@misterhuydo/sentinel 1.5.4 → 1.5.6

package/python/sentinel/notify.py

@@ -193,6 +193,35 @@ def slack_dm(bot_token: str, user_id: str, text: str) -> None:
         logger.warning("slack_dm: failed to DM %s: %s", user_id, exc)
 
 
+def notify_nexus_auth_failure(cfg, repo_name: str, context: str, mvn_output: str) -> None:
+    """
+    DM the first admin user when a Maven build fails due to missing/invalid Nexus credentials.
+    Called from git_manager, dependency_manager, and sentinel_boss (chain_release) when
+    MavenAuthError is raised.
+    """
+    if not cfg.slack_admin_users or not cfg.slack_bot_token:
+        logger.warning("Cannot DM admin about Nexus auth failure — no admin users or bot token configured")
+        return
+    snippet = mvn_output[-400:].strip() if mvn_output else ""
+    lines = [
+        f":lock: *Maven authentication failed* during `{context}` on `{repo_name}`",
+        "",
+        "Nexus credentials in `~/.m2/settings.xml` are missing or invalid.",
+        "",
+        "Fix it by sending me one of:",
+        "",
+        "*Option 1 — paste your settings.xml*",
+        "`nexus settings`",
+        "then the full XML content on the next line(s).",
+        "",
+        "*Option 2 — credentials per host*",
+        "`nexus creds <host> <username> <password>`",
+    ]
+    if snippet:
+        lines += ["", f"```\n{snippet}\n```"]
+    slack_dm(cfg.slack_bot_token, cfg.slack_admin_users[0], "\n".join(lines))
+
+
 def notify_fix_blocked(
     cfg,
     source: str,
@@ -200,13 +229,13 @@ def notify_fix_blocked(
     reason: str,
     repo_name: str = "",
     submitter_user_id: str = "",
+    origin_channel: str = "",
 ) -> None:
     """
     Notify that a fix needs human intervention.
 
-    - If submitter_user_id is known: DM that person directly.
-    - Otherwise: @channel in the configured Slack channel.
-    - Always: email admins via reporter.send_failure_notification.
+    Posts to origin_channel if set (where the issue was raised), otherwise
+    falls back to cfg.slack_channel. Always emails admins.
     """
     short_reason = (reason or "Claude could not determine a safe fix.")[:600]
     repo_line = f"\n*Repo:* {repo_name}" if repo_name else ""
@@ -218,11 +247,11 @@ def notify_fix_blocked(
         f"*Reason:*\n{short_reason}"
     )
 
-    # Post to channel — mention submitter if known, otherwise broadcast
+    target_channel = origin_channel or cfg.slack_channel
     if submitter_user_id:
-        slack_alert(cfg.slack_bot_token, cfg.slack_channel, f"<@{submitter_user_id}> {slack_text}")
+        slack_alert(cfg.slack_bot_token, target_channel, f"<@{submitter_user_id}> {slack_text}")
     else:
-        slack_alert(cfg.slack_bot_token, cfg.slack_channel, f"<!channel> {slack_text}")
+        slack_alert(cfg.slack_bot_token, target_channel, f"<!channel> {slack_text}")
 
     # Always email admins
     try:
@@ -260,6 +289,7 @@ def notify_missing_tool(
     repo_name: str,
     source: str,
     submitter_user_id: str = "",
+    origin_channel: str = "",
 ) -> None:
     """
     Notify admins that a build tool is missing on this server.
@@ -282,10 +312,11 @@ def notify_missing_tool(
         f"*How to fix:*\n{steps}\n\n"
         f"Then tell me: `retry {repo_name or source}`"
     )
+    target_channel = origin_channel or cfg.slack_channel
     if submitter_user_id:
-        slack_alert(cfg.slack_bot_token, cfg.slack_channel, f"<@{submitter_user_id}> {slack_text}")
+        slack_alert(cfg.slack_bot_token, target_channel, f"<@{submitter_user_id}> {slack_text}")
     else:
-        slack_alert(cfg.slack_bot_token, cfg.slack_channel, f"<!channel> {slack_text}")
+        slack_alert(cfg.slack_bot_token, target_channel, f"<!channel> {slack_text}")
 
 
 def notify_fix_applied(
@@ -296,10 +327,11 @@ def notify_fix_applied(
     branch: str,
     pr_url: str,
     submitter_user_id: str = "",
+    origin_channel: str = "",
 ) -> None:
     """
-    DM the submitter (if known) that their issue was fixed.
-    Falls back to posting in the Slack channel if no submitter.
+    Notify that a fix was applied. Posts to origin_channel if set (where
+    the issue was raised), otherwise falls back to cfg.slack_channel.
     """
     repo_line = f" in *{repo_name}*" if repo_name else ""
     if pr_url:
@@ -315,9 +347,9 @@ def notify_fix_applied(
         + (f"{action_line}\n" if action_line else "")
     ).rstrip()
 
-    # Post to channel — mention submitter if known
+    target_channel = origin_channel or cfg.slack_channel
     channel_text = f"<@{submitter_user_id}> {slack_text}" if submitter_user_id else slack_text
-    slack_alert(cfg.slack_bot_token, cfg.slack_channel, channel_text)
+    slack_alert(cfg.slack_bot_token, target_channel, channel_text)
 
 
 def notify_cascade_started(

package/python/sentinel/repo_task_engine.py

@@ -12,6 +12,7 @@ File format:
     TYPE: feature|fix|refactor|chore
     SUBMITTED_BY: <@UXXX> (UXXX)
     SUBMITTED_AT: 2026-03-27T10:00:00+00:00
+    RUN_AT: 2026-03-28T02:00:00+00:00  # optional — task is held until this UTC time
     NOTIFY: U1234567,U7654321          # optional
 
     Full task description — what to implement, fix, or refactor.
@@ -33,7 +34,7 @@ from .git_manager import _git_env
 
 logger = logging.getLogger(__name__)
 
-_META_PREFIXES = ("REPO:", "TYPE:", "SUBMITTED_BY:", "SUBMITTED_AT:", "NOTIFY:")
+_META_PREFIXES = ("REPO:", "TYPE:", "SUBMITTED_BY:", "SUBMITTED_AT:", "RUN_AT:", "NOTIFY:")
 _TASK_TIMEOUT = 900  # 15 minutes
 
 
@@ -48,6 +49,7 @@ class RepoTask:
     notify_user_ids: list = field(default_factory=list)
     fingerprint: str = ""
     timestamp: str = ""
+    run_at: datetime | None = None  # UTC; task is held until this time if set
 
     def __post_init__(self):
         if not self.fingerprint:
@@ -289,12 +291,20 @@ def run_repo_task(
         if repo.cicd_type:
             try:
                 from .cicd_trigger import trigger as cicd_trigger
-                cicd_trigger(repo, None, task.fingerprint)
-                logger.info("Repo task: CI/CD triggered for %s (%s)", repo.repo_name, repo.cicd_type)
-                if on_progress:
-                    on_progress(f":rocket: Release triggered via `{repo.cicd_type}`")
+                ok = cicd_trigger(repo, None, task.fingerprint)
+                if ok:
+                    logger.info("Repo task: CI/CD triggered for %s (%s)", repo.repo_name, repo.cicd_type)
+                    if on_progress:
+                        on_progress(f":rocket: Release triggered via `{repo.cicd_type}`")
+                    return "done", f"__cicd__{repo.cicd_type}"
+                else:
+                    logger.warning("Repo task: CI/CD trigger failed for %s", repo.repo_name)
+                    if on_progress:
+                        on_progress(f":warning: CI/CD trigger failed for `{repo.cicd_type}` — check logs")
             except Exception as exc:
                 logger.warning("Repo task: CI/CD trigger failed for %s: %s", repo.repo_name, exc)
+                if on_progress:
+                    on_progress(f":warning: CI/CD trigger error — {exc}")
         return "done", None
     else:
         branch = f"sentinel/task-{task.fingerprint[:8]}"
@@ -323,8 +333,13 @@ def drop_repo_task(
     description: str,
     submitter_user_id: str = "",
     notify_user_ids: list | None = None,
+    run_at: datetime | None = None,
 ) -> Path:
-    """Drop a repo task file into <project_dir>/repo-tasks/."""
+    """Drop a repo task file into <project_dir>/repo-tasks/.
+
+    If run_at (UTC-aware datetime) is given the task will be held by the poll
+    loop until that time has passed before executing.
+    """
     tasks_dir = project_dir / "repo-tasks"
     tasks_dir.mkdir(exist_ok=True)
     import uuid as _uuid
@@ -338,11 +353,16 @@ def drop_repo_task(
          if submitter_user_id else "SUBMITTED_BY: system"),
         f"SUBMITTED_AT: {datetime.now(timezone.utc).isoformat()}",
     ]
+    if run_at is not None:
+        lines.append(f"RUN_AT: {run_at.astimezone(timezone.utc).isoformat()}")
     if notify_user_ids:
         lines.append(f"NOTIFY: {','.join(notify_user_ids)}")
     lines += ["", description]
     fpath.write_text("\n".join(lines), encoding="utf-8")
-    logger.info("Dropped repo task: %s", fname)
+    if run_at:
+        logger.info("Dropped repo task (scheduled): %s — run_at=%s", fname, run_at.isoformat())
+    else:
+        logger.info("Dropped repo task: %s", fname)
     return fpath
 
 
@@ -367,6 +387,7 @@ def scan_repo_tasks(project_dir: Path) -> list[RepoTask]:
         task_type = "feature"
         submitter_user_id = ""
         notify_user_ids: list = []
+        run_at: datetime | None = None
         body_start = 0
 
         for i, line in enumerate(lines):
@@ -384,6 +405,13 @@ def scan_repo_tasks(project_dir: Path) -> list[RepoTask]:
                 if m:
                     submitter_user_id = m.group(1)
                 body_start = i + 1
+            elif upper.startswith("RUN_AT:"):
+                raw_ts = stripped[7:].strip()
+                try:
+                    run_at = datetime.fromisoformat(raw_ts).astimezone(timezone.utc)
+                except ValueError:
+                    logger.warning("Repo task %s: invalid RUN_AT value '%s' — ignoring", f.name, raw_ts)
+                body_start = i + 1
             elif upper.startswith("NOTIFY:"):
                 notify_user_ids = [u.strip() for u in stripped[7:].split(",") if u.strip()]
                 body_start = i + 1
@@ -399,6 +427,19 @@ def scan_repo_tasks(project_dir: Path) -> list[RepoTask]:
             logger.warning("Repo task %s has no REPO: header — skipping", f.name)
             continue
 
+        # Hold scheduled tasks until their run_at time has passed
+        if run_at is not None:
+            now_utc = datetime.now(timezone.utc)
+            if now_utc < run_at:
+                remaining = run_at - now_utc
+                hours, rem = divmod(int(remaining.total_seconds()), 3600)
+                minutes = rem // 60
+                logger.debug(
+                    "Repo task %s scheduled for %s — holding (%dh %dm remaining)",
+                    f.name, run_at.isoformat(), hours, minutes,
+                )
+                continue
+
         tasks.append(RepoTask(
             task_file=f,
             repo_name=repo_name,
@@ -407,6 +448,7 @@ def scan_repo_tasks(project_dir: Path) -> list[RepoTask]:
             message=message,
             submitter_user_id=submitter_user_id,
             notify_user_ids=notify_user_ids,
+            run_at=run_at,
         ))
         logger.info("Found repo task: %s → %s (type=%s)", f.name, repo_name, task_type)
 

package/python/sentinel/sentinel_boss.py

@@ -814,12 +814,13 @@ _TOOLS = [
     {
         "name": "repo_task",
         "description": (
-            "ADMIN ONLY. Submit a feature, fix, or refactor task for a managed repo. "
+            "ADMIN ONLY. Submit a feature, fix, refactor, or scheduled deploy task for a managed repo. "
             "Claude Code will run against the repo's local clone, implement the change, "
             "commit, and push (or open a PR if AUTO_PUBLISH=false). "
             "ALWAYS gather a complete spec first — ask follow-up questions until unambiguous. "
             "Use for: 'add X to elprint-connector-service', 'fix Y in cairn', "
-            "'refactor OrderService', any human-requested change to a managed repo."
+            "'refactor OrderService', 'deploy UIB at 3 AM tomorrow', "
+            "any human-requested change to a managed repo — immediate or scheduled."
         ),
         "input_schema": {
             "type": "object",
@@ -843,6 +844,16 @@ _TOOLS = [
                     "items": {"type": "string"},
                     "description": "Extra Slack user IDs to ping on completion (besides the submitter).",
                 },
+                "run_at": {
+                    "type": "string",
+                    "description": (
+                        "Optional. Schedule the task for a future time. "
+                        "Accepts natural language (e.g. '3 AM tomorrow Norwegian time', "
+                        "'kl 03:00 norsk tid', 'at 15:30 CET', 'in 2 hours') "
+                        "or an ISO 8601 datetime string. "
+                        "If omitted the task runs immediately on the next poll cycle."
+                    ),
+                },
             },
             "required": ["repo_name", "description"],
         },
@@ -1628,6 +1639,79 @@ _TOOLS = [
 ]
 
 
+# ── Scheduling helpers ────────────────────────────────────────────────────────
+
+def _parse_run_at(raw: str) -> tuple:
+    """Parse a natural-language or ISO 8601 time expression into a UTC-aware datetime.
+
+    Returns (datetime, None) on success, (None, error_str) on failure.
+
+    Understands:
+      - ISO 8601 strings with or without timezone
+      - "at HH:MM [TZ]"  /  "kl HH:MM [norsk tid|CET|CEST|Oslo]"
+      - "in N hours/minutes"
+      - "tomorrow" modifier before or after HH:MM
+      - Norwegian timezone keywords → Europe/Oslo
+    """
+    import re as _re
+    from datetime import datetime as _dt, timezone as _tz, timedelta as _td
+
+    _UTC = _tz.utc
+
+    # Build Oslo timezone — prefer zoneinfo (accurate DST), fall back to fixed offset
+    try:
+        import zoneinfo as _zi
+        _OSLO = _zi.ZoneInfo("Europe/Oslo")
+    except Exception:
+        # tzdata not installed or unavailable; use fixed UTC+1 (CET, conservative)
+        _OSLO = _tz(_td(hours=1))  # type: ignore[assignment]
+
+    raw_l = raw.lower().strip()
+
+    # ── ISO 8601 ───────────────────────────────────────────────────────────────
+    try:
+        parsed = _dt.fromisoformat(raw)
+        if parsed.tzinfo is None:
+            parsed = parsed.replace(tzinfo=_OSLO)
+        return parsed.astimezone(_UTC), None
+    except ValueError:
+        pass
+
+    # ── "in N hours/minutes" ──────────────────────────────────────────────────
+    m = _re.search(r'in\s+(\d+)\s*(hour|hr|minute|min)', raw_l)
+    if m:
+        n = int(m.group(1))
+        unit = m.group(2)
+        delta = _td(hours=n) if unit.startswith("h") else _td(minutes=n)
+        return _dt.now(_UTC) + delta, None
+
+    # ── "at HH:MM" / "kl HH:MM" with optional TZ and "tomorrow" ──────────────
+    m = _re.search(r'(?:kl\.?\s*|at\s+)?(\d{1,2})[:\.](\d{2})', raw_l)
+    if m:
+        hour, minute = int(m.group(1)), int(m.group(2))
+
+        tz_hint = raw_l
+        if any(kw in tz_hint for kw in ("norsk", "oslo", "norway", "norwegian", "cet", "cest")):
+            tz = _OSLO
+        elif "utc" in tz_hint:
+            tz = _UTC
+        else:
+            tz = _OSLO  # default for this project
+
+        today = _dt.now(tz).date()
+        tomorrow = today + _td(days=1)
+        base_date = tomorrow if "tomorrow" in raw_l or "i morgen" in raw_l else today
+
+        candidate = _dt(base_date.year, base_date.month, base_date.day, hour, minute, tzinfo=tz)
+        # If the time is already past today, roll to tomorrow automatically
+        if candidate <= _dt.now(tz) and "tomorrow" not in raw_l and "i morgen" not in raw_l:
+            candidate += _td(days=1)
+
+        return candidate.astimezone(_UTC), None
+
+    return None, f"Unrecognised time expression: '{raw}'"
+
+
 # ── Workspace helpers ─────────────────────────────────────────────────────────
 
 def _workspace_dir() -> Path:
@@ -2181,6 +2265,15 @@ async def _run_tool(name: str, inputs: dict, cfg_loader, store, slack_client=Non
         if isinstance(notify_ids, list):
             notify_ids = [u for u in notify_ids if u and u != user_id]
 
+        # Parse optional scheduled time
+        run_at_raw = (inputs.get("run_at") or "").strip()
+        run_at_dt = None
+        run_at_parse_error = None
+        if run_at_raw:
+            run_at_dt, run_at_parse_error = _parse_run_at(run_at_raw)
+            if run_at_parse_error:
+                return json.dumps({"error": f"Could not parse run_at: {run_at_parse_error}"})
+
         _project_dirs = _find_project_dirs()
         if not _project_dirs:
             return json.dumps({"error": "No project directory found."})
@@ -2193,8 +2286,29 @@ async def _run_tool(name: str, inputs: dict, cfg_loader, store, slack_client=Non
             description=description,
             submitter_user_id=user_id,
             notify_user_ids=notify_ids,
+            run_at=run_at_dt,
+        )
+        logger.info(
+            "Boss repo_task: dropped %s for user %s (repo=%s, run_at=%s)",
+            task_file.name, user_id, repo_name,
+            run_at_dt.isoformat() if run_at_dt else "immediate",
         )
-        logger.info("Boss repo_task: dropped %s for user %s (repo=%s)", task_file.name, user_id, repo_name)
+        if run_at_dt:
+            import zoneinfo as _zi
+            oslo = _zi.ZoneInfo("Europe/Oslo")
+            local_str = run_at_dt.astimezone(oslo).strftime("%Y-%m-%d %H:%M %Z")
+            return json.dumps({
+                "status": "scheduled",
+                "repo": repo_name,
+                "task_type": task_type,
+                "file": task_file.name,
+                "run_at_utc": run_at_dt.isoformat(),
+                "run_at_local": local_str,
+                "note": (
+                    f"Task scheduled for `{repo_name}` at {local_str} — "
+                    "Sentinel will pick it up automatically when the time arrives."
+                ),
+            })
         return json.dumps({
             "status": "queued",
             "repo": repo_name,

package/python/sentinel/slack_bot.py

@@ -60,6 +60,10 @@ async def _get_or_create_session(user_id: str, user_name: str, channel: str) ->
     async with _sessions_lock:
         if user_id not in _sessions:
             _sessions[user_id] = _Session(user_id, user_name, channel)
+        else:
+            # Always update channel so replies go to wherever the current message came from,
+            # not the channel where the session was first created (e.g. a prior DM).
+            _sessions[user_id].channel = channel
         return _sessions[user_id]
 
 
@@ -353,12 +357,21 @@ async def _dispatch(event: dict, client, cfg_loader, store) -> None:
     if not text:
         text = "hello"
 
-    # Allowlist check — if SLACK_ALLOWED_USERS is configured, silently ignore everyone else
-    # Admins (SLACK_ADMIN_USERS) are always allowed regardless of SLACK_ALLOWED_USERS
+    # Allowlist check — if SLACK_ALLOWED_USERS is configured, only those users + admins may interact.
+    # Admins (SLACK_ADMIN_USERS) are always allowed regardless of SLACK_ALLOWED_USERS.
     allowed = cfg_loader.sentinel.slack_allowed_users
     admin_users = cfg_loader.sentinel.slack_admin_users or []
     if allowed and user_id not in allowed and user_id not in admin_users:
         logger.warning("Boss: ignoring message from unauthorised user %s", user_id)
+        # For DMs: send a polite rejection so the user knows they're not authorized
+        if event.get("channel_type") == "im":
+            try:
+                await client.chat_postMessage(
+                    channel=channel,
+                    text="Sorry, you're not authorized to interact with Sentinel. Contact an admin to get access.",
+                )
+            except Exception:
+                pass
         return
 
     user_name, user_tz = await _resolve_name(client, user_id)

package/python/sentinel/state_store.py

@@ -540,7 +540,6 @@ class StateStore:
         """Remove a fix record so Sentinel will retry the error on the next poll."""
         with self._conn() as conn:
             cur = conn.execute("DELETE FROM fixes WHERE fingerprint = ?", (fingerprint,))
-            conn.execute("UPDATE errors SET last_seen = NULL WHERE fingerprint = ?", (fingerprint,))
         return cur.rowcount > 0
 
     def get_all_errors(self, hours: int = 0) -> list[dict]:

package/python/tests/test_config_loader.py

@@ -0,0 +1,138 @@
+"""Tests for config_loader."""
+
+import textwrap
+
+import pytest
+
+from sentinel.config_loader import ConfigLoader
+
+
+@pytest.fixture
+def config_dir(tmp_path):
+    (tmp_path / "log-configs").mkdir()
+    (tmp_path / "repo-configs").mkdir()
+
+    (tmp_path / "sentinel.properties").write_text(textwrap.dedent("""\
+        POLL_INTERVAL_SECONDS=60
+        SMTP_HOST=smtp.example.com
+        SMTP_PORT=465
+        SMTP_USER=bot@example.com
+        SMTP_PASSWORD=secret
+        MAILS=admin@example.com, ops@example.com
+        REPORT_INTERVAL_HOURS=4
+        STATE_DB=./test.db
+        WORKSPACE_DIR=./workspace
+        CLAUDE_CODE_BIN=claude
+        GITHUB_TOKEN=ghp_test
+        FIX_CONFIDENCE_THRESHOLD=0.8
+    """))
+
+    (tmp_path / "log-configs" / "elprint-salescore.properties").write_text(textwrap.dedent("""\
+        SOURCE_TYPE=ssh
+        KEY=/path/to/key.pem
+        HOSTS=host1, host2
+        LOGS=logs/app.log, logs/alarm.log
+        REMOTE_SERVICE_USER=MyService
+        GREP_FILTER=ERROR|WARN
+        TAIL=200
+    """))
+
+    (tmp_path / "log-configs" / "my-worker.properties").write_text(textwrap.dedent("""\
+        SOURCE_TYPE=cloudflare
+        CF_URL=https://worker.example.com/logs
+        CF_TOKEN=cf_token_abc
+    """))
+
+    (tmp_path / "repo-configs" / "elprint-salescore.properties").write_text(textwrap.dedent("""\
+        REPO_URL=git@github.com:org/elprint-salescore.git
+        LOCAL_PATH=/repos/elprint-salescore
+        BRANCH=main
+        AUTO_PUBLISH=false
+        CICD_TYPE=jenkins
+        CICD_JOB_URL=https://jenkins.quadim.ai/job/elprint-salescore
+        CICD_TOKEN=tok123
+    """))
+
+    # Library — no log-config counterpart
+    (tmp_path / "repo-configs" / "elprint-commons.properties").write_text(textwrap.dedent("""\
+        REPO_URL=git@github.com:org/elprint-commons.git
+        LOCAL_PATH=/repos/elprint-commons
+        BRANCH=main
+        AUTO_PUBLISH=false
+        CICD_TYPE=
+        CICD_JOB_URL=
+        CICD_TOKEN=
+    """))
+
+    return tmp_path
+
+
+def test_sentinel_config(config_dir):
+    loader = ConfigLoader(str(config_dir))
+    cfg = loader.sentinel
+    assert cfg.poll_interval_seconds == 60
+    assert cfg.smtp_host == "smtp.example.com"
+    assert cfg.mails == ["admin@example.com", "ops@example.com"]
+    assert cfg.fix_confidence_threshold == 0.8
+    assert cfg.github_token == "ghp_test"
+
+
+def test_log_sources(config_dir):
+    loader = ConfigLoader(str(config_dir))
+    assert "elprint-salescore" in loader.log_sources
+    assert "my-worker" in loader.log_sources
+
+    ssh = loader.log_sources["elprint-salescore"]
+    assert ssh.source_type == "ssh"
+    assert ssh.hosts == ["host1", "host2"]
+    assert ssh.tail == 200
+    assert ssh.name == "elprint-salescore"
+
+    cf = loader.log_sources["my-worker"]
+    assert cf.source_type == "cloudflare"
+    assert cf.cf_url == "https://worker.example.com/logs"
+
+
+def test_repos(config_dir):
+    loader = ConfigLoader(str(config_dir))
+    assert "elprint-salescore" in loader.repos
+    assert "elprint-commons" in loader.repos
+
+    r = loader.repos["elprint-salescore"]
+    assert r.repo_name == "elprint-salescore"   # derived from stem
+    assert r.auto_publish is False
+    assert r.cicd_job_url == "https://jenkins.quadim.ai/job/elprint-salescore"
+    assert r.cicd_token == "tok123"
+
+    lib = loader.repos["elprint-commons"]
+    assert lib.cicd_job_url == ""   # library, no CI/CD
+
+
+def test_stem_linking(config_dir):
+    """Log-config and repo-config with same stem are linkable by key lookup."""
+    loader = ConfigLoader(str(config_dir))
+    # elprint-salescore exists in both — they link by stem
+    assert "elprint-salescore" in loader.log_sources
+    assert "elprint-salescore" in loader.repos
+    # elprint-commons has no log-config — that's fine
+    assert "elprint-commons" not in loader.log_sources
+    assert "elprint-commons" in loader.repos
+
+
+def test_inline_comments_stripped(config_dir):
+    (config_dir / "repo-configs" / "test-svc.properties").write_text(
+        "REPO_URL=git@github.com:org/test.git  # comment\nLOCAL_PATH=/repos/test\n"
+    )
+    loader = ConfigLoader(str(config_dir))
+    assert loader.repos["test-svc"].repo_url == "git@github.com:org/test.git"
+
+
+def test_no_redundant_fields(config_dir):
+    """Confirm removed fields are not present on config objects."""
+    loader = ConfigLoader(str(config_dir))
+    repo = loader.repos["elprint-salescore"]
+    assert not hasattr(repo, "repo_name_field")       # REPO_NAME property gone
+    assert not hasattr(repo, "package_prefixes")      # PACKAGE_PREFIXES gone
+    assert not hasattr(repo, "cairn_mcp_enabled")     # CAIRN_MCP_ENABLED gone
+    log = loader.log_sources["elprint-salescore"]
+    assert hasattr(log, "target_repo")                # target_repo exists (used for routing)

package/python/tests/test_log_parser.py

@@ -0,0 +1,62 @@
+"""Tests for log_parser."""
+
+import textwrap
+from pathlib import Path
+
+import pytest
+
+from sentinel.log_parser import parse_log_file, _fingerprint, _normalize_message
+
+
+SAMPLE_LOG = textwrap.dedent("""\
+    2024-01-15 12:00:00.000 INFO  [main] com.example.App - Starting application
+    2024-01-15 12:01:00.123 ERROR [http-nio-1] com.example.UserService - Failed to load user 42
+    \tat com.example.UserService.load(UserService.java:88)
+    \tat com.example.Controller.handle(Controller.java:55)
+    \t... 10 more
+    2024-01-15 12:02:00.456 WARN  [scheduler] com.example.Job - Job took too long
+    2024-01-15 12:03:00.789 ERROR [http-nio-2] com.example.UserService - Failed to load user 99
+    \tat com.example.UserService.load(UserService.java:88)
+    \tat com.example.Controller.handle(Controller.java:55)
+""")
+
+
+@pytest.fixture
+def log_file(tmp_path):
+    p = tmp_path / "app.log"
+    p.write_text(SAMPLE_LOG)
+    return p
+
+
+def test_parse_events(log_file):
+    events = parse_log_file(log_file, "TEST")
+    # INFO is filtered out; we expect 2 ERRORs and 1 WARN
+    assert len(events) == 3
+    levels = {e.level for e in events}
+    assert "ERROR" in levels
+    assert "WARN" in levels
+
+
+def test_stack_trace_attached(log_file):
+    events = parse_log_file(log_file, "TEST")
+    errors = [e for e in events if e.level == "ERROR"]
+    assert all(len(e.stack_trace) > 0 for e in errors)
+
+
+def test_dedup_fingerprint(log_file):
+    events = parse_log_file(log_file, "TEST")
+    errors = [e for e in events if e.level == "ERROR"]
+    # Both errors have the same message pattern and stack → same fingerprint
+    assert errors[0].fingerprint == errors[1].fingerprint
+
+
+def test_normalize_strips_ids():
+    msg = "Failed to load user 42 at 2024-01-15 12:00:00"
+    norm = _normalize_message(msg)
+    assert "42" not in norm
+    assert "TIMESTAMP" in norm
+
+
+def test_source_name_attached(log_file):
+    events = parse_log_file(log_file, "MYSOURCE")
+    assert all(e.source == "MYSOURCE" for e in events)