Merge pull request #453 from jmbish04/claude/sentinel-engine

Author: jmbish04

package.json

@@ -51,7 +51,8 @@
     "db:reset": "python3 scripts/db/reset_d1.py && pnpm run db:generate:all && pnpm run migrate:remote:all && pnpm run deploy",
     "db:seed:prep": "python3 scripts/db/seed_prep.py",
     "db:seed:run": "python3 scripts/db/seed_run.py",
-    "secrets:audit": "node scripts/secrets/audit-secrets.mjs"
+    "secrets:audit": "node scripts/secrets/audit-secrets.mjs",
+    "db:auto": "pnpm run db:generate:all && pnpm run migrate:remote:all && pnpm dlx wrangler@latest types"
   },
   "dependencies": {
     "@ai-sdk/anthropic": "^3.0.58",

src/backend/src/ai/agents/LearningAgent.ts

@@ -33,3 +33,4 @@ export { StandardizationAgent } from './StandardizationAgent';
 export { JulesPrReviewer } from './pr-reviewer/JulesPrReviewer';
 export { UxResearcher } from './workshop/UxResearcher';
 export { SandboxAgent } from './SandboxAgent';
+export { LearningAgent } from './LearningAgent';

src/backend/src/ai/agents/exports.ts

@@ -22,6 +22,8 @@ import { RepoStandardization } from '@/automations/repository/standardization';
 import { RepoSync } from '@/automations/repository/sync';
 import { StatsUpdate } from '@/automations/repository/stats-update';
 import { LeakPlumber } from '@/automations/security/leak-plumber';
+import { SentinelInterceptor } from '@/automations/pr/SentinelInterceptor';
+import { SentinelPostMerge } from '@/automations/pr/SentinelPostMerge';
 import { SlashCommand } from '@/automations/shared/colby';
 import { TelemetryIngestion } from '@/automations/telemetry/ingest';
 
@@ -51,6 +53,8 @@ export const REGISTERED_AUTOMATIONS: RegisteredAutomation[] = [
   StandardsCheckPush,
   RepoStandardization,
   LeakPlumber,
+  SentinelInterceptor,
+  SentinelPostMerge,
 ];
 
 const AUTOMATIONS_BY_CLASS = new Map<string, RegisteredAutomation>(

src/backend/src/automations/core/AutomationRegistry.ts

@@ -0,0 +1,208 @@
+/**
+ * @file backend/src/automations/pr/SentinelInterceptor.ts
+ * @description Active PR Interceptor — analyzes PRs against architectural memory
+ * and posts findings as comments using the human persona token.
+ *
+ * Triggers on pull_request opened/synchronize events.
+ * Uses GITHUB_PERSONAL_ACCESS_TOKEN so comments appear from a human account
+ * and aren't ignored by bot filters.
+ *
+ * @module Automations/PR/SentinelInterceptor
+ */
+
+import { z } from "zod";
+import {
+  BaseAutomation,
+  type AutomationMetadata,
+} from "@/core/BaseAutomation";
+import { getDb } from "@db";
+import { learningAiInsights } from "@db/schemas/github/learning";
+import { eq, and } from "drizzle-orm";
+
+const PullRequestPayloadSchema = z.object({
+  action: z.enum(["opened", "synchronize"]),
+  repository: z.object({
+    name: z.string(),
+    full_name: z.string(),
+    owner: z.object({ login: z.string() }),
+  }),
+  pull_request: z.object({
+    number: z.number(),
+    title: z.string(),
+    body: z.string().nullable(),
+    html_url: z.string(),
+    diff_url: z.string(),
+    user: z.object({ login: z.string(), type: z.string().optional() }),
+    head: z.object({ ref: z.string() }),
+    base: z.object({ ref: z.string() }),
+  }),
+});
+
+type SentinelPayload = z.infer<typeof PullRequestPayloadSchema>;
+
+export class SentinelInterceptor extends BaseAutomation<SentinelPayload> {
+  static readonly metadata: AutomationMetadata = {
+    key: "sentinel-interceptor",
+    domain: "pr",
+    description:
+      "Analyzes PRs against architectural memory and posts AI-driven findings.",
+    events: ["pull_request"],
+    alwaysOn: true,
+    authPolicy: "pat",
+  };
+
+  async shouldRun(): Promise<boolean> {
+    const parsed = PullRequestPayloadSchema.safeParse(this.payload);
+    if (!parsed.success) return false;
+    return (
+      this.action === "opened" || this.action === "synchronize"
+    );
+  }
+
+  async run(): Promise<void> {
+    const payload = PullRequestPayloadSchema.parse(this.payload);
+    const { repository, pull_request: pr } = payload;
+    const repoFullName = repository.full_name;
+    const owner = repository.owner.login;
+    const repo = repository.name;
+
+    try {
+      const octokit = await this.getGitHubClient();
+
+      // Step 1: Post initial analysis comment
+      await octokit.rest.issues.createComment({
+        owner,
+        repo,
+        issue_number: pr.number,
+        body: `🔍 **Sentinel** is crunching architectural history to optimize this PR...`,
+      });
+
+      // Step 2: Fetch the PR diff for analysis
+      const { data: diffData } = await octokit.rest.pulls.get({
+        owner,
+        repo,
+        pull_number: pr.number,
+        mediaType: { format: "diff" },
+      });
+      const diff = typeof diffData === "string" ? diffData : JSON.stringify(diffData);
+
+      // Step 3: Query architectural memory
+      const db = getDb(this.env.DB);
+      const repoInsights = await db
+        .select()
+        .from(learningAiInsights)
+        .where(
+          and(
+            eq(learningAiInsights.repo, repoFullName),
+            eq(learningAiInsights.status, "proposed")
+          )
+        )
+        .limit(10);
+
+      // Step 4: Check Vectorize for similar patterns
+      let vectorMatches: string[] = [];
+      try {
+        const embedding = await this.env.AI.run(
+          "@cf/baai/bge-large-en-v1.5" as any,
+          { text: [pr.title + "\n" + (pr.body || "")] }
+        );
+        const vectors = (embedding as any).data?.[0];
+        if (vectors) {
+          const matches = await this.env.VECTORIZE.query(vectors, {
+            topK: 5,
+            namespace: "learning",
+          });
+          vectorMatches = (matches.matches || [])
+            .filter((m: any) => m.score > 0.75)
+            .map(
+              (m: any) =>
+                `- ${m.metadata?.text?.substring(0, 200) || "Similar pattern detected"} (score: ${m.score.toFixed(2)})`
+            );
+        }
+      } catch (err) {
+        console.warn("[SentinelInterceptor] Vectorize query failed:", err);
+      }
+
+      // Step 5: Run AI analysis
+      const analysisPrompt = `Analyze this PR diff for architectural anti-patterns, style drift, or improvements based on these known patterns:
+
+**Known Immunized Insights for ${repoFullName}:**
+${repoInsights.map((i) => `- [${i.patternType}/${i.severity}] ${i.description?.substring(0, 200)}`).join("\n") || "None yet."}
+
+**Vector Similarity Matches:**
+${vectorMatches.join("\n") || "No similar prior patterns found."}
+
+**PR Title:** ${pr.title}
+**PR Description:** ${pr.body || "No description provided."}
+
+**Diff (truncated to 50000 chars):**
+\`\`\`
+${diff.substring(0, 50000)}
+\`\`\`
+
+Respond with a concise analysis. If you detect anti-patterns or potential issues, list them as bullet points. If the PR looks clean, say so briefly. Include severity (low/medium/high) for each finding.`;
+
+      const aiResponse = await this.env.AI.run(
+        "@cf/meta/llama-3.3-70b-instruct-fp8-fast" as any,
+        {
+          messages: [
+            {
+              role: "system",
+              content:
+                "You are Sentinel, an architectural analysis bot. Be concise, actionable, and constructive. Format findings as GitHub-flavored markdown.",
+            },
+            { role: "user", content: analysisPrompt },
+          ],
+          max_tokens: 1000,
+        }
+      );
+
+      const analysis = (aiResponse as any).response || "Analysis unavailable.";
+
+      // Step 6: Post summary comment
+      const baseUrl = (this.env as any).BASE_URL || "https://core-github-api.hacolby.workers.dev";
+      const summaryBody = `## 🛡️ Sentinel Analysis
+
+${analysis}
+
+---
+
+<details>
+<summary>📊 Context</summary>
+
+- **Immunized patterns for this repo:** ${repoInsights.length}
+- **Similar prior patterns:** ${vectorMatches.length}
+- **PR Author:** ${pr.user.login} ${pr.user.type === "Bot" ? "(Bot)" : ""}
+
+[View full insights →](${baseUrl}/sentinel)
+
+</details>
+
+*Powered by Sentinel Learning Engine*`;
+
+      // Update the initial comment (or post new one)
+      await octokit.rest.issues.createComment({
+        owner,
+        repo,
+        issue_number: pr.number,
+        body: summaryBody,
+      });
+
+      await this.logExecution(
+        "success",
+        `Sentinel analysis posted for PR #${pr.number}`,
+        pr.number
+      );
+    } catch (err: any) {
+      console.error(
+        `[SentinelInterceptor] Failed to analyze PR #${pr.number}:`,
+        err
+      );
+      await this.logExecution(
+        "failure",
+        `Failed: ${err.message}`,
+        pr.number
+      );
+    }
+  }
+}

src/backend/src/automations/pr/SentinelInterceptor.ts

@@ -0,0 +1,111 @@
+/**
+ * @file backend/src/automations/pr/SentinelPostMerge.ts
+ * @description Post-merge learning automation — when a PR is merged, creates
+ * a reflection record and signals the LearningAgent to ingest it.
+ *
+ * Triggers on pull_request closed events where merged=true.
+ *
+ * @module Automations/PR/SentinelPostMerge
+ */
+
+import { z } from "zod";
+import {
+  BaseAutomation,
+  type AutomationMetadata,
+} from "@/core/BaseAutomation";
+import { getDb } from "@db";
+import { learningAiInsightPrs } from "@db/schemas/github/learning";
+
+const PullRequestClosedPayloadSchema = z.object({
+  action: z.literal("closed"),
+  repository: z.object({
+    name: z.string(),
+    full_name: z.string(),
+    owner: z.object({ login: z.string() }),
+  }),
+  pull_request: z.object({
+    number: z.number(),
+    title: z.string(),
+    body: z.string().nullable(),
+    html_url: z.string(),
+    merged: z.boolean(),
+    user: z.object({ login: z.string() }),
+  }),
+});
+
+type PostMergePayload = z.infer<typeof PullRequestClosedPayloadSchema>;
+
+export class SentinelPostMerge extends BaseAutomation<PostMergePayload> {
+  static readonly metadata: AutomationMetadata = {
+    key: "sentinel-post-merge",
+    domain: "pr",
+    description:
+      "Creates learning reflection records when PRs are merged for the Contemplation Gate.",
+    events: ["pull_request"],
+    alwaysOn: true,
+    authPolicy: "app",
+  };
+
+  async shouldRun(): Promise<boolean> {
+    if (this.action !== "closed") return false;
+    const parsed = PullRequestClosedPayloadSchema.safeParse(this.payload);
+    return parsed.success && parsed.data.pull_request.merged === true;
+  }
+
+  async run(): Promise<void> {
+    const payload = PullRequestClosedPayloadSchema.parse(this.payload);
+    const { repository, pull_request: pr } = payload;
+
+    try {
+      const db = getDb(this.env.DB);
+
+      // Record the merged PR in the learning database
+      await db.insert(learningAiInsightPrs).values({
+        id: crypto.randomUUID(),
+        insightId: "", // Linked during analysis
+        prNumber: pr.number,
+        repo: `${repository.owner.login}/${repository.name}`,
+        status: "merged",
+        outcome: "merged",
+        createdAt: new Date(),
+      });
+
+      // Signal the LearningAgent to ingest this PR
+      try {
+        const agentId = this.env.LEARNING_AGENT.idFromName("default");
+        const agentStub = this.env.LEARNING_AGENT.get(agentId);
+        await agentStub.fetch(
+          new Request("http://internal/ingest-pr", {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({
+              prNumber: pr.number,
+              repoOwner: repository.owner.login,
+              repoName: repository.name,
+              prUrl: pr.html_url,
+              prDescription: pr.body?.substring(0, 2000),
+              merged: true,
+            }),
+          })
+        );
+      } catch (err) {
+        console.error(
+          "[SentinelPostMerge] Failed to signal LearningAgent:",
+          err
+        );
+      }
+
+      await this.logExecution(
+        "success",
+        `Recorded merged PR #${pr.number} for learning`,
+        pr.number
+      );
+    } catch (err: any) {
+      console.error(
+        `[SentinelPostMerge] Failed for PR #${pr.number}:`,
+        err
+      );
+      await this.logExecution("failure", `Failed: ${err.message}`, pr.number);
+    }
+  }
+}

src/backend/src/automations/pr/SentinelPostMerge.ts

@@ -37,3 +37,4 @@ export { default as cloudflareServicesApi } from './services/cloudflare';
 export { default as sandboxApi } from './sandbox';
 export { default as researchProjectsApi } from './frontend/research/one-time';
 export { default as sentinelApi } from './projects/sentinel/index';
+export { default as sentinelInsightsApi } from './sentinel/index';