name: Claude Task Executor

on:
  repository_dispatch:
    types: [claude-task]

permissions:
  contents: write
  pull-requests: write
  issues: write
  id-token: write # Required for OIDC authentication

jobs:
  execute-claude-task:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Execute Claude Task
        uses: anthropics/claude-code-action@main
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          # Base branch for creating task branches
          base_branch: main
          # Optional: Custom instructions for Claude
          custom_instructions: |
            Follow the CLAUDE.md guidelines strictly.
            Commit changes with descriptive messages.
          # Optional: Tool restrictions
          allowed_tools: |
            file_editor
            bash_command
            github_comment
            mcp__github__create_or_update_file
          # Optional: Anthropic API configuration
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          # Or use AWS Bedrock
          # aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
          # aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          # aws_region: us-east-1
          # Or use Google Vertex AI
          # google_credentials: ${{ secrets.GOOGLE_CREDENTIALS }}
          # vertex_project: my-project
          # vertex_location: us-central1
# Example: Triggering this workflow from another service
#
# curl -X POST \
#   https://api.github.com/repos/owner/repo/dispatches \
#   -H "Authorization: token $GITHUB_TOKEN" \
#   -H "Accept: application/vnd.github.v3+json" \
#   -d '{
#     "event_type": "claude-task",
#     "client_payload": {
#       "description": "Analyze the codebase and create a comprehensive test suite for the authentication module",
#       "progress_endpoint": "https://api.example.com/claude/progress",
#       "correlation_id": "task-auth-tests-2024-01-17"
#     }
#   }'
#
# The progress_endpoint will receive POST requests with:
# {
#   "repository": "owner/repo",
#   "run_id": "123456789",
#   "correlation_id": "task-auth-tests-2024-01-17",
#   "status": "in_progress" | "completed" | "failed",
#   "message": "Current progress description",
#   "completed_tasks": ["task1", "task2"],
#   "current_task": "Working on task3",
#   "timestamp": "2024-01-17T12:00:00Z"
# }
#
# Authentication: Progress updates include a GitHub OIDC token in the Authorization header