, 'r', encoding='utf-8') as f:
+    src = f.read()
+
+# The broken block — literal newlines inside f-strings
+# We find it by unique surrounding context
+if 'f":bell: *New PR*' not in src:
+    print("ERROR: broken block not found")
+    sys.exit(1)
+
+# Find start and end of the broken msg = (...) block
+start_marker = '                msg = (\n                    f":bell: *New PR*'
+end_marker   = '                    f"or `drop PR #{pr[\'pr_number\']} in {pr[\'repo_name\']}`_"\n                )'
+
+start_idx = src.find(start_marker)
+end_idx   = src.find(end_marker)
+if start_idx == -1 or end_idx == -1:
+    print(f"ERROR: markers not found (start={start_idx}, end={end_idx})")
+    # Show context around the bell
+    idx = src.find('"bell:')
+    print(repr(src[max(0,idx-200):idx+400]))
+    sys.exit(1)
+
+end_idx += len(end_marker)
+old_block = src[start_idx:end_idx]
+
+new_block = (
+    '                _pr_parts = [\n'
+    '                    f":bell: *New PR* \u2014 `{pr[\'repo_name\']}` #{pr[\'pr_number\']} [{source_tag}]",\n'
+    '                    f"*{pr[\'title\']}*",\n'
+    '                    f"By `{pr[\'author\']}` on branch `{pr[\'head_branch\']}` | {pr[\'pr_url\']}",\n'
+    '                    ("_Reply:_ `list prs` to review, then"\n'
+    '                     f" `merge PR #{pr[\'pr_number\']} in {pr[\'repo_name\']}` or"\n'
+    '                     f" `drop PR #{pr[\'pr_number\']} in {pr[\'repo_name\']}`"),\n'
+    '                ]\n'
+    '                msg = "\\n".join(_pr_parts)'
+)
+
+src = src[:start_idx] + new_block + src[end_idx:]
+
+with open(MAIN, 'w', encoding='utf-8') as f:
+    f.write(src)
+print("Fixed: notification message block rewritten")
+
+try:
+    ast.parse(src)
+    print("Syntax OK")
+except SyntaxError as e:
+    lines = src.splitlines()
+    print(f"SyntaxError at line {e.lineno}: {e.msg}")
+    for i in range(max(0, e.lineno-5), min(len(lines), e.lineno+3)):
+        print(f"  {i+1}: {lines[i]}")
+    sys.exit(1)