npm - @misterhuydo/sentinel - Versions diffs - 1.5.0 → 1.5.2 - Mend

@misterhuydo/sentinel 1.5.0 → 1.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/python/sentinel/sentinel_boss.py +26 -7

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.5.0",
+  "version": "1.5.2",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/sentinel/sentinel_boss.py CHANGED Viewed

@@ -2877,6 +2877,7 @@ async def _run_tool(name: str, inputs: dict, cfg_loader, store, slack_client=Non
         # Only inject API key when Claude Pro is NOT preferred for heavy tasks
         if cfg.anthropic_api_key and not cfg.claude_pro_for_tasks:
             env["ANTHROPIC_API_KEY"] = cfg.anthropic_api_key
+        api_env = {**env, "ANTHROPIC_API_KEY": cfg.anthropic_api_key} if cfg.anthropic_api_key else None
         # Build project context block (all repos this Sentinel instance manages)
         _project_name = _read_project_name(Path("."))
@@ -2927,15 +2928,33 @@ async def _run_tool(name: str, inputs: dict, cfg_loader, store, slack_client=Non
                 f"{_mode_instruction}\n\n"
                 f"Question / Task: {question}"
             )
+            from .fix_engine import _is_auth_error
+            skip_perms = os.getuid() != 0
+            # OAuth attempt: no --bare so the stored OAuth session is used naturally
+            oauth_cmd = (
+                [cfg.claude_code_bin, "--dangerously-skip-permissions", "--print", prompt]
+                if skip_perms else
+                [cfg.claude_code_bin, "--print", prompt]
+            )
+            # API key fallback: --bare forces API-key-only auth (no OAuth/hooks)
+            api_cmd = (
+                [cfg.claude_code_bin, "--dangerously-skip-permissions", "--bare", "--print", prompt]
+                if skip_perms else
+                [cfg.claude_code_bin, "--bare", "--print", prompt]
+            )
+            run_kwargs = dict(capture_output=True, text=True, timeout=300,
+                              cwd=str(local_path), stdin=subprocess.DEVNULL)
             try:
-                r = subprocess.run(
-                    ([cfg.claude_code_bin, "--dangerously-skip-permissions", "--bare", "--print", prompt]
-                    if os.getuid() != 0 else
-                    [cfg.claude_code_bin, "--bare", "--print", prompt]),
-                    capture_output=True, text=True, timeout=300, env=env,
-                    cwd=str(local_path), stdin=subprocess.DEVNULL,
-                )
+                r = subprocess.run(oauth_cmd, env=env, **run_kwargs)
                 output = (r.stdout or "").strip()
+                auth_failed = _is_auth_error(output) or _is_auth_error(r.stderr or "")
+                # Silent fallback: OAuth session expired — retry with API key
+                if auth_failed and api_env:
+                    logger.warning("ask_codebase/%s: OAuth session issue — retrying with API key", repo_name)
+                    r = subprocess.run(api_cmd, env=api_env, **run_kwargs)
+                    output = (r.stdout or "").strip()
                 logger.info("Boss ask_codebase %s mode=%s rc=%d len=%d", repo_name, mode, r.returncode, len(output))
                 if r.returncode != 0 and not output:
                     raw_err = (r.stderr or "")