@misterhuydo/sentinel 1.6.7 → 1.6.9

package/.cairn/.hint-lock

@@ -1 +1 @@
-2026-04-24T13:18:30.501Z
+2026-04-24T14:02:31.712Z

package/.cairn/minify-map.json

@@ -10,11 +10,5 @@
     "state": "edit-ready",
     "minifiedAt": 1774252437350.0059,
     "readCount": 1
-  },
-  "J:\\Projects\\Sentinel\\cli\\python\\sentinel\\cicd_trigger.py": {
-    "tempPath": "J:\\Projects\\Sentinel\\cli\\.cairn\\views\\7802b9_cicd_trigger.py",
-    "state": "compressed",
-    "minifiedAt": 1774523631399.9514,
-    "readCount": 1
   }
 }

package/.cairn/session.json

@@ -1,6 +1,6 @@
 {
-  "message": "Auto-checkpoint at 2026-04-24T13:27:50.750Z",
-  "checkpoint_at": "2026-04-24T13:27:50.751Z",
+  "message": "Auto-checkpoint at 2026-04-24T14:25:27.008Z",
+  "checkpoint_at": "2026-04-24T14:25:27.009Z",
   "active_files": [
     "J:\\Projects\\Sentinel\\cli\\bin\\sentinel.js",
     "J:\\Projects\\Sentinel\\cli\\lib\\test.js",
@@ -187,6 +187,6 @@
   "mtime_snapshot": {
     "J:\\Projects\\Sentinel\\cli\\bin\\sentinel.js": 1774252515044.4768,
     "J:\\Projects\\Sentinel\\cli\\lib\\test.js": 1774252437350.0059,
-    "J:\\Projects\\Sentinel\\cli\\python\\sentinel\\cicd_trigger.py": 1774523631399.9514
+    "J:\\Projects\\Sentinel\\cli\\python\\sentinel\\cicd_trigger.py": 1777039448643.5408
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.6.7",
+  "version": "1.6.9",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/sentinel/__init__.py

@@ -1 +1 @@
-__version__ = "1.6.7"
+__version__ = "1.6.9"

package/python/sentinel/cicd_trigger.py

@@ -40,7 +40,12 @@ def trigger(repo: RepoConfig, store: StateStore, fingerprint: str, wait: bool =
 
 def _trigger_jenkins(repo: RepoConfig) -> bool:
     url = f"{repo.cicd_job_url.rstrip('/')}/build"
-    resp = requests.post(url, auth=("sentinel", repo.cicd_token), timeout=15)
+    # Use repo's CICD_USER if set; fall back to literal "sentinel". Hardcoding
+    # the user (as this previously did) caused 401s for every repo whose Jenkins
+    # API token was issued under a non-"sentinel" username.
+    resp = requests.post(
+        url, auth=(repo.cicd_user or "sentinel", repo.cicd_token), timeout=15,
+    )
     success = resp.status_code in (200, 201, 204)
     if success:
         logger.info("Jenkins build triggered: %s", repo.cicd_job_url)

package/python/sentinel/fix_engine.py

@@ -605,15 +605,18 @@ def generate_fix(
         slack_alert(cfg.slack_bot_token, cfg.slack_channel, msg)
         return "error", None, ""
 
+    # Parse the JSON envelope: get session_id, cost, and the actual result text.
+    parsed = _parse_claude_json(raw_output)
+
+    # Pass empty when not is_error — the auth-signal regex would otherwise
+    # match trigger words ("authentication", "login", "billing", ...) inside
+    # successful diff content.
     alert_if_rate_limited(
         cfg.slack_bot_token,
         cfg.slack_channel,
         source=f"fix_engine/{event.fingerprint}",
-        output=raw_output,
+        output=raw_output if parsed["is_error"] else "",
     )
-
-    # Parse the JSON envelope: get session_id, cost, and the actual result text.
-    parsed = _parse_claude_json(raw_output)
     if parsed["is_error"] and not parsed["result"]:
         # Fall back to legacy text parsing if JSON decode failed completely.
         # (Older Claude CLI versions may not emit JSON; --output-format flag is ignored.)

package/python/sentinel/git_manager.py

@@ -479,7 +479,7 @@ def _run_tests(repo: RepoConfig, local_path: str) -> bool:
 
     logger.info("Running tests for %s: %s", repo.repo_name, " ".join(cmd))
     try:
-        r = subprocess.run(cmd, cwd=local_path, capture_output=True, text=True, timeout=300)
+        r = subprocess.run(cmd, cwd=local_path, capture_output=True, text=True, timeout=900)
     except FileNotFoundError:
         raise MissingToolError(cmd[0])
     if r.returncode != 0:

package/python/sentinel/main.py

@@ -606,6 +606,15 @@ async def _handle_issue(event: IssueEvent, cfg_loader: ConfigLoader, store: Stat
             mark_done(event.issue_file)  # archive so it doesn't re-prompt every poll
             return
 
+    # Per-project lock — serialise issue processing within a project so two
+    # concurrent claude sessions never race on the working tree of any repo.
+    async with _project_lock(sentinel.project_name or "_default"):
+        return await _handle_issue_locked(event, repo, cfg_loader, store)
+
+
+async def _handle_issue_locked(event, repo, cfg_loader, store):
+    """Heavy work portion of _handle_issue — serialised per project via _project_lock."""
+    sentinel = cfg_loader.sentinel
     auto_commit  = resolve_auto_commit(repo, sentinel)
     auto_release = resolve_auto_release(repo, sentinel)
 

package/.cairn/views/7802b9_cicd_trigger.py

@@ -1,171 +0,0 @@
-import logging
-import re
-import time
-from pathlib import Path
-import requests
-from .config_loader import RepoConfig
-from .state_store import StateStore
-logger = logging.getLogger(__name__)
-JENKINS_RELEASE_TIMEOUT = 900
-JENKINS_POLL_INTERVAL   = 20
-def trigger(repo: RepoConfig, store: StateStore, fingerprint: str, wait: bool = False) -> bool:
-    if not repo.cicd_type or not repo.cicd_job_url:
-        return True
-    cicd_type = repo.cicd_type.lower()
-    if cicd_type == "jenkins":
-        return _trigger_jenkins(repo)
-    elif cicd_type in ("jenkins_release", "jenkins-release"):
-        return _trigger_jenkins_release(repo, wait=wait)
-    elif cicd_type in ("github_actions", "github-actions"):
-        return _trigger_github_actions(repo, fingerprint)
-    else:
-        logger.warning("Unknown CICD_TYPE '%s' for %s", repo.cicd_type, repo.repo_name)
-        return False
-def _trigger_jenkins(repo: RepoConfig) -> bool:
-    url = f"{repo.cicd_job_url.rstrip('/')}/build"
-    resp = requests.post(url, auth=("sentinel", repo.cicd_token), timeout=15)
-    success = resp.status_code in (200, 201, 204)
-    if success:
-        logger.info("Jenkins build triggered: %s", repo.cicd_job_url)
-    else:
-        logger.error("Jenkins trigger failed (%s): %s", resp.status_code, resp.text[:200])
-    return success
-def _get_last_build_number(session: requests.Session, job_url: str) -> int:
-    try:
-        r = session.get(f"{job_url.rstrip('/')}/api/json", timeout=10)
-        data = r.json()
-        lb = data.get("lastBuild")
-        return lb["number"] if lb else 0
-    except Exception as exc:
-        logger.warning("Could not get last build number for %s: %s", job_url, exc)
-        return 0
-def _wait_for_jenkins_build(
-    session: requests.Session,
-    job_url: str,
-    prev_build_num: int,
-    timeout: int = JENKINS_RELEASE_TIMEOUT,
-) -> bool:
-    deadline = time.time() + timeout
-    build_num = None
-    while time.time() < deadline:
-        current = _get_last_build_number(session, job_url)
-        if current > prev_build_num:
-            build_num = current
-            logger.info("Jenkins build
-            break
-        logger.debug("Waiting for Jenkins build to start (last=%d)...", current)
-        time.sleep(JENKINS_POLL_INTERVAL)
-    else:
-        logger.error("Timed out waiting for Jenkins build to start: %s", job_url)
-        return False
-    build_api = f"{job_url.rstrip('/')}/{build_num}/api/json"
-    while time.time() < deadline:
-        try:
-            r = session.get(build_api, timeout=10)
-            data = r.json()
-            if not data.get("building", True):
-                result = data.get("result", "UNKNOWN")
-                if result == "SUCCESS":
-                    logger.info("Jenkins build
-                    return True
-                else:
-                    logger.error("Jenkins build
-                    return False
-            elapsed = int(time.time() - (deadline - timeout))
-            logger.info("Jenkins build
-        except Exception as exc:
-            logger.warning("Jenkins poll error for %s: %s", build_api, exc)
-        time.sleep(JENKINS_POLL_INTERVAL)
-    logger.error("Timed out waiting for Jenkins build
-    return False
-def _trigger_jenkins_release(repo: RepoConfig, wait: bool = False) -> bool:
-    release_ver, dev_ver = _maven_release_versions(repo.local_path)
-    if not release_ver:
-        logger.error("Jenkins release: could not determine release version from pom.xml")
-        return False
-    url = f"{repo.cicd_job_url.rstrip('/')}/m2release/submit"
-    auth = (repo.cicd_user or "sentinel", repo.cicd_token)
-    session = requests.Session()
-    session.auth = auth
-    from urllib.parse import urlparse
-    parsed = urlparse(repo.cicd_job_url)
-    jenkins_root = f"{parsed.scheme}://{parsed.netloc}"
-    crumb_data = session.get(f"{jenkins_root}/crumbIssuer/api/json", timeout=10).json()
-    crumb_header = {crumb_data["crumbRequestField"]: crumb_data["crumb"]}
-    prev_build_num = _get_last_build_number(session, repo.cicd_job_url) if wait else 0
-    scm_tag = f"{repo.repo_name}-{release_ver}"
-    import json as _json
-    stapler_json = _json.dumps({
-        "releaseVersion":        release_ver,
-        "developmentVersion":    dev_ver,
-        "isDryRun":              False,
-        "specifyScmCredentials": False,
-        "scmUsername":           "",
-        "scmCommentPrefix":      "[maven-release-plugin] ",
-        "appendHudsonUserName":  False,
-        "specifyScmTag":         False,
-        "scmTag":                scm_tag,
-    })
-    resp = session.post(
-        url,
-        headers={
-            **crumb_header,
-            "Referer": f"{repo.cicd_job_url.rstrip('/')}/m2release/",
-        },
-        data={
-            "releaseVersion":     release_ver,
-            "developmentVersion": dev_ver,
-            "scmCommentPrefix":   "[maven-release-plugin] ",
-            "scmTag":             scm_tag,
-            "json":               stapler_json,
-        },
-        timeout=15,
-        allow_redirects=False,
-    )
-    triggered = resp.status_code in (200, 201, 204, 302)
-    if not triggered:
-        logger.error("Jenkins release trigger failed (%s): %s", resp.status_code, resp.text[:200])
-        return False
-    logger.info(
-        "Jenkins Maven Release triggered: %s → %s (next: %s)%s",
-        repo.cicd_job_url, release_ver, dev_ver,
-        " — waiting for completion..." if wait else "",
-    )
-    if wait:
-        return _wait_for_jenkins_build(session, repo.cicd_job_url, prev_build_num)
-    return True
-def _maven_release_versions(local_path: str) -> tuple[str, str]:
-    pom = Path(local_path) / "pom.xml"
-    if not pom.exists():
-        return ("", "")
-    text = pom.read_text(encoding="utf-8", errors="ignore")
-    m = re.search(r"<version>(\d+\.\d+\.\d+)-SNAPSHOT</version>", text)
-    if not m:
-        return ("", "")
-    parts = m.group(1).split(".")
-    release_ver = m.group(1)
-    next_patch = int(parts[2]) + 1
-    dev_ver = f"{parts[0]}.{parts[1]}.{next_patch}-SNAPSHOT"
-    return release_ver, dev_ver
-def _trigger_github_actions(repo: RepoConfig, fingerprint: str) -> bool:
-    owner_repo = _owner_repo(repo.repo_url)
-    url = f"https://api.github.com/repos/{owner_repo}/dispatches"
-    resp = requests.post(
-        url,
-        json={"event_type": "sentinel-deploy", "client_payload": {"fingerprint": fingerprint}},
-        headers={
-            "Authorization": f"Bearer {repo.cicd_token}",
-            "Accept": "application/vnd.github+json",
-        },
-        timeout=15,
-    )
-    success = resp.status_code == 204
-    if success:
-        logger.info("GitHub Actions dispatch sent for %s", owner_repo)
-    else:
-        logger.error("GH Actions dispatch failed (%s): %s", resp.status_code, resp.text[:200])
-    return success
-def _owner_repo(repo_url: str) -> str:
-    if repo_url.startswith("git@"):
-        return repo_url.split(":")[-1].removesuffix(".git")
-    return "/".join(repo_url.rstrip("/").split("/")[-2:]).removesuffix(".git")