@misterhuydo/sentinel 1.5.63 → 1.6.0

package/python/sentinel/git_manager.py

@@ -22,6 +22,86 @@ logger = logging.getLogger(__name__)
 
 GIT_TIMEOUT = 60
 
+# Matches any "repos/<name>/" occurrence at start-of-line or after whitespace.
+# Group 1 captures the repo name (allowed chars: letters, digits, ._-).
+_REPOS_PREFIX_RE = re.compile(
+    r"\brepos/([A-Za-z0-9._-]+)/"
+)
+# Header line listing affected repos (case-insensitive). Whitespace tolerant.
+_AFFECTED_HEADER_RE = re.compile(
+    r"^\s*#\s*affected\s+repos\s*:\s*(.+?)\s*$",
+    re.IGNORECASE | re.MULTILINE,
+)
+
+
+def parse_multi_repo_patch(combined_patch: str) -> dict:
+    """Split a combined diff (paths prefixed `repos/<name>/`) into per-repo sub-patches.
+
+    The `repos/<name>/` prefix is stripped from every path reference inside each
+    sub-patch so it can be `git apply`-ed from the corresponding repo root.
+
+    Returns:
+        {
+          "affected_repos": list[str],   # declared header order, then first-seen
+          "patches":        dict[str, str],  # repo_name -> sub-patch
+          "summary":        str,         # any free text above the header / first diff
+        }
+    """
+    if not combined_patch:
+        return {"affected_repos": [], "patches": {}, "summary": ""}
+
+    # 1. Optional `# Affected repos: a, b, c` header gives declared order.
+    declared: list[str] = []
+    m_hdr = _AFFECTED_HEADER_RE.search(combined_patch)
+    if m_hdr:
+        declared = [s.strip() for s in m_hdr.group(1).split(",") if s.strip()]
+
+    # 2. Free-text summary = everything above the header (or above the first diff
+    #    if no header). Useful for PR bodies / Slack messages.
+    if m_hdr:
+        cut = m_hdr.start()
+    else:
+        first_diff = combined_patch.find("diff --git")
+        cut = first_diff if first_diff >= 0 else len(combined_patch)
+    summary = combined_patch[:cut].strip()
+
+    # 3. Split body by `diff --git` markers; non-matching preamble is dropped.
+    body = combined_patch[m_hdr.end():] if m_hdr else combined_patch
+    chunks = re.split(r"^(?=diff --git )", body, flags=re.MULTILINE)
+    chunks = [c for c in chunks if c.startswith("diff --git ")]
+
+    # 4. For each chunk, derive the repo name from the first repos/<name>/
+    #    match. Strip every repos/<repo>/ occurrence in the chunk so the diff
+    #    is applyable from the repo root.
+    seen_order: list[str] = []
+    grouped: dict[str, list[str]] = {}
+    for chunk in chunks:
+        m = _REPOS_PREFIX_RE.search(chunk)
+        if not m:
+            continue
+        repo = m.group(1)
+        stripped = re.sub(
+            rf"\brepos/{re.escape(repo)}/", "", chunk,
+        )
+        if repo not in grouped:
+            grouped[repo] = []
+            seen_order.append(repo)
+        grouped[repo].append(stripped)
+
+    patches = {repo: "".join(parts) for repo, parts in grouped.items()}
+
+    # 5. Order: declared header first (only repos that actually produced a diff),
+    #    then any repo that appeared only via diffs.
+    ordered: list[str] = []
+    for r in declared:
+        if r in patches and r not in ordered:
+            ordered.append(r)
+    for r in seen_order:
+        if r not in ordered:
+            ordered.append(r)
+
+    return {"affected_repos": ordered, "patches": patches, "summary": summary}
+
 
 class MissingToolError(Exception):
     """Raised when a required build tool (e.g. mvn, gradle) is not installed."""
@@ -180,6 +260,174 @@ def apply_and_commit(
     return "committed", commit_hash
 
 
+def apply_and_commit_multi(
+    event: ErrorEvent,
+    patch_path: Path,
+    all_repos: list[RepoConfig],
+    cfg: SentinelConfig,
+) -> list[dict]:
+    """Apply a multi-repo patch atomically at the dry-run stage, per-repo afterwards.
+
+    The combined patch is split with parse_multi_repo_patch(); each affected
+    repo's sub-patch is then dry-run independently. If ANY dry-run fails, every
+    repo is marked "aborted" with no mutations.
+
+    If all dry-runs pass, the patches are applied + tested + committed
+    sequentially per repo. Per-repo failures in this phase only mark that repo
+    as "failed" — they don't roll back commits already made in earlier repos.
+
+    Returns: list of result dicts, one per affected repo, ordered by apply_order:
+        {
+          "repo_name":      str,
+          "repo":           RepoConfig,
+          "status":         "committed" | "failed" | "aborted",
+          "commit_hash":    str,            # filled if committed
+          "branch":         str,            # filled if committed
+          "apply_order":    int,            # 0 = library, higher = consumer
+          "reason":         str,            # filled if failed/aborted
+          "sub_patch_path": Path,           # per-repo .diff written for traceability
+        }
+    """
+    combined = patch_path.read_text(encoding="utf-8", errors="replace")
+    parsed = parse_multi_repo_patch(combined)
+
+    if not parsed["affected_repos"]:
+        logger.warning(
+            "Patch %s declares no recognised repos — nothing to apply",
+            event.fingerprint[:8],
+        )
+        return []
+
+    repo_map = {r.repo_name: r for r in all_repos}
+    affected = []   # list of (repo_name, RepoConfig, sub_patch_text)
+    for i, name in enumerate(parsed["affected_repos"]):
+        if name not in repo_map:
+            logger.warning(
+                "Patch references unknown repo '%s' — not in project config; skipping",
+                name,
+            )
+            continue
+        affected.append((name, repo_map[name], parsed["patches"][name]))
+
+    if not affected:
+        return []
+
+    # Write per-repo sub-patch files for traceability + reuse by `git apply`.
+    sub_patch_files: dict[str, Path] = {}
+    for name, _repo, sub in affected:
+        sub_path = patch_path.parent / f"{event.fingerprint}-{name}.diff"
+        sub_path.write_text(sub, encoding="utf-8")
+        sub_patch_files[name] = sub_path
+
+    # Protected-path veto runs on the combined patch.
+    if _check_protected_paths(patch_path):
+        return [
+            {
+                "repo_name": name, "repo": repo, "status": "aborted",
+                "commit_hash": "", "branch": "", "apply_order": i,
+                "reason": "patch touches protected path",
+                "sub_patch_path": sub_patch_files[name],
+            }
+            for i, (name, repo, _sub) in enumerate(affected)
+        ]
+
+    # ── PHASE 1: dry-run every repo. Atomic abort on any failure. ─────────
+    dry_run_failures: list[str] = []
+    for name, repo, _sub in affected:
+        env = _git_env(repo)
+        sub_path = sub_patch_files[name]
+        # Discard stale changes from any prior aborted attempt
+        _git(["checkout", "."], cwd=repo.local_path, env=env)
+        # Pull latest
+        r = _git(["pull", "--rebase", "origin", repo.branch],
+                 cwd=repo.local_path, env=env)
+        if r.returncode != 0:
+            dry_run_failures.append(f"{name}: git pull failed: {r.stderr.strip()[:200]}")
+            continue
+        # Dry-run
+        r = _git(["apply", "--check", "--ignore-whitespace", str(sub_path)],
+                 cwd=repo.local_path, env=env)
+        if r.returncode != 0:
+            dry_run_failures.append(f"{name}: dry-run failed: {r.stderr.strip()[:200]}")
+
+    if dry_run_failures:
+        reason = "; ".join(dry_run_failures)
+        logger.error(
+            "Multi-repo dry-run aborted for %s: %s",
+            event.fingerprint[:8], reason,
+        )
+        return [
+            {
+                "repo_name": name, "repo": repo, "status": "aborted",
+                "commit_hash": "", "branch": "", "apply_order": i,
+                "reason": reason,
+                "sub_patch_path": sub_patch_files[name],
+            }
+            for i, (name, repo, _sub) in enumerate(affected)
+        ]
+
+    # ── PHASE 2: per-repo apply + test + commit. Independent per repo. ────
+    results: list[dict] = []
+    for i, (name, repo, _sub) in enumerate(affected):
+        env = _git_env(repo)
+        sub_path = sub_patch_files[name]
+        entry = {
+            "repo_name": name, "repo": repo, "status": "failed",
+            "commit_hash": "", "branch": "", "apply_order": i,
+            "reason": "", "sub_patch_path": sub_path,
+        }
+
+        r = _git(["apply", "--ignore-whitespace", str(sub_path)],
+                 cwd=repo.local_path, env=env)
+        if r.returncode != 0:
+            entry["reason"] = f"apply failed: {r.stderr.strip()[:200]}"
+            results.append(entry); continue
+
+        try:
+            tests_ok = _run_tests(repo, repo.local_path)
+        except (MissingToolError, MavenAuthError, MavenArtifactNotFoundError) as _te:
+            entry["reason"] = f"build error: {type(_te).__name__}: {str(_te)[:200]}"
+            _git(["checkout", "."], cwd=repo.local_path, env=env)
+            results.append(entry); continue
+
+        if not tests_ok:
+            entry["reason"] = "tests failed"
+            _git(["checkout", "."], cwd=repo.local_path, env=env)
+            results.append(entry); continue
+
+        summary = event.short_summary()[:60]
+        commit_msg = (
+            f"fix(sentinel): {summary} [auto]\n\n"
+            f"Error fingerprint: {event.fingerprint}\n"
+            f"Source: {event.source}\n"
+        )
+        if len(affected) > 1:
+            commit_msg += f"Multi-repo: part {i + 1}/{len(affected)}\n"
+        r = _git(["commit", "-am", commit_msg], cwd=repo.local_path, env=env)
+        if r.returncode != 0:
+            entry["reason"] = f"commit failed: {r.stderr.strip()[:200]}"
+            _git(["checkout", "."], cwd=repo.local_path, env=env)
+            results.append(entry); continue
+
+        commit_hash = _git(["rev-parse", "HEAD"], cwd=repo.local_path, env=env).stdout.strip()
+        try:
+            _append_changelog(repo, event, commit_hash)
+        except Exception as _ce:
+            logger.warning("CHANGELOG append failed for %s: %s", name, _ce)
+        entry.update({
+            "status": "committed",
+            "commit_hash": commit_hash,
+            "branch": repo.branch,
+        })
+        logger.info(
+            "Multi-repo: committed %s in %s for %s",
+            commit_hash[:8], name, event.fingerprint[:8],
+        )
+        results.append(entry)
+
+    return results
+
+
 def _run_tests(repo: RepoConfig, local_path: str) -> bool:
     """Run the repo's test suite. Return True if passing."""
     if (Path(local_path) / "pom.xml").exists():
@@ -402,6 +650,88 @@ def publish(
         return branch, pr_url
 
 
+def publish_multi(
+    event: ErrorEvent,
+    results: list[dict],
+    cfg: SentinelConfig,
+) -> list[dict]:
+    """Push committed branches and open per-repo PRs (or push direct on auto_commit).
+
+    Mutates each "committed" entry in `results` in-place, setting `pr_url` and
+    `branch`. Entries with status != "committed" are left untouched.
+
+    For multi-repo fixes (>1 committed entry), each PR's body notes the sibling
+    repos by name so reviewers can locate the matching branch.
+    """
+    committed = [r for r in results if r["status"] == "committed"]
+    if not committed:
+        return results
+
+    repo_names = [r["repo_name"] for r in committed]
+    multi_repo = len(committed) > 1
+
+    for entry in committed:
+        repo: RepoConfig = entry["repo"]
+        commit_hash: str = entry["commit_hash"]
+        env = _git_env(repo)
+        local_path = repo.local_path
+        auto_commit = resolve_auto_commit(repo, cfg)
+
+        if not auto_commit:
+            if remote_fix_exists(repo, event.fingerprint, cfg):
+                logger.info(
+                    "publish_multi: remote fix branch already exists for %s in %s — skipping",
+                    event.fingerprint[:8], repo.repo_name,
+                )
+                entry["pr_url"] = ""
+                continue
+
+        if auto_commit:
+            r = _git(["push", "origin", repo.branch], cwd=local_path, env=env)
+            if r.returncode != 0:
+                logger.error(
+                    "publish_multi: git push failed in %s:\n%s",
+                    repo.repo_name, r.stderr,
+                )
+            entry["branch"] = repo.branch
+            entry["pr_url"] = ""
+            continue
+
+        branch_name = f"{cfg.project_name or 'sentinel'}/fix-{event.fingerprint[:8]}"
+        _git(["checkout", "-B", branch_name], cwd=local_path, env=env)
+        r = _git(["push", "-u", "origin", branch_name], cwd=local_path, env=env)
+        if r.returncode != 0:
+            logger.error(
+                "publish_multi: branch push failed in %s:\n%s",
+                repo.repo_name, r.stderr,
+            )
+            _git(["checkout", repo.branch], cwd=local_path, env=env)
+            entry["branch"] = branch_name
+            entry["pr_url"] = ""
+            continue
+        _git(["checkout", repo.branch], cwd=local_path, env=env)
+
+        # Build the multi-repo cross-reference paragraph (sibling repo names only;
+        # actual URLs are added in a follow-up two-pass update if/when implemented).
+        extra_body = ""
+        if multi_repo:
+            siblings = [n for n in repo_names if n != repo.repo_name]
+            extra_body = (
+                "### Multi-repo fix\n"
+                "This is part of a coordinated fix across multiple repositories.\n"
+                f"Sibling repos with the same fingerprint (`{event.fingerprint[:8]}`) "
+                f"on branch `{branch_name}`:\n"
+                + "\n".join(f"- `{n}`" for n in siblings)
+                + "\n\n_Merge order: lower apply_order first._"
+            )
+
+        pr_url = _open_github_pr(event, repo, cfg, branch_name, commit_hash, extra_body=extra_body)
+        entry["branch"] = branch_name
+        entry["pr_url"] = pr_url
+
+    return results
+
+
 def _alert_github_token_error(cfg: "SentinelConfig", owner_repo: str, status: int, hint: str = "") -> None:
     """Fire a Slack alert when GitHub API rejects the token during PR creation."""
     msg = (
@@ -423,6 +753,7 @@ def _open_github_pr(
     cfg: SentinelConfig,
     branch: str,
     commit_hash: str,
+    extra_body: str = "",
 ) -> str:
     if not cfg.github_token:
         logger.warning("GITHUB_TOKEN not set — cannot open PR")
@@ -445,6 +776,10 @@ def _open_github_pr(
         f"### Commits in this fix\n"
         f"| SHA (short) | Description |\n|---|---|\n"
         f"| `{commit_hash[:8]}` | fix(sentinel): {event.short_summary()[:60]} |\n\n"
+    )
+    if extra_body:
+        body += extra_body + "\n\n"
+    body += (
         f"---\n"
         f"_To apply: merge this PR. To reject: close it. "
         f"Sentinel will not retry this fingerprint for 24 h._"

package/python/sentinel/main.py

@@ -20,10 +20,13 @@ import sys
 from datetime import datetime, timezone
 from pathlib import Path
 
-from .cairn_client import ensure_installed as cairn_installed, index_repo
+from .cairn_client import ensure_installed as cairn_installed, index_repo, init_project_root
 from .config_loader import ConfigLoader, SentinelConfig, resolve_auto_commit, resolve_auto_release
 from .fix_engine import generate_fix
-from .git_manager import apply_and_commit, publish, _git_env, MissingToolError, MavenAuthError, poll_open_prs
+from .git_manager import (
+    apply_and_commit, publish, apply_and_commit_multi, publish_multi,
+    _git_env, MissingToolError, MavenAuthError, poll_open_prs,
+)
 from .cicd_trigger import trigger as cicd_trigger
 from .log_fetcher import fetch_all
 from .log_parser import parse_all, scan_all_for_markers, ErrorEvent
@@ -45,6 +48,18 @@ logger = logging.getLogger("sentinel")
 
 _report_requested = False
 
+# Per-project asyncio.Lock — serialises fix generation + apply within one
+# project so two concurrent claude sessions never race on the working tree.
+# Keyed by cfg.project_name; populated lazily on first acquire.
+_project_locks: dict[str, "asyncio.Lock"] = {}
+
+
+def _project_lock(project_name: str) -> "asyncio.Lock":
+    """Return (and lazily create) the asyncio.Lock for a project."""
+    if project_name not in _project_locks:
+        _project_locks[project_name] = asyncio.Lock()
+    return _project_locks[project_name]
+
 
 def _on_sigusr1(*_):
     global _report_requested
@@ -271,10 +286,37 @@ async def _handle_error(event: ErrorEvent, cfg_loader: ConfigLoader, store: Stat
         logger.debug("Fix already attempted recently for %s", event.fingerprint)
         return
 
-    # ── Generate fix ──────────────────────────────────────────────────────────
+    # Per-project lock — serialise fix generation+apply+publish so two
+    # concurrent claude sessions never race on the working tree of any repo.
+    async with _project_lock(sentinel.project_name or "_default"):
+        await _generate_apply_publish(
+            event, repo, sentinel, store, cfg_loader,
+            _progress, auto_commit, auto_release,
+        )
+
+
+async def _generate_apply_publish(
+    event: ErrorEvent,
+    repo,
+    sentinel: SentinelConfig,
+    store: StateStore,
+    cfg_loader: ConfigLoader,
+    _progress,
+    auto_commit: bool,
+    auto_release: bool,
+):
+    """Generate the fix and apply it via the multi-repo flow (with single-repo fallback).
+
+    A patch from claude with `repos/<name>/...` paths goes through the
+    multi-repo apply (atomic dry-run, per-repo commit). If the patch has no
+    such prefix (legacy single-repo), we fall back to apply_and_commit/publish.
+    """
     _progress(":brain: Analyzing with Claude Code...")
     patches_dir = Path(sentinel.workspace_dir).resolve() / "patches"
-    status, patch_path, marker = generate_fix(event, repo, sentinel, patches_dir, store)
+    all_repos = list(cfg_loader.repos.values())
+    status, patch_path, marker = generate_fix(
+        event, repo, sentinel, patches_dir, store, all_repos=all_repos,
+    )
 
     if status != "patch" or patch_path is None:
         outcome = "skipped" if status in ("skip", "needs_human") else "failed"
@@ -295,8 +337,137 @@ async def _handle_error(event: ErrorEvent, cfg_loader: ConfigLoader, store: Stat
             })
         return
 
-    # ── Apply fix ─────────────────────────────────────────────────────────────
+    # ── Try multi-repo apply first; fall back to single-repo on legacy patches ──
     _progress(":gear: Applying patch and running tests...")
+    multi_results = apply_and_commit_multi(event, patch_path, all_repos, sentinel)
+
+    if not multi_results:
+        # Legacy single-repo patch (no `repos/<name>/` prefix) — use existing flow.
+        logger.info(
+            "main: patch for %s has no repos/<name>/ prefix — falling back to single-repo apply",
+            event.fingerprint[:8],
+        )
+        await _apply_publish_single(
+            event, repo, sentinel, store, cfg_loader,
+            _progress, auto_commit, auto_release, patch_path, marker,
+        )
+        return
+
+    # ── Multi-repo flow ────────────────────────────────────────────────────
+    multi_results = publish_multi(event, multi_results, sentinel)
+
+    committed = [r for r in multi_results if r["status"] == "committed"]
+    failed    = [r for r in multi_results if r["status"] != "committed"]
+
+    # Record per-repo state in fix_repos for Boss/reporter visibility.
+    for r in multi_results:
+        pr_state = "open" if r.get("pr_url") else ("merged" if r["status"] == "committed" and auto_commit else "")
+        try:
+            store.record_fix_repo(
+                event.fingerprint, r["repo_name"],
+                branch=r.get("branch", ""), commit_hash=r.get("commit_hash", ""),
+                pr_url=r.get("pr_url", ""),
+                pr_state=pr_state if r["status"] == "committed" else r["status"],
+                apply_order=r.get("apply_order", 0),
+            )
+        except Exception as _se:
+            logger.warning("record_fix_repo failed for %s: %s", r["repo_name"], _se)
+
+    # Summary fixes-table row uses the primary repo (where the error originated)
+    # so existing single-row queries (get_open_prs, recent fixes) still work.
+    primary = next((r for r in multi_results if r["repo_name"] == repo.repo_name), None)
+    if primary and primary["status"] == "committed":
+        store.record_fix(
+            event.fingerprint,
+            "applied" if auto_commit else "pending",
+            patch_path=str(patch_path),
+            commit_hash=primary["commit_hash"],
+            branch=primary.get("branch", ""),
+            pr_url=primary.get("pr_url", ""),
+            repo_name=repo.repo_name,
+            sentinel_marker=marker,
+        )
+    else:
+        store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
+
+    # ── Surface the result ─────────────────────────────────────────────────
+    if not committed:
+        reasons = "; ".join(f"{r['repo_name']}: {r['reason']}" for r in failed)
+        _progress(f":x: Multi-repo fix aborted — {reasons[:300]}")
+        send_failure_notification(sentinel, {
+            "source":    event.source,
+            "message":   event.message,
+            "repo_name": repo.repo_name,
+            "reason":    f"Multi-repo apply failed: {reasons[:400]}",
+            "body":      event.full_text()[:500],
+        })
+        return
+
+    if failed:
+        _progress(
+            f":warning: Multi-repo fix PARTIAL — committed in "
+            f"{', '.join(r['repo_name'] for r in committed)}; "
+            f"failed in {', '.join(r['repo_name'] for r in failed)}"
+        )
+
+    pr_lines = []
+    for r in committed:
+        if r.get("pr_url"):
+            pr_lines.append(f"  • `{r['repo_name']}` → {r['pr_url']}")
+        else:
+            pr_lines.append(f"  • `{r['repo_name']}` → pushed to `{r.get('branch','main')}` "
+                            f"(`{r.get('commit_hash','')[:8]}`)")
+    if pr_lines:
+        _progress(":white_check_mark: Fix complete:\n" + "\n".join(pr_lines))
+
+    # Pending release tracking for auto_commit-without-auto_release per repo.
+    if auto_commit and not auto_release:
+        for r in committed:
+            if r.get("commit_hash") and r.get("branch"):
+                store.add_pending_release(
+                    r["repo_name"], r["commit_hash"], r["branch"],
+                    description=event.message[:120],
+                    fingerprint=event.fingerprint,
+                )
+
+    # Single fix notification using the primary repo's row (back-compat with reporter).
+    if primary and primary["status"] == "committed":
+        send_fix_notification(sentinel, {
+            "source":       event.source,
+            "severity":     event.severity,
+            "fingerprint":  event.fingerprint,
+            "first_seen":   str(event.timestamp),
+            "message":      event.message,
+            "stack_trace":  getattr(event, "stack_trace", ""),
+            "repo_name":    repo.repo_name,
+            "commit_hash":  primary.get("commit_hash", ""),
+            "branch":       primary.get("branch", ""),
+            "pr_url":       primary.get("pr_url", ""),
+            "auto_commit":  auto_commit,
+            "files_changed": [],
+        })
+
+    # CI/CD trigger — only fire for the primary repo for now (multi-repo cascade is v2).
+    if auto_commit and auto_release and primary and primary["status"] == "committed":
+        ok = cicd_trigger(repo, store, event.fingerprint)
+        if ok and repo.cicd_type.lower() in ("jenkins_release", "jenkins-release"):
+            _run_cascade(repo, sentinel, cfg_loader)
+
+
+async def _apply_publish_single(
+    event: ErrorEvent,
+    repo,
+    sentinel: SentinelConfig,
+    store: StateStore,
+    cfg_loader: ConfigLoader,
+    _progress,
+    auto_commit: bool,
+    auto_release: bool,
+    patch_path: Path,
+    marker: str,
+):
+    """Legacy single-repo apply+publish flow — used when the patch has no
+    `repos/<name>/` prefix (older claude output, manual issues, etc.)."""
     try:
         commit_status, commit_hash = apply_and_commit(event, patch_path, repo, sentinel)
     except MavenAuthError as e:
@@ -823,6 +994,19 @@ async def _startup_checks(cfg_loader: ConfigLoader) -> dict:
     if not cairn_installed():
         results["warnings"].append("Cairn not found — run: npm install -g @misterhuydo/cairn-mcp")
 
+    # Initialise the project-root .cairn/ so child sub-repos federate up to it.
+    # Once the project root + every sub-repo has its own .cairn/, Claude can
+    # see across all repos via Cairn's parent walk-up — required for multi-repo
+    # fix generation to work.
+    project_root = str(Path(cfg_loader.sentinel.workspace_dir).parent)
+    if init_project_root(project_root):
+        logger.info("Cairn federation root initialised at %s", project_root)
+    else:
+        results["warnings"].append(
+            f"Cairn project-root init failed at {project_root} — multi-repo "
+            "visibility may be degraded. See logs."
+        )
+
     for name, repo in cfg_loader.repos.items():
         local = Path(repo.local_path)
         if not local.exists():