@misterhuydo/sentinel 1.5.6 → 1.5.7

package/.cairn/.hint-lock

@@ -1 +1 @@
-2026-03-30T14:37:27.048Z
+2026-04-08T10:44:56.970Z

package/.cairn/minify-map.json

@@ -11,12 +11,6 @@
     "minifiedAt": 1774252437350.0059,
     "readCount": 1
   },
-  "J:\\Projects\\Sentinel\\cli\\python\\sentinel\\main.py": {
-    "tempPath": "J:\\Projects\\Sentinel\\cli\\.cairn\\views\\5f5141_main.py",
-    "state": "compressed",
-    "minifiedAt": 1774873506610.8174,
-    "readCount": 1
-  },
   "J:\\Projects\\Sentinel\\cli\\python\\sentinel\\cicd_trigger.py": {
     "tempPath": "J:\\Projects\\Sentinel\\cli\\.cairn\\views\\7802b9_cicd_trigger.py",
     "state": "compressed",

package/.cairn/session.json

@@ -1,7 +1,19 @@
 {
-  "message": "Auto-checkpoint at 2026-03-30T14:46:10.664Z",
-  "checkpoint_at": "2026-03-30T14:46:10.665Z",
-  "active_files": [],
-  "notes": [],
-  "mtime_snapshot": {}
+  "message": "Auto-checkpoint at 2026-04-08T10:32:33.099Z",
+  "checkpoint_at": "2026-04-08T10:32:33.174Z",
+  "active_files": [
+    "J:\\Projects\\Sentinel\\cli\\bin\\sentinel.js",
+    "J:\\Projects\\Sentinel\\cli\\lib\\test.js",
+    "J:\\Projects\\Sentinel\\cli\\python\\sentinel\\main.py",
+    "J:\\Projects\\Sentinel\\cli\\python\\sentinel\\cicd_trigger.py"
+  ],
+  "notes": [
+    "[2026-04-08] git-snapshot: .cairn/session.json                    |  28 ++++-\n .claude/settings.local.json            |  47 ++++++-\n cli/.cairn/.hint-lock                  |   2 +-\n cli/.cairn/minify-map.json             |  14 ++-\n cli/.cairn/session.json                |   4 +-\n cli/.cairn/views/62a614_bundle.js      |   5 +-\n cli/lib/.cairn/minify-map.json         |   6 +\n cli/lib/.cairn/views/fb78ac_upgrade.js |  37 +++++-\n cli/lib/.cairn/views/fc4a1a_add.js     | 215 +++++++++++++++++++++++++--------\n 9 files changed, 295 insertions(+), 63 deletions(-) | status: M ../.cairn/session.json\n M ../.claude/settings.local.json\n M .cairn/.hint-lock\n M .cairn/minify-map.json\n M .cairn/session.json\n M .cairn/views/62a614_bundle.js\n M lib/.cairn/minify-map.json\n M lib/.cairn/views/fb78ac_upgrade.js\n M lib/.cairn/views/fc4a1a_add.js\n?? ../.cairn/.cairn-project\n?? ../.cairn/memory/\n?? ../.cairn/minify-map.json\n?? ../.cairn/views/\n?? .cairn/views/23edf4_sentinel_boss.py\n?? .cairn/views/5f5141_main.py\n?? .cairn/views/7802b9_cicd_trigger.py\n?? .cairn/views/ac3df4_repo_task_engine.py\n?? lib/.cairn/views/2a85cc_init.js\n?? lib/.cairn/views/e26996_slack-setup.js\n?? ../scripts/fix_ask_codebase_context.py\n?? ../scripts/fix_ask_codebase_stdin.py\n?? ../scripts/fix_chain_slack.py\n?? ../scripts/fix_fstring.py\n?? ../scripts/fix_knowledge_cache.py\n?? ../scripts/fix_knowledge_cache_staleness.py\n?? ../scripts/fix_merge_confirm.py\n?? ../scripts/fix_permission_messages.py\n?? ../scripts/fix_pr_check_head_detect.py\n?? ../scripts/fix_pr_msg_newlines.py\n?? ../scripts/fix_pr_tracking_boss.py\n?? ../scripts/fix_pr_tracking_db.py\n?? ../scripts/fix_pr_tracking_main.py\n?? ../scripts/fix_project_isolation.py\n?? ../scripts/fix_system_prompt.py\n?? ../scripts/fix_two_bugs.py\n?? ../scripts/patch_chain_release.py"
+  ],
+  "mtime_snapshot": {
+    "J:\\Projects\\Sentinel\\cli\\bin\\sentinel.js": 1774252515044.4768,
+    "J:\\Projects\\Sentinel\\cli\\lib\\test.js": 1774252437350.0059,
+    "J:\\Projects\\Sentinel\\cli\\python\\sentinel\\main.py": 1775575790779.8606,
+    "J:\\Projects\\Sentinel\\cli\\python\\sentinel\\cicd_trigger.py": 1774523631399.9514
+  }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.5.6",
+  "version": "1.5.7",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/sentinel/sentinel_boss.py

@@ -516,6 +516,8 @@ When to act vs. when to ask:
 - Write/action tools (create_issue, trigger_poll, pull_repo, pause_sentinel, install_tool, merge_pr,
   retry_issue, cancel_issue, post_file) → act immediately for clear commands; confirm only when intent is ambiguous
   (e.g. unclear which project or repo to target).
+- trigger_poll → trigger it, then IMMEDIATELY call get_status and report what is happening.
+  Never stop at "poll triggered" — the human wants to know the outcome, not that the trigger was sent.
 - Explaining a tool ("what does X do?") → explain naturally, then offer to run it if relevant.
 - NEVER gate investigation on user approval. If diagnosing a problem, run all relevant read tools
   first, then present findings. Asking "Want me to look?" wastes a round trip.
@@ -578,7 +580,9 @@ Sentinel is a 24/7 autonomous agent. Act on clear signals without asking permiss
 3. Populate `findings` with curated evidence — only when relevant and concise:
    - Summarise: which services, how often, key pattern, 1-3 example lines. Max 500 words.
    - Do NOT paste raw tool output.
-4. After creating, tell them the issue was queued and Sentinel will pick it up on the next poll.
+4. After creating, immediately call get_status and report: how many items are now in the queue,
+   what is already in progress, and when the next poll will pick things up.
+   Tell them they will get an @mention in this channel when the fix is applied or blocked.
 
 Autonomous action policy — Sentinel acts, humans review outcomes:
 - Read/investigate tools → always act immediately, no confirmation needed.
@@ -588,6 +592,35 @@ Autonomous action policy — Sentinel acts, humans review outcomes:
 - pause_sentinel → confirm once (halts all monitoring).
 - Everything else → use judgment. When in doubt, act and report what you did.
 
+PROACTIVE COMMUNICATION — CRITICAL RULES:
+You are a push-first agent. The engineer should NEVER have to ask for a status update
+on something you already know about or can find out.
+
+BANNED phrases (never say these):
+- "Want me to check again in a few minutes?"
+- "Should I check on that?"
+- "I'll keep an eye on it."
+- "I'll monitor that for you."
+- "Let me know if you'd like an update."
+- Anything that puts the follow-up burden back on the human.
+
+Instead:
+- If checking is warranted → check now, report the result in the same message.
+- If something is running async (fix, task, poll) → tell the human EXACTLY what automated
+  notification they will receive and when. Example: "The main loop will post here when the
+  fix is applied or fails — usually within 2–3 minutes."
+- After trigger_poll → wait for it, then call get_status immediately and report findings.
+  Do not stop at "poll triggered" — that is not an answer, it is a non-answer.
+
+The main poll loop sends proactive Slack messages automatically when:
+- A fix is applied (commit + PR opened)
+- A fix is blocked (test failure, patch too large, etc.)
+- A fix is confirmed (no recurrence for MARKER_CONFIRM_HOURS)
+- A repo task or dev task completes or fails
+- A health check recovers
+You do NOT need to promise to monitor — the system already does it. Tell users this explicitly
+when it is relevant, then end with [DONE].
+
 When the engineer's request is fully handled, end your LAST message with the token: [DONE]
 IMPORTANT: Always write your actual reply text FIRST, then append [DONE] at the end. Example: "Hello! I'm Sentinel. [DONE]". Never output [DONE] as your only content.
 For greetings like "hello" or empty messages, introduce yourself briefly and offer help, then end with [DONE].
@@ -657,9 +690,11 @@ _TOOLS = [
     {
         "name": "get_status",
         "description": (
-            "Get recent errors, fixes applied, fixes pending review, and open PRs. "
+            "Get recent errors, fixes applied, fixes pending review, open PRs, "
+            "and the live task queue (issues and repo tasks waiting to be picked up). "
             "Use for: 'what happened today?', 'any issues?', 'how are things?', "
-            "'what are the open PRs?', 'did sentinel fix anything?'"
+            "'what are the open PRs?', 'did sentinel fix anything?', "
+            "'what is queued?', 'what is pending?', 'progress on X?'"
         ),
         "input_schema": {
             "type": "object",
@@ -1829,6 +1864,61 @@ async def _run_tool(name: str, inputs: dict, cfg_loader, store, slack_client=Non
             }
             for e in errors[:8]
         ]
+
+        # ── Live queue scan ────────────────────────────────────────────────────
+        # Show what is physically in the queue dirs, not just what is in the DB.
+        from datetime import datetime as _dt, timezone as _tz
+        _now = _dt.now(_tz.utc)
+
+        def _queue_entries(queue_dir: Path) -> list[dict]:
+            """Return pending task/issue files with age and first-line preview."""
+            entries = []
+            if not queue_dir.exists():
+                return entries
+            for f in sorted(queue_dir.iterdir()):
+                if not f.is_file() or f.name.startswith("."):
+                    continue
+                try:
+                    lines = f.read_text(encoding="utf-8", errors="replace").splitlines()
+                except OSError:
+                    continue
+                # Parse RUN_AT if present (scheduled tasks held for the future)
+                run_at_str = next(
+                    (l.split(":", 1)[1].strip() for l in lines
+                     if l.strip().upper().startswith("RUN_AT:")), None
+                )
+                run_at_dt = None
+                if run_at_str:
+                    try:
+                        run_at_dt = _dt.fromisoformat(run_at_str).astimezone(_tz.utc)
+                    except ValueError:
+                        pass
+                age_s = int((_now - _dt.fromtimestamp(f.stat().st_mtime, _tz.utc)).total_seconds())
+                preview = next((l.strip() for l in lines if l.strip() and not l.strip().upper().startswith(
+                    ("REPO:", "TYPE:", "SUBMITTED_BY:", "SUBMITTED_AT:", "RUN_AT:", "NOTIFY:",
+                     "SOURCE:", "TARGET_REPO:", "FINGERPRINT:", "SUPPORT_URL:")
+                )), f.name)
+                entry = {
+                    "file": f.name,
+                    "age_seconds": age_s,
+                    "preview": preview[:120],
+                }
+                if run_at_dt:
+                    remaining = int((run_at_dt - _now).total_seconds())
+                    if remaining > 0:
+                        entry["scheduled_in_seconds"] = remaining
+                        entry["scheduled_at"] = run_at_dt.isoformat()
+                entries.append(entry)
+            return entries
+
+        _project_dirs = _find_project_dirs()
+        _pd = _project_dirs[0] if _project_dirs else Path(".")
+        queued_issues     = _queue_entries(_pd / "issues")
+        queued_repo_tasks = _queue_entries(_pd / "repo-tasks")
+        # Scheduled tasks are repo-tasks with a future run_at
+        scheduled_tasks   = [t for t in queued_repo_tasks if "scheduled_in_seconds" in t]
+        pending_repo_tasks = [t for t in queued_repo_tasks if "scheduled_in_seconds" not in t]
+
         return json.dumps({
             "window_hours":    hours,
             "errors_detected": len(errors),
@@ -1846,6 +1936,9 @@ async def _run_tool(name: str, inputs: dict, cfg_loader, store, slack_client=Non
                 for p in prs
             ],
             "sentinel_paused": Path("SENTINEL_PAUSE").exists(),
+            "queued_issues":       queued_issues,
+            "queued_repo_tasks":   pending_repo_tasks,
+            "scheduled_tasks":     scheduled_tasks,
         })
 
     if name == "check_auth_status":

package/.cairn/views/5f5141_main.py

@@ -1,1067 +0,0 @@
-from __future__ import annotations
-import argparse
-import asyncio
-import json
-import logging
-import os
-import re
-import shutil
-import signal
-import subprocess
-import sys
-from datetime import datetime, timezone
-from pathlib import Path
-from .cairn_client import ensure_installed as cairn_installed, index_repo
-from .config_loader import ConfigLoader, SentinelConfig
-from .fix_engine import generate_fix
-from .git_manager import apply_and_commit, publish, _git_env, MissingToolError, poll_open_prs
-from .cicd_trigger import trigger as cicd_trigger
-from .log_fetcher import fetch_all
-from .log_parser import parse_all, scan_all_for_markers, ErrorEvent
-from .issue_watcher import scan_issues, mark_done, purge_old_issues, IssueEvent
-from .repo_router import route
-from .reporter import build_and_send, send_fix_notification, send_failure_notification, send_confirmed_notification, send_regression_notification, send_startup_notification, send_upgrade_notification
-from .notify import notify_fix_blocked, notify_fix_applied, notify_missing_tool, notify_tool_installing, notify_cascade_started, notify_cascade_result
-from .health_checker import evaluate_repos
-from .state_store import StateStore
-logging.basicConfig(
-    level=logging.INFO,
-    format="%(asctime)s %(levelname)-7s %(name)s — %(message)s",
-    handlers=[
-        logging.StreamHandler(sys.stdout),
-    ],
-)
-logger = logging.getLogger("sentinel")
-_report_requested = False
-def _on_sigusr1(*_):
-    global _report_requested
-    _report_requested = True
-    logger.info("SIGUSR1 received — health report queued")
-def _register_signals():
-    try:
-        signal.signal(signal.SIGUSR1, _on_sigusr1)
-    except (OSError, AttributeError):
-        pass
-_SAFE_TOOLS: dict[str, dict] = {
-    "mvn":    {"pkg": "maven",       "build_files": ["pom.xml"]},
-    "npm":    {"pkg": "npm",         "build_files": ["package.json"]},
-    "gradle": {"pkg": "gradle",      "build_files": ["build.gradle", "build.gradle.kts"]},
-    "pip3":   {"pkg": "python3-pip", "build_files": ["requirements.txt", "pyproject.toml", "setup.py"]},
-    "pip":    {"pkg": "python3-pip", "build_files": ["requirements.txt", "pyproject.toml", "setup.py"]},
-    "yarn":   {"pkg": "yarn",        "build_files": ["yarn.lock"]},
-    "make":   {"pkg": "make",        "build_files": ["Makefile"]},
-}
-def _auto_install_if_safe(
-    tool: str,
-    repo_path: str,
-    sentinel: SentinelConfig,
-    repo_name: str,
-    source: str,
-) -> bool:
-    from .notify import slack_alert
-    spec = _SAFE_TOOLS.get(tool)
-    if not spec:
-        logger.info("Tool '%s' not in safe whitelist — skipping auto-install", tool)
-        return False
-    repo_p = Path(repo_path)
-    def _build_file_exists(bf: str) -> bool:
-        if (repo_p / bf).exists():
-            return True
-        return any(sub.is_dir() and (sub / bf).exists() for sub in repo_p.iterdir())
-    if not any(_build_file_exists(bf) for bf in spec["build_files"]):
-        logger.info(
-            "Tool '%s' is whitelisted but no matching build file found in %s — skipping",
-            tool, repo_path,
-        )
-        return False
-    pkg = spec["pkg"]
-    logger.info("Auto-installing '%s' (pkg: %s) required by %s", tool, pkg, repo_name)
-    notify_tool_installing(sentinel, tool, repo_name, source)
-    env = {**os.environ}
-    api_key = sentinel.anthropic_api_key or os.environ.get("ANTHROPIC_API_KEY", "")
-    if api_key:
-        env["ANTHROPIC_API_KEY"] = api_key
-    prompt = (
-        f"Install '{pkg}' on this server so it can be used as a build tool. "
-        f"Detect the OS and package manager (yum/dnf/apt), then run the appropriate install command. "
-        f"After installing, verify by running '{tool} --version' or the equivalent. "
-        f"Report the installed version. No explanations — just install and report."
-    )
-    try:
-        result = subprocess.run(
-            [sentinel.claude_code_bin, "--dangerously-skip-permissions", "--bare", "--print", prompt],
-            capture_output=True, text=True, timeout=300, env=env,
-        )
-        output = ((result.stdout or "") + (result.stderr or "")).strip()
-        success = result.returncode == 0
-        logger.info("Auto-install '%s': %s\n%s", tool, "OK" if success else "FAILED", output[-500:])
-        if success:
-            slack_alert(
-                sentinel.slack_bot_token,
-                sentinel.slack_channel,
-                f":white_check_mark: *`{tool}` installed* for *{repo_name}*\n"
-                f"```{output[-300:]}```\nRetrying fix now...",
-            )
-        else:
-            slack_alert(
-                sentinel.slack_bot_token,
-                sentinel.slack_channel,
-                f":x: *Auto-install of `{tool}` failed* for *{repo_name}*\n"
-                f"```{output[-300:]}```\nAdmin intervention required.",
-            )
-        return success
-    except (FileNotFoundError, subprocess.TimeoutExpired) as exc:
-        logger.error("Auto-install of '%s' failed: %s", tool, exc)
-        return False
-def _run_cascade(repo, sentinel, cfg_loader):
-    from .dependency_manager import get_artifact_id, get_release_version, plan_cascade, execute_cascade
-    artifact_id = get_artifact_id(repo.local_path)
-    new_version = get_release_version(repo.local_path)
-    if not artifact_id or not new_version:
-        logger.warning("Cascade skipped for %s — could not read artifact/version from pom.xml", repo.repo_name)
-        return
-    cascade_plan = plan_cascade(repo.repo_name, cfg_loader.repos)
-    target_repo_names = [d["repo"] for d in cascade_plan.get("dependents", [])]
-    if not target_repo_names:
-        logger.info("Cascade: no dependents found for %s", artifact_id)
-        return
-    logger.info("Cascade: updating %s in %d repo(s): %s", artifact_id, len(target_repo_names), target_repo_names)
-    notify_cascade_started(sentinel, artifact_id, new_version, target_repo_names)
-    results = execute_cascade(repo.repo_name, new_version, artifact_id, cfg_loader.repos, sentinel)
-    notify_cascade_result(sentinel, artifact_id, new_version, results)
-    ok = sum(1 for r in results if r.success)
-    logger.info("Cascade complete: %d/%d repos updated for %s=%s", ok, len(results), artifact_id, new_version)
-async def _handle_error(event: ErrorEvent, cfg_loader: ConfigLoader, store: StateStore):
-    sentinel = cfg_loader.sentinel
-    repo = route(event, cfg_loader.repos)
-    if not repo:
-        return
-    if Path("SENTINEL_PAUSE").exists():
-        logger.info("SENTINEL_PAUSE present — fix activity halted")
-        return
-    if event.is_infra_issue:
-        logger.info("Infra issue for %s — log only", event.fingerprint)
-        store.record_fix(event.fingerprint, "skipped", repo_name=repo.repo_name)
-        return
-    if event.severity == "CRITICAL" and repo.auto_publish:
-        logger.warning("CRITICAL in auto-publish repo '%s' — flagging for human review", repo.repo_name)
-        store.record_fix(event.fingerprint, "skipped", repo_name=repo.repo_name)
-        return
-    if store.fix_attempted_recently(event.fingerprint, hours=24):
-        logger.debug("Fix already attempted recently for %s", event.fingerprint)
-        return
-    patches_dir = Path(sentinel.workspace_dir).resolve() / "patches"
-    status, patch_path, marker = generate_fix(event, repo, sentinel, patches_dir, store)
-    if status != "patch" or patch_path is None:
-        outcome = "skipped" if status in ("skip", "needs_human") else "failed"
-        store.record_fix(event.fingerprint, outcome, repo_name=repo.repo_name)
-        if status == "needs_human":
-            notify_fix_blocked(sentinel, event.source, event.message,
-                               reason=marker, repo_name=repo.repo_name,
-                               submitter_user_id="")
-        else:
-            send_failure_notification(sentinel, {
-                "source":    event.source,
-                "message":   event.message,
-                "repo_name": repo.repo_name,
-                "reason":    f"Claude Code returned {status.upper()}",
-                "body":      event.full_text()[:500],
-            })
-        return
-    try:
-        commit_status, commit_hash = apply_and_commit(event, patch_path, repo, sentinel)
-    except MissingToolError as e:
-        logger.warning("Missing tool for %s: %s", event.source, e)
-        if _auto_install_if_safe(e.tool, repo.local_path, sentinel, repo.repo_name, event.source):
-            try:
-                commit_status, commit_hash = apply_and_commit(event, patch_path, repo, sentinel)
-            except MissingToolError as e2:
-                logger.error("Still missing tool after auto-install: %s", e2)
-                notify_missing_tool(sentinel, e2.tool, repo.repo_name, event.source, "")
-                store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
-                return
-        else:
-            notify_missing_tool(sentinel, e.tool, repo.repo_name, event.source, "")
-            store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
-            return
-    if commit_status != "committed":
-        store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
-        send_failure_notification(sentinel, {
-            "source":    event.source,
-            "message":   event.message,
-            "repo_name": repo.repo_name,
-            "reason":    "Patch was generated but commit/tests failed",
-            "body":      event.full_text()[:500],
-        })
-        return
-    branch, pr_url = publish(event, repo, sentinel, commit_hash)
-    store.record_fix(
-        event.fingerprint,
-        "applied" if repo.auto_publish else "pending",
-        patch_path=str(patch_path),
-        commit_hash=commit_hash,
-        branch=branch,
-        pr_url=pr_url,
-        repo_name=repo.repo_name,
-        sentinel_marker=marker,
-    )
-    send_fix_notification(sentinel, {
-        "source":       event.source,
-        "severity":     event.severity,
-        "fingerprint":  event.fingerprint,
-        "first_seen":   str(event.timestamp),
-        "message":      event.message,
-        "stack_trace":  getattr(event, "stack_trace", ""),
-        "repo_name":    repo.repo_name,
-        "commit_hash":  commit_hash,
-        "branch":       branch,
-        "pr_url":       pr_url,
-        "auto_publish": repo.auto_publish,
-        "files_changed": [],
-    })
-    if repo.auto_publish:
-        ok = cicd_trigger(repo, store, event.fingerprint)
-        if ok and repo.cicd_type.lower() in ("jenkins_release", "jenkins-release"):
-            _run_cascade(repo, sentinel, cfg_loader)
-async def _handle_issue(event: IssueEvent, cfg_loader: ConfigLoader, store: StateStore) -> dict | None:
-    sentinel = cfg_loader.sentinel
-    if Path("SENTINEL_PAUSE").exists():
-        logger.info("SENTINEL_PAUSE present -- fix activity halted")
-        return
-    if store.fix_attempted_recently(event.fingerprint, hours=24):
-        logger.debug("Issue already processed recently: %s", event.source)
-        mark_done(event.issue_file)
-        return
-    if event.target_repo:
-        repo = cfg_loader.repos.get(event.target_repo)
-        if not repo:
-            logger.warning("TARGET_REPO %r not found in config -- leaving %s for admin",
-                           event.target_repo, event.source)
-            return
-    elif len(cfg_loader.repos) == 1:
-        repo = next(iter(cfg_loader.repos.values()))
-    else:
-        logger.warning(
-            "Cannot auto-route %s -- add 'TARGET_REPO: <repo>' as first line in the file",
-            event.source,
-        )
-        return
-    from .notify import slack_alert as _slack_alert, slack_thread_reply as _slack_reply
-    _submitter = getattr(event, "submitter_user_id", "")
-    _started_msg = (
-        f":hammer: Working on *<@{_submitter}>*'s request — *{repo.repo_name}*\n"
-        f"_{event.message[:120]}_"
-    ) if _submitter else (
-        f":hammer: Working on *{repo.repo_name}*\n_{event.message[:120]}_"
-    )
-    _thread_ts = _slack_alert(sentinel.slack_bot_token, sentinel.slack_channel, _started_msg)
-    def _progress(msg: str) -> None:
-        _slack_reply(sentinel.slack_bot_token, sentinel.slack_channel, _thread_ts, msg)
-    try:
-        patches_dir = Path(sentinel.workspace_dir).resolve() / "patches"
-        _loop = asyncio.get_event_loop()
-        _progress(":brain: Analyzing with Claude Code...")
-        status, patch_path, marker = await _loop.run_in_executor(
-            None, generate_fix, event, repo, sentinel, patches_dir, store, _progress
-        )
-        submitter_uid = getattr(event, "submitter_user_id", "")
-        if status != "patch" or patch_path is None:
-            store.record_fix(event.fingerprint, "skipped" if status in ("skip", "needs_human") else "failed",
-                             repo_name=repo.repo_name)
-            raw_reason = marker if status == "needs_human" else f"Claude Code returned {status.upper()}"
-            reason_text = _boss_qualify_dev_reason(raw_reason, sentinel) if status == "needs_human" else raw_reason
-            _progress(f":x: Could not generate a safe fix — {reason_text[:120]}")
-            notify_fix_blocked(sentinel, event.source, event.message,
-                               reason=reason_text, repo_name=repo.repo_name,
-                               submitter_user_id=submitter_uid)
-            mark_done(event.issue_file)
-            return {"submitter": submitter_uid, "repo_name": repo.repo_name,
-                    "status": "blocked", "summary": reason_text[:120], "pr_url": ""}
-        _progress(f":mag: Patch generated — running tests (`{repo.repo_name}`)...")
-        commit_status, commit_hash = await _loop.run_in_executor(
-            None, apply_and_commit, event, patch_path, repo, sentinel
-        )
-        if commit_status != "committed":
-            store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
-            _progress(":x: Tests failed or patch couldn't apply — needs human review")
-            notify_fix_blocked(sentinel, event.source, event.message,
-                               reason="Patch was generated but commit/tests failed",
-                               repo_name=repo.repo_name,
-                               submitter_user_id=submitter_uid)
-            mark_done(event.issue_file)
-            return {"submitter": submitter_uid, "repo_name": repo.repo_name,
-                    "status": "blocked", "summary": "Commit/tests failed", "pr_url": ""}
-        _progress(f":white_check_mark: Tests passed — committed `{commit_hash[:8]}`, pushing to `{repo.branch}`...")
-        branch, pr_url = publish(event, repo, sentinel, commit_hash)
-        store.record_fix(
-            event.fingerprint,
-            "applied" if repo.auto_publish else "pending",
-            patch_path=str(patch_path),
-            commit_hash=commit_hash,
-            branch=branch,
-            pr_url=pr_url,
-            repo_name=repo.repo_name,
-            sentinel_marker=marker,
-        )
-        send_fix_notification(sentinel, {
-            "source":       event.source,
-            "severity":     "ERROR",
-            "fingerprint":  event.fingerprint,
-            "first_seen":   event.timestamp,
-            "message":      event.message,
-            "stack_trace":  event.body,
-            "repo_name":    repo.repo_name,
-            "commit_hash":  commit_hash,
-            "branch":       branch,
-            "pr_url":       pr_url,
-            "auto_publish": repo.auto_publish,
-            "files_changed": [],
-        })
-        if pr_url:
-            _progress(f":arrow_right: <{pr_url}|PR opened> — awaiting review")
-        notify_fix_applied(sentinel, event.source, event.message,
-                           repo_name=repo.repo_name, branch=branch, pr_url=pr_url,
-                           submitter_user_id=submitter_uid)
-        mark_done(event.issue_file)
-        if repo.auto_publish:
-            ok = cicd_trigger(repo, store, event.fingerprint)
-            if ok:
-                _progress(f":rocket: Release triggered via {repo.cicd_type}")
-            if ok and repo.cicd_type.lower() in ("jenkins_release", "jenkins-release"):
-                _run_cascade(repo, sentinel, cfg_loader)
-        return {"submitter": submitter_uid, "repo_name": repo.repo_name,
-                "status": "done", "summary": event.message[:120], "pr_url": pr_url}
-    except MissingToolError as e:
-        logger.warning("Missing tool for %s: %s", event.source, e)
-        submitter_uid = getattr(event, "submitter_user_id", "")
-        _progress(f":wrench: `{e.tool}` not found — auto-installing...")
-        installed = await _loop.run_in_executor(
-            None, _auto_install_if_safe, e.tool, repo.local_path, sentinel, repo.repo_name, event.source
-        )
-        if not installed:
-            _progress(f":x: `{e.tool}` is not a known safe tool — manual install required")
-            notify_missing_tool(sentinel, e.tool, repo.repo_name, event.source, submitter_uid)
-            store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
-            mark_done(event.issue_file)
-            return {"submitter": submitter_uid, "repo_name": repo.repo_name,
-                    "status": "blocked", "summary": f"Missing tool: {e.tool}", "pr_url": ""}
-        _progress(f":white_check_mark: `{e.tool}` installed — retrying tests...")
-        try:
-            commit_status, commit_hash = await _loop.run_in_executor(
-                None, apply_and_commit, event, patch_path, repo, sentinel
-            )
-        except MissingToolError as e2:
-            logger.error("Still missing tool after auto-install: %s", e2)
-            _progress(f":x: Still missing `{e2.tool}` after install — manual fix needed")
-            notify_missing_tool(sentinel, e2.tool, repo.repo_name, event.source, submitter_uid)
-            store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
-            mark_done(event.issue_file)
-            return {"submitter": submitter_uid, "repo_name": repo.repo_name,
-                    "status": "blocked", "summary": f"Missing tool: {e2.tool}", "pr_url": ""}
-        if commit_status != "committed":
-            store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
-            _progress(":x: Tests still failing after tool install — needs human review")
-            notify_fix_blocked(sentinel, event.source, event.message,
-                               reason="Patch was generated but commit/tests failed after tool install",
-                               repo_name=repo.repo_name, submitter_user_id=submitter_uid)
-            mark_done(event.issue_file)
-            return {"submitter": submitter_uid, "repo_name": repo.repo_name,
-                    "status": "blocked", "summary": "Commit/tests failed after tool install", "pr_url": ""}
-        _progress(f":white_check_mark: Tests passed — committed `{commit_hash[:8]}`, pushing to `{repo.branch}`...")
-        branch, pr_url = publish(event, repo, sentinel, commit_hash)
-        store.record_fix(
-            event.fingerprint,
-            "applied" if repo.auto_publish else "pending",
-            patch_path=str(patch_path), commit_hash=commit_hash,
-            branch=branch, pr_url=pr_url, repo_name=repo.repo_name, sentinel_marker=marker,
-        )
-        send_fix_notification(sentinel, {
-            "source": event.source, "severity": "ERROR",
-            "fingerprint": event.fingerprint, "first_seen": event.timestamp,
-            "message": event.message, "stack_trace": event.body,
-            "repo_name": repo.repo_name, "commit_hash": commit_hash,
-            "branch": branch, "pr_url": pr_url,
-            "auto_publish": repo.auto_publish, "files_changed": [],
-        })
-        if pr_url:
-            _progress(f":arrow_right: <{pr_url}|PR opened> — awaiting review")
-        notify_fix_applied(sentinel, event.source, event.message,
-                           repo_name=repo.repo_name, branch=branch, pr_url=pr_url,
-                           submitter_user_id=submitter_uid)
-        mark_done(event.issue_file)
-        if repo.auto_publish:
-            ok = cicd_trigger(repo, store, event.fingerprint)
-            if ok:
-                _progress(f":rocket: Release triggered via {repo.cicd_type}")
-            if ok and repo.cicd_type.lower() in ("jenkins_release", "jenkins-release"):
-                _run_cascade(repo, sentinel, cfg_loader)
-        return {"submitter": submitter_uid, "repo_name": repo.repo_name,
-                "status": "done", "summary": event.message[:120], "pr_url": pr_url}
-    except Exception:
-        logger.exception("Unexpected error processing issue %s — archiving to prevent retry loop", event.source)
-        store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
-        mark_done(event.issue_file)
-        return {"submitter": getattr(event, "submitter_user_id", ""),
-                "repo_name": repo.repo_name if repo else event.target_repo,
-                "status": "blocked", "summary": "Unexpected error — check logs", "pr_url": ""}
-async def poll_cycle(cfg_loader: ConfigLoader, store: StateStore):
-    global _report_requested
-    events: list = []
-    fetched: dict = {}
-    sources = list(cfg_loader.log_sources.values())
-    if sources:
-        logger.info("Fetching logs from %d source(s)...", len(sources))
-        fetched = await fetch_all(sources, cfg_loader.sentinel)
-        events = parse_all(fetched, cfg_loader.log_sources)
-        logger.info("Parsed %d error/warn events", len(events))
-        new_events = []
-        for event in events:
-            store.record_error(event.fingerprint, event.source, event.message)
-            if not store.fix_attempted_recently(event.fingerprint):
-                new_events.append(event)
-        if new_events:
-            logger.info("%d new log event(s) to process", len(new_events))
-            await asyncio.gather(
-                *[_handle_error(e, cfg_loader, store) for e in new_events],
-                return_exceptions=True,
-            )
-    if sources and fetched:
-        for marker in set(scan_all_for_markers(fetched)):
-            fix = store.mark_marker_seen(marker)
-            if fix:
-                logger.info("Marker seen in production: %s repo=%s — quiet period started",
-                            marker, fix.get("repo_name"))
-    if sources:
-        for event in events:
-            pending = store.get_marker_seen_fix(event.fingerprint)
-            if pending:
-                logger.warning("Regression: %s recurred after marker seen", event.fingerprint)
-                store.mark_regressed(event.fingerprint)
-                send_regression_notification(cfg_loader.sentinel, pending, {
-                    "source":  event.source,
-                    "message": event.message,
-                    "body":    event.full_text()[:500],
-                })
-    quiet_hours = cfg_loader.sentinel.marker_confirm_hours
-    for fix in store.get_fixes_pending_confirmation(quiet_hours):
-        confirmed = store.confirm_fix(fix["fingerprint"])
-        if confirmed:
-            logger.info("Fix confirmed after %dh quiet period: %s repo=%s",
-                        quiet_hours, fix["fingerprint"], fix.get("repo_name"))
-            send_confirmed_notification(cfg_loader.sentinel, confirmed)
-    pr_changes = poll_open_prs(store, cfg_loader.sentinel.github_token, cfg=cfg_loader.sentinel)
-    for ch in pr_changes:
-        if ch["new_status"] == "merged":
-            logger.info("PR merged externally: %s (fp=%s)", ch["pr_url"], ch["fingerprint"][:8])
-        elif ch["new_status"] == "skipped":
-            logger.info("PR closed/rejected: %s (fp=%s) — will not retry for 24h",
-                        ch["pr_url"], ch["fingerprint"][:8])
-    purge_old_issues(Path(".") / "issues")
-    issues = scan_issues(Path("."))
-    if issues:
-        logger.info("%d issue file(s) found in issues/", len(issues))
-        issue_results = await asyncio.gather(
-            *[_handle_issue(e, cfg_loader, store) for e in issues],
-            return_exceptions=True,
-        )
-        from collections import defaultdict
-        from .notify import slack_dm as _slack_dm
-        by_submitter: dict[str, list] = defaultdict(list)
-        for r in issue_results:
-            if isinstance(r, dict) and r.get("submitter"):
-                by_submitter[r["submitter"]].append(r)
-        for uid, results in by_submitter.items():
-            done  = [r for r in results if r["status"] == "done"]
-            blocked = [r for r in results if r["status"] == "blocked"]
-            lines = []
-            for r in done:
-                pr = f" — <{r['pr_url']}|PR>" if r.get("pr_url") else ""
-                lines.append(f":white_check_mark: *{r['repo_name']}*{pr}")
-            for r in blocked:
-                lines.append(f":x: *{r['repo_name']}* — {r['summary']}")
-            if done and blocked:
-                header = f":sentinel: *All done — {len(done)} succeeded, {len(blocked)} need attention:*"
-            elif blocked:
-                header = f":sentinel: *All done — {len(blocked)} need attention:*"
-            else:
-                header = f":sentinel: *All done — {len(done)} completed successfully:*"
-            _slack_dm(
-                cfg_loader.sentinel.slack_bot_token,
-                uid,
-                f"{header}\n" + "\n".join(lines),
-            )
-    if cfg_loader.repos:
-        import asyncio as _asyncio
-        _loop = _asyncio.get_event_loop()
-        health_results = await _loop.run_in_executor(
-            None,
-            lambda: evaluate_repos(
-                cfg_loader.repos, cfg_loader.log_sources,
-                cfg_loader.sentinel.workspace_dir, store=store,
-            )
-        )
-        for hr in health_results:
-            if hr["action"] == "fix":
-                fp = f"health-{hr['repo_name']}"
-                store.record_error(fp, f"health_checker/{hr['repo_name']}", hr["message"])
-                if not store.fix_attempted_recently(fp, hours=6):
-                    from .log_parser import ErrorEvent as _EE
-                    from datetime import datetime, timezone as _tz
-                    synth = _EE(
-                        source=f"health_checker/{hr['repo_name']}",
-                        log_file="",
-                        timestamp=datetime.now(_tz.utc).isoformat(),
-                        level="ERROR",
-                        thread="health_checker",
-                        logger_name="health_checker",
-                        message=f"App startup failure detected: {hr['message']}",
-                        stack_trace=[hr["startup_failure_line"]] if hr["startup_failure_line"] else [],
-                    )
-                    synth.fingerprint = fp
-                    await _handle_error(synth, cfg_loader, store)
-            elif hr["action"] == "alert_once":
-                from .notify import slack_alert
-                slack_alert(
-                    cfg_loader.sentinel.slack_bot_token,
-                    cfg_loader.sentinel.slack_channel,
-                    (
-                        f":question: *{hr['repo_name']}* health returned {hr['message']}"
-                        " with no startup errors in logs.\n"
-                        "If this is deliberate maintenance, tell Boss: "
-                        f"`maintenance {hr['repo_name']}` \n"
-                        "I'll silently monitor until it's back online."
-                    ),
-                )
-            elif hr["action"] == "recovered":
-                from .notify import slack_alert
-                slack_alert(
-                    cfg_loader.sentinel.slack_bot_token,
-                    cfg_loader.sentinel.slack_channel,
-                    f":white_check_mark: *{hr['repo_name']}* is back online.",
-                )
-    if _report_requested or (cfg_loader.sentinel.send_health and _report_due(cfg_loader, store)):
-        _report_requested = False
-        logger.info("Sending health digest...")
-        build_and_send(cfg_loader.sentinel, store)
-def _report_due(cfg_loader: ConfigLoader, store: StateStore) -> bool:
-    last = store.last_report_time()
-    if last is None:
-        return True
-    elapsed = (datetime.now(timezone.utc) - last).total_seconds()
-    return elapsed >= cfg_loader.sentinel.report_interval_hours * 3600
-async def _startup_checks(cfg_loader: ConfigLoader) -> dict:
-    results = {
-        "repos":    [],
-        "cairn":    [],
-        "ssh":      [],
-        "warnings": [],
-    }
-    if not cairn_installed():
-        results["warnings"].append("Cairn not found — run: npm install -g @misterhuydo/cairn-mcp")
-    for name, repo in cfg_loader.repos.items():
-        local = Path(repo.local_path)
-        if not local.exists():
-            logger.info("Cloning %s → %s", repo.repo_url, repo.local_path)
-            r = subprocess.run(
-                ["git", "clone", repo.repo_url, str(local)],
-                capture_output=True, text=True,
-                env=_git_env(repo),
-            )
-            if r.returncode != 0:
-                msg = r.stderr.strip()
-                logger.error("Clone failed for %s: %s", name, msg)
-                results["repos"].append({"name": name, "status": "error", "message": msg})
-                continue
-            results["repos"].append({"name": name, "status": "cloned", "message": repo.repo_url})
-        else:
-            results["repos"].append({"name": name, "status": "exists", "message": str(local)})
-        ok = index_repo(repo)
-        results["cairn"].append({
-            "name": name,
-            "status": "ok" if ok else "error",
-            "message": "indexed" if ok else "cairn index failed — check logs",
-        })
-    for src_name, src in cfg_loader.log_sources.items():
-        if src.source_type == "ssh" and src.hosts:
-            host = src.hosts[0]
-            try:
-                r = subprocess.run(
-                    ["ssh", "-i", src.key, "-o", "StrictHostKeyChecking=no",
-                     "-o", "ConnectTimeout=5", f"ec2-user@{host}", "echo ok"],
-                    capture_output=True, text=True, timeout=15,
-                )
-                ok = r.returncode == 0
-                results["ssh"].append({
-                    "name": src_name, "host": host,
-                    "status": "ok" if ok else "error",
-                    "message": "" if ok else r.stderr.strip(),
-                })
-            except Exception as e:
-                results["ssh"].append({"name": src_name, "host": host,
-                                       "status": "error", "message": str(e)})
-    return results
-async def _send_startup_email_delayed(cfg, results: dict, delay: int = 300):
-    await asyncio.sleep(delay)
-    try:
-        send_startup_notification(cfg, results)
-    except Exception as e:
-        logger.error("Failed to send startup notification: %s", e)
-def _config_repo_git_env(project_dir: Path | None = None) -> dict:
-    env = os.environ.copy()
-    try:
-        cwd = str((project_dir or Path(".")).resolve())
-        r = subprocess.run(
-            ["git", "remote", "get-url", "origin"],
-            cwd=cwd, capture_output=True, text=True, timeout=5,
-        )
-        remote = r.stdout.strip()
-        slug = re.sub(r"\.git$", "", remote).rsplit("/", 1)[-1].rsplit(":", 1)[-1].rsplit("/", 1)[-1].lower()
-        key = Path.home() / ".ssh" / f"{slug}.key"
-        if key.exists():
-            env["GIT_SSH_COMMAND"] = f"ssh -i {key} -o StrictHostKeyChecking=no -o BatchMode=yes"
-    except Exception:
-        pass
-    return env
-def _poll_config_repo(cfg_loader: ConfigLoader) -> bool:
-    project_dir = Path(".")
-    git_dir = project_dir / ".git"
-    if not git_dir.exists():
-        return False
-    try:
-        result = subprocess.run(
-            ["git", "pull", "--rebase", "--autostash"],
-            cwd=str(project_dir),
-            capture_output=True, text=True, timeout=30,
-            env=_config_repo_git_env(project_dir),
-        )
-        if result.returncode != 0:
-            logger.warning("Config repo git pull failed: %s", result.stderr.strip())
-            return False
-        changed = "Already up to date." not in result.stdout
-        if changed:
-            logger.info("Config repo updated — reloading config\n%s", result.stdout.strip())
-            cfg_loader.load()
-        return changed
-    except Exception as e:
-        logger.warning("Config repo poll error: %s", e)
-        return False
-async def _config_poll_loop(cfg_loader: ConfigLoader):
-    while True:
-        interval = cfg_loader.sentinel.config_poll_interval
-        await asyncio.sleep(interval)
-        try:
-            _poll_config_repo(cfg_loader)
-        except Exception as e:
-            logger.warning("Config poll loop error: %s", e)
-def _find_sentinel_code_dir() -> Path | None:
-    for candidate in [
-        Path("../code"),
-        Path("../../code"),
-        Path.home() / "sentinel" / "code",
-    ]:
-        if candidate.exists() and (candidate / "sentinel").exists():
-            return candidate.resolve()
-    return None
-def _parse_version(v: str) -> tuple:
-    try:
-        return tuple(int(x) for x in v.strip().lstrip("v").split(".")[:3])
-    except Exception:
-        return (0, 0, 0)
-def _check_and_upgrade(cfg: SentinelConfig) -> bool:
-    try:
-        result = subprocess.run(
-            ["npm", "show", "@misterhuydo/sentinel", "version"],
-            capture_output=True, text=True, timeout=30,
-        )
-        if result.returncode != 0:
-            logger.warning("npm show failed: %s", result.stderr.strip())
-            return False
-        latest = result.stdout.strip()
-    except Exception as e:
-        logger.warning("Upgrade check failed: %s", e)
-        return False
-    try:
-        cur_result = subprocess.run(
-            ["npm", "list", "-g", "--depth=0", "--json"],
-            capture_output=True, text=True, timeout=30,
-        )
-        pkg_data = json.loads(cur_result.stdout or "{}")
-        deps = pkg_data.get("dependencies", {})
-        current = deps.get("@misterhuydo/sentinel", {}).get("version", "0.0.0")
-    except Exception:
-        current = "0.0.0"
-    current_t = _parse_version(current)
-    latest_t  = _parse_version(latest)
-    if cfg.version_pin:
-        pin_t = _parse_version(cfg.version_pin)
-        if latest_t > pin_t:
-            logger.info("Upgrade available (%s → %s) but pinned to %s — skipping",
-                        current, latest, cfg.version_pin)
-            return False
-    if latest_t <= current_t:
-        logger.debug("No upgrade available (current=%s, latest=%s)", current, latest)
-        return False
-    logger.info("Upgrading @misterhuydo/sentinel %s → %s", current, latest)
-    install = subprocess.run(
-        ["npm", "install", "-g", f"@misterhuydo/sentinel@{latest}"],
-        capture_output=True, text=True, timeout=120,
-    )
-    if install.returncode != 0:
-        logger.error("npm install failed: %s", install.stderr.strip())
-        return False
-    code_dir = _find_sentinel_code_dir()
-    if code_dir:
-        try:
-            npm_prefix_result = subprocess.run(
-                ["npm", "root", "-g"], capture_output=True, text=True, timeout=10,
-            )
-            npm_root = npm_prefix_result.stdout.strip()
-            new_src = Path(npm_root) / "@misterhuydo" / "sentinel" / "sentinel"
-            if new_src.exists():
-                dst = code_dir / "sentinel"
-                shutil.copytree(str(new_src), str(dst), dirs_exist_ok=True)
-                logger.info("Python source updated at %s", dst)
-        except Exception as e:
-            logger.warning("Failed to copy updated Python source: %s", e)
-    logger.info("Upgrade complete — restarting Sentinel")
-    try:
-        from .reporter import send_upgrade_notification
-        send_upgrade_notification(cfg, current, latest)
-    except Exception:
-        pass
-    os.execv(sys.executable, [sys.executable] + sys.argv)
-    return True
-async def _upgrade_check_loop(cfg_loader: ConfigLoader):
-    await asyncio.sleep(cfg_loader.sentinel.upgrade_check_hours * 3600)
-    while True:
-        try:
-            _check_and_upgrade(cfg_loader.sentinel)
-        except Exception as e:
-            logger.warning("Upgrade check loop error: %s", e)
-        await asyncio.sleep(cfg_loader.sentinel.upgrade_check_hours * 3600)
-async def _sync_loop(cfg_loader: ConfigLoader):
-    from .log_syncer import sync_all
-    await asyncio.sleep(30)
-    while True:
-        try:
-            sync_all(
-                cfg_loader.log_sources,
-                cfg_loader.sentinel,
-                cfg_loader.config_dir,
-            )
-        except Exception as e:
-            logger.warning("Log sync loop error: %s", e)
-        await asyncio.sleep(cfg_loader.sentinel.sync_interval_seconds)
-def _boss_qualify_dev_reason(raw: str, sentinel) -> str:
-    if not raw.strip():
-        return "(no reason given)"
-    if not sentinel.anthropic_api_key:
-        return raw[:280].strip()
-    try:
-        import anthropic as _anthropic
-        _client = _anthropic.Anthropic(api_key=sentinel.anthropic_api_key)
-        _resp = _client.messages.create(
-            model="claude-haiku-4-5-20251001",
-            max_tokens=200,
-            system=(
-                "You are Sentinel Boss, a DevOps agent assistant. "
-                "Patch (an autonomous dev agent) produced the following explanation for why it "
-                "could not complete a task. Rewrite it as a clear, concise (1-3 sentences), "
-                "user-friendly message suitable for a Slack channel. "
-                "Be direct and specific. Do not pad with pleasantries. "
-                "Do not start with 'I' or mention 'Patch' by name. "
-                "Output only the qualified message, nothing else."
-            ),
-            messages=[{"role": "user", "content": f"Patch said:\n{raw[:1000]}"}],
-        )
-        qualified = _resp.content[0].text.strip() if _resp.content else raw[:280]
-        return qualified[:400]
-    except Exception as _e:
-        logger.warning("Boss: could not qualify dev reason via API: %s", _e)
-        return raw[:280].strip()
-async def _handle_dev_task(task, cfg_loader: ConfigLoader, store: StateStore):
-    from .sentinel_dev import run_dev_task
-    from .dev_watcher import mark_dev_done
-    from .notify import slack_alert as _slack_alert, slack_thread_reply as _slack_reply
-    sentinel = cfg_loader.sentinel
-    _submitter = task.submitter_user_id
-    _started_msg = (
-        f":wrench: Patch working on *<@{_submitter}>*'s request\n_{task.message[:120]}_"
-    ) if _submitter else (
-        f":wrench: Patch working on dev task\n_{task.message[:120]}_"
-    )
-    _thread_ts = _slack_alert(sentinel.slack_bot_token, sentinel.slack_channel, _started_msg)
-    def _progress(msg: str) -> None:
-        _slack_reply(sentinel.slack_bot_token, sentinel.slack_channel, _thread_ts, msg)
-    _loop = asyncio.get_event_loop()
-    try:
-        status, detail = await _loop.run_in_executor(
-            None, run_dev_task, task, sentinel, store, _progress
-        )
-    except Exception:
-        logger.exception("Patch: unexpected error on task %s", task.fingerprint[:8])
-        _progress(":x: Patch hit an unexpected error — check logs")
-        mark_dev_done(task.task_file)
-        return
-    mark_dev_done(task.task_file)
-    _notify_ids = list(task.notify_user_ids or [])
-    if task.submitter_user_id:
-        mentions = f"<@{task.submitter_user_id}> " + " ".join(
-            f"<@{u}>" for u in _notify_ids if u != task.submitter_user_id
-        )
-        mentions = mentions.strip() + " "
-    else:
-        mentions = " ".join(f"<@{u}>" for u in _notify_ids)
-        mentions = (mentions + " ") if mentions else ""
-    if status == "done":
-        _slack_alert(
-            sentinel.slack_bot_token, sentinel.slack_channel,
-            f"{mentions}:white_check_mark: *Patch finished* — changes committed to Sentinel source.",
-        )
-    elif status == "needs_human":
-        qualified = _boss_qualify_dev_reason(detail, sentinel)
-        _slack_alert(
-            sentinel.slack_bot_token, sentinel.slack_channel,
-            f"{mentions}:warning: *Dev task needs human input*\n{qualified}",
-        )
-    elif status == "skip":
-        qualified = _boss_qualify_dev_reason(detail, sentinel)
-        _slack_alert(
-            sentinel.slack_bot_token, sentinel.slack_channel,
-            f"{mentions}:fast_forward: *Dev task skipped* — {qualified}",
-        )
-    else:
-        _slack_alert(
-            sentinel.slack_bot_token, sentinel.slack_channel,
-            f"{mentions}:x: *Patch error* on task `{task.fingerprint[:8]}` — {detail[:200]}",
-        )
-async def _dev_poll_loop(cfg_loader: ConfigLoader, store: StateStore):
-    from .dev_watcher import (
-        scan_dev_tasks, purge_old_dev_tasks,
-        scan_sentinel_errors, drop_self_repair_task,
-    )
-    _seen_self_fps: set = set()
-    project_dir = Path(".")
-    for done_dir in [
-        project_dir / "dev-tasks" / ".done",
-        project_dir / "dev-tasks" / ".cancelled",
-    ]:
-        if done_dir.exists():
-            for f in done_dir.iterdir():
-                if f.stem.startswith("self-"):
-                    parts = f.stem.split("-")
-                    if len(parts) >= 2:
-                        _seen_self_fps.add(parts[1])
-    await asyncio.sleep(15)
-    while True:
-        try:
-            if cfg_loader.sentinel.sentinel_dev_repo_path:
-                purge_old_dev_tasks(project_dir / "dev-tasks")
-                log_path = project_dir / "logs" / "sentinel.log"
-                new_errors = scan_sentinel_errors(log_path, seen_fps=_seen_self_fps)
-                for fp, task_body in new_errors:
-                    logger.info("Dev agent: self-repair task queued for error %s", fp[:8])
-                    drop_self_repair_task(project_dir, fp, task_body)
-                tasks = scan_dev_tasks(project_dir)
-                if tasks:
-                    logger.info("Dev agent: %d task(s) found", len(tasks))
-                    for task in tasks:
-                        await _handle_dev_task(task, cfg_loader, store)
-        except Exception as e:
-            logger.warning("Dev poll loop error: %s", e)
-        await asyncio.sleep(60)
-async def _handle_repo_task(task, repo_cfg, cfg_loader: ConfigLoader, store: StateStore):
-    from .repo_task_engine import run_repo_task, mark_repo_task_done
-    from .notify import slack_alert as _slack_alert, slack_thread_reply as _slack_reply
-    sentinel = cfg_loader.sentinel
-    _submitter = task.submitter_user_id
-    _started_msg = (
-        f":hammer: Working on *<@{_submitter}>*'s request for `{task.repo_name}`\n_{task.message[:120]}_"
-    ) if _submitter else (
-        f":hammer: Working on repo task for `{task.repo_name}`\n_{task.message[:120]}_"
-    )
-    _thread_ts = _slack_alert(sentinel.slack_bot_token, sentinel.slack_channel, _started_msg)
-    def _progress(msg: str) -> None:
-        _slack_reply(sentinel.slack_bot_token, sentinel.slack_channel, _thread_ts, msg)
-    _loop = asyncio.get_event_loop()
-    try:
-        status, detail = await _loop.run_in_executor(
-            None, run_repo_task, task, repo_cfg, sentinel, store, _progress,
-        )
-    except Exception:
-        logger.exception("Repo task: unexpected error on task %s", task.fingerprint[:8])
-        _progress(":x: Unexpected error — check logs")
-        mark_repo_task_done(task.task_file)
-        return
-    mark_repo_task_done(task.task_file)
-    _notify_ids = list(task.notify_user_ids or [])
-    if task.submitter_user_id:
-        mentions = f"<@{task.submitter_user_id}> " + " ".join(
-            f"<@{u}>" for u in _notify_ids if u != task.submitter_user_id
-        )
-        mentions = mentions.strip() + " "
-    else:
-        mentions = " ".join(f"<@{u}>" for u in _notify_ids)
-        mentions = (mentions + " ") if mentions else ""
-    if status == "done":
-        if detail and detail.startswith("__cicd__"):
-            cicd_name = detail[len("__cicd__"):]
-            _slack_alert(
-                sentinel.slack_bot_token, sentinel.slack_channel,
-                f"{mentions}:white_check_mark: Done — pushed to `{task.repo_name}/{repo_cfg.branch}` and triggered `{cicd_name}` release.",
-            )
-        elif detail:
-            _slack_alert(
-                sentinel.slack_bot_token, sentinel.slack_channel,
-                f"{mentions}:white_check_mark: Done — PR opened for `{task.repo_name}`: {detail}",
-            )
-        else:
-            _slack_alert(
-                sentinel.slack_bot_token, sentinel.slack_channel,
-                f"{mentions}:white_check_mark: Done — changes pushed to `{task.repo_name}/{repo_cfg.branch}`.",
-            )
-    elif status == "needs_human":
-        qualified = _boss_qualify_dev_reason(detail, sentinel)
-        _slack_alert(
-            sentinel.slack_bot_token, sentinel.slack_channel,
-            f"{mentions}:warning: *Task needs human input* (`{task.repo_name}`)\n{qualified}",
-        )
-    elif status == "skip":
-        qualified = _boss_qualify_dev_reason(detail, sentinel)
-        _slack_alert(
-            sentinel.slack_bot_token, sentinel.slack_channel,
-            f"{mentions}:fast_forward: Task skipped for `{task.repo_name}` — {qualified}",
-        )
-    else:
-        _slack_alert(
-            sentinel.slack_bot_token, sentinel.slack_channel,
-            f"{mentions}:x: Task error for `{task.repo_name}` — {(detail or '')[:200]}",
-        )
-async def _repo_task_poll_loop(cfg_loader: ConfigLoader, store: StateStore):
-    from .repo_task_engine import scan_repo_tasks, mark_repo_task_done
-    await asyncio.sleep(20)
-    while True:
-        try:
-            project_dir = Path(".")
-            tasks = scan_repo_tasks(project_dir)
-            if tasks:
-                logger.info("Repo task: %d task(s) found", len(tasks))
-            for task in tasks:
-                repo_cfg = cfg_loader.repos.get(task.repo_name)
-                if not repo_cfg:
-                    for rname, rcfg in cfg_loader.repos.items():
-                        if task.repo_name.lower() in rname.lower():
-                            repo_cfg = rcfg
-                            break
-                if not repo_cfg:
-                    logger.warning("Repo task: no config for repo '%s' — skipping", task.repo_name)
-                    mark_repo_task_done(task.task_file)
-                    continue
-                await _handle_repo_task(task, repo_cfg, cfg_loader, store)
-        except Exception as e:
-            logger.warning("Repo task poll loop error: %s", e)
-        await asyncio.sleep(60)
-def _log_auth_status(cfg: SentinelConfig) -> None:
-    has_api_key   = bool(cfg.anthropic_api_key)
-    has_claude_bin = bool(shutil.which(cfg.claude_code_bin))
-    pro_for_tasks = cfg.claude_pro_for_tasks
-    if has_api_key and pro_for_tasks:
-        logger.info(
-            "Claude auth: API key ✓ + Claude Pro (OAuth) ✓ — "
-            "Fix Engine will try Claude Pro first, falls back to API key on auth error. "
-            "Run `claude login` if not already authenticated."
-        )
-    elif has_api_key and not pro_for_tasks:
-        logger.info(
-            "Claude auth: API key ✓ — Boss + Fix Engine use API key. "
-            "CLAUDE_PRO_FOR_TASKS=false; falls back to Claude Pro (OAuth) if key auth fails."
-        )
-    elif not has_api_key and has_claude_bin:
-        logger.warning(
-            "Claude auth: no ANTHROPIC_API_KEY — Boss will use CLI fallback (limited tools). "
-            "Fix Engine uses Claude Pro via `claude` CLI."
-        )
-    else:
-        msg = (
-            ":warning: *Sentinel — no Claude authentication configured*\n"
-            "Sentinel needs at least one of:\n"
-            "• `ANTHROPIC_API_KEY` in `sentinel.properties` — full Boss tools, API billing\n"
-            "• Claude Pro OAuth: run `claude login` on the server — required for Fix Engine\n"
-            "See the auth section in your workspace `sentinel.properties` for guidance."
-        )
-        logger.error("Claude auth: NOTHING configured — Boss and Fix Engine will fail!")
-        from .notify import slack_alert
-        slack_alert(cfg.slack_bot_token, cfg.slack_channel, msg)
-async def run_loop(cfg_loader: ConfigLoader, store: StateStore):
-    interval = cfg_loader.sentinel.poll_interval_seconds
-    logger.info("Sentinel starting — poll interval: %ds, repos: %s",
-                interval, list(cfg_loader.repos.keys()))
-    _log_auth_status(cfg_loader.sentinel)
-    results = await _startup_checks(cfg_loader)
-    has_errors = any(
-        item["status"] == "error"
-        for key in ("repos", "cairn", "ssh")
-        for item in results[key]
-    )
-    for key in ("repos", "cairn", "ssh"):
-        for item in results[key]:
-            if item["status"] == "error":
-                logger.warning("Startup check failed [%s] %s: %s",
-                               key, item.get("name", ""), item.get("message", ""))
-    for w in results.get("warnings", []):
-        logger.warning("Startup warning: %s", w)
-    if has_errors:
-        logger.warning("Startup completed with errors — check config and logs")
-    else:
-        logger.info("Startup checks passed — startup email in 5 minutes")
-    asyncio.ensure_future(_send_startup_email_delayed(cfg_loader.sentinel, results))
-    asyncio.ensure_future(_config_poll_loop(cfg_loader))
-    if cfg_loader.sentinel.auto_upgrade:
-        asyncio.ensure_future(_upgrade_check_loop(cfg_loader))
-    if cfg_loader.sentinel.sync_enabled:
-        asyncio.ensure_future(_sync_loop(cfg_loader))
-    if cfg_loader.sentinel.slack_bot_token:
-        from .slack_bot import run_slack_bot
-        asyncio.ensure_future(run_slack_bot(cfg_loader, store))
-    if cfg_loader.sentinel.sentinel_dev_repo_path:
-        asyncio.ensure_future(_dev_poll_loop(cfg_loader, store))
-    asyncio.ensure_future(_repo_task_poll_loop(cfg_loader, store))
-    while True:
-        try:
-            await poll_cycle(cfg_loader, store)
-        except Exception as e:
-            logger.exception("Unhandled error in poll cycle: %s", e)
-        elapsed = 0
-        while elapsed < interval:
-            await asyncio.sleep(5)
-            elapsed += 5
-            poll_now = Path("SENTINEL_POLL_NOW")
-            if poll_now.exists():
-                poll_now.unlink(missing_ok=True)
-                logger.info("Immediate poll triggered by Sentinel Boss")
-                break
-def _setup_workspace_log() -> None:
-    workspace_log = Path("..") / "logs" / "sentinel.log"
-    try:
-        workspace_log.parent.mkdir(parents=True, exist_ok=True)
-        fmt = logging.Formatter("%(asctime)s %(levelname)-7s %(name)s — %(message)s")
-        handler = logging.FileHandler(workspace_log, mode="w", encoding="utf-8")
-        handler.setFormatter(fmt)
-        logging.getLogger("sentinel").addHandler(handler)
-    except Exception as e:
-        logger.warning("Could not open workspace log %s: %s", workspace_log, e)
-def main():
-    Path("logs").mkdir(exist_ok=True)
-    Path("workspace/fetched").mkdir(parents=True, exist_ok=True)
-    Path("workspace/patches").mkdir(parents=True, exist_ok=True)
-    Path("issues").mkdir(exist_ok=True)
-    _setup_workspace_log()
-    parser = argparse.ArgumentParser(description="Sentinel — Autonomous DevOps Agent")
-    parser.add_argument("--config", default="./config", help="Config directory path")
-    args = parser.parse_args()
-    cfg_loader = ConfigLoader(config_dir=args.config)
-    store = StateStore(cfg_loader.sentinel.state_db)
-    _register_signals()
-    asyncio.run(run_loop(cfg_loader, store))
-if __name__ == "__main__":
-    main()