@misterhuydo/sentinel 1.5.44 → 1.5.46

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.5.44",
+  "version": "1.5.46",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/sentinel/__init__.py

@@ -1 +1 @@
-__version__ = "1.5.44"
+__version__ = "1.5.46"

package/python/sentinel/config_loader.py

@@ -120,6 +120,7 @@ class RepoConfig:
     cicd_job_url: str = ""
     cicd_user: str = ""      # Jenkins username for Basic auth (defaults to "sentinel")
     health_url: str = ""     # optional: HTTP endpoint returning {"Status": "true"}
+    service_aliases: list[str] = field(default_factory=list)  # short names that route to this repo (e.g. ["STS", "SecurityTokenService"])
     cicd_token: str = ""
     git_ssh_user_key: str = ""   # personal GitHub SSH key (contributor on org repos)
     git_ssh_deploy_key: str = "" # repo-specific deploy key (repos you own/admin)
@@ -345,6 +346,7 @@ class ConfigLoader:
             r.cicd_user = d.get("CICD_USER", "")
             r.cicd_token = d.get("CICD_TOKEN", "")
             r.health_url = d.get("HEALTH_URL", "")
+            r.service_aliases = _csv(d.get("SERVICE_ALIASES", ""))
             raw_user_key   = d.get("GIT_SSH_USER_KEY", "")
             raw_deploy_key = d.get("GIT_SSH_DEPLOY_KEY", "") or d.get("GIT_SSH_KEY", "") or d.get("SSH_KEY_FILE", "")
             r.git_ssh_user_key   = os.path.expanduser(raw_user_key)   if raw_user_key   else default_user_key

package/python/sentinel/sentinel_boss.py

@@ -563,27 +563,23 @@ When to act vs. when to ask:
   When filter_logs returns no hits after a recent release, always retry with search_logs before
   telling the user the log line isn't there.
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-LOG RESULTS DO NOT PROVE DEPLOYMENT STATUS
+LOG SEARCH RESULTS — REPORT ONLY WHAT WAS FOUND
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-You are FORBIDDEN from asserting "release X is not deployed" or "servers are still on old version"
-based solely on log search results — not from zero hits, not from finding old lines without new ones.
+When the user asks to filter, search, or fetch logs: report exactly what the tool returned.
+Do NOT add deployment status, release status, version conclusions, or "next steps" about Jenkins.
+The user asked for log lines — give them the log lines (or "no matches found"), nothing more.
 
-WHY: A log line only appears when that exact code path executes. Finding 0 hits or only old log
-lines says nothing about what code version is running. The new line simply hasn't been triggered yet.
-
-WRONG — NEVER SAY THESE:
-  "Zero hits for '<feature log pattern>'. Release X.Y.Z has not deployed."
-  "Found old log entries but no new ones — servers are still on the previous version."
-  "The new code from release X.Y.Z is still not deployed."
+WRONG (user asked for log results, not deployment analysis):
+  "Found 3 matches. The new code from release X.Y.Z is still not deployed."
+  "No matches — the servers haven't picked up the new release yet."
+  "Zero hits. Check Jenkins to confirm the build status."
 
 CORRECT:
-  "No '<feature log pattern>' lines yet — the code path hasn't been triggered since the last
-  fetch. This says nothing about whether the release is deployed."
+  "3 matches found: [table of results]"
+  "No matches for '<pattern>' in <source>."
 
-To verify if a release is live:
-  1. FIRST: call check_health for the relevant source/repo — it returns the live version directly.
-  2. If no HEALTH_URL is configured: search_logs with query "Starting|started in|version|initialized".
-NEVER state deployment status without calling check_health first.
+Deployment/version questions are separate. If the user asks "is version X deployed?", THEN
+call check_health (returns live version from HEALTH_URL) or search_logs for startup lines.
 - If a tool call will take a moment (search, fetch, pull), prefix your reply with a brief "working" line ending in "..." before the results, e.g. "Searching SSOLWA for TryDig activity..." then the actual output.
   Never just say a working line and stop — always follow it with the results in the same message.
 

package/python/sentinel/slack_bot.py

@@ -185,8 +185,9 @@ def _infer_target_repo(text: str, repos: dict, store=None) -> str:
     """
     Try to infer a target repo from bot message content.
     Checks in order:
-      1. Saved aliases in DB (e.g. "STS" → "Whydah-SecurityTokenService")
-      2. Case-insensitive substring match against repo names
+      1. SERVICE_ALIASES declared in repo config files (e.g. SERVICE_ALIASES=STS,SecurityTokenService)
+      2. Saved aliases in DB (learned at runtime via Boss conversation)
+      3. Case-insensitive substring match against repo names
     Returns the repo name on a unique match, empty string otherwise.
     """
     import re as _re
@@ -195,13 +196,22 @@ def _infer_target_repo(text: str, repos: dict, store=None) -> str:
 
     for hint in hints:
         hint_clean = hint.rstrip(".,:")
-        # 1. Saved alias lookup
+        hint_lower = hint_clean.lower()
+
+        # 1. Config-declared SERVICE_ALIASES (authoritative, version-controlled)
+        for repo_name, repo in repos.items():
+            declared = getattr(repo, "service_aliases", [])
+            if any(hint_lower == a.lower() for a in declared):
+                return repo_name
+
+        # 2. Runtime DB aliases (learned via Boss conversation)
         if store:
             alias = store.get_service_alias(hint_clean)
             if alias and alias in repos:
                 return alias
-        # 2. Case-insensitive substring match
-        sub_matches = [r for r in repos if hint_clean.lower() in r.lower()]
+
+        # 3. Case-insensitive substring match against repo names
+        sub_matches = [r for r in repos if hint_lower in r.lower()]
         if len(sub_matches) == 1:
             return sub_matches[0]