name: Auto-Approve AI PRs

on:
  pull_request:
    types: [opened, synchronize, labeled]
  status: {}
  check_run:
    types: [completed]

permissions:
  contents: read
  pull-requests: write

jobs:
  auto-approve:
    runs-on: ubuntu-latest
    if: |
      (contains(github.event.pull_request.labels.*.name, 'claude-auto') ||
       contains(github.event.pull_request.labels.*.name, 'atlas-auto') ||
       contains(github.event.pull_request.labels.*.name, 'codex-auto')) &&
      !contains(github.event.pull_request.labels.*.name, 'breaking-change') &&
      !contains(github.event.pull_request.labels.*.name, 'security') &&
      !contains(github.event.pull_request.labels.*.name, 'do-not-merge')

    steps:
      - name: Check PR size
        id: size
        run: |
          ADDITIONS=$(gh pr view ${{ github.event.pull_request.number }} --json additions --jq '.additions')
          DELETIONS=$(gh pr view ${{ github.event.pull_request.number }} --json deletions --jq '.deletions')
          TOTAL=$((ADDITIONS + DELETIONS))

          echo "total_changes=$TOTAL" >> $GITHUB_OUTPUT

          if [ $TOTAL -gt 500 ]; then
            echo "PR too large for auto-approval: $TOTAL lines changed (max 500)"
            gh pr comment ${{ github.event.pull_request.number }} --body "⚠️ **Auto-Approval Skipped**

            This AI-generated PR is too large for automatic approval ($TOTAL lines changed, max 500).

            **Action Required**: Human review needed.
            **Reason**: Large PRs require manual verification."
            exit 1
          fi
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Wait for all checks to pass
        uses: lewagon/wait-on-check-action@v1.3.1
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          running-workflow-name: 'auto-approve'
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          wait-interval: 30
          allowed-conclusions: success

      - name: Approve PR
        uses: hmarr/auto-approve-action@v3
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Add auto-merge label
        run: gh pr edit ${{ github.event.pull_request.number }} --add-label "auto-merge"
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Comment on PR
        run: |
          AI_LABEL=""
          if [[ "${{ contains(github.event.pull_request.labels.*.name, 'claude-auto') }}" == "true" ]]; then
            AI_LABEL="Claude"
          elif [[ "${{ contains(github.event.pull_request.labels.*.name, 'atlas-auto') }}" == "true" ]]; then
            AI_LABEL="Atlas"
          else
            AI_LABEL="Codex"
          fi

          gh pr comment ${{ github.event.pull_request.number }} --body "🤖 **Auto-Approved (AI-Generated)**

          This $AI_LABEL-generated PR has passed all checks and been automatically approved.

          **Tier**: 4 (AI-Generated)
          **Size**: ${{ steps.size.outputs.total_changes }} lines
          **Policy**: AUTO_MERGE_POLICY.md#tier-4-ai-generated
          **Soak Time**: 5 minutes

          Auto-merge will proceed after a 5-minute soak period. This gives humans time to review if needed."
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}