From 420a20c0ccba0e45839f86d61bc4504441a8d33f Mon Sep 17 00:00:00 2001
From: admin <admin@nexus-vector>
Date: Tue, 18 Nov 2025 00:39:43 +0000
Subject: [PATCH] ci: add OpenSpec auto-approval workflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Automatically approves and labels OpenSpec proposal/spec PRs from Claude agents.

Features:
- Auto-approves PRs that only modify openspec/ directory
- Adds 'openspec' and 'auto-approved' labels
- Posts confirmation comment
- Only applies to claude/ branches and fullsizemalt user

This removes the approval bottleneck for infrastructure proposals and allows faster iteration on specs.

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/openspec-auto-approve.yml | 67 +++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 .github/workflows/openspec-auto-approve.yml

diff --git a/.github/workflows/openspec-auto-approve.yml b/.github/workflows/openspec-auto-approve.yml
new file mode 100644
index 0000000..24a0962
--- /dev/null
+++ b/.github/workflows/openspec-auto-approve.yml
@@ -0,0 +1,67 @@
+name: OpenSpec Auto-Approval
+
+on:
+  pull_request:
+    paths:
+      - 'openspec/changes/**'
+      - 'openspec/specs/**'
+      - '.github/workflows/openspec-auto-approve.yml'
+    types: [opened, synchronize, reopened]
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  auto-approve-openspec:
+    runs-on: ubuntu-latest
+    # Only approve PRs from Claude (AI agents)
+    if: github.actor == 'fullsizemalt' || contains(github.head_ref, 'claude/')
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Check if PR is OpenSpec-related
+        id: check_openspec
+        run: |
+          # Check if changes are only in openspec directory
+          CHANGED_FILES=$(git diff --name-only origin/main...HEAD)
+          OPENSPEC_FILES=$(echo "$CHANGED_FILES" | grep -E '^openspec/' | wc -l)
+          TOTAL_FILES=$(echo "$CHANGED_FILES" | wc -l)
+
+          if [ "$OPENSPEC_FILES" -eq "$TOTAL_FILES" ] && [ "$OPENSPEC_FILES" -gt 0 ]; then
+            echo "is_openspec=true" >> $GITHUB_OUTPUT
+          else
+            echo "is_openspec=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Auto-approve OpenSpec PR
+        if: steps.check_openspec.outputs.is_openspec == 'true'
+        uses: hmarr/auto-approve-action@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Add OpenSpec label
+        if: steps.check_openspec.outputs.is_openspec == 'true'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            github.rest.issues.addLabels({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ['openspec', 'auto-approved']
+            })
+
+      - name: Comment on PR
+        if: steps.check_openspec.outputs.is_openspec == 'true'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: '✅ **Auto-approved** via OpenSpec workflow.\n\nThis PR modifies only OpenSpec proposals and specs. Ready for merge. 🚀'
+            })