@misterhuydo/sentinel 1.4.78 → 1.4.80

package/.cairn/.hint-lock

@@ -1 +1 @@
-2026-03-27T01:29:06.939Z
+2026-03-27T02:03:40.951Z

package/.cairn/session.json

@@ -1,6 +1,6 @@
 {
-  "message": "Auto-checkpoint at 2026-03-27T01:47:36.091Z",
-  "checkpoint_at": "2026-03-27T01:47:36.092Z",
+  "message": "Auto-checkpoint at 2026-03-27T02:01:01.379Z",
+  "checkpoint_at": "2026-03-27T02:01:01.380Z",
   "active_files": [],
   "notes": [],
   "mtime_snapshot": {}

package/lib/.cairn/minify-map.json

@@ -1,8 +1 @@
-{
-  "J:\\Projects\\Sentinel\\cli\\lib\\init.js": {
-    "tempPath": "J:\\Projects\\Sentinel\\cli\\lib\\.cairn\\views\\2a85cc_init.js",
-    "state": "edit-ready",
-    "minifiedAt": 1774439246927.6174,
-    "readCount": 1
-  }
-}
+{}

package/lib/add.js

@@ -6,6 +6,7 @@ const { execSync, spawnSync } = require('child_process');
 const prompts = require('prompts');
 const chalk = require('chalk');
 const { writeExampleProject, generateWorkspaceScripts, generateProjectScripts } = require('./generate');
+const { printSlackSetupGuide } = require('./slack-setup');
 const ok   = msg => console.log(chalk.green('  ✔'), msg);
 const info = msg => console.log(chalk.cyan('  →'), msg);
 const warn = msg => console.log(chalk.yellow('  ⚠'), msg);
@@ -539,6 +540,38 @@ async function addFromGit(gitUrl, workspace) {
     info('GITHUB_TOKEN will be written when project files are created');
   }
 
+  // ── Project-specific Slack (optional override) ─────────────────────────────
+  const workspaceSlackToken = fs.existsSync(workspaceProps)
+    ? (fs.readFileSync(workspaceProps, 'utf8').match(/^SLACK_BOT_TOKEN\s*=\s*(.+)$/m) || [])[1]?.trim()
+    : '';
+  const { ownSlack } = await prompts({
+    type: 'confirm', name: 'ownSlack',
+    message: workspaceSlackToken
+      ? 'Does this project use a different Slack workspace than the default?'
+      : 'Does this project use Slack (Sentinel Boss)?',
+    initial: false,
+  }, { onCancel: () => process.exit(0) });
+
+  let projectSlackBotToken = '';
+  let projectSlackAppToken = '';
+  if (ownSlack) {
+    printSlackSetupGuide(false, 'Setting up project Slack Bot…');
+    const slackAnswers = await prompts([
+      {
+        type: 'password', name: 'botToken',
+        message: 'Slack Bot Token  (xoxb-...)',
+        validate: v => !v || v.startsWith('xoxb-') ? true : 'Should start with xoxb-',
+      },
+      {
+        type: 'password', name: 'appToken',
+        message: 'Slack App-Level Token  (xapp-...)',
+        validate: v => !v || v.startsWith('xapp-') ? true : 'Should start with xapp-',
+      },
+    ], { onCancel: () => process.exit(0) });
+    projectSlackBotToken = slackAnswers.botToken || '';
+    projectSlackAppToken = slackAnswers.appToken || '';
+  }
+
   // ── Preview + confirm ──────────────────────────────────────────────────────
   step('Dry-run preview');
   info(`Will create: ${projectDir}/`);
@@ -568,9 +601,6 @@ async function addFromGit(gitUrl, workspace) {
   if (discovered.length > 0) {
     // Config already exists in the cloned repo — just generate scripts
     generateProjectScripts(projectDir, codeDir, pythonBin);
-    ok(`Project "${name}" ready at ${projectDir}`);
-    printNextSteps(projectDir, autoPublish);
-    await offerToStart(projectDir);
   } else {
     // No existing repo-configs — scaffold fresh project
     writeExampleProject(projectDir, codeDir, pythonBin);
@@ -584,10 +614,31 @@ async function addFromGit(gitUrl, workspace) {
     const example = path.join(repoDir, '_example.properties');
     if (fs.existsSync(example)) fs.removeSync(example);
     generateWorkspaceScripts(workspace, {}, {}, {}, effectiveToken);
-    ok(`Project "${name}" created at ${projectDir}`);
-    printNextSteps(projectDir, autoPublish);
-    await offerToStart(projectDir);
   }
+
+  // Write project-level Slack tokens if collected
+  if (projectSlackBotToken || projectSlackAppToken) {
+    const projProps = path.join(projectDir, 'config', 'sentinel.properties');
+    if (fs.existsSync(projProps)) {
+      let props = fs.readFileSync(projProps, 'utf8');
+      if (projectSlackBotToken) {
+        props = /^#?\s*SLACK_BOT_TOKEN\s*=/m.test(props)
+          ? props.replace(/^#?\s*SLACK_BOT_TOKEN\s*=.*/m, `SLACK_BOT_TOKEN=${projectSlackBotToken}`)
+          : props.trimEnd() + `\nSLACK_BOT_TOKEN=${projectSlackBotToken}\n`;
+      }
+      if (projectSlackAppToken) {
+        props = /^#?\s*SLACK_APP_TOKEN\s*=/m.test(props)
+          ? props.replace(/^#?\s*SLACK_APP_TOKEN\s*=.*/m, `SLACK_APP_TOKEN=${projectSlackAppToken}`)
+          : props.trimEnd() + `\nSLACK_APP_TOKEN=${projectSlackAppToken}\n`;
+      }
+      fs.writeFileSync(projProps, props);
+      ok('Project-level Slack tokens saved to config/sentinel.properties');
+    }
+  }
+
+  ok(`Project "${name}" ${discovered.length > 0 ? 'ready' : 'created'} at ${projectDir}`);
+  printNextSteps(projectDir, autoPublish);
+  await offerToStart(projectDir);
 }
 
 // ── addFromName ───────────────────────────────────────────────────────────────

package/lib/init.js

@@ -7,6 +7,7 @@ const { execSync, spawnSync } = require('child_process');
 const prompts = require('prompts');
 const chalk = require('chalk');
 const { generateProjectScripts, generateWorkspaceScripts, writeExampleProject } = require('./generate');
+const { buildSlackManifest, printSlackSetupGuide } = require('./slack-setup');
 
 const ok   = msg => console.log(chalk.green('  ✔'), msg);
 const info = msg => console.log(chalk.cyan('  →'), msg);
@@ -98,7 +99,7 @@ module.exports = async function init() {
 
   // ── Slack app creation helper (shown before token prompts) ───────────────────
   if (answers.setupSlack) {
-    printSlackSetupGuide();
+    printSlackSetupGuide(!!existing.SLACK_BOT_TOKEN);
   }
 
   const tokenAnswers = await prompts([
@@ -401,96 +402,6 @@ function ensureNpmUserPrefix() {
   }
 }
 
-function buildSlackManifest() {
-  return {
-    display_information: {
-      name: 'Sentinel',
-      description: 'Autonomous DevOps Agent — monitors logs, fixes bugs, manages deployments',
-      background_color: '#1a1a2e',
-    },
-    features: {
-      bot_user: {
-        display_name: 'Sentinel',
-        always_online: true,
-      },
-    },
-    oauth_config: {
-      scopes: {
-        bot: [
-          'app_mentions:read',    // receive @Sentinel mentions
-          'channels:history',     // read public channel messages
-          'channels:read',        // list channels
-          'chat:write',           // post messages
-          'chat:write.customize', // post with custom name/icon
-          'chat:write.public',    // post in channels without joining
-          'files:read',           // read files shared with the bot
-          'files:write',          // upload files (DB exports, reports)
-          'groups:history',       // read private channel messages
-          'groups:read',          // list private channels
-          'im:history',           // read DM messages
-          'im:read',              // list DMs
-          'im:write',             // open DM channels (for user notifications)
-          'mpim:history',         // read multi-person DMs
-          'mpim:read',            // list multi-person DMs
-          'reactions:write',      // add emoji reactions
-          'users:read',           // look up user info / timezone
-          'users:read.email',     // look up user by email
-          'usergroups:read',      // resolve @here / @channel for admin checks
-        ],
-      },
-    },
-    settings: {
-      event_subscriptions: {
-        bot_events: [
-          'app_mention',      // @Sentinel in any channel
-          'message.channels', // messages in public channels (thread replies)
-          'message.groups',   // messages in private channels (thread replies)
-          'message.im',       // direct messages to Sentinel
-          'message.mpim',     // multi-person DMs
-        ],
-      },
-      interactivity: { is_enabled: false },
-      org_deploy_enabled: false,
-      socket_mode_enabled: true,   // no public URL needed
-      token_rotation_enabled: false,
-    },
-  };
-}
-
-function printSlackSetupGuide() {
-  const manifest = buildSlackManifest();
-  const manifestJson = JSON.stringify(manifest);
-  const encoded = encodeURIComponent(manifestJson);
-  const createUrl = `https://api.slack.com/apps?new_app=1&manifest_json=${encoded}`;
-
-  step('Setting up Slack Bot (Sentinel Boss)…');
-  console.log(`
-  ${chalk.bold('One-click Slack app setup:')}
-
-  ${chalk.cyan(createUrl)}
-
-  ${chalk.bold('Steps after clicking the link:')}
-  ${chalk.white('1.')} Slack opens with all permissions pre-filled → click ${chalk.green('"Create App"')}
-  ${chalk.white('2.')} Click ${chalk.green('"Install to Workspace"')} → Allow
-  ${chalk.white('3.')} Copy ${chalk.yellow('Bot Token')}  (OAuth & Permissions → Bot User OAuth Token → xoxb-...)
-  ${chalk.white('4.')} Go to ${chalk.cyan('Settings → Basic Information → App-Level Tokens')}
-       → ${chalk.green('"Generate Token and Scopes"')}  name it anything, add scope: ${chalk.yellow('connections:write')}
-       → Copy ${chalk.yellow('App-Level Token')}  (xapp-...)
-  ${chalk.white('5.')} Paste both tokens below ↓
-`);
-
-  // Try to open in browser (Linux/Mac/WSL)
-  try {
-    const { execSync: _exec } = require('child_process');
-    const opener = process.platform === 'darwin' ? 'open'
-      : process.platform === 'win32' ? 'start'
-      : 'xdg-open';
-    _exec(`${opener} "${createUrl}"`, { stdio: 'ignore' });
-    console.log(chalk.green('  ✔') + ' Opened in your browser\n');
-  } catch (_) {
-    // Silently ignore if browser open fails
-  }
-}
 
 function setupSystemd(workspace) {
   const user = os.userInfo().username;

package/lib/slack-setup.js

@@ -0,0 +1,113 @@
+'use strict';
+
+const chalk = require('chalk');
+const step = msg => console.log('\n' + chalk.bold.white(msg));
+
+function buildSlackManifest() {
+  return {
+    display_information: {
+      name: 'Sentinel',
+      description: 'Autonomous DevOps Agent — monitors logs, fixes bugs, manages deployments',
+      background_color: '#1a1a2e',
+    },
+    features: {
+      bot_user: {
+        display_name: 'Sentinel',
+        always_online: true,
+      },
+    },
+    oauth_config: {
+      scopes: {
+        bot: [
+          'app_mentions:read',    // receive @Sentinel mentions
+          'channels:history',     // read public channel messages
+          'channels:read',        // list channels
+          'chat:write',           // post messages
+          'chat:write.customize', // post with custom name/icon
+          'chat:write.public',    // post in channels without joining
+          'files:read',           // read files shared with the bot
+          'files:write',          // upload files (DB exports, reports)
+          'groups:history',       // read private channel messages
+          'groups:read',          // list private channels
+          'im:history',           // read DM messages
+          'im:read',              // list DMs
+          'im:write',             // open DM channels (for user notifications)
+          'mpim:history',         // read multi-person DMs
+          'mpim:read',            // list multi-person DMs
+          'reactions:write',      // add emoji reactions
+          'users:read',           // look up user info / timezone
+          'users:read.email',     // look up user by email
+          'usergroups:read',      // resolve @here / @channel for admin checks
+        ],
+      },
+    },
+    settings: {
+      event_subscriptions: {
+        bot_events: [
+          'app_mention',      // @Sentinel in any channel
+          'message.channels', // messages in public channels (thread replies)
+          'message.groups',   // messages in private channels (thread replies)
+          'message.im',       // direct messages to Sentinel
+          'message.mpim',     // multi-person DMs
+        ],
+      },
+      interactivity: { is_enabled: false },
+      org_deploy_enabled: false,
+      socket_mode_enabled: true,
+      token_rotation_enabled: false,
+    },
+  };
+}
+
+/**
+ * Print Slack app setup guide.
+ * @param {boolean} hasExisting  true = update existing app, false = create new
+ * @param {string}  [stepTitle]  optional override for the step heading
+ */
+function printSlackSetupGuide(hasExisting, stepTitle) {
+  const manifest = buildSlackManifest();
+  const manifestJson = JSON.stringify(manifest, null, 2);
+
+  step(stepTitle || 'Setting up Slack Bot (Sentinel Boss)…');
+
+  if (hasExisting) {
+    console.log(`
+  ${chalk.bold('Update your existing Slack app manifest:')}
+
+  ${chalk.white('1.')} Open: ${chalk.cyan('https://api.slack.com/apps')} → select your Sentinel app
+  ${chalk.white('2.')} Click ${chalk.cyan('"App Manifest"')} in the left sidebar
+  ${chalk.white('3.')} Replace the entire manifest with:
+
+${manifestJson.split('\n').map(l => '     ' + l).join('\n')}
+
+  ${chalk.white('4.')} Click ${chalk.green('"Save Changes"')} → reinstall to workspace if prompted
+  ${chalk.white('5.')} Paste your tokens below ↓
+`);
+  } else {
+    const createUrl = `https://api.slack.com/apps?new_app=1&manifest_json=${encodeURIComponent(JSON.stringify(manifest))}`;
+    console.log(`
+  ${chalk.bold('One-click Slack app setup:')}
+
+  ${chalk.cyan(createUrl)}
+
+  ${chalk.bold('Steps after clicking the link:')}
+  ${chalk.white('1.')} Slack opens with all permissions pre-filled → click ${chalk.green('"Create App"')}
+  ${chalk.white('2.')} Click ${chalk.green('"Install to Workspace"')} → Allow
+  ${chalk.white('3.')} Copy ${chalk.yellow('Bot Token')}  (OAuth & Permissions → Bot User OAuth Token → xoxb-...)
+  ${chalk.white('4.')} Go to ${chalk.cyan('Settings → Basic Information → App-Level Tokens')}
+       → ${chalk.green('"Generate Token and Scopes"')}  name it anything, add scope: ${chalk.yellow('connections:write')}
+       → Copy ${chalk.yellow('App-Level Token')}  (xapp-...)
+  ${chalk.white('5.')} Paste both tokens below ↓
+`);
+    try {
+      const { execSync: _exec } = require('child_process');
+      const opener = process.platform === 'darwin' ? 'open'
+        : process.platform === 'win32' ? 'start'
+        : 'xdg-open';
+      _exec(`${opener} "${createUrl}"`, { stdio: 'ignore' });
+      console.log(chalk.green('  ✔') + ' Opened in your browser\n');
+    } catch (_) {}
+  }
+}
+
+module.exports = { buildSlackManifest, printSlackSetupGuide };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.4.78",
+  "version": "1.4.80",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/lib/.cairn/views/2a85cc_init.js

@@ -1,462 +0,0 @@
-'use strict';
-const fs = require('fs-extra');
-const path = require('path');
-const os = require('os');
-const { execSync, spawnSync } = require('child_process');
-const prompts = require('prompts');
-const chalk = require('chalk');
-const { generateProjectScripts, generateWorkspaceScripts, writeExampleProject } = require('./generate');
-const ok   = msg => console.log(chalk.green('  ✔'), msg);
-const info = msg => console.log(chalk.cyan('  →'), msg);
-const warn = msg => console.log(chalk.yellow('  ⚠'), msg);
-const step = msg => console.log('\n' + chalk.bold.white(msg));
-module.exports = async function init() {
-  const defaultWorkspace = path.join(os.homedir(), 'sentinel');
-  const existing = readExistingConfig(defaultWorkspace);
-  if (Object.keys(existing).length) {
-    console.log(chalk.cyan('\n  → Existing workspace config found — showing current values as defaults\n'));
-  }
-  const answers = await prompts([
-    {
-      type: 'text',
-      name: 'workspace',
-      message: 'Workspace directory (each project lives here as a subdirectory)',
-      initial: path.join(os.homedir(), 'sentinel'),
-      format: v => v.replace(/^~/, os.homedir()),
-    },
-    {
-      type: 'select',
-      name: 'authMode',
-      message: 'Claude authentication strategy',
-      hint: 'Boss = Slack AI; Fix Engine = autonomous code repair',
-      choices: [
-        {
-          title: 'Both  (RECOMMENDED) — API key for Boss, Claude Pro for Fix Engine',
-          value: 'both',
-        },
-        {
-          title: 'API key only  — full Boss tools; Fix Engine billed per token',
-          value: 'apikey',
-        },
-        {
-          title: 'Claude Pro / OAuth only  — run `claude login`; Boss has limited tools',
-          value: 'oauth',
-        },
-        { title: 'Skip  (configure manually in sentinel.properties)', value: 'skip' },
-      ],
-    },
-    {
-      type: prev => (prev === 'apikey' || prev === 'both') ? 'password' : null,
-      name: 'anthropicKey',
-      message: existing.ANTHROPIC_API_KEY
-        ? 'Anthropic API key  (press Enter to keep current)'
-        : 'Anthropic API key (sk-ant-...)',
-      validate: v => !v || v.startsWith('sk-ant-') ? true : 'Key should start with sk-ant-',
-    },
-    {
-      type: 'confirm',
-      name: 'example',
-      message: 'Create an example project to show how to configure?',
-      initial: true,
-    },
-    {
-      type: 'confirm',
-      name: 'systemd',
-      message: 'Set up systemd service for auto-start on reboot?',
-      initial: process.platform === 'linux',
-    },
-    {
-      type: 'text',
-      name: 'smtpUser',
-      message: 'SMTP sender address',
-      initial: existing.SMTP_USER || 'sentinel@yourdomain.com',
-    },
-    {
-      type: prev => prev ? 'password' : null,
-      name: 'smtpPassword',
-      message: existing.SMTP_PASSWORD ? 'SMTP password / app password  (press Enter to keep current)' : 'SMTP password / app password',
-    },
-    {
-      type: prev => prev ? 'text' : null,
-      name: 'smtpHost',
-      message: 'SMTP host',
-      initial: existing.SMTP_HOST || 'smtp.gmail.com',
-    },
-    {
-      type: 'confirm',
-      name: 'setupSlack',
-      message: 'Set up Slack Bot (Sentinel Boss — conversational AI interface)?',
-      initial: !!(existing.SLACK_BOT_TOKEN),
-    },
-  ], { onCancel: () => process.exit(0) });
-  if (answers.setupSlack && !existing.SLACK_BOT_TOKEN) {
-    printSlackSetupGuide();
-  }
-  const tokenAnswers = await prompts([
-    {
-      type: answers.setupSlack ? 'password' : null,
-      name: 'slackBotToken',
-      message: existing.SLACK_BOT_TOKEN ? 'Slack Bot Token  (press Enter to keep current)' : 'Slack Bot Token  (xoxb-...)',
-      validate: v => !v || v.startsWith('xoxb-') ? true : 'Should start with xoxb-',
-    },
-    {
-      type: answers.setupSlack ? 'password' : null,
-      name: 'slackAppToken',
-      message: existing.SLACK_APP_TOKEN ? 'Slack App-Level Token  (press Enter to keep current)' : 'Slack App-Level Token  (xapp-...)',
-      validate: v => !v || v.startsWith('xapp-') ? true : 'Should start with xapp-',
-    },
-  ], { onCancel: () => process.exit(0) });
-  Object.assign(answers, tokenAnswers);
-  const { workspace, authMode, anthropicKey, example, systemd, smtpUser, smtpPassword, smtpHost, setupSlack, slackBotToken, slackAppToken } = answers;
-  const effectiveAnthropicKey  = anthropicKey  || existing.ANTHROPIC_API_KEY || '';
-  const effectiveSmtpPassword  = smtpPassword  || existing.SMTP_PASSWORD     || '';
-  const effectiveSlackBotToken = slackBotToken || existing.SLACK_BOT_TOKEN   || '';
-  const effectiveSlackAppToken = slackAppToken || existing.SLACK_APP_TOKEN   || '';
-  const codeDir = path.join(workspace, 'code');
-  step('Checking npm permissions…');
-  ensureNpmUserPrefix();
-  step('Checking Python…');
-  const python = findPython();
-  if (!python) {
-    console.error(chalk.red('  ✖ python3 not found. Install it first:'));
-    console.error('      sudo apt-get install -y python3 python3-pip python3-venv');
-    process.exit(1);
-  }
-  ok(`Python: ${run(python, ['--version']).trim()}`);
-  step('Installing Sentinel code…');
-  const bundledPython = path.join(__dirname, '..', 'python');
-  if (!fs.existsSync(bundledPython)) {
-    console.error(chalk.red('  ✖ Bundled Python source not found (run npm publish from the Sentinel repo)'));
-    process.exit(1);
-  }
-  fs.ensureDirSync(codeDir);
-  fs.copySync(bundledPython, codeDir, { overwrite: true });
-  ok(`Sentinel code → ${codeDir}`);
-  step('Setting up Python environment…');
-  const venv = path.join(codeDir, '.venv');
-  if (!fs.existsSync(venv)) {
-    info('Creating virtual environment…');
-    runLive(python, ['-m', 'venv', venv]);
-  }
-  const pip = path.join(venv, 'bin', 'pip3');
-  const pythonBin = path.join(venv, 'bin', 'python3');
-  info('Installing Python packages…');
-  runLive(pip, ['install', '--quiet', '--upgrade', 'pip']);
-  runLive(pip, ['install', '--quiet', '-r', path.join(codeDir, 'requirements.txt')]);
-  ok('Python packages installed');
-  step('Installing Node tools…');
-  installNpmGlobal('@misterhuydo/cairn-mcp', 'cairn');
-  step('Hooking Cairn MCP into Claude Code…');
-  runLive('cairn', ['install']);
-  ok('cairn install complete');
-  installNpmGlobal('@anthropic-ai/claude-code', 'claude');
-  step('Patching Claude Code permissions…');
-  ensureClaudePermissions();
-  step('Claude Code authentication…');
-  if (authMode === 'both' && effectiveAnthropicKey) {
-    ok('API key → Sentinel Boss (full tools, structured responses)');
-    ok('Claude Pro → Fix Engine + Ask Codebase (heavy coding, Pro subscription)');
-    info('Run `claude login` on this server now (or before starting projects)');
-    info('CLAUDE_PRO_FOR_TASKS=true written to workspace sentinel.properties');
-  } else if (authMode === 'apikey' && effectiveAnthropicKey) {
-    ok('API key → all Claude usage (Boss + Fix Engine billed to your API quota)');
-    info('CLAUDE_PRO_FOR_TASKS=false written — Fix Engine will use API key');
-    warn('Heavy fix tasks will consume API tokens. Claude Pro is cheaper for those.');
-  } else if (authMode === 'oauth') {
-    ok('Claude Pro / OAuth → Fix Engine + Ask Codebase');
-    warn('Boss will use CLI fallback — some tools unavailable without an API key');
-    info('Run `claude login` on this server to authenticate');
-  } else {
-    warn('No auth configured — add ANTHROPIC_API_KEY or run `claude login` before starting');
-    info('See: workspace sentinel.properties for full auth documentation');
-  }
-  if (effectiveSlackBotToken && effectiveSlackAppToken) {
-    step('Slack Bot (Sentinel Boss)…');
-    ok('Tokens will be written to workspace sentinel.properties');
-    info('Sentinel Boss starts automatically when the project starts');
-  } else if (setupSlack) {
-    warn('Slack tokens not provided — add them to sentinel.properties later');
-    info('Re-run  sentinel init  after creating the app to fill in the tokens');
-  }
-  step('Creating workspace…');
-  fs.ensureDirSync(workspace);
-  ok(`Workspace: ${workspace}`);
-  if (example) {
-    step('Creating example project…');
-    const exampleDir = path.join(workspace, 'my-project');
-    writeExampleProject(exampleDir, codeDir, pythonBin, effectiveAnthropicKey, { botToken: effectiveSlackBotToken, appToken: effectiveSlackAppToken });
-    ok(`Example project: ${exampleDir}`);
-  }
-  step('Generating scripts…');
-  const authConfig = {};
-  if (effectiveAnthropicKey) authConfig.apiKey = effectiveAnthropicKey;
-  if (authMode === 'both' || authMode === 'oauth') authConfig.claudeProForTasks = true;
-  if (authMode === 'apikey') authConfig.claudeProForTasks = false;
-  generateWorkspaceScripts(workspace, { host: smtpHost, user: smtpUser, password: effectiveSmtpPassword }, { botToken: effectiveSlackBotToken, appToken: effectiveSlackAppToken }, authConfig);
-  ok(`${workspace}/startAll.sh`);
-  ok(`${workspace}/stopAll.sh`);
-  if (systemd) {
-    step('Setting up systemd…');
-    setupSystemd(workspace);
-  }
-  console.log('\n' + chalk.bold.green('══ Done! ══') + '\n');
-  console.log(`${chalk.bold('Next steps:')}`);
-  if (example) {
-    console.log(`
-  1. Configure your first project:
-     ${chalk.cyan(`${workspace}/my-project/config/sentinel.properties`)}
-     ${chalk.cyan(`${workspace}/my-project/config/log-configs/`)}
-     ${chalk.cyan(`${workspace}/my-project/config/repo-configs/`)}
-  2. Start all projects (Sentinel clones repos, indexes, and monitors automatically):
-     ${chalk.cyan(`${workspace}/startAll.sh`)}
-  3. Stop all projects:
-     ${chalk.cyan(`${workspace}/stopAll.sh`)}
-`);
-  }
-  if (systemd) {
-    console.log(`  Auto-start is enabled. To manage:
-     ${chalk.cyan('sudo systemctl start sentinel')}
-     ${chalk.cyan('sudo systemctl status sentinel')}
-     ${chalk.cyan('journalctl -u sentinel -f')}
-`);
-  }
-  console.log(`  Add another project anytime:
-     ${chalk.cyan('sentinel add <project-name>')}
-`);
-};
-function readExistingConfig(workspace) {
-  const result = {};
-  _parsePropsInto(path.join(workspace, 'sentinel.properties'), result);
-  if (!result.SLACK_BOT_TOKEN || !result.SLACK_APP_TOKEN) {
-    try {
-      for (const entry of fs.readdirSync(workspace)) {
-        const p = path.join(workspace, entry, 'config', 'sentinel.properties');
-        const proj = {};
-        _parsePropsInto(p, proj);
-        if (!result.SLACK_BOT_TOKEN && proj.SLACK_BOT_TOKEN) result.SLACK_BOT_TOKEN = proj.SLACK_BOT_TOKEN;
-        if (!result.SLACK_APP_TOKEN && proj.SLACK_APP_TOKEN) result.SLACK_APP_TOKEN = proj.SLACK_APP_TOKEN;
-        if (result.SLACK_BOT_TOKEN && result.SLACK_APP_TOKEN) break;
-      }
-    } catch (_) {}
-  }
-  return result;
-}
-function _parsePropsInto(propsPath, result) {
-  if (!fs.existsSync(propsPath)) return;
-  try {
-    const lines = fs.readFileSync(propsPath, 'utf8').split(/\r?\n/);
-    for (const raw of lines) {
-      const line = raw.trim();
-      if (!line || line.startsWith('#')) continue;
-      const idx = line.indexOf('=');
-      if (idx === -1) continue;
-      result[line.slice(0, idx).trim()] = line.slice(idx + 1).trim();
-    }
-  } catch (_) {}
-}
-function findPython() {
-  for (const bin of ['python3', 'python']) {
-    try {
-      execSync(`${bin} --version`, { stdio: 'pipe' });
-      return bin;
-    } catch (_) {}
-  }
-  return null;
-}
-function run(bin, args) {
-  const r = spawnSync(bin, args, { encoding: 'utf8' });
-  return (r.stdout || '') + (r.stderr || '');
-}
-function runLive(bin, args) {
-  const r = spawnSync(bin, args, { stdio: 'inherit' });
-  if (r.status !== 0) {
-    console.error(chalk.red(`  ✖ Command failed: ${bin} ${args.join(' ')}`));
-    process.exit(1);
-  }
-}
-function installNpmGlobal(pkg, checkBin) {
-  try {
-    execSync(`${checkBin} --version`, { stdio: 'pipe' });
-    ok(`${pkg} already installed`);
-  } catch (_) {
-    info(`Installing ${pkg}…`);
-    runLive('npm', ['install', '-g', pkg]);
-    ok(`${pkg} installed`);
-  }
-}
-function ensureClaudePermissions() {
-  const settingsPath = require('path').join(require('os').homedir(), '.claude', 'settings.json');
-  const required = ['Read(**)', 'Write(**)', 'Edit(**)', 'Bash(**)'];
-  let settings = {};
-  try {
-    if (fs.existsSync(settingsPath)) {
-      settings = JSON.parse(fs.readFileSync(settingsPath, 'utf8'));
-    }
-  } catch (e) {
-    warn('Could not read ' + settingsPath + ': ' + e.message);
-    return;
-  }
-  if (!settings.permissions) settings.permissions = {};
-  if (!Array.isArray(settings.permissions.allow)) settings.permissions.allow = [];
-  const existing = new Set(settings.permissions.allow);
-  const added = [];
-  for (const perm of required) {
-    if (!existing.has(perm)) {
-      settings.permissions.allow.push(perm);
-      added.push(perm);
-    }
-  }
-  if (added.length === 0) {
-    ok('Claude Code permissions already configured');
-    return;
-  }
-  try {
-    fs.ensureDirSync(require('path').dirname(settingsPath));
-    fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
-    ok('Claude Code permissions patched: ' + added.join(', '));
-  } catch (e) {
-    warn('Could not write ' + settingsPath + ': ' + e.message);
-  }
-}
-function ensureNpmUserPrefix() {
-  try {
-    const currentPrefix = execSync('npm config get prefix', { encoding: 'utf8' }).trim();
-    const homeDir = os.homedir();
-    if (currentPrefix.startsWith(homeDir)) {
-      ok(`npm prefix: ${currentPrefix} (user-owned, no sudo needed)`);
-      return;
-    }
-    try { fs.accessSync(currentPrefix, fs.constants.W_OK); ok('npm prefix writable'); return; }
-    catch (_) {}
-    const userPrefix = path.join(homeDir, '.npm-global');
-    fs.ensureDirSync(userPrefix);
-    execSync(`npm config set prefix "${userPrefix}"`, { encoding: 'utf8' });
-    ok(`npm prefix set to ${userPrefix} (no sudo needed for upgrades)`);
-    const exportLine = `export PATH="${userPrefix}/bin:$PATH"`;
-    for (const rc of ['.bashrc', '.profile', '.zshrc']) {
-      const rcPath = path.join(homeDir, rc);
-      if (!fs.existsSync(rcPath)) continue;
-      const content = fs.readFileSync(rcPath, 'utf8');
-      if (!content.includes(userPrefix)) {
-        fs.appendFileSync(rcPath, `\n# Added by sentinel init\n${exportLine}\n`);
-        ok(`PATH updated in ~/${rc}`);
-      }
-    }
-    warn(`Run: export PATH="${userPrefix}/bin:$PATH"  (or open a new shell)`);
-    warn(`Then reinstall: npm install -g @misterhuydo/sentinel`);
-  } catch (e) {
-    warn(`Could not check npm prefix: ${e.message}`);
-  }
-}
-function buildSlackManifest() {
-  return {
-    display_information: {
-      name: 'Sentinel',
-      description: 'Autonomous DevOps Agent — monitors logs, fixes bugs, manages deployments',
-      background_color: '#1a1a2e',
-    },
-    features: {
-      bot_user: {
-        display_name: 'Sentinel',
-        always_online: true,
-      },
-    },
-    oauth_config: {
-      scopes: {
-        bot: [
-          'app_mentions:read',
-          'channels:history',
-          'channels:read',
-          'chat:write',
-          'chat:write.customize',
-          'chat:write.public',
-          'files:read',
-          'files:write',
-          'groups:history',
-          'groups:read',
-          'im:history',
-          'im:read',
-          'im:write',
-          'mpim:history',
-          'mpim:read',
-          'reactions:write',
-          'users:read',
-          'users:read.email',
-          'usergroups:read',
-        ],
-      },
-    },
-    settings: {
-      event_subscriptions: {
-        bot_events: [
-          'app_mention',
-          'message.channels',
-          'message.groups',
-          'message.im',
-          'message.mpim',
-        ],
-      },
-      interactivity: { is_enabled: false },
-      org_deploy_enabled: false,
-      socket_mode_enabled: true,
-      token_rotation_enabled: false,
-    },
-  };
-}
-function printSlackSetupGuide() {
-  const manifest = buildSlackManifest();
-  const manifestJson = JSON.stringify(manifest);
-  const encoded = encodeURIComponent(manifestJson);
-  const createUrl = `https://api.slack.com/apps?new_app=1&manifest_json=${encoded}`;
-  step('Setting up Slack Bot (Sentinel Boss)…');
-  console.log(`
-  ${chalk.bold('One-click Slack app setup:')}
-  ${chalk.cyan(createUrl)}
-  ${chalk.bold('Steps after clicking the link:')}
-  ${chalk.white('1.')} Slack opens with all permissions pre-filled → click ${chalk.green('"Create App"')}
-  ${chalk.white('2.')} Click ${chalk.green('"Install to Workspace"')} → Allow
-  ${chalk.white('3.')} Copy ${chalk.yellow('Bot Token')}  (OAuth & Permissions → Bot User OAuth Token → xoxb-...)
-  ${chalk.white('4.')} Go to ${chalk.cyan('Settings → Basic Information → App-Level Tokens')}
-       → ${chalk.green('"Generate Token and Scopes"')}  name it anything, add scope: ${chalk.yellow('connections:write')}
-       → Copy ${chalk.yellow('App-Level Token')}  (xapp-...)
-  ${chalk.white('5.')} Paste both tokens below ↓
-`);
-  try {
-    const { execSync: _exec } = require('child_process');
-    const opener = process.platform === 'darwin' ? 'open'
-      : process.platform === 'win32' ? 'start'
-      : 'xdg-open';
-    _exec(`${opener} "${createUrl}"`, { stdio: 'ignore' });
-    console.log(chalk.green('  ✔') + ' Opened in your browser\n');
-  } catch (_) {
-  }
-}
-function setupSystemd(workspace) {
-  const user = os.userInfo().username;
-  const svc = `/etc/systemd/system/sentinel.service`;
-  const content = `[Unit]
-Description=Sentinel — Autonomous DevOps Agent
-After=network-online.target
-Wants=network-online.target
-[Service]
-Type=forking
-User=${user}
-WorkingDirectory=${workspace}
-ExecStart=${workspace}/startAll.sh
-ExecStop=${workspace}/stopAll.sh
-Restart=on-failure
-RestartSec=10
-[Install]
-WantedBy=multi-user.target
-`;
-  try {
-    fs.writeFileSync('/tmp/sentinel.service', content);
-    execSync(`sudo mv /tmp/sentinel.service ${svc}`);
-    execSync('sudo systemctl daemon-reload');
-    execSync('sudo systemctl enable sentinel');
-    ok('sentinel.service enabled');
-  } catch (e) {
-    warn(`Could not write systemd service (need sudo): ${e.message}`);
-    warn(`Manually create ${svc} to auto-start on reboot`);
-  }
-}