@misterhuydo/sentinel 1.6.9 → 1.6.10

package/.cairn/.hint-lock

@@ -1 +1 @@
-2026-04-24T14:02:31.712Z
+2026-04-25T09:41:31.525Z

package/.cairn/session.json

@@ -1,10 +1,9 @@
 {
-  "message": "Auto-checkpoint at 2026-04-24T14:25:27.008Z",
-  "checkpoint_at": "2026-04-24T14:25:27.009Z",
+  "message": "Auto-checkpoint at 2026-04-25T09:42:20.720Z",
+  "checkpoint_at": "2026-04-25T09:42:20.724Z",
   "active_files": [
     "J:\\Projects\\Sentinel\\cli\\bin\\sentinel.js",
-    "J:\\Projects\\Sentinel\\cli\\lib\\test.js",
-    "J:\\Projects\\Sentinel\\cli\\python\\sentinel\\cicd_trigger.py"
+    "J:\\Projects\\Sentinel\\cli\\lib\\test.js"
   ],
   "notes": [
     {
@@ -186,7 +185,6 @@
   ],
   "mtime_snapshot": {
     "J:\\Projects\\Sentinel\\cli\\bin\\sentinel.js": 1774252515044.4768,
-    "J:\\Projects\\Sentinel\\cli\\lib\\test.js": 1774252437350.0059,
-    "J:\\Projects\\Sentinel\\cli\\python\\sentinel\\cicd_trigger.py": 1777039448643.5408
+    "J:\\Projects\\Sentinel\\cli\\lib\\test.js": 1774252437350.0059
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@misterhuydo/sentinel",
-  "version": "1.6.9",
+  "version": "1.6.10",
   "description": "Sentinel — Autonomous DevOps Agent installer and manager",
   "bin": {
     "sentinel": "./bin/sentinel.js"

package/python/sentinel/__init__.py

@@ -1 +1 @@
-__version__ = "1.6.9"
+__version__ = "1.6.10"

package/python/sentinel/fix_engine.py

@@ -582,6 +582,12 @@ def generate_fix(
             if timed_out:
                 logger.error("Claude Code timed out for %s", event.fingerprint)
                 return "error", None, ""
+            # Envelope check first: a successful JSON result means the attempt
+            # authenticated cleanly, even if the diff body contains substrings
+            # like "HttpStatus.UNAUTHORIZED" that would fool the substring scan.
+            parsed_attempt = _parse_claude_json(raw_output)
+            if not parsed_attempt["is_error"] and parsed_attempt["result"]:
+                break
             if not _is_auth_error(raw_output):
                 break
             logger.warning("fix_engine: %s auth error for %s — trying next method", label, event.fingerprint)

package/python/tests/test_fix_engine_json.py

@@ -1,95 +1,126 @@
-"""
-test_fix_engine_json.py — Unit tests for _parse_claude_json().
-
-Parses the single-object JSON emitted by `claude --print --output-format json`.
-Critical: must extract session_id (for resume), cost (for budget tracking),
-and the result text (which contains the patch).
-"""
-import json
-import pytest
-
-from sentinel.fix_engine import _parse_claude_json
-
-
-def _wrap(result_text: str, session_id: str = "abc-123",
-          cost: float = 0.05, is_error: bool = False) -> str:
-    return json.dumps({
-        "type": "result",
-        "subtype": "success" if not is_error else "error",
-        "is_error": is_error,
-        "result": result_text,
-        "session_id": session_id,
-        "total_cost_usd": cost,
-        "duration_ms": 1234,
-        "stop_reason": "end_turn",
-    })
-
-
-# ── happy path ────────────────────────────────────────────────────────────────
-
-def test_extracts_result_session_cost():
-    raw = _wrap("Here is the patch:\n```diff\n...```", "sess-1", 0.07)
-    parsed = _parse_claude_json(raw)
-    assert parsed["session_id"] == "sess-1"
-    assert parsed["total_cost_usd"] == pytest.approx(0.07)
-    assert "patch" in parsed["result"]
-    assert parsed["is_error"] is False
-
-
-def test_handles_zero_cost():
-    raw = _wrap("ok", "sess", 0.0)
-    parsed = _parse_claude_json(raw)
-    assert parsed["total_cost_usd"] == 0.0
-
-
-def test_carries_is_error_flag():
-    raw = _wrap("err msg", "sess", 0.01, is_error=True)
-    parsed = _parse_claude_json(raw)
-    assert parsed["is_error"] is True
-
-
-# ── tolerant inputs ───────────────────────────────────────────────────────────
-
-def test_strips_leading_trailing_whitespace():
-    raw = "   \n" + _wrap("ok", "s", 0.0) + "\n  "
-    parsed = _parse_claude_json(raw)
-    assert parsed["session_id"] == "s"
-    assert parsed["result"] == "ok"
-
-
-def test_finds_json_after_stderr_garbage():
-    """Claude sometimes prints debug lines before the JSON object."""
-    raw = (
-        "Some stderr line\n"
-        "Another warning\n"
-        + _wrap("payload", "s", 0.0)
-    )
-    parsed = _parse_claude_json(raw)
-    assert parsed["session_id"] == "s"
-    assert parsed["result"] == "payload"
-
-
-def test_returns_empty_on_unparseable():
-    parsed = _parse_claude_json("not json at all")
-    assert parsed["session_id"] == ""
-    assert parsed["result"] == ""
-    assert parsed["total_cost_usd"] == 0.0
-    # When unparseable, surface as an error so caller doesn't silently swallow it
-    assert parsed["is_error"] is True
-
-
-def test_returns_empty_on_empty_string():
-    parsed = _parse_claude_json("")
-    assert parsed["session_id"] == ""
-    assert parsed["result"] == ""
-    assert parsed["is_error"] is True
-
-
-def test_handles_missing_fields_gracefully():
-    """If claude omits some fields, extract what's there and default the rest."""
-    raw = json.dumps({"type": "result", "result": "x", "session_id": "s"})
-    parsed = _parse_claude_json(raw)
-    assert parsed["session_id"] == "s"
-    assert parsed["result"] == "x"
-    assert parsed["total_cost_usd"] == 0.0
-    assert parsed["is_error"] is False
+"""
+test_fix_engine_json.py — Unit tests for _parse_claude_json().
+
+Parses the single-object JSON emitted by `claude --print --output-format json`.
+Critical: must extract session_id (for resume), cost (for budget tracking),
+and the result text (which contains the patch).
+"""
+import json
+import pytest
+
+from sentinel.fix_engine import _parse_claude_json, _is_auth_error
+
+
+def _wrap(result_text: str, session_id: str = "abc-123",
+          cost: float = 0.05, is_error: bool = False) -> str:
+    return json.dumps({
+        "type": "result",
+        "subtype": "success" if not is_error else "error",
+        "is_error": is_error,
+        "result": result_text,
+        "session_id": session_id,
+        "total_cost_usd": cost,
+        "duration_ms": 1234,
+        "stop_reason": "end_turn",
+    })
+
+
+# ── happy path ────────────────────────────────────────────────────────────────
+
+def test_extracts_result_session_cost():
+    raw = _wrap("Here is the patch:\n```diff\n...```", "sess-1", 0.07)
+    parsed = _parse_claude_json(raw)
+    assert parsed["session_id"] == "sess-1"
+    assert parsed["total_cost_usd"] == pytest.approx(0.07)
+    assert "patch" in parsed["result"]
+    assert parsed["is_error"] is False
+
+
+def test_handles_zero_cost():
+    raw = _wrap("ok", "sess", 0.0)
+    parsed = _parse_claude_json(raw)
+    assert parsed["total_cost_usd"] == 0.0
+
+
+def test_carries_is_error_flag():
+    raw = _wrap("err msg", "sess", 0.01, is_error=True)
+    parsed = _parse_claude_json(raw)
+    assert parsed["is_error"] is True
+
+
+# ── tolerant inputs ───────────────────────────────────────────────────────────
+
+def test_strips_leading_trailing_whitespace():
+    raw = "   \n" + _wrap("ok", "s", 0.0) + "\n  "
+    parsed = _parse_claude_json(raw)
+    assert parsed["session_id"] == "s"
+    assert parsed["result"] == "ok"
+
+
+def test_finds_json_after_stderr_garbage():
+    """Claude sometimes prints debug lines before the JSON object."""
+    raw = (
+        "Some stderr line\n"
+        "Another warning\n"
+        + _wrap("payload", "s", 0.0)
+    )
+    parsed = _parse_claude_json(raw)
+    assert parsed["session_id"] == "s"
+    assert parsed["result"] == "payload"
+
+
+def test_returns_empty_on_unparseable():
+    parsed = _parse_claude_json("not json at all")
+    assert parsed["session_id"] == ""
+    assert parsed["result"] == ""
+    assert parsed["total_cost_usd"] == 0.0
+    # When unparseable, surface as an error so caller doesn't silently swallow it
+    assert parsed["is_error"] is True
+
+
+def test_returns_empty_on_empty_string():
+    parsed = _parse_claude_json("")
+    assert parsed["session_id"] == ""
+    assert parsed["result"] == ""
+    assert parsed["is_error"] is True
+
+
+def test_handles_missing_fields_gracefully():
+    """If claude omits some fields, extract what's there and default the rest."""
+    raw = json.dumps({"type": "result", "result": "x", "session_id": "s"})
+    parsed = _parse_claude_json(raw)
+    assert parsed["session_id"] == "s"
+    assert parsed["result"] == "x"
+    assert parsed["total_cost_usd"] == 0.0
+    assert parsed["is_error"] is False
+
+
+def test_successful_envelope_overrides_unauthorized_substring():
+    # Regression: fp 6cb7a875 on 2026-04-27 - Claude generated a valid patch
+    # whose unchanged-context lines contained "HttpStatus.UNAUTHORIZED",
+    # tripping _is_auth_error and triggering a false "Both API key and OAuth
+    # failed" alert. The fix is to consult the JSON envelope first.
+    diff_with_unauthorized = (
+        "diff --git a/Foo.java b/Foo.java\n"
+        "@@ -10,3 +10,3 @@\n"
+        " return new ResponseEntity<>(err, HttpStatus.UNAUTHORIZED);\n"
+    )
+    raw = _wrap(diff_with_unauthorized, is_error=False)
+    assert _is_auth_error(raw) is True  # substring match alone is fooled
+    parsed = _parse_claude_json(raw)
+    assert parsed["is_error"] is False  # envelope is the source of truth
+    assert parsed["result"]
+
+
+@pytest.mark.parametrize("hint", [
+    "Error: Not logged in. Please run claude login.",
+    "API key is not set",
+    "401 Unauthorized",
+    "authentication failed",
+])
+def test_is_auth_error_matches_real_hints(hint):
+    assert _is_auth_error(hint) is True
+
+
+def test_is_auth_error_skips_benign_text():
+    assert _is_auth_error("All good, here is the patch") is False