name: Skill Drift Detection

# Runs after every push to main that touches source files.
# Validates every skill can still be cleanly applied, type-checked, and tested.
# If a skill drifts, attempts auto-fix via three-way merge of modify/ files,
# then opens a PR with the result (auto-fixed or with conflict markers).

on:
  push:
    branches: [main]
    paths:
      - 'src/**'
      - 'container/**'
      - 'package.json'
  workflow_dispatch:

permissions:
  contents: write
  pull-requests: write

jobs:
  # ── Step 1: Check all skills against current main ─────────────────────
  validate:
    runs-on: ubuntu-latest
    outputs:
      drifted: ${{ steps.check.outputs.drifted }}
      drifted_skills: ${{ steps.check.outputs.drifted_skills }}
      results: ${{ steps.check.outputs.results }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: npm
      - run: npm ci

      - name: Validate all skills against main
        id: check
        run: npx tsx scripts/validate-all-skills.ts
        continue-on-error: true

  # ── Step 2: Auto-fix and create PR ────────────────────────────────────
  fix-drift:
    needs: validate
    if: needs.validate.outputs.drifted == 'true'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/create-github-app-token@v1
        id: app-token
        with:
          app-id: ${{ secrets.APP_ID }}
          private-key: ${{ secrets.APP_PRIVATE_KEY }}

      - uses: actions/checkout@v4
        with:
          token: ${{ steps.app-token.outputs.token }}
          fetch-depth: 0

      - uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: npm
      - run: npm ci

      - name: Attempt auto-fix via three-way merge
        id: fix
        run: |
          SKILLS=$(echo '${{ needs.validate.outputs.drifted_skills }}' | jq -r '.[]')
          npx tsx scripts/fix-skill-drift.ts $SKILLS

      - name: Create pull request
        uses: peter-evans/create-pull-request@v7
        with:
          token: ${{ steps.app-token.outputs.token }}
          branch: ci/fix-skill-drift
          delete-branch: true
          title: 'fix(skills): auto-update drifted skills'
          body: |
            ## Skill Drift Detected

            A push to `main` (${{ github.sha }}) changed source files that caused
            the following skills to fail validation:

            **Drifted:** ${{ needs.validate.outputs.drifted_skills }}

            ### Auto-fix results

            ${{ steps.fix.outputs.summary }}

            ### What to do

            1. Review the changes to `.claude/skills/*/modify/` files
            2. If there are conflict markers (`<<<<<<<`), resolve them
            3. CI will run typecheck + tests on this PR automatically
            4. Merge when green

            ---
            *Auto-generated by [skill-drift CI](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})*
          labels: skill-drift,automated
          commit-message: 'fix(skills): auto-update drifted skill modify/ files'