@misterhuydo/sentinel 1.5.63 → 1.6.1

package/.cairn/.hint-lock

@@ -1 +1 @@
-2026-04-22T05:30:19.725Z
+2026-04-24T10:50:33.264Z

package/.cairn/session.json

@@ -1,6 +1,6 @@
 {
-  "message": "Auto-checkpoint at 2026-04-21T11:31:04.976Z",
-  "checkpoint_at": "2026-04-21T11:31:04.977Z",
+  "message": "Auto-checkpoint at 2026-04-24T10:58:52.087Z",
+  "checkpoint_at": "2026-04-24T10:58:52.089Z",
   "active_files": [
     "J:\\Projects\\Sentinel\\cli\\bin\\sentinel.js",
     "J:\\Projects\\Sentinel\\cli\\lib\\test.js",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.5.63",
+  "version": "1.6.1",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/sentinel/__init__.py

@@ -1 +1 @@
-__version__ = "1.5.63"
+__version__ = "1.6.1"

package/python/sentinel/cairn_client.py

@@ -37,30 +37,49 @@ def ensure_installed() -> bool:
     return False
 
 
-def index_repo(repo: RepoConfig) -> bool:
-    """Run `cairn install` in the repo if not already initialised.
+def _install_cairn_at(path: str) -> bool:
+    """Run `cairn install` in `path` if not already initialised.
 
-    Cairn indexes automatically via hooks once installed — this just ensures
-    the .cairn project file and MCP registration exist before the first fix attempt.
+    Idempotent: returns True (no-op) if the .cairn-project marker already exists.
+    Returns False if the directory doesn't exist or `cairn install` failed.
     """
     import os
-    cairn_marker = os.path.join(repo.local_path, ".cairn", ".cairn-project")
-    if os.path.exists(cairn_marker):
-        logger.debug("cairn already installed in %s", repo.local_path)
+    if not os.path.isdir(path):
+        logger.warning("cairn init: directory missing: %s", path)
+        return False
+    marker = os.path.join(path, ".cairn", ".cairn-project")
+    if os.path.exists(marker):
+        logger.debug("cairn already installed in %s", path)
         return True
     try:
         r = subprocess.run(
             [CAIRN_BIN, "install"],
-            cwd=repo.local_path,
+            cwd=path,
             capture_output=True,
             text=True,
             timeout=30,
         )
         if r.returncode == 0:
-            logger.info("cairn installed in %s", repo.local_path)
+            logger.info("cairn installed in %s", path)
             return True
-        logger.warning("cairn install failed in %s: %s", repo.local_path, r.stderr.strip())
+        logger.warning("cairn install failed in %s: %s", path, r.stderr.strip())
         return False
     except Exception as e:
-        logger.warning("cairn install error in %s: %s", repo.local_path, e)
+        logger.warning("cairn install error in %s: %s", path, e)
         return False
+
+
+def init_project_root(project_dir: str) -> bool:
+    """Initialise the project-root .cairn/ so child sub-repos federate up to it.
+
+    Once both the project root and its sub-repos have .cairn/, Cairn's parent
+    walk-up at query time auto-mounts every sibling sub-index — giving Claude
+    full cross-repo visibility from the project root cwd. See cairn db.js
+    `mountParentSubIndexes` for the federation mechanism.
+    """
+    return _install_cairn_at(project_dir)
+
+
+def index_repo(repo: RepoConfig) -> bool:
+    """Run `cairn install` in the repo if not already initialised."""
+    return _install_cairn_at(repo.local_path)

package/python/sentinel/fix_engine.py

@@ -8,6 +8,7 @@ connection — Sentinel does not need to query or inject it explicitly.
 """
 from __future__ import annotations
 
+import json
 import logging
 import re
 import subprocess
@@ -22,13 +23,52 @@ from .notify import alert_if_rate_limited, slack_alert
 logger = logging.getLogger(__name__)
 
 SUBPROCESS_TIMEOUT = 600
-MAX_FILES_IN_PATCH = 5
-MAX_LINES_IN_PATCH = 200
 
 _DIFF_BLOCK = re.compile(r"```(?:diff|patch)?\n(.*?)```", re.DOTALL)
 _DIFF_HEADER = re.compile(r"^diff --git|^---\s+\S+|^\+\+\+\s+\S+", re.MULTILINE)
 
 
+def _parse_claude_json(stdout: str) -> dict:
+    """Parse `claude --print --output-format json` output.
+
+    Tolerant of leading garbage (debug lines, warnings) — locates the first JSON
+    object in the stream. Always returns the same shape regardless of which
+    fields claude emitted:
+
+        {
+          "result":         str,    # the model's response text (where the patch lives)
+          "session_id":     str,    # for --resume on the next call
+          "total_cost_usd": float,
+          "is_error":       bool,   # True if claude reported an error OR parse failed
+        }
+    """
+    empty = {"result": "", "session_id": "", "total_cost_usd": 0.0, "is_error": True}
+    if not stdout or not stdout.strip():
+        return empty
+
+    text = stdout.strip()
+    start = text.find("{")
+    if start < 0:
+        return empty
+    try:
+        obj = json.loads(text[start:])
+    except json.JSONDecodeError:
+        # Some claude versions append trailing data; consume only the leading object.
+        try:
+            obj, _end = json.JSONDecoder().raw_decode(text[start:])
+        except json.JSONDecodeError:
+            return empty
+
+    if not isinstance(obj, dict):
+        return empty
+    return {
+        "result":         obj.get("result", "") or "",
+        "session_id":     obj.get("session_id", "") or "",
+        "total_cost_usd": float(obj.get("total_cost_usd", 0.0) or 0.0),
+        "is_error":       bool(obj.get("is_error", False)),
+    }
+
+
 def _extract_patch(output: str) -> str | None:
     """Extract a unified diff patch from Claude's output."""
     # 1. Prefer a fenced ```diff or ```patch block
@@ -48,8 +88,28 @@ def _extract_patch(output: str) -> str | None:
     return None
 
 
-def _build_prompt(event, repo: RepoConfig, log_file, marker: str, stale_markers: list[str] = None, synced_files: list = None) -> str:
-    if log_file and log_file.exists():
+def _build_prompt(
+    event,
+    primary_repo: RepoConfig,
+    log_file,
+    marker: str,
+    stale_markers: list[str] | None = None,
+    synced_files: list | None = None,
+    all_repos: list[RepoConfig] | None = None,
+    project_root: str = "",
+) -> str:
+    """Build the fix prompt for the multi-repo project.
+
+    `primary_repo` is where the error originated; `all_repos` are every repo in
+    the project visible to Claude via Cairn federation. Patch paths must be
+    `repos/<repo-name>/...` so git_manager.parse_multi_repo_patch() can split
+    the result back per-repo.
+    """
+    if all_repos is None:
+        all_repos = [primary_repo]
+    project_root = project_root or str(Path(primary_repo.local_path).parent.parent)
+
+    if log_file and Path(log_file).exists():
         ctx = (
             "LOG FILE: " + str(log_file) + "\n"
             "Read this file first -- it contains the last 48h of logs from "
@@ -93,9 +153,15 @@ def _build_prompt(event, repo: RepoConfig, log_file, marker: str, stale_markers:
             "Commit the cleanup separately with message: 'chore(sentinel): remove stale markers'\n"
         )
 
+    repo_listing = "\n".join(f"  - {r.repo_name}" for r in all_repos)
+
     lines_out = [
-        f"You are fixing a production bug in the repository at {repo.local_path}.",
-        f"Repository: {repo.repo_name}",
+        f"You are fixing a production bug in the project at {project_root}.",
+        "",
+        "PROJECT REPOS (all visible to you via Cairn federation):",
+        repo_listing,
+        "",
+        f"The error originated in: {primary_repo.repo_name}",
         "",
     ]
     if cleanup:
@@ -109,6 +175,8 @@ def _build_prompt(event, repo: RepoConfig, log_file, marker: str, stale_markers:
         "Task:",
         f"1. {step1}",
         "2. Use your available tools to explore the codebase and identify the root cause.",
+        "   You can read across ALL listed repos — use that visibility to follow type",
+        "   definitions, callers, or shared library code that may be involved.",
         f"3. {marker_instruction}",
         "4. Consider all possible fix approaches. For each, weigh:",
         "   - Confidence: is this definitely the root cause?",
@@ -116,9 +184,22 @@ def _build_prompt(event, repo: RepoConfig, log_file, marker: str, stale_markers:
         "   - Scope: is it minimal and targeted?",
         "   Choose the safest minimal approach. If multiple valid options exist, pick the one",
         "   with highest confidence and lowest blast radius.",
-        "5. Output ONLY a unified diff patch (git diff format) for the chosen fix.",
-        "6. Do not explain. Output only the patch.",
-        "7. Only if you truly cannot produce a safe fix — e.g. the root cause requires a",
+        "",
+        "PATCH OUTPUT FORMAT (multi-repo aware)",
+        "5. Output a unified diff. EVERY path must be prefixed with `repos/<repo-name>/`",
+        "   so Sentinel can split the patch back per repo. Examples:",
+        "     diff --git a/repos/Whydah-TypeLib/src/Foo.java b/repos/Whydah-TypeLib/src/Foo.java",
+        "     --- a/repos/1881-SSOLoginWebApp/pom.xml",
+        "     +++ b/repos/1881-SSOLoginWebApp/pom.xml",
+        "6. If your fix touches MORE THAN ONE repo, prepend a single header line at the",
+        "   very top of the patch (before any `diff --git`):",
+        "     # Affected repos: <repo-a>, <repo-b>",
+        "   Order matters: list the LIBRARY/dependency repo FIRST, the CONSUMER repo",
+        "   AFTER. Sentinel will merge in this order.",
+        "7. Do not explain. Output only the patch (and the header if multi-repo).",
+        "",
+        "ESCALATION SIGNALS",
+        "8. Only if you truly cannot produce a safe fix — e.g. the root cause requires a",
         "   DB schema change, infrastructure update, business logic decision, or is inside",
         "   a third-party library — output exactly:",
         "   NEEDS_HUMAN: <explanation>",
@@ -126,10 +207,15 @@ def _build_prompt(event, repo: RepoConfig, log_file, marker: str, stale_markers:
         "   was insufficient or unsafe, (c) exactly what a human needs to do or decide.",
         "   Do NOT output NEEDS_HUMAN just because the fix is complex — only when human",
         "   judgement or access is genuinely required.",
-        "8. If the fix requires changing Sentinel's own source code (the monitoring/fix agent",
+        "9. If the fix requires changing Sentinel's own source code (the monitoring/fix agent",
         "   itself, not the application being monitored) — output exactly:",
         "   BOSS_ESCALATE: <description of what needs to change in Sentinel>",
         "   This escalates to Patch, the Sentinel dev agent, who will implement it.",
+        "",
+        "FINAL STEP — checkpoint cairn",
+        "10. Before you stop, call the `cairn_checkpoint` MCP tool with a one-line summary",
+        "    of what you changed (e.g. \"Broaden FirstName regex; bump consumer to 2.7.1\").",
+        "    This lets the next session resume with full context of prior fixes.",
     ]
     return "\n".join(lines_out)
 
@@ -156,19 +242,6 @@ def _fix_blank_context_lines(patch: str) -> str:
     return "\n".join(result) + "\n"
 
 
-def _validate_patch(patch: str) -> tuple[bool, str]:
-    files_changed = len(re.findall(r"^diff --git", patch, re.MULTILINE))
-    lines_changed = len([
-        l for l in patch.splitlines()
-        if l.startswith(("+", "-")) and not l.startswith(("+++", "---"))
-    ])
-    if files_changed > MAX_FILES_IN_PATCH:
-        return False, f"Patch touches {files_changed} files (limit {MAX_FILES_IN_PATCH})"
-    if lines_changed > MAX_LINES_IN_PATCH:
-        return False, f"Patch changes {lines_changed} lines (limit {MAX_LINES_IN_PATCH})"
-    return True, ""
-
-
 _AUTH_ERROR_HINTS = (
     "not logged in", "please run claude login", "authentication failed",
     "api key is not set", "invalid x-api-key", "unauthorized", "please authenticate",
@@ -181,18 +254,39 @@ def _is_auth_error(output: str) -> bool:
     return any(hint in low for hint in _AUTH_ERROR_HINTS)
 
 
-def _claude_cmd(bin_path: str, prompt: str) -> list[str]:
+def _claude_cmd(
+    bin_path: str,
+    prompt: str,
+    session_id: str = "",
+    use_bare: bool = True,
+) -> list[str]:
+    """Build the `claude --print` command line.
+
+    `session_id` (if non-empty) attaches `--resume <id>` so Claude continues an
+    existing session — gives prompt-cache reuse and shared context across fixes.
+
+    `use_bare` controls the `--bare` flag, which forces `ANTHROPIC_API_KEY`-only
+    auth. It MUST be True for the API-key attempt (claude needs a key in env)
+    and MUST be False for the OAuth attempt (otherwise claude refuses to read
+    the cached `claude login` token). The caller picks per attempt.
+
+    Output is forced to `--output-format json` so the caller can extract the
+    session_id, cost, and result text deterministically.
+    """
     import os as _os
     try:
         skip = _os.getuid() != 0
     except AttributeError:
         skip = True  # Windows — always pass flag
-    # --bare: forces ANTHROPIC_API_KEY-only auth, skips keychain/OAuth/hooks.
-    # Required on headless servers (EC2) where Claude Code 2.x silently returns
-    # empty output when keychain auth fails.
+    cmd = [bin_path]
+    if use_bare:
+        cmd.append("--bare")
     if skip:
-        return [bin_path, "--bare", "--dangerously-skip-permissions", "--print", prompt]
-    return [bin_path, "--bare", "--print", prompt]
+        cmd.append("--dangerously-skip-permissions")
+    if session_id:
+        cmd += ["--resume", session_id]
+    cmd += ["--output-format", "json", "--print", prompt]
+    return cmd
 
 
 # ── Claude output → human-readable progress ───────────────────────────────────
@@ -260,6 +354,8 @@ def _run_claude_attempt(
     claude_log_path: Path | None = None,
     on_progress=None,
     cmd_override: list | None = None,
+    session_id: str = "",
+    use_bare: bool | None = None,
 ) -> tuple[str, bool]:
     """
     Run claude CLI with the given env. Returns (output, timed_out).
@@ -267,11 +363,17 @@ def _run_claude_attempt(
     If on_progress is given, calls on_progress(msg) for meaningful output lines
     (deduped — same message not repeated consecutively).
     cmd_override: if provided, use this command list instead of _claude_cmd() default.
+    session_id: if provided, passes --resume to Claude to continue an existing session.
+    use_bare: if None (default), auto-detect — True iff env carries ANTHROPIC_API_KEY.
+              Pass --bare ONLY for the API-key attempt; the OAuth attempt must
+              omit it so Claude reads the cached `claude login` token.
     """
     import threading as _threading
 
+    if use_bare is None:
+        use_bare = bool(env.get("ANTHROPIC_API_KEY"))
     proc = subprocess.Popen(
-        cmd_override if cmd_override is not None else _claude_cmd(bin_path, prompt),
+        cmd_override if cmd_override is not None else _claude_cmd(bin_path, prompt, session_id, use_bare=use_bare),
         stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
         text=True, env=env, cwd=cwd or None,
     )
@@ -334,6 +436,7 @@ def generate_fix(
     patches_dir: Path,
     store=None,
     on_progress=None,
+    all_repos: list[RepoConfig] | None = None,
 ) -> tuple[str, Path | None, str]:
     """
     Generate a fix for the given error event.
@@ -342,20 +445,35 @@ def generate_fix(
         (status, patch_path, marker)
         status: "patch" | "skip" | "needs_human" | "error"
 
-    Auth strategy — API key and Claude Pro (OAuth) are interchangeable:
+    Multi-repo & session resume:
+      - Claude is invoked from the project root with all sub-repos visible
+        through Cairn federation.
+      - The saved per-project session id (state_store.claude_sessions) is
+        passed via --resume so prompt cache and conversation history are reused.
+      - The new session id and cost from the response are persisted back.
+
+    Auth strategy:
       Primary  : Claude Pro (OAuth) if claude_pro_for_tasks=True, else API key
       Fallback : the other method, if primary fails with an auth error
-      On total auth failure: notify Slack admins + email report recipients
     """
     import os as _os
 
+    if all_repos is None:
+        all_repos = [repo]
+
+    project_root = str(Path(cfg.workspace_dir).parent)
     marker   = f"sentinel-{event.fingerprint[:8]}"
     log_file = Path(cfg.workspace_dir) / "fetched" / f"{event.source}.log"
     if not log_file.exists():
         log_file = None
     from .log_syncer import get_synced_files
     synced = get_synced_files(event.source, cfg.workspace_dir)
-    prompt = _build_prompt(event, repo, log_file, marker, synced_files=synced or None)
+    prompt = _build_prompt(
+        event, repo, log_file, marker,
+        synced_files=synced or None,
+        all_repos=all_repos,
+        project_root=project_root,
+    )
 
     # -- Cross-source dedup: skip if fingerprint already fixed in recent git commits ------
     if repo.local_path:
@@ -374,12 +492,23 @@ def generate_fix(
         except Exception as _e:
             logger.debug("fix_engine: git log check failed: %s", _e)
 
+    # Pull saved session id (per project) so Claude continues an existing session.
+    session_id = ""
+    if store is not None and getattr(cfg, "project_name", ""):
+        try:
+            saved = store.get_claude_session(cfg.project_name)
+            if saved:
+                session_id = saved.get("session_id", "") or ""
+        except Exception as _se:
+            logger.debug("fix_engine: get_claude_session failed: %s", _se)
+
     ts = datetime.now(timezone.utc).strftime("%Y%m%d-%H%M%S")
     claude_logs_dir = Path(cfg.workspace_dir).parent / "logs" / "claude"
     claude_log_path = claude_logs_dir / f"{event.fingerprint[:8]}-{ts}.log"
     logger.info(
-        "Invoking Claude Code for %s (fp=%s) — log: %s",
+        "Invoking Claude Code for %s (fp=%s) — log: %s — resume=%s",
         event.source, event.fingerprint, claude_log_path,
+        session_id[:8] if session_id else "(new)",
     )
 
     base_env  = _os.environ.copy()
@@ -396,20 +525,23 @@ def generate_fix(
     else:
         attempts = [("Claude Pro (OAuth)", oauth_env)]
 
-    output = ""
+    raw_output = ""
     try:
         for label, env in attempts:
             if env is None:
                 continue
             logger.info("fix_engine: trying %s for %s", label, event.fingerprint)
-            output, timed_out = _run_claude_attempt(
-                cfg.claude_code_bin, prompt, env, cwd=repo.local_path,
-                claude_log_path=claude_log_path, on_progress=on_progress,
+            raw_output, timed_out = _run_claude_attempt(
+                cfg.claude_code_bin, prompt, env,
+                cwd=project_root,                    # ← project root (cairn federation)
+                claude_log_path=claude_log_path,
+                on_progress=on_progress,
+                session_id=session_id,               # ← resume previous session
             )
             if timed_out:
                 logger.error("Claude Code timed out for %s", event.fingerprint)
                 return "error", None, ""
-            if not _is_auth_error(output):
+            if not _is_auth_error(raw_output):
                 break
             logger.warning("fix_engine: %s auth error for %s — trying next method", label, event.fingerprint)
         else:
@@ -432,14 +564,41 @@ def generate_fix(
         slack_alert(cfg.slack_bot_token, cfg.slack_channel, msg)
         return "error", None, ""
 
-    # Alert Slack immediately on rate-limit — never stay silent
     alert_if_rate_limited(
         cfg.slack_bot_token,
         cfg.slack_channel,
         source=f"fix_engine/{event.fingerprint}",
-        output=output,
+        output=raw_output,
     )
 
+    # Parse the JSON envelope: get session_id, cost, and the actual result text.
+    parsed = _parse_claude_json(raw_output)
+    if parsed["is_error"] and not parsed["result"]:
+        # Fall back to legacy text parsing if JSON decode failed completely.
+        # (Older Claude CLI versions may not emit JSON; --output-format flag is ignored.)
+        logger.warning(
+            "fix_engine: failed to parse JSON output for %s — falling back to raw text",
+            event.fingerprint,
+        )
+        output = raw_output
+    else:
+        output = parsed["result"]
+
+    # Persist the session id (and cost delta) regardless of fix outcome — even
+    # NEEDS_HUMAN / SKIP turns count toward the conversation history.
+    if store is not None and getattr(cfg, "project_name", "") and parsed["session_id"]:
+        try:
+            store.set_claude_session(
+                cfg.project_name, parsed["session_id"],
+                cost_delta=parsed["total_cost_usd"],
+            )
+            logger.info(
+                "fix_engine: saved claude session %s for project %s (turn cost $%.4f)",
+                parsed["session_id"][:8], cfg.project_name, parsed["total_cost_usd"],
+            )
+        except Exception as _se:
+            logger.warning("fix_engine: set_claude_session failed: %s", _se)
+
     if output.strip().upper().startswith("NEEDS_HUMAN:"):
         reason = output.strip()[len("NEEDS_HUMAN:"):].strip()
         logger.info("Claude needs human for %s: %s", event.fingerprint, reason[:200])
@@ -478,11 +637,6 @@ def generate_fix(
 
     patch = _fix_blank_context_lines(patch)
 
-    ok, reason = _validate_patch(patch)
-    if not ok:
-        logger.warning("Patch rejected for %s: %s", event.fingerprint, reason)
-        return "skip", None, ""
-
     patches_dir.mkdir(parents=True, exist_ok=True)
     patch_path = patches_dir / f"{event.fingerprint}.diff"
     patch_path.write_text(patch, encoding="utf-8")