@misterhuydo/sentinel 1.6.12 → 1.6.14

package/.cairn/.hint-lock

@@ -1 +1 @@
-2026-04-27T13:09:20.340Z
+2026-04-28T09:31:55.053Z

package/.cairn/session.json

@@ -1,6 +1,6 @@
 {
-  "message": "Auto-checkpoint at 2026-04-27T13:29:19.813Z",
-  "checkpoint_at": "2026-04-27T13:29:19.814Z",
+  "message": "Auto-checkpoint at 2026-04-28T09:29:24.499Z",
+  "checkpoint_at": "2026-04-28T09:29:24.501Z",
   "active_files": [
     "J:\\Projects\\Sentinel\\cli\\bin\\sentinel.js",
     "J:\\Projects\\Sentinel\\cli\\lib\\test.js"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.6.12",
+  "version": "1.6.14",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/sentinel/__init__.py

@@ -1 +1 @@
-__version__ = "1.6.12"
+__version__ = "1.6.14"

package/python/sentinel/config_loader.py

@@ -85,6 +85,7 @@ class SentinelConfig:
     auto_commit: bool = False        # project-level default: push directly to main (no PR); repos can override
     auto_release: bool = False       # project-level default: trigger CI/CD pipeline after push; repos can override
     auto_raise_issues: bool = False  # if True, auto-fix detected log errors without waiting for human to raise an issue
+    bot_watcher_noise_pattern: str = ""  # regex; matching bot-alert text is dropped before queueing as an issue
 
 
 @dataclass
@@ -284,6 +285,7 @@ class ConfigLoader:
             c.auto_release = d["AUTO_RELEASE"].lower() == "true"
         if "AUTO_RAISE_ISSUES" in d:
             c.auto_raise_issues = d["AUTO_RAISE_ISSUES"].lower() == "true"
+        c.bot_watcher_noise_pattern = d.get("BOT_WATCHER_NOISE_PATTERN", "").strip()
         self.sentinel = c
 
     def _load_log_sources(self):

package/python/sentinel/git_manager.py

@@ -477,7 +477,7 @@ def apply_and_commit(
         logger.error("git pull failed for %s:\n%s", repo.repo_name, r.stderr)
         return "failed", ""
 
-    r = _git(["apply", "--check", "--recount", "--ignore-whitespace", str(patch_path)], cwd=local_path, env=env)
+    r = _git(["apply", "--check", "--recount", "--ignore-whitespace", "-C1", str(patch_path)], cwd=local_path, env=env)
     if r.returncode != 0:
         try:
             original = patch_path.read_text(encoding="utf-8", errors="replace")
@@ -487,12 +487,12 @@ def apply_and_commit(
             repaired = None
         if repaired and repaired != original:
             patch_path.write_text(repaired, encoding="utf-8")
-            r = _git(["apply", "--check", "--recount", "--ignore-whitespace", str(patch_path)], cwd=local_path, env=env)
+            r = _git(["apply", "--check", "--recount", "--ignore-whitespace", "-C1", str(patch_path)], cwd=local_path, env=env)
         if r.returncode != 0:
             logger.error("Patch dry-run failed for %s:\n%s", event.fingerprint, r.stderr)
             return "failed", ""
 
-    r = _git(["apply", "--recount", "--ignore-whitespace", str(patch_path)], cwd=local_path, env=env)
+    r = _git(["apply", "--recount", "--ignore-whitespace", "-C1", str(patch_path)], cwd=local_path, env=env)
     if r.returncode != 0:
         logger.error("git apply failed for %s:\n%s", event.fingerprint, r.stderr)
         return "failed", ""
@@ -601,7 +601,7 @@ def apply_and_commit_multi(
             dry_run_failures.append(f"{name}: git pull failed: {r.stderr.strip()[:200]}")
             continue
         # Dry-run
-        r = _git(["apply", "--check", "--recount", "--ignore-whitespace", str(sub_path)],
+        r = _git(["apply", "--check", "--recount", "--ignore-whitespace", "-C1", str(sub_path)],
                  cwd=repo.local_path, env=env)
         if r.returncode != 0:
             # Try repairing the patch by splicing in any intermediate file lines
@@ -616,7 +616,7 @@ def apply_and_commit_multi(
             if repaired and repaired != original:
                 sub_path.write_text(repaired, encoding="utf-8")
                 r = _git(
-                    ["apply", "--check", "--recount", "--ignore-whitespace", str(sub_path)],
+                    ["apply", "--check", "--recount", "--ignore-whitespace", "-C1", str(sub_path)],
                     cwd=repo.local_path, env=env,
                 )
                 if r.returncode == 0:
@@ -653,7 +653,7 @@ def apply_and_commit_multi(
             "reason": "", "sub_patch_path": sub_path,
         }
 
-        r = _git(["apply", "--recount", "--ignore-whitespace", str(sub_path)],
+        r = _git(["apply", "--recount", "--ignore-whitespace", "-C1", str(sub_path)],
                  cwd=repo.local_path, env=env)
         if r.returncode != 0:
             entry["reason"] = f"apply failed: {r.stderr.strip()[:200]}"

package/python/sentinel/main.py

@@ -563,7 +563,11 @@ async def _handle_issue(event: IssueEvent, cfg_loader: ConfigLoader, store: Stat
         return
 
     if store.fix_attempted_recently(event.fingerprint, hours=24):
-        logger.debug("Issue already processed recently: %s", event.source)
+        logger.info(
+            "Issue %s skipped — fingerprint %s attempted in last 24h "
+            "(use Boss `retry_issue` to clear the prior row and re-attempt)",
+            event.source, event.fingerprint,
+        )
         mark_done(event.issue_file)
         return
 

package/python/sentinel/sentinel_boss.py

@@ -2632,6 +2632,27 @@ async def _run_tool(name: str, inputs: dict, cfg_loader, store, slack_client=Non
             except Exception as _e:
                 logger.debug("retry_issue: state_store guard failed (non-fatal): %s", _e)
 
+            # Clear the 24h dedupe so _handle_issue actually re-runs the fix.
+            # fix_attempted_recently() ignores status='skipped', so flipping any
+            # recent 'failed' row for this fingerprint is enough.
+            try:
+                with store._conn() as _c:
+                    _n = _c.execute(
+                        "UPDATE fixes SET status='skipped' "
+                        "WHERE fingerprint=? AND status='failed' "
+                        "AND timestamp >= datetime('now', '-24 hours')",
+                        (_fp,),
+                    ).rowcount
+                    _c.commit()
+                if _n:
+                    logger.info(
+                        "Boss retry_issue: cleared %d prior failed row(s) for fingerprint %s "
+                        "so the retry won't be deduped",
+                        _n, _fp,
+                    )
+            except Exception as _e:
+                logger.debug("retry_issue: clearing prior failed rows failed (non-fatal): %s", _e)
+
         # Re-submit as a fresh issue file
         issues_dir = project_dir / "issues"
         issues_dir.mkdir(exist_ok=True)

package/python/sentinel/slack_bot.py

@@ -55,6 +55,30 @@ class _Session:
 _sessions: dict[str, _Session] = {}
 _sessions_lock = asyncio.Lock()
 
+# Cached compiled regex for bot-watcher noise filter — recompiled when the
+# config value changes (so SIGHUP reload picks up edits without a restart).
+_noise_filter_cache: tuple[str, "object | None"] = ("", None)
+
+
+def _get_noise_filter(pattern: str):
+    """Return a compiled re.Pattern for the noise filter, or None if disabled/invalid."""
+    global _noise_filter_cache
+    cached_pattern, cached_re = _noise_filter_cache
+    if pattern == cached_pattern:
+        return cached_re
+    if not pattern:
+        _noise_filter_cache = ("", None)
+        return None
+    import re as _re
+    try:
+        compiled = _re.compile(pattern, _re.IGNORECASE)
+    except _re.error as e:
+        logger.warning("BOT_WATCHER_NOISE_PATTERN is not a valid regex (%s) — filter disabled", e)
+        _noise_filter_cache = (pattern, None)
+        return None
+    _noise_filter_cache = (pattern, compiled)
+    return compiled
+
 
 async def _get_or_create_session(user_id: str, user_name: str, channel: str) -> _Session:
     async with _sessions_lock:
@@ -272,6 +296,23 @@ async def _handle_bot_message(event: dict, client, cfg_loader, store) -> None:
     if not text:
         return
 
+    # Drop operational-noise alerts (e.g. wrong-PIN attempts, single transient
+    # SMS failures) before they enter the issues queue. Configurable via
+    # BOT_WATCHER_NOISE_PATTERN in sentinel.properties (regex, alternatives
+    # joined with `|`). Empty = disabled.
+    noise_re = _get_noise_filter(getattr(cfg_loader.sentinel, "bot_watcher_noise_pattern", ""))
+    if noise_re is not None and noise_re.search(text):
+        logger.info(
+            "Bot watcher: dropping noise-pattern match from %s (preview: %r)",
+            bot_id, text[:120].replace("\n", " "),
+        )
+        if ts:
+            try:
+                await client.reactions_add(channel=channel, timestamp=ts, name="mute")
+            except Exception:
+                pass  # reactions:write scope may not be granted — non-fatal
+        return
+
     # Find the project this bot is registered to
     # Match on either the B-prefixed bot_id or the U-prefixed user ID
     _user_id = event.get("user", "")

package/python/tests/test_bot_noise_filter.py

@@ -0,0 +1,51 @@
+"""Tests for the bot-watcher noise-pattern filter (slack_bot._get_noise_filter)."""
+
+from sentinel import slack_bot
+
+
+def _reset_cache():
+    slack_bot._noise_filter_cache = ("", None)
+
+
+def test_empty_pattern_disables_filter():
+    _reset_cache()
+    assert slack_bot._get_noise_filter("") is None
+
+
+def test_invalid_regex_disables_filter(caplog):
+    _reset_cache()
+    import logging
+    with caplog.at_level(logging.WARNING):
+        assert slack_bot._get_noise_filter("(unbalanced") is None
+    assert any("not a valid regex" in r.message for r in caplog.records)
+
+
+def test_pattern_compiles_and_caches():
+    _reset_cache()
+    p1 = slack_bot._get_noise_filter("Illegal pin logon|SMS delivery FAILED")
+    assert p1 is not None
+    p2 = slack_bot._get_noise_filter("Illegal pin logon|SMS delivery FAILED")
+    assert p1 is p2  # cache hit returns the same compiled object
+
+
+def test_pattern_change_recompiles():
+    _reset_cache()
+    p1 = slack_bot._get_noise_filter("foo")
+    p2 = slack_bot._get_noise_filter("bar")
+    assert p1 is not p2
+
+
+def test_match_is_case_insensitive():
+    _reset_cache()
+    pat = slack_bot._get_noise_filter("Illegal pin logon")
+    assert pat.search("ILLEGAL PIN LOGON ATTEMPTED")
+    assert pat.search("user typed wrong PIN — Illegal Pin Logon attempted")
+    assert not pat.search("normal startup message")
+
+
+def test_alternatives_match_either():
+    _reset_cache()
+    pat = slack_bot._get_noise_filter("Illegal pin logon|1 SMS delivery FAILED")
+    assert pat.search("Illegal pin logon attempted.")
+    assert pat.search(":no_entry: 1 SMS delivery FAILED in the last 5 minutes")
+    assert not pat.search("MsGraphMailSender threw exception")

package/python/tests/test_config_loader.py

@@ -74,6 +74,21 @@ def test_sentinel_config(config_dir):
     assert cfg.github_token == "ghp_test"
 
 
+def test_bot_watcher_noise_pattern_default_empty(config_dir):
+    cfg = ConfigLoader(str(config_dir)).sentinel
+    assert cfg.bot_watcher_noise_pattern == ""
+
+
+def test_bot_watcher_noise_pattern_loaded(tmp_path):
+    (tmp_path / "log-configs").mkdir()
+    (tmp_path / "repo-configs").mkdir()
+    (tmp_path / "sentinel.properties").write_text(
+        "BOT_WATCHER_NOISE_PATTERN=Illegal pin logon|1 SMS delivery FAILED\n"
+    )
+    cfg = ConfigLoader(str(tmp_path)).sentinel
+    assert cfg.bot_watcher_noise_pattern == "Illegal pin logon|1 SMS delivery FAILED"
+
+
 def test_log_sources(config_dir):
     loader = ConfigLoader(str(config_dir))
     assert "elprint-salescore" in loader.log_sources