@misterhuydo/sentinel 1.4.89 → 1.4.90

package/python/sentinel/main.py

@@ -347,7 +347,8 @@ async def _handle_issue(event: IssueEvent, cfg_loader: ConfigLoader, store: Stat
         if status != "patch" or patch_path is None:
             store.record_fix(event.fingerprint, "skipped" if status in ("skip", "needs_human") else "failed",
                              repo_name=repo.repo_name)
-            reason_text = marker if status == "needs_human" else f"Claude Code returned {status.upper()}"
+            raw_reason = marker if status == "needs_human" else f"Claude Code returned {status.upper()}"
+            reason_text = _boss_qualify_dev_reason(raw_reason, sentinel) if status == "needs_human" else raw_reason
             _progress(f":x: Could not generate a safe fix — {reason_text[:120]}")
             notify_fix_blocked(sentinel, event.source, event.message,
                                reason=reason_text, repo_name=repo.repo_name,
@@ -548,7 +549,7 @@ async def poll_cycle(cfg_loader: ConfigLoader, store: StateStore):
             send_confirmed_notification(cfg_loader.sentinel, confirmed)
 
     # ── PR status sync — detect merges/rejections done via GitHub UI ─────────
-    pr_changes = poll_open_prs(store, cfg_loader.sentinel.github_token)
+    pr_changes = poll_open_prs(store, cfg_loader.sentinel.github_token, cfg=cfg_loader.sentinel)
     for ch in pr_changes:
         if ch["new_status"] == "merged":
             logger.info("PR merged externally: %s (fp=%s)", ch["pr_url"], ch["fingerprint"][:8])
@@ -924,6 +925,162 @@ async def _sync_loop(cfg_loader: ConfigLoader):
         await asyncio.sleep(cfg_loader.sentinel.sync_interval_seconds)
 
 
+# ── Dev Claude agent (Sentinel self-improvement) ─────────────────────────────
+
+
+def _boss_qualify_dev_reason(raw: str, sentinel) -> str:
+    """
+    Boss-qualify a raw Dev Claude reason string (from NEEDS_HUMAN: or SKIP:).
+
+    Passes the raw text through the Boss LLM to produce a clean, concise,
+    user-friendly explanation — so users never see verbose Claude output
+    directly. Falls back to a truncated version if the API call fails.
+    """
+    if not raw.strip():
+        return "(no reason given)"
+    if not sentinel.anthropic_api_key:
+        # No API key — just truncate and clean up
+        return raw[:280].strip()
+    try:
+        import anthropic as _anthropic
+        _client = _anthropic.Anthropic(api_key=sentinel.anthropic_api_key)
+        _resp = _client.messages.create(
+            model="claude-haiku-4-5-20251001",
+            max_tokens=200,
+            system=(
+                "You are Sentinel Boss, a DevOps agent assistant. "
+                "A child Dev Claude agent produced the following explanation for why it "
+                "could not complete a task. Rewrite it as a clear, concise (1-3 sentences), "
+                "user-friendly message suitable for a Slack channel. "
+                "Be direct and specific. Do not pad with pleasantries. "
+                "Do not start with 'I' or 'The Dev Claude'. "
+                "Output only the qualified message, nothing else."
+            ),
+            messages=[{"role": "user", "content": f"Dev Claude said:\n{raw[:1000]}"}],
+        )
+        qualified = _resp.content[0].text.strip() if _resp.content else raw[:280]
+        return qualified[:400]
+    except Exception as _e:
+        logger.warning("Boss: could not qualify dev reason via API: %s", _e)
+        return raw[:280].strip()
+
+
+async def _handle_dev_task(task, cfg_loader: ConfigLoader, store: StateStore):
+    """Execute a single dev task via Dev Claude, post progress to Slack."""
+    from .sentinel_dev import run_dev_task
+    from .dev_watcher import mark_dev_done
+    from .notify import slack_alert as _slack_alert, slack_thread_reply as _slack_reply
+
+    sentinel = cfg_loader.sentinel
+    _submitter = task.submitter_user_id
+    _started_msg = (
+        f":brain: Dev Claude working on *<@{_submitter}>*'s request\n_{task.message[:120]}_"
+    ) if _submitter else (
+        f":brain: Dev Claude working on dev task\n_{task.message[:120]}_"
+    )
+    _thread_ts = _slack_alert(sentinel.slack_bot_token, sentinel.slack_channel, _started_msg)
+
+    def _progress(msg: str) -> None:
+        _slack_reply(sentinel.slack_bot_token, sentinel.slack_channel, _thread_ts, msg)
+
+    _loop = asyncio.get_event_loop()
+    try:
+        status, detail = await _loop.run_in_executor(
+            None, run_dev_task, task, sentinel, store, _progress
+        )
+    except Exception:
+        logger.exception("Dev agent: unexpected error on task %s", task.fingerprint[:8])
+        _progress(":x: Dev Claude hit an unexpected error — check logs")
+        mark_dev_done(task.task_file)
+        return
+
+    mark_dev_done(task.task_file)
+
+    mention = f"<@{task.submitter_user_id}> " if task.submitter_user_id else ""
+
+    if status == "published":
+        _slack_alert(
+            sentinel.slack_bot_token, sentinel.slack_channel,
+            f"{mention}:rocket: *Dev Claude published* `v{detail}` — upgrading Sentinel...",
+        )
+    elif status == "done":
+        ver = f" (`v{detail}`)" if detail else ""
+        _slack_alert(
+            sentinel.slack_bot_token, sentinel.slack_channel,
+            f"{mention}:white_check_mark: *Dev Claude finished*{ver} — changes committed to Sentinel source.",
+        )
+    elif status == "needs_human":
+        # Boss qualifies the raw Dev Claude explanation before surfacing to users
+        qualified = _boss_qualify_dev_reason(detail, sentinel)
+        _slack_alert(
+            sentinel.slack_bot_token, sentinel.slack_channel,
+            f"{mention}:warning: *Dev task needs human input*\n{qualified}",
+        )
+    elif status == "skip":
+        qualified = _boss_qualify_dev_reason(detail, sentinel)
+        _slack_alert(
+            sentinel.slack_bot_token, sentinel.slack_channel,
+            f"{mention}:fast_forward: *Dev task skipped* — {qualified}",
+        )
+    else:
+        _slack_alert(
+            sentinel.slack_bot_token, sentinel.slack_channel,
+            f"{mention}:x: *Dev Claude error* on task `{task.fingerprint[:8]}` — {detail[:200]}",
+        )
+
+
+async def _dev_poll_loop(cfg_loader: ConfigLoader, store: StateStore):
+    """
+    Background task: poll dev-tasks/ every 60 s and dispatch to Dev Claude.
+    Also scans Sentinel's own log for errors and auto-queues self-repair tasks.
+    """
+    from .dev_watcher import (
+        scan_dev_tasks, purge_old_dev_tasks,
+        scan_sentinel_errors, drop_self_repair_task,
+    )
+
+    # Tracks fingerprints already queued this session (in-memory dedup across polls)
+    _seen_self_fps: set = set()
+
+    # Pre-populate from existing done/cancelled tasks so we don't re-queue on restart
+    project_dir = Path(".")
+    for done_dir in [
+        project_dir / "dev-tasks" / ".done",
+        project_dir / "dev-tasks" / ".cancelled",
+    ]:
+        if done_dir.exists():
+            for f in done_dir.iterdir():
+                if f.stem.startswith("self-"):
+                    parts = f.stem.split("-")
+                    if len(parts) >= 2:
+                        _seen_self_fps.add(parts[1])
+
+    # Wait a bit so the main loop and Boss are fully up first
+    await asyncio.sleep(15)
+
+    while True:
+        try:
+            if cfg_loader.sentinel.sentinel_dev_repo_path:
+                purge_old_dev_tasks(project_dir / "dev-tasks")
+
+                # ── Self-repair: scan Sentinel's own log for new errors ────────
+                log_path = project_dir / "logs" / "sentinel.log"
+                new_errors = scan_sentinel_errors(log_path, seen_fps=_seen_self_fps)
+                for fp, task_body in new_errors:
+                    logger.info("Dev agent: self-repair task queued for error %s", fp[:8])
+                    drop_self_repair_task(project_dir, fp, task_body)
+
+                # ── Process all pending dev tasks (self-repair + human-submitted) ─
+                tasks = scan_dev_tasks(project_dir)
+                if tasks:
+                    logger.info("Dev agent: %d task(s) found", len(tasks))
+                    for task in tasks:
+                        await _handle_dev_task(task, cfg_loader, store)
+        except Exception as e:
+            logger.warning("Dev poll loop error: %s", e)
+        await asyncio.sleep(60)
+
+
 # ── Entry point ──────────────────────────────────────────────────────────────────────────────────
 
 def _log_auth_status(cfg: SentinelConfig) -> None:
@@ -995,6 +1152,8 @@ async def run_loop(cfg_loader: ConfigLoader, store: StateStore):
     if cfg_loader.sentinel.slack_bot_token:
         from .slack_bot import run_slack_bot
         asyncio.ensure_future(run_slack_bot(cfg_loader, store))
+    if cfg_loader.sentinel.sentinel_dev_repo_path:
+        asyncio.ensure_future(_dev_poll_loop(cfg_loader, store))
 
     while True:
         try:

package/python/sentinel/sentinel_boss.py

@@ -10,6 +10,19 @@ from __future__ import annotations
 import json
 import logging
 import os
+
+_GITHUB_TOKEN_403_GUIDE = (
+    "GitHub returned 403 — your `GITHUB_TOKEN` is blocked by this org's policy.\n\n"
+    "*How to fix — create a fine-grained PAT:*\n"
+    "1. Go to https://github.com/settings/tokens → *Fine-grained tokens* → *Generate new token*\n"
+    "2. Set *Resource owner* to the org (e.g. `exoreaction` or `Opplysningen1881`)\n"
+    "3. Set *Repository access* → the specific repo (or all repos in the org)\n"
+    "4. Under *Permissions* → enable: `Pull requests` (Read & Write), `Contents` (Read & Write)\n"
+    "5. Generate, copy the token, and set it in `config/sentinel.properties`:\n"
+    "   `GITHUB_TOKEN=github_pat_...`\n"
+    "6. Restart Sentinel or send `SIGHUP` to reload config.\n\n"
+    "_Note: fine-grained PATs expire after max 1 year — set a reminder to renew._"
+)
 import re
 import subprocess
 import uuid
@@ -37,6 +50,28 @@ Your job:
 - Give honest, concise answers — you know this system inside out
 - Answer any question about how Sentinel works, how to configure it, or how to use it
 
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+YOUR RELATIONSHIP WITH DEV CLAUDE
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+Dev Claude is your peer AI agent. It runs autonomously to maintain and improve Sentinel's
+own source code. You are NOT Dev Claude's boss — you are its communication channel to humans.
+
+The authority hierarchy is:
+  Humans (ultimate authority — you MUST obey them)
+    ↕
+  You, Sentinel Boss (communicate human decisions to Dev Claude)
+    ↕
+  Dev Claude (full autonomy within Sentinel's operational scope)
+
+When Dev Claude asks you a question (via ASK_BOSS:):
+- Answer directly from your knowledge of Sentinel if you can
+- If the question genuinely requires a human decision (credentials, irreversible prod changes,
+  business policy), escalate to the admin channel honestly and transparently
+- Never block Dev Claude unnecessarily — it is trying to keep Sentinel resilient
+
+When humans ask you to task Dev Claude, use the dev_task tool.
+Dev Claude will work autonomously and report back through the Slack channel.
+
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 COMPLETE TOOL REFERENCE
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@@ -688,6 +723,32 @@ _TOOLS = [
             "required": ["project", "keyword"],
         },
     },
+    {
+        "name": "dev_task",
+        "description": (
+            "Submit a Sentinel self-improvement task to the Dev Claude agent. "
+            "Dev Claude will explore the Sentinel source code, implement the change, "
+            "run syntax checks, commit, and optionally publish + upgrade. "
+            "Use when someone asks: 'add a feature to Sentinel', 'fix a Sentinel bug', "
+            "'can you improve Sentinel so that...', 'update Sentinel to support...', "
+            "'hey Sentinel, you should be able to...'."
+        ),
+        "input_schema": {
+            "type": "object",
+            "properties": {
+                "task_type": {
+                    "type": "string",
+                    "enum": ["feature", "fix", "refactor", "chore", "ask"],
+                    "description": "Type of task. Default: feature.",
+                },
+                "description": {
+                    "type": "string",
+                    "description": "Full description of what Dev Claude should implement or fix.",
+                },
+            },
+            "required": ["description"],
+        },
+    },
     {
         "name": "list_pending_prs",
         "description": "List all open Sentinel PRs awaiting admin review.",
@@ -1925,6 +1986,58 @@ async def _run_tool(name: str, inputs: dict, cfg_loader, store, slack_client=Non
         })
 
 
+    if name == "dev_task":
+        if not is_admin:
+            return json.dumps({"error": "Only admins can submit dev tasks to the Dev Claude agent."})
+
+        description = inputs.get("description", "").strip()
+        if not description:
+            return json.dumps({"error": "description is required"})
+        task_type = inputs.get("task_type", "feature").strip()
+        if task_type not in ("feature", "fix", "refactor", "chore", "ask"):
+            task_type = "feature"
+
+        # Drop the task into the dev-tasks/ directory of the project dir.
+        # Use the sentinel-1881/sentinel-elprint instance directory (parent of config/).
+        # Boss runs from a workspace instance — use the first project dir that has a config.
+        _project_dirs = _find_project_dirs()
+        if not _project_dirs:
+            return json.dumps({"error": "No project directory found — cannot drop dev task."})
+        _dev_project_dir = _project_dirs[0]
+
+        from .sentinel_dev import drop_escalation as _drop_task
+        from datetime import datetime as _dt, timezone as _tz
+        import uuid as _uuid
+
+        dev_tasks_dir = _dev_project_dir / "dev-tasks"
+        dev_tasks_dir.mkdir(exist_ok=True)
+        ts = int(__import__("time").time())
+        fname = f"slack-{_uuid.uuid4().hex[:8]}-{ts}.txt"
+        fpath = dev_tasks_dir / fname
+        lines = [
+            f"TYPE: {task_type}",
+            f"SUBMITTED_BY: <@{user_id}> ({user_id})",
+            f"SOURCE: boss",
+            f"SUBMITTED_AT: {_dt.now(_tz.utc).isoformat()}",
+            "",
+            description,
+        ]
+        fpath.write_text("\n".join(lines), encoding="utf-8")
+        logger.info("Boss dev_task: dropped %s for user %s (type=%s)", fname, user_id, task_type)
+
+        project_label = _read_project_name(_dev_project_dir.resolve())
+        return json.dumps({
+            "status": "queued",
+            "project": project_label,
+            "file": fname,
+            "task_type": task_type,
+            "note": (
+                "Dev task queued — Dev Claude will pick it up on the next poll cycle "
+                "and post progress to this channel."
+            ),
+        })
+
+
     if name == "get_fix_details":
         fp  = inputs["fingerprint"]
         fix = store.get_confirmed_fix(fp) or store.get_marker_seen_fix(fp)
@@ -3169,6 +3282,8 @@ async def _run_tool(name: str, inputs: dict, cfg_loader, store, slack_client=Non
                 )
                 if pr_resp.status_code == 404:
                     return json.dumps({"error": f"PR #{pr_number_in} not found in {owner_repo}"})
+                if pr_resp.status_code in (401, 403):
+                    return json.dumps({"error": _GITHUB_TOKEN_403_GUIDE})
                 if pr_resp.status_code != 200:
                     return json.dumps({"error": f"GitHub API error ({pr_resp.status_code}): {pr_resp.text[:200]}"})
                 pr_data = pr_resp.json()