@misterhuydo/sentinel 1.6.0 → 1.6.1

package/.cairn/.hint-lock

@@ -1 +1 @@
-2026-04-22T05:30:19.725Z
+2026-04-24T10:50:33.264Z

package/.cairn/session.json

@@ -1,6 +1,6 @@
 {
-  "message": "Auto-checkpoint at 2026-04-22T05:33:19.801Z",
-  "checkpoint_at": "2026-04-22T05:33:19.802Z",
+  "message": "Auto-checkpoint at 2026-04-24T10:58:52.087Z",
+  "checkpoint_at": "2026-04-24T10:58:52.089Z",
   "active_files": [
     "J:\\Projects\\Sentinel\\cli\\bin\\sentinel.js",
     "J:\\Projects\\Sentinel\\cli\\lib\\test.js",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.6.0",
+  "version": "1.6.1",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/sentinel/__init__.py

@@ -1 +1 @@
-__version__ = "1.6.0"
+__version__ = "1.6.1"

package/python/sentinel/fix_engine.py

@@ -254,12 +254,22 @@ def _is_auth_error(output: str) -> bool:
     return any(hint in low for hint in _AUTH_ERROR_HINTS)
 
 
-def _claude_cmd(bin_path: str, prompt: str, session_id: str = "") -> list[str]:
+def _claude_cmd(
+    bin_path: str,
+    prompt: str,
+    session_id: str = "",
+    use_bare: bool = True,
+) -> list[str]:
     """Build the `claude --print` command line.
 
     `session_id` (if non-empty) attaches `--resume <id>` so Claude continues an
     existing session — gives prompt-cache reuse and shared context across fixes.
 
+    `use_bare` controls the `--bare` flag, which forces `ANTHROPIC_API_KEY`-only
+    auth. It MUST be True for the API-key attempt (claude needs a key in env)
+    and MUST be False for the OAuth attempt (otherwise claude refuses to read
+    the cached `claude login` token). The caller picks per attempt.
+
     Output is forced to `--output-format json` so the caller can extract the
     session_id, cost, and result text deterministically.
     """
@@ -268,10 +278,9 @@ def _claude_cmd(bin_path: str, prompt: str, session_id: str = "") -> list[str]:
         skip = _os.getuid() != 0
     except AttributeError:
         skip = True  # Windows — always pass flag
-    # --bare: forces ANTHROPIC_API_KEY-only auth, skips keychain/OAuth/hooks.
-    # Required on headless servers (EC2) where Claude Code 2.x silently returns
-    # empty output when keychain auth fails.
-    cmd = [bin_path, "--bare"]
+    cmd = [bin_path]
+    if use_bare:
+        cmd.append("--bare")
     if skip:
         cmd.append("--dangerously-skip-permissions")
     if session_id:
@@ -346,6 +355,7 @@ def _run_claude_attempt(
     on_progress=None,
     cmd_override: list | None = None,
     session_id: str = "",
+    use_bare: bool | None = None,
 ) -> tuple[str, bool]:
     """
     Run claude CLI with the given env. Returns (output, timed_out).
@@ -354,11 +364,16 @@ def _run_claude_attempt(
     (deduped — same message not repeated consecutively).
     cmd_override: if provided, use this command list instead of _claude_cmd() default.
     session_id: if provided, passes --resume to Claude to continue an existing session.
+    use_bare: if None (default), auto-detect — True iff env carries ANTHROPIC_API_KEY.
+              Pass --bare ONLY for the API-key attempt; the OAuth attempt must
+              omit it so Claude reads the cached `claude login` token.
     """
     import threading as _threading
 
+    if use_bare is None:
+        use_bare = bool(env.get("ANTHROPIC_API_KEY"))
     proc = subprocess.Popen(
-        cmd_override if cmd_override is not None else _claude_cmd(bin_path, prompt, session_id),
+        cmd_override if cmd_override is not None else _claude_cmd(bin_path, prompt, session_id, use_bare=use_bare),
         stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
         text=True, env=env, cwd=cwd or None,
     )

package/python/sentinel/main.py

@@ -628,12 +628,15 @@ async def _handle_issue(event: IssueEvent, cfg_loader: ConfigLoader, store: Stat
     try:
         patches_dir = Path(sentinel.workspace_dir).resolve() / "patches"
         _loop = asyncio.get_event_loop()
+        all_repos = list(cfg_loader.repos.values())
 
         # Run blocking subprocess work in thread executor so Boss stays responsive.
         # _progress is thread-safe (HTTP POST) so pass it as streaming callback.
         _progress(":brain: Analyzing with Claude Code...")
         status, patch_path, marker = await _loop.run_in_executor(
-            None, generate_fix, event, repo, sentinel, patches_dir, store, _progress
+            None,
+            lambda: generate_fix(event, repo, sentinel, patches_dir, store,
+                                 _progress, all_repos),
         )
 
         submitter_uid = getattr(event, "submitter_user_id", "")
@@ -652,6 +655,133 @@ async def _handle_issue(event: IssueEvent, cfg_loader: ConfigLoader, store: Stat
             return {"submitter": submitter_uid, "repo_name": repo.repo_name,
                     "status": "blocked", "summary": reason_text[:120], "pr_url": ""}
 
+        # ── Try multi-repo apply first; fall back to single-repo on legacy patches ──
+        _progress(f":mag: Patch generated — applying & testing...")
+        multi_results = await _loop.run_in_executor(
+            None, apply_and_commit_multi, event, patch_path, all_repos, sentinel,
+        )
+
+        if multi_results:
+            multi_results = await _loop.run_in_executor(
+                None, publish_multi, event, multi_results, sentinel,
+            )
+
+            committed = [r for r in multi_results if r["status"] == "committed"]
+            failed    = [r for r in multi_results if r["status"] != "committed"]
+
+            for r in multi_results:
+                pr_state = "open" if r.get("pr_url") else (
+                    "merged" if r["status"] == "committed" and auto_commit else ""
+                )
+                try:
+                    store.record_fix_repo(
+                        event.fingerprint, r["repo_name"],
+                        branch=r.get("branch", ""), commit_hash=r.get("commit_hash", ""),
+                        pr_url=r.get("pr_url", ""),
+                        pr_state=pr_state if r["status"] == "committed" else r["status"],
+                        apply_order=r.get("apply_order", 0),
+                    )
+                except Exception as _se:
+                    logger.warning("record_fix_repo failed for %s: %s", r["repo_name"], _se)
+
+            primary = next((r for r in multi_results if r["repo_name"] == repo.repo_name), None)
+            if primary and primary["status"] == "committed":
+                store.record_fix(
+                    event.fingerprint,
+                    "applied" if auto_commit else "pending",
+                    patch_path=str(patch_path),
+                    commit_hash=primary["commit_hash"],
+                    branch=primary.get("branch", ""),
+                    pr_url=primary.get("pr_url", ""),
+                    repo_name=repo.repo_name,
+                    sentinel_marker=marker,
+                )
+            else:
+                store.record_fix(event.fingerprint, "failed", repo_name=repo.repo_name)
+
+            if not committed:
+                reasons = "; ".join(f"{r['repo_name']}: {r['reason']}" for r in failed)
+                _progress(f":x: Multi-repo fix aborted — {reasons[:300]}")
+                notify_fix_blocked(sentinel, event.source, event.message,
+                                   reason=f"Multi-repo apply failed: {reasons[:400]}",
+                                   repo_name=repo.repo_name,
+                                   submitter_user_id=submitter_uid,
+                                   body=getattr(event, "body", ""))
+                mark_done(event.issue_file)
+                return {"submitter": submitter_uid, "repo_name": repo.repo_name,
+                        "status": "blocked", "summary": "Multi-repo apply failed", "pr_url": ""}
+
+            if failed:
+                _progress(
+                    f":warning: Multi-repo fix PARTIAL — committed in "
+                    f"{', '.join(r['repo_name'] for r in committed)}; "
+                    f"failed in {', '.join(r['repo_name'] for r in failed)}"
+                )
+
+            pr_lines = []
+            for r in committed:
+                if r.get("pr_url"):
+                    pr_lines.append(f"  • `{r['repo_name']}` → {r['pr_url']}")
+                else:
+                    pr_lines.append(
+                        f"  • `{r['repo_name']}` → pushed to `{r.get('branch','main')}` "
+                        f"(`{r.get('commit_hash','')[:8]}`)"
+                    )
+            if pr_lines:
+                _progress(":white_check_mark: Fix complete:\n" + "\n".join(pr_lines))
+
+            if auto_commit and not auto_release:
+                for r in committed:
+                    if r.get("commit_hash") and r.get("branch"):
+                        store.add_pending_release(
+                            r["repo_name"], r["commit_hash"], r["branch"],
+                            description=event.message[:120],
+                            fingerprint=event.fingerprint,
+                        )
+
+            if primary and primary["status"] == "committed":
+                send_fix_notification(sentinel, {
+                    "source":       event.source,
+                    "severity":     "ERROR",
+                    "fingerprint":  event.fingerprint,
+                    "first_seen":   event.timestamp,
+                    "message":      event.message,
+                    "stack_trace":  event.body,
+                    "repo_name":    repo.repo_name,
+                    "commit_hash":  primary.get("commit_hash", ""),
+                    "branch":       primary.get("branch", ""),
+                    "pr_url":       primary.get("pr_url", ""),
+                    "auto_commit":  auto_commit,
+                    "files_changed": [],
+                })
+                notify_fix_applied(
+                    sentinel, event.source, event.message,
+                    repo_name=repo.repo_name,
+                    branch=primary.get("branch", ""),
+                    pr_url=primary.get("pr_url", ""),
+                    submitter_user_id=submitter_uid,
+                    origin_channel=_origin_channel,
+                )
+
+            mark_done(event.issue_file)
+
+            if auto_commit and auto_release and primary and primary["status"] == "committed":
+                ok = cicd_trigger(repo, store, event.fingerprint)
+                if ok:
+                    _progress(f":rocket: Release triggered via {repo.cicd_type}")
+                if ok and repo.cicd_type.lower() in ("jenkins_release", "jenkins-release"):
+                    _run_cascade(repo, sentinel, cfg_loader)
+
+            return {"submitter": submitter_uid, "repo_name": repo.repo_name,
+                    "status": "done" if not failed else "partial",
+                    "summary": event.message[:120],
+                    "pr_url": primary.get("pr_url", "") if primary else ""}
+
+        # Legacy single-repo patch (no `repos/<name>/` prefix) — existing flow below.
+        logger.info(
+            "_handle_issue: patch %s has no repos/<name>/ prefix — falling back to single-repo apply",
+            event.fingerprint[:8],
+        )
         _progress(f":mag: Patch generated — running tests (`{repo.repo_name}`)...")
         commit_status, commit_hash = await _loop.run_in_executor(
             None, apply_and_commit, event, patch_path, repo, sentinel

package/python/tests/test_fix_engine_cmd.py

@@ -0,0 +1,53 @@
+"""
+test_fix_engine_cmd.py — Tests for _claude_cmd flag composition.
+
+The OAuth path silently fast-failed in production until 1.6.1 because
+_claude_cmd unconditionally passed --bare, which forces API-key-only auth
+and rejects the OAuth attempt's keyless env. These tests pin the new
+behaviour: --bare only when the API key is actually in the env.
+"""
+from sentinel.fix_engine import _claude_cmd
+
+
+def test_default_includes_bare_for_backcompat():
+    """Existing callers without an explicit flag still get --bare."""
+    cmd = _claude_cmd("claude", "hi")
+    assert "--bare" in cmd
+
+
+def test_use_bare_false_drops_bare():
+    cmd = _claude_cmd("claude", "hi", use_bare=False)
+    assert "--bare" not in cmd
+
+
+def test_use_bare_true_keeps_bare():
+    cmd = _claude_cmd("claude", "hi", use_bare=True)
+    assert "--bare" in cmd
+
+
+def test_session_id_adds_resume():
+    cmd = _claude_cmd("claude", "hi", session_id="abc-123")
+    assert "--resume" in cmd
+    i = cmd.index("--resume")
+    assert cmd[i + 1] == "abc-123"
+
+
+def test_no_session_id_skips_resume():
+    cmd = _claude_cmd("claude", "hi", session_id="")
+    assert "--resume" not in cmd
+
+
+def test_output_format_json_always_present():
+    cmd_a = _claude_cmd("claude", "hi", use_bare=True)
+    cmd_b = _claude_cmd("claude", "hi", use_bare=False)
+    for cmd in (cmd_a, cmd_b):
+        assert "--output-format" in cmd
+        i = cmd.index("--output-format")
+        assert cmd[i + 1] == "json"
+
+
+def test_print_and_prompt_are_last():
+    """`--print <prompt>` must come last so all flags are interpreted."""
+    cmd = _claude_cmd("claude", "the actual prompt", use_bare=False)
+    assert cmd[-2] == "--print"
+    assert cmd[-1] == "the actual prompt"