@misterhuydo/sentinel 1.5.63 → 1.6.1

package/python/sentinel/main.py

@@ -20,10 +20,13 @@ import sys
 from datetime import datetime, timezone
 from pathlib import Path
 
-from .cairn_client import ensure_installed as cairn_installed, index_repo
+from .cairn_client import ensure_installed as cairn_installed, index_repo, init_project_root
 from .config_loader import ConfigLoader, SentinelConfig, resolve_auto_commit, resolve_auto_release
 from .fix_engine import generate_fix
-from .git_manager import apply_and_commit, publish, _git_env, MissingToolError, MavenAuthError, poll_open_prs
+from .git_manager import (
+    apply_and_commit, publish, apply_and_commit_multi, publish_multi,
+    _git_env, MissingToolError, MavenAuthError, poll_open_prs,
+)
 from .cicd_trigger import trigger as cicd_trigger
 from .log_fetcher import fetch_all
 from .log_parser import parse_all, scan_all_for_markers, ErrorEvent
@@ -45,6 +48,18 @@ logger = logging.getLogger("sentinel")
 
 _report_requested = False
 
+# Per-project asyncio.Lock — serialises fix generation + apply within one
+# project so two concurrent claude sessions never race on the working tree.
+# Keyed by cfg.project_name; populated lazily on first acquire.
+_project_locks: dict[str, "asyncio.Lock"] = {}
+
+
+def _project_lock(project_name: str) -> "asyncio.Lock":
+    """Return (and lazily create) the asyncio.Lock for a project."""
+    if project_name not in _project_locks:
+        _project_locks[project_name] = asyncio.Lock()
+    return _project_locks[project_name]
+
 
 def _on_sigusr1(*_):
     global _report_requested
@@ -271,10 +286,37 @@ async def _handle_error(event: ErrorEvent, cfg_loader: ConfigLoader, store: Stat
         logger.debug("Fix already attempted recently for %s", event.fingerprint)
         return
 
-    # ── Generate fix ──────────────────────────────────────────────────────────
+    # Per-project lock — serialise fix generation+apply+publish so two
+    # concurrent claude sessions never race on the working tree of any repo.
+    async with _project_lock(sentinel.project_name or "_default"):
+        await _generate_apply_publish(
+            event, repo, sentinel, store, cfg_loader,
+            _progress, auto_commit, auto_release,
+        )
+
+
+async def _generate_apply_publish(
+    event: ErrorEvent,
+    repo,
+    sentinel: SentinelConfig,
+    store: StateStore,
+    cfg_loader: ConfigLoader,
+    _progress,
+    auto_commit: bool,
+    auto_release: bool,
+):
+    """Generate the fix and apply it via the multi-repo flow (with single-repo fallback).
+
+    A patch from claude with `repos/<name>/...` paths goes through the
+    multi-repo apply (atomic dry-run, per-repo commit). If the patch has no
+    such prefix (legacy single-repo), we fall back to apply_and_commit/publish.
+    """
     _progress(":brain: Analyzing with Claude Code...")
     patches_dir = Path(sentinel.workspace_dir).resolve() / "patches"
-    status, patch_path, marker = generate_fix(event, repo, sentinel, patches_dir, store)
+    all_repos = list(cfg_loader.repos.values())
+    status, patch_path, marker = generate_fix(
+        event, repo, sentinel, patches_dir, store, all_repos=all_repos,
+    )
 
     if status != "patch" or patch_path is None:
         outcome = "skipped" if status in ("skip", "needs_human") else "failed"
@@ -295,8 +337,137 @@ async def _handle_error(event: ErrorEvent, cfg_loader: ConfigLoader, store: Stat
             })
         return
 
-    # ── Apply fix ─────────────────────────────────────────────────────────────
+    # ── Try multi-repo apply first; fall back to single-repo on legacy patches ──
     _progress(":gear: Applying patch and running tests...")
+    multi_results = apply_and_commit_multi(event, patch_path, all_repos, sentinel)
+
+    if not multi_results:
+        # Legacy single-repo patch (no `repos/<name>/` prefix) — use existing flow.
+        logger.info(
+            "main: patch for %s has no repos/<name>/ prefix — falling back to single-repo apply",
+            event.fingerprint[:8],
+        )
+        await _apply_publish_single(
+            event, repo, sentinel, store, cfg_loader,
+            _progress, auto_commit, auto_release, patch_path, marker,
+        )
+        return
+
+    # ── Multi-repo flow ────────────────────────────────────────────────────
+    multi_results = publish_multi(event, multi_results, sentinel)
+
+    committed = [r for r in multi_results if r["status"] == "committed"]
+    failed    = [r for r in multi_results if r["status"] != "committed"]
+
+    # Record per-repo state in fix_repos for Boss/reporter visibility.
+    for r in multi_results:
+        pr_state = "open" if r.get("pr_url") else ("merged" if r["status"] == "committed" and auto_commit else "")
+        try:
+            store.record_fix_repo(
+                event.fingerprint, r["repo_name"],
+                branch=r.get("branch", ""), commit_hash=r.get("commit_hash", ""),
+                pr_url=r.get("pr_url", ""),
+                pr_state=pr_state if r["status"] == "committed" else r["status"],
+                apply_order=r.get("apply_order", 0),
+            )
+        except Exception as _se:
+            logger.warning("record_fix_repo failed for %s: %s", r["repo_name"], _se)
+
+    # Summary fixes-table row uses the primary repo (where the error originated)
+    # so existing single-row queries (get_open_prs, recent fixes) still work.
+    primary = next((r for r in multi_results if r["repo_name"] == repo.repo_name), None)
+    if primary and primary["status"] == "committed":
+        store.record_fix(
+            event.fingerprint,
+            "applied" if auto_commit else "pending",
+            patch_path=str(patch_path),
+            commit_hash=primary["commit_hash"],
+            branch=primary.get("branch", ""),
+            pr_url=primary.get("pr_url", ""),
+            repo_name=repo.repo_name,
+            sentinel_marker=marker,
+        )
+    else:
+        store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
+
+    # ── Surface the result ─────────────────────────────────────────────────
+    if not committed:
+        reasons = "; ".join(f"{r['repo_name']}: {r['reason']}" for r in failed)
+        _progress(f":x: Multi-repo fix aborted — {reasons[:300]}")
+        send_failure_notification(sentinel, {
+            "source":    event.source,
+            "message":   event.message,
+            "repo_name": repo.repo_name,
+            "reason":    f"Multi-repo apply failed: {reasons[:400]}",
+            "body":      event.full_text()[:500],
+        })
+        return
+
+    if failed:
+        _progress(
+            f":warning: Multi-repo fix PARTIAL — committed in "
+            f"{', '.join(r['repo_name'] for r in committed)}; "
+            f"failed in {', '.join(r['repo_name'] for r in failed)}"
+        )
+
+    pr_lines = []
+    for r in committed:
+        if r.get("pr_url"):
+            pr_lines.append(f"  • `{r['repo_name']}` → {r['pr_url']}")
+        else:
+            pr_lines.append(f"  • `{r['repo_name']}` → pushed to `{r.get('branch','main')}` "
+                            f"(`{r.get('commit_hash','')[:8]}`)")
+    if pr_lines:
+        _progress(":white_check_mark: Fix complete:\n" + "\n".join(pr_lines))
+
+    # Pending release tracking for auto_commit-without-auto_release per repo.
+    if auto_commit and not auto_release:
+        for r in committed:
+            if r.get("commit_hash") and r.get("branch"):
+                store.add_pending_release(
+                    r["repo_name"], r["commit_hash"], r["branch"],
+                    description=event.message[:120],
+                    fingerprint=event.fingerprint,
+                )
+
+    # Single fix notification using the primary repo's row (back-compat with reporter).
+    if primary and primary["status"] == "committed":
+        send_fix_notification(sentinel, {
+            "source":       event.source,
+            "severity":     event.severity,
+            "fingerprint":  event.fingerprint,
+            "first_seen":   str(event.timestamp),
+            "message":      event.message,
+            "stack_trace":  getattr(event, "stack_trace", ""),
+            "repo_name":    repo.repo_name,
+            "commit_hash":  primary.get("commit_hash", ""),
+            "branch":       primary.get("branch", ""),
+            "pr_url":       primary.get("pr_url", ""),
+            "auto_commit":  auto_commit,
+            "files_changed": [],
+        })
+
+    # CI/CD trigger — only fire for the primary repo for now (multi-repo cascade is v2).
+    if auto_commit and auto_release and primary and primary["status"] == "committed":
+        ok = cicd_trigger(repo, store, event.fingerprint)
+        if ok and repo.cicd_type.lower() in ("jenkins_release", "jenkins-release"):
+            _run_cascade(repo, sentinel, cfg_loader)
+
+
+async def _apply_publish_single(
+    event: ErrorEvent,
+    repo,
+    sentinel: SentinelConfig,
+    store: StateStore,
+    cfg_loader: ConfigLoader,
+    _progress,
+    auto_commit: bool,
+    auto_release: bool,
+    patch_path: Path,
+    marker: str,
+):
+    """Legacy single-repo apply+publish flow — used when the patch has no
+    `repos/<name>/` prefix (older claude output, manual issues, etc.)."""
     try:
         commit_status, commit_hash = apply_and_commit(event, patch_path, repo, sentinel)
     except MavenAuthError as e:
@@ -457,12 +628,15 @@ async def _handle_issue(event: IssueEvent, cfg_loader: ConfigLoader, store: Stat
     try:
         patches_dir = Path(sentinel.workspace_dir).resolve() / "patches"
         _loop = asyncio.get_event_loop()
+        all_repos = list(cfg_loader.repos.values())
 
         # Run blocking subprocess work in thread executor so Boss stays responsive.
         # _progress is thread-safe (HTTP POST) so pass it as streaming callback.
         _progress(":brain: Analyzing with Claude Code...")
         status, patch_path, marker = await _loop.run_in_executor(
-            None, generate_fix, event, repo, sentinel, patches_dir, store, _progress
+            None,
+            lambda: generate_fix(event, repo, sentinel, patches_dir, store,
+                                 _progress, all_repos),
         )
 
         submitter_uid = getattr(event, "submitter_user_id", "")
@@ -481,6 +655,133 @@ async def _handle_issue(event: IssueEvent, cfg_loader: ConfigLoader, store: Stat
             return {"submitter": submitter_uid, "repo_name": repo.repo_name,
                     "status": "blocked", "summary": reason_text[:120], "pr_url": ""}
 
+        # ── Try multi-repo apply first; fall back to single-repo on legacy patches ──
+        _progress(f":mag: Patch generated — applying & testing...")
+        multi_results = await _loop.run_in_executor(
+            None, apply_and_commit_multi, event, patch_path, all_repos, sentinel,
+        )
+
+        if multi_results:
+            multi_results = await _loop.run_in_executor(
+                None, publish_multi, event, multi_results, sentinel,
+            )
+
+            committed = [r for r in multi_results if r["status"] == "committed"]
+            failed    = [r for r in multi_results if r["status"] != "committed"]
+
+            for r in multi_results:
+                pr_state = "open" if r.get("pr_url") else (
+                    "merged" if r["status"] == "committed" and auto_commit else ""
+                )
+                try:
+                    store.record_fix_repo(
+                        event.fingerprint, r["repo_name"],
+                        branch=r.get("branch", ""), commit_hash=r.get("commit_hash", ""),
+                        pr_url=r.get("pr_url", ""),
+                        pr_state=pr_state if r["status"] == "committed" else r["status"],
+                        apply_order=r.get("apply_order", 0),
+                    )
+                except Exception as _se:
+                    logger.warning("record_fix_repo failed for %s: %s", r["repo_name"], _se)
+
+            primary = next((r for r in multi_results if r["repo_name"] == repo.repo_name), None)
+            if primary and primary["status"] == "committed":
+                store.record_fix(
+                    event.fingerprint,
+                    "applied" if auto_commit else "pending",
+                    patch_path=str(patch_path),
+                    commit_hash=primary["commit_hash"],
+                    branch=primary.get("branch", ""),
+                    pr_url=primary.get("pr_url", ""),
+                    repo_name=repo.repo_name,
+                    sentinel_marker=marker,
+                )
+            else:
+                store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
+
+            if not committed:
+                reasons = "; ".join(f"{r['repo_name']}: {r['reason']}" for r in failed)
+                _progress(f":x: Multi-repo fix aborted — {reasons[:300]}")
+                notify_fix_blocked(sentinel, event.source, event.message,
+                                   reason=f"Multi-repo apply failed: {reasons[:400]}",
+                                   repo_name=repo.repo_name,
+                                   submitter_user_id=submitter_uid,
+                                   body=getattr(event, "body", ""))
+                mark_done(event.issue_file)
+                return {"submitter": submitter_uid, "repo_name": repo.repo_name,
+                        "status": "blocked", "summary": "Multi-repo apply failed", "pr_url": ""}
+
+            if failed:
+                _progress(
+                    f":warning: Multi-repo fix PARTIAL — committed in "
+                    f"{', '.join(r['repo_name'] for r in committed)}; "
+                    f"failed in {', '.join(r['repo_name'] for r in failed)}"
+                )
+
+            pr_lines = []
+            for r in committed:
+                if r.get("pr_url"):
+                    pr_lines.append(f"  • `{r['repo_name']}` → {r['pr_url']}")
+                else:
+                    pr_lines.append(
+                        f"  • `{r['repo_name']}` → pushed to `{r.get('branch','main')}` "
+                        f"(`{r.get('commit_hash','')[:8]}`)"
+                    )
+            if pr_lines:
+                _progress(":white_check_mark: Fix complete:\n" + "\n".join(pr_lines))
+
+            if auto_commit and not auto_release:
+                for r in committed:
+                    if r.get("commit_hash") and r.get("branch"):
+                        store.add_pending_release(
+                            r["repo_name"], r["commit_hash"], r["branch"],
+                            description=event.message[:120],
+                            fingerprint=event.fingerprint,
+                        )
+
+            if primary and primary["status"] == "committed":
+                send_fix_notification(sentinel, {
+                    "source":       event.source,
+                    "severity":     "ERROR",
+                    "fingerprint":  event.fingerprint,
+                    "first_seen":   event.timestamp,
+                    "message":      event.message,
+                    "stack_trace":  event.body,
+                    "repo_name":    repo.repo_name,
+                    "commit_hash":  primary.get("commit_hash", ""),
+                    "branch":       primary.get("branch", ""),
+                    "pr_url":       primary.get("pr_url", ""),
+                    "auto_commit":  auto_commit,
+                    "files_changed": [],
+                })
+                notify_fix_applied(
+                    sentinel, event.source, event.message,
+                    repo_name=repo.repo_name,
+                    branch=primary.get("branch", ""),
+                    pr_url=primary.get("pr_url", ""),
+                    submitter_user_id=submitter_uid,
+                    origin_channel=_origin_channel,
+                )
+
+            mark_done(event.issue_file)
+
+            if auto_commit and auto_release and primary and primary["status"] == "committed":
+                ok = cicd_trigger(repo, store, event.fingerprint)
+                if ok:
+                    _progress(f":rocket: Release triggered via {repo.cicd_type}")
+                if ok and repo.cicd_type.lower() in ("jenkins_release", "jenkins-release"):
+                    _run_cascade(repo, sentinel, cfg_loader)
+
+            return {"submitter": submitter_uid, "repo_name": repo.repo_name,
+                    "status": "done" if not failed else "partial",
+                    "summary": event.message[:120],
+                    "pr_url": primary.get("pr_url", "") if primary else ""}
+
+        # Legacy single-repo patch (no `repos/<name>/` prefix) — existing flow below.
+        logger.info(
+            "_handle_issue: patch %s has no repos/<name>/ prefix — falling back to single-repo apply",
+            event.fingerprint[:8],
+        )
         _progress(f":mag: Patch generated — running tests (`{repo.repo_name}`)...")
         commit_status, commit_hash = await _loop.run_in_executor(
             None, apply_and_commit, event, patch_path, repo, sentinel
@@ -823,6 +1124,19 @@ async def _startup_checks(cfg_loader: ConfigLoader) -> dict:
     if not cairn_installed():
         results["warnings"].append("Cairn not found — run: npm install -g @misterhuydo/cairn-mcp")
 
+    # Initialise the project-root .cairn/ so child sub-repos federate up to it.
+    # Once the project root + every sub-repo has its own .cairn/, Claude can
+    # see across all repos via Cairn's parent walk-up — required for multi-repo
+    # fix generation to work.
+    project_root = str(Path(cfg_loader.sentinel.workspace_dir).parent)
+    if init_project_root(project_root):
+        logger.info("Cairn federation root initialised at %s", project_root)
+    else:
+        results["warnings"].append(
+            f"Cairn project-root init failed at {project_root} — multi-repo "
+            "visibility may be degraded. See logs."
+        )
+
     for name, repo in cfg_loader.repos.items():
         local = Path(repo.local_path)
         if not local.exists():

package/python/sentinel/state_store.py

@@ -87,6 +87,30 @@ class StateStore:
                     fingerprint   TEXT,            -- error/issue fingerprint that triggered it
                     committed_at  TEXT NOT NULL
                 );
+
+                -- One fingerprint can produce changes in multiple repos (cross-repo fix).
+                -- Each row tracks the per-repo branch / commit / PR for one such fingerprint.
+                CREATE TABLE IF NOT EXISTS fix_repos (
+                    fingerprint   TEXT NOT NULL,
+                    repo_name     TEXT NOT NULL,
+                    branch        TEXT,
+                    commit_hash   TEXT,
+                    pr_url        TEXT,
+                    pr_state      TEXT,            -- open|merged|closed|failed
+                    apply_order   INTEGER DEFAULT 0,
+                    timestamp     TEXT NOT NULL,
+                    PRIMARY KEY (fingerprint, repo_name)
+                );
+
+                -- Long-lived `claude --print --resume <id>` sessions, one per project.
+                -- Lets cross-task prompt cache hit and gives Claude continuous context.
+                CREATE TABLE IF NOT EXISTS claude_sessions (
+                    project_name    TEXT PRIMARY KEY,
+                    session_id      TEXT NOT NULL,
+                    last_used       TEXT NOT NULL,
+                    total_cost_usd  REAL NOT NULL DEFAULT 0,
+                    turn_count      INTEGER NOT NULL DEFAULT 0
+                );
             """)
         self._migrate()
         logger.debug("StateStore initialised at %s", self.db_path)
@@ -276,6 +300,103 @@ class StateStore:
             ).fetchone()
             return row is not None
 
+    # ── Multi-repo fix tracking (one fingerprint → many repos) ────────────────
+
+    def record_fix_repo(
+        self,
+        fingerprint: str,
+        repo_name: str,
+        branch: str = "",
+        commit_hash: str = "",
+        pr_url: str = "",
+        pr_state: str = "",
+        apply_order: int = 0,
+    ) -> None:
+        """Record (or replace) the per-repo branch/commit/PR for a multi-repo fix."""
+        with self._conn() as conn:
+            conn.execute(
+                "INSERT INTO fix_repos (fingerprint, repo_name, branch, commit_hash, "
+                "pr_url, pr_state, apply_order, timestamp) VALUES (?,?,?,?,?,?,?,?) "
+                "ON CONFLICT(fingerprint, repo_name) DO UPDATE SET "
+                "branch=excluded.branch, commit_hash=excluded.commit_hash, "
+                "pr_url=excluded.pr_url, pr_state=excluded.pr_state, "
+                "apply_order=excluded.apply_order, timestamp=excluded.timestamp",
+                (fingerprint, repo_name, branch, commit_hash,
+                 pr_url, pr_state, apply_order, _now()),
+            )
+
+    def update_fix_repo_state(
+        self,
+        fingerprint: str,
+        repo_name: str,
+        pr_state: str = "",
+        commit_hash: str = "",
+    ) -> None:
+        """Patch pr_state and/or commit_hash on an existing fix_repos row."""
+        sets, args = [], []
+        if pr_state:
+            sets.append("pr_state=?"); args.append(pr_state)
+        if commit_hash:
+            sets.append("commit_hash=?"); args.append(commit_hash)
+        if not sets:
+            return
+        args.extend([fingerprint, repo_name])
+        with self._conn() as conn:
+            conn.execute(
+                f"UPDATE fix_repos SET {', '.join(sets)} "
+                "WHERE fingerprint=? AND repo_name=?", args,
+            )
+
+    def get_fix_repos(self, fingerprint: str) -> list[dict]:
+        """Return all per-repo rows for a fingerprint, ordered by apply_order then repo_name."""
+        with self._conn() as conn:
+            rows = conn.execute(
+                "SELECT * FROM fix_repos WHERE fingerprint=? "
+                "ORDER BY apply_order, repo_name",
+                (fingerprint,),
+            ).fetchall()
+            return [dict(r) for r in rows]
+
+    # ── Per-project Claude session tracking (for `claude --resume <id>`) ──────
+
+    def get_claude_session(self, project_name: str) -> dict | None:
+        """Return the saved {session_id, last_used, total_cost_usd, turn_count} or None."""
+        with self._conn() as conn:
+            row = conn.execute(
+                "SELECT session_id, last_used, total_cost_usd, turn_count "
+                "FROM claude_sessions WHERE project_name=?",
+                (project_name,),
+            ).fetchone()
+            return dict(row) if row else None
+
+    def set_claude_session(
+        self,
+        project_name: str,
+        session_id: str,
+        cost_delta: float = 0.0,
+    ) -> None:
+        """Upsert the session id; accumulates cost + turn count across calls."""
+        with self._conn() as conn:
+            conn.execute(
+                "INSERT INTO claude_sessions "
+                "(project_name, session_id, last_used, total_cost_usd, turn_count) "
+                "VALUES (?, ?, ?, ?, 1) "
+                "ON CONFLICT(project_name) DO UPDATE SET "
+                "session_id=excluded.session_id, "
+                "last_used=excluded.last_used, "
+                "total_cost_usd=total_cost_usd + excluded.total_cost_usd, "
+                "turn_count=turn_count + 1",
+                (project_name, session_id, _now(), cost_delta),
+            )
+
+    def clear_claude_session(self, project_name: str) -> None:
+        """Drop the saved session id for a project (forces a fresh session next call)."""
+        with self._conn() as conn:
+            conn.execute(
+                "DELETE FROM claude_sessions WHERE project_name=?",
+                (project_name,),
+            )
+
     def mark_marker_seen(self, marker: str) -> dict | None:
         """Record that a SENTINEL marker appeared in production logs."""
         with self._conn() as conn:

package/python/tests/test_cairn_client.py

@@ -0,0 +1,72 @@
+"""
+test_cairn_client.py — Unit tests for cairn federation init.
+"""
+from unittest.mock import patch, MagicMock
+import pytest
+
+from sentinel.cairn_client import init_project_root, index_repo
+from sentinel.config_loader import RepoConfig
+
+
+def _fake_completed(rc=0, stdout="", stderr=""):
+    m = MagicMock()
+    m.returncode = rc
+    m.stdout = stdout
+    m.stderr = stderr
+    return m
+
+
+# ── init_project_root ─────────────────────────────────────────────────────────
+
+def test_init_project_root_skips_when_marker_exists(tmp_path):
+    (tmp_path / ".cairn").mkdir()
+    (tmp_path / ".cairn" / ".cairn-project").touch()
+    with patch("sentinel.cairn_client.subprocess.run") as run:
+        ok = init_project_root(str(tmp_path))
+    assert ok is True
+    run.assert_not_called()
+
+
+def test_init_project_root_runs_cairn_install_when_missing(tmp_path):
+    with patch("sentinel.cairn_client.subprocess.run",
+               return_value=_fake_completed(rc=0)) as run:
+        ok = init_project_root(str(tmp_path))
+    assert ok is True
+    run.assert_called_once()
+    args, kwargs = run.call_args
+    assert args[0] == ["cairn", "install"]
+    assert kwargs["cwd"] == str(tmp_path)
+
+
+def test_init_project_root_returns_false_on_install_failure(tmp_path):
+    with patch("sentinel.cairn_client.subprocess.run",
+               return_value=_fake_completed(rc=1, stderr="boom")):
+        ok = init_project_root(str(tmp_path))
+    assert ok is False
+
+
+def test_init_project_root_returns_false_on_subprocess_exception(tmp_path):
+    with patch("sentinel.cairn_client.subprocess.run",
+               side_effect=FileNotFoundError("cairn not on PATH")):
+        ok = init_project_root(str(tmp_path))
+    assert ok is False
+
+
+def test_init_project_root_creates_nothing_when_dir_missing(tmp_path):
+    missing = tmp_path / "does-not-exist"
+    with patch("sentinel.cairn_client.subprocess.run") as run:
+        ok = init_project_root(str(missing))
+    assert ok is False
+    run.assert_not_called()
+
+
+# ── index_repo (existing behaviour — guard against regression) ────────────────
+
+def test_index_repo_skips_when_marker_exists(tmp_path):
+    (tmp_path / ".cairn").mkdir()
+    (tmp_path / ".cairn" / ".cairn-project").touch()
+    repo = RepoConfig(repo_name="r", local_path=str(tmp_path), branch="main")
+    with patch("sentinel.cairn_client.subprocess.run") as run:
+        ok = index_repo(repo)
+    assert ok is True
+    run.assert_not_called()

package/python/tests/test_fix_engine_cmd.py

@@ -0,0 +1,53 @@
+"""
+test_fix_engine_cmd.py — Tests for _claude_cmd flag composition.
+
+The OAuth path silently fast-failed in production until 1.6.1 because
+_claude_cmd unconditionally passed --bare, which forces API-key-only auth
+and rejects the OAuth attempt's keyless env. These tests pin the new
+behaviour: --bare only when the API key is actually in the env.
+"""
+from sentinel.fix_engine import _claude_cmd
+
+
+def test_default_includes_bare_for_backcompat():
+    """Existing callers without an explicit flag still get --bare."""
+    cmd = _claude_cmd("claude", "hi")
+    assert "--bare" in cmd
+
+
+def test_use_bare_false_drops_bare():
+    cmd = _claude_cmd("claude", "hi", use_bare=False)
+    assert "--bare" not in cmd
+
+
+def test_use_bare_true_keeps_bare():
+    cmd = _claude_cmd("claude", "hi", use_bare=True)
+    assert "--bare" in cmd
+
+
+def test_session_id_adds_resume():
+    cmd = _claude_cmd("claude", "hi", session_id="abc-123")
+    assert "--resume" in cmd
+    i = cmd.index("--resume")
+    assert cmd[i + 1] == "abc-123"
+
+
+def test_no_session_id_skips_resume():
+    cmd = _claude_cmd("claude", "hi", session_id="")
+    assert "--resume" not in cmd
+
+
+def test_output_format_json_always_present():
+    cmd_a = _claude_cmd("claude", "hi", use_bare=True)
+    cmd_b = _claude_cmd("claude", "hi", use_bare=False)
+    for cmd in (cmd_a, cmd_b):
+        assert "--output-format" in cmd
+        i = cmd.index("--output-format")
+        assert cmd[i + 1] == "json"
+
+
+def test_print_and_prompt_are_last():
+    """`--print <prompt>` must come last so all flags are interpreted."""
+    cmd = _claude_cmd("claude", "the actual prompt", use_bare=False)
+    assert cmd[-2] == "--print"
+    assert cmd[-1] == "the actual prompt"