@misterhuydo/sentinel 1.4.89 → 1.4.91

package/python/sentinel/git_manager.py

@@ -358,6 +358,21 @@ def publish(
         return branch, pr_url
 
 
+def _alert_github_token_error(cfg: "SentinelConfig", owner_repo: str, status: int, hint: str = "") -> None:
+    """Fire a Slack alert when GitHub API rejects the token during PR creation."""
+    msg = (
+        f":warning: *Sentinel — GitHub token error ({status})*\n"
+        f"Could not open a PR for `{owner_repo}`.\n"
+        f"{hint}\n"
+        f"Check `GITHUB_TOKEN` in `sentinel.properties` — it may be expired, revoked, "
+        f"or not scoped to this org/repo."
+    )
+    logger.error("GitHub token error %s for %s: %s", status, owner_repo, hint)
+    if cfg.slack_bot_token and cfg.slack_channel:
+        from .notify import slack_alert
+        slack_alert(cfg.slack_bot_token, cfg.slack_channel, msg)
+
+
 def _open_github_pr(
     event: ErrorEvent,
     repo: RepoConfig,
@@ -407,10 +422,31 @@ def _open_github_pr(
         return pr_url
     else:
         logger.error("Failed to open PR (%s): %s", resp.status_code, resp.text[:300])
+        if resp.status_code in (401, 403, 404):
+            hint = "Token may lack access to this org/repo." if resp.status_code == 404 else resp.json().get("message", "")
+            _alert_github_token_error(cfg, owner_repo, resp.status_code, hint)
         return ""
 
 
-def poll_open_prs(store, github_token: str) -> list[dict]:
+def _delete_github_branch(owner_repo: str, branch: str, headers: dict) -> None:
+    """Delete a remote branch from GitHub after its PR is merged or closed."""
+    try:
+        resp = requests.delete(
+            f"https://api.github.com/repos/{owner_repo}/git/refs/heads/{branch}",
+            headers=headers,
+            timeout=15,
+        )
+        if resp.status_code == 204:
+            logger.info("Deleted branch %s from %s", branch, owner_repo)
+        elif resp.status_code == 422:
+            logger.debug("Branch %s already deleted on %s", branch, owner_repo)
+        else:
+            logger.warning("Could not delete branch %s (%s): %s", branch, resp.status_code, resp.text[:200])
+    except Exception as e:
+        logger.warning("Failed to delete branch %s: %s", branch, e)
+
+
+def poll_open_prs(store, github_token: str, cfg: "SentinelConfig | None" = None) -> list[dict]:
     """
     Check GitHub for the current state of all pending PRs in the state store.
 
@@ -463,6 +499,14 @@ def poll_open_prs(store, github_token: str) -> list[dict]:
         if resp.status_code == 404:
             logger.warning("poll_open_prs: PR not found (deleted?): %s", pr_url)
             continue
+        if resp.status_code in (401, 403):
+            logger.error(
+                "poll_open_prs: GitHub token rejected (%s) for %s — "
+                "org may require a fine-grained PAT. Set GITHUB_TOKEN in sentinel.properties.",
+                resp.status_code, pr_url,
+            )
+            _alert_github_token_error(cfg, pr_url, resp.status_code, resp.json().get("message", ""))
+            break  # No point retrying other PRs with the same bad token
         if resp.status_code != 200:
             logger.warning("poll_open_prs: unexpected %s for %s", resp.status_code, pr_url)
             continue
@@ -475,6 +519,7 @@ def poll_open_prs(store, github_token: str) -> list[dict]:
             continue  # still pending
 
         new_status = "merged" if merged else "skipped"
+        branch = fix.get("branch", "")
 
         with store._conn() as conn:
             conn.execute(
@@ -486,6 +531,11 @@ def poll_open_prs(store, github_token: str) -> list[dict]:
             "poll_open_prs: PR #%s %s → %s (fp=%s)",
             pr_number, owner_repo, new_status, fingerprint[:8],
         )
+
+        # Delete the fix branch from GitHub when PR is closed (merged or rejected)
+        if branch:
+            _delete_github_branch(owner_repo, branch, headers)
+
         changes.append({
             "fingerprint": fingerprint,
             "pr_url":      pr_url,

package/python/sentinel/main.py

@@ -347,7 +347,8 @@ async def _handle_issue(event: IssueEvent, cfg_loader: ConfigLoader, store: Stat
         if status != "patch" or patch_path is None:
             store.record_fix(event.fingerprint, "skipped" if status in ("skip", "needs_human") else "failed",
                              repo_name=repo.repo_name)
-            reason_text = marker if status == "needs_human" else f"Claude Code returned {status.upper()}"
+            raw_reason = marker if status == "needs_human" else f"Claude Code returned {status.upper()}"
+            reason_text = _boss_qualify_dev_reason(raw_reason, sentinel) if status == "needs_human" else raw_reason
             _progress(f":x: Could not generate a safe fix — {reason_text[:120]}")
             notify_fix_blocked(sentinel, event.source, event.message,
                                reason=reason_text, repo_name=repo.repo_name,
@@ -548,7 +549,7 @@ async def poll_cycle(cfg_loader: ConfigLoader, store: StateStore):
             send_confirmed_notification(cfg_loader.sentinel, confirmed)
 
     # ── PR status sync — detect merges/rejections done via GitHub UI ─────────
-    pr_changes = poll_open_prs(store, cfg_loader.sentinel.github_token)
+    pr_changes = poll_open_prs(store, cfg_loader.sentinel.github_token, cfg=cfg_loader.sentinel)
     for ch in pr_changes:
         if ch["new_status"] == "merged":
             logger.info("PR merged externally: %s (fp=%s)", ch["pr_url"], ch["fingerprint"][:8])
@@ -924,6 +925,268 @@ async def _sync_loop(cfg_loader: ConfigLoader):
         await asyncio.sleep(cfg_loader.sentinel.sync_interval_seconds)
 
 
+# ── Patch agent (Sentinel self-improvement) ──────────────────────────────────
+
+
+def _boss_qualify_dev_reason(raw: str, sentinel) -> str:
+    """
+    Boss-qualify a raw Patch reason string (from NEEDS_HUMAN: or SKIP:).
+
+    Passes the raw text through the Boss LLM to produce a clean, concise,
+    user-friendly explanation — so users never see verbose Claude output
+    directly. Falls back to a truncated version if the API call fails.
+    """
+    if not raw.strip():
+        return "(no reason given)"
+    if not sentinel.anthropic_api_key:
+        # No API key — just truncate and clean up
+        return raw[:280].strip()
+    try:
+        import anthropic as _anthropic
+        _client = _anthropic.Anthropic(api_key=sentinel.anthropic_api_key)
+        _resp = _client.messages.create(
+            model="claude-haiku-4-5-20251001",
+            max_tokens=200,
+            system=(
+                "You are Sentinel Boss, a DevOps agent assistant. "
+                "Patch (an autonomous dev agent) produced the following explanation for why it "
+                "could not complete a task. Rewrite it as a clear, concise (1-3 sentences), "
+                "user-friendly message suitable for a Slack channel. "
+                "Be direct and specific. Do not pad with pleasantries. "
+                "Do not start with 'I' or mention 'Patch' by name. "
+                "Output only the qualified message, nothing else."
+            ),
+            messages=[{"role": "user", "content": f"Patch said:\n{raw[:1000]}"}],
+        )
+        qualified = _resp.content[0].text.strip() if _resp.content else raw[:280]
+        return qualified[:400]
+    except Exception as _e:
+        logger.warning("Boss: could not qualify dev reason via API: %s", _e)
+        return raw[:280].strip()
+
+
+async def _handle_dev_task(task, cfg_loader: ConfigLoader, store: StateStore):
+    """Execute a single dev task via Patch, post progress to Slack."""
+    from .sentinel_dev import run_dev_task
+    from .dev_watcher import mark_dev_done
+    from .notify import slack_alert as _slack_alert, slack_thread_reply as _slack_reply
+
+    sentinel = cfg_loader.sentinel
+    _submitter = task.submitter_user_id
+    _started_msg = (
+        f":wrench: Patch working on *<@{_submitter}>*'s request\n_{task.message[:120]}_"
+    ) if _submitter else (
+        f":wrench: Patch working on dev task\n_{task.message[:120]}_"
+    )
+    _thread_ts = _slack_alert(sentinel.slack_bot_token, sentinel.slack_channel, _started_msg)
+
+    def _progress(msg: str) -> None:
+        _slack_reply(sentinel.slack_bot_token, sentinel.slack_channel, _thread_ts, msg)
+
+    _loop = asyncio.get_event_loop()
+    try:
+        status, detail = await _loop.run_in_executor(
+            None, run_dev_task, task, sentinel, store, _progress
+        )
+    except Exception:
+        logger.exception("Patch: unexpected error on task %s", task.fingerprint[:8])
+        _progress(":x: Patch hit an unexpected error — check logs")
+        mark_dev_done(task.task_file)
+        return
+
+    mark_dev_done(task.task_file)
+
+    # Build mention string: submitter + any extra notify users
+    _notify_ids = list(task.notify_user_ids or [])
+    if task.submitter_user_id:
+        mentions = f"<@{task.submitter_user_id}> " + " ".join(
+            f"<@{u}>" for u in _notify_ids if u != task.submitter_user_id
+        )
+        mentions = mentions.strip() + " "
+    else:
+        mentions = " ".join(f"<@{u}>" for u in _notify_ids)
+        mentions = (mentions + " ") if mentions else ""
+
+    if status == "done":
+        _slack_alert(
+            sentinel.slack_bot_token, sentinel.slack_channel,
+            f"{mentions}:white_check_mark: *Patch finished* — changes committed to Sentinel source.",
+        )
+    elif status == "needs_human":
+        # Boss qualifies the raw Patch explanation before surfacing to users
+        qualified = _boss_qualify_dev_reason(detail, sentinel)
+        _slack_alert(
+            sentinel.slack_bot_token, sentinel.slack_channel,
+            f"{mentions}:warning: *Dev task needs human input*\n{qualified}",
+        )
+    elif status == "skip":
+        qualified = _boss_qualify_dev_reason(detail, sentinel)
+        _slack_alert(
+            sentinel.slack_bot_token, sentinel.slack_channel,
+            f"{mentions}:fast_forward: *Dev task skipped* — {qualified}",
+        )
+    else:
+        _slack_alert(
+            sentinel.slack_bot_token, sentinel.slack_channel,
+            f"{mentions}:x: *Patch error* on task `{task.fingerprint[:8]}` — {detail[:200]}",
+        )
+
+
+async def _dev_poll_loop(cfg_loader: ConfigLoader, store: StateStore):
+    """
+    Background task: poll dev-tasks/ every 60 s and dispatch to Patch.
+    Also scans Sentinel's own log for errors and auto-queues self-repair tasks.
+    """
+    from .dev_watcher import (
+        scan_dev_tasks, purge_old_dev_tasks,
+        scan_sentinel_errors, drop_self_repair_task,
+    )
+
+    # Tracks fingerprints already queued this session (in-memory dedup across polls)
+    _seen_self_fps: set = set()
+
+    # Pre-populate from existing done/cancelled tasks so we don't re-queue on restart
+    project_dir = Path(".")
+    for done_dir in [
+        project_dir / "dev-tasks" / ".done",
+        project_dir / "dev-tasks" / ".cancelled",
+    ]:
+        if done_dir.exists():
+            for f in done_dir.iterdir():
+                if f.stem.startswith("self-"):
+                    parts = f.stem.split("-")
+                    if len(parts) >= 2:
+                        _seen_self_fps.add(parts[1])
+
+    # Wait a bit so the main loop and Boss are fully up first
+    await asyncio.sleep(15)
+
+    while True:
+        try:
+            if cfg_loader.sentinel.sentinel_dev_repo_path:
+                purge_old_dev_tasks(project_dir / "dev-tasks")
+
+                # ── Self-repair: scan Sentinel's own log for new errors ────────
+                log_path = project_dir / "logs" / "sentinel.log"
+                new_errors = scan_sentinel_errors(log_path, seen_fps=_seen_self_fps)
+                for fp, task_body in new_errors:
+                    logger.info("Dev agent: self-repair task queued for error %s", fp[:8])
+                    drop_self_repair_task(project_dir, fp, task_body)
+
+                # ── Process all pending dev tasks (self-repair + human-submitted) ─
+                tasks = scan_dev_tasks(project_dir)
+                if tasks:
+                    logger.info("Dev agent: %d task(s) found", len(tasks))
+                    for task in tasks:
+                        await _handle_dev_task(task, cfg_loader, store)
+        except Exception as e:
+            logger.warning("Dev poll loop error: %s", e)
+        await asyncio.sleep(60)
+
+
+# ── Repo task agent (human-requested changes to managed repos) ────────────────
+
+async def _handle_repo_task(task, repo_cfg, cfg_loader: ConfigLoader, store: StateStore):
+    """Execute a single repo task via Claude Code, post progress to Slack."""
+    from .repo_task_engine import run_repo_task, mark_repo_task_done
+    from .notify import slack_alert as _slack_alert, slack_thread_reply as _slack_reply
+
+    sentinel = cfg_loader.sentinel
+    _submitter = task.submitter_user_id
+    _started_msg = (
+        f":hammer: Working on *<@{_submitter}>*'s request for `{task.repo_name}`\n_{task.message[:120]}_"
+    ) if _submitter else (
+        f":hammer: Working on repo task for `{task.repo_name}`\n_{task.message[:120]}_"
+    )
+    _thread_ts = _slack_alert(sentinel.slack_bot_token, sentinel.slack_channel, _started_msg)
+
+    def _progress(msg: str) -> None:
+        _slack_reply(sentinel.slack_bot_token, sentinel.slack_channel, _thread_ts, msg)
+
+    _loop = asyncio.get_event_loop()
+    try:
+        status, detail = await _loop.run_in_executor(
+            None, run_repo_task, task, repo_cfg, sentinel, store, _progress,
+        )
+    except Exception:
+        logger.exception("Repo task: unexpected error on task %s", task.fingerprint[:8])
+        _progress(":x: Unexpected error — check logs")
+        mark_repo_task_done(task.task_file)
+        return
+
+    mark_repo_task_done(task.task_file)
+
+    # Build mention string: submitter + extra notify users
+    _notify_ids = list(task.notify_user_ids or [])
+    if task.submitter_user_id:
+        mentions = f"<@{task.submitter_user_id}> " + " ".join(
+            f"<@{u}>" for u in _notify_ids if u != task.submitter_user_id
+        )
+        mentions = mentions.strip() + " "
+    else:
+        mentions = " ".join(f"<@{u}>" for u in _notify_ids)
+        mentions = (mentions + " ") if mentions else ""
+
+    if status == "done":
+        if detail:  # PR URL
+            _slack_alert(
+                sentinel.slack_bot_token, sentinel.slack_channel,
+                f"{mentions}:white_check_mark: Done — PR opened for `{task.repo_name}`: {detail}",
+            )
+        else:
+            _slack_alert(
+                sentinel.slack_bot_token, sentinel.slack_channel,
+                f"{mentions}:white_check_mark: Done — changes pushed to `{task.repo_name}/{repo_cfg.branch}`.",
+            )
+    elif status == "needs_human":
+        qualified = _boss_qualify_dev_reason(detail, sentinel)
+        _slack_alert(
+            sentinel.slack_bot_token, sentinel.slack_channel,
+            f"{mentions}:warning: *Task needs human input* (`{task.repo_name}`)\n{qualified}",
+        )
+    elif status == "skip":
+        qualified = _boss_qualify_dev_reason(detail, sentinel)
+        _slack_alert(
+            sentinel.slack_bot_token, sentinel.slack_channel,
+            f"{mentions}:fast_forward: Task skipped for `{task.repo_name}` — {qualified}",
+        )
+    else:
+        _slack_alert(
+            sentinel.slack_bot_token, sentinel.slack_channel,
+            f"{mentions}:x: Task error for `{task.repo_name}` — {(detail or '')[:200]}",
+        )
+
+
+async def _repo_task_poll_loop(cfg_loader: ConfigLoader, store: StateStore):
+    """Background task: poll repo-tasks/ every 60s and dispatch to Claude."""
+    from .repo_task_engine import scan_repo_tasks, mark_repo_task_done
+
+    await asyncio.sleep(20)
+
+    while True:
+        try:
+            project_dir = Path(".")
+            tasks = scan_repo_tasks(project_dir)
+            if tasks:
+                logger.info("Repo task: %d task(s) found", len(tasks))
+            for task in tasks:
+                # Resolve repo config — exact match then fuzzy
+                repo_cfg = cfg_loader.repos.get(task.repo_name)
+                if not repo_cfg:
+                    for rname, rcfg in cfg_loader.repos.items():
+                        if task.repo_name.lower() in rname.lower():
+                            repo_cfg = rcfg
+                            break
+                if not repo_cfg:
+                    logger.warning("Repo task: no config for repo '%s' — skipping", task.repo_name)
+                    mark_repo_task_done(task.task_file)
+                    continue
+                await _handle_repo_task(task, repo_cfg, cfg_loader, store)
+        except Exception as e:
+            logger.warning("Repo task poll loop error: %s", e)
+        await asyncio.sleep(60)
+
+
 # ── Entry point ──────────────────────────────────────────────────────────────────────────────────
 
 def _log_auth_status(cfg: SentinelConfig) -> None:
@@ -995,6 +1258,9 @@ async def run_loop(cfg_loader: ConfigLoader, store: StateStore):
     if cfg_loader.sentinel.slack_bot_token:
         from .slack_bot import run_slack_bot
         asyncio.ensure_future(run_slack_bot(cfg_loader, store))
+    if cfg_loader.sentinel.sentinel_dev_repo_path:
+        asyncio.ensure_future(_dev_poll_loop(cfg_loader, store))
+    asyncio.ensure_future(_repo_task_poll_loop(cfg_loader, store))
 
     while True:
         try: