Unsupervisedcom · Copilot · Jan 23, 2026 · Jan 23, 2026 · Jan 23, 2026 · Jan 23, 2026
diff --git a/.github/autoapprove-patterns.txt b/.github/autoapprove-patterns.txt
@@ -0,0 +1,14 @@
+# Example patterns file for auto-approval
+# Lines starting with # are comments
+
+# Documentation files
+*.md
+docs/**/*
+
+# Configuration files  
+*.json
+*.yaml
+*.yml
+
+# License files
+LICENSE*
diff --git a/.github/workflows/example-auto-approve.yml b/.github/workflows/example-auto-approve.yml
@@ -0,0 +1,26 @@
+# Example Auto-Approve Workflow
+# This is a reference example - it is commented out to prevent the action from
+# running in this repository. Copy and uncomment in your own repository to use.
+
+# name: Example Auto-Approve Workflow
+# 
+# on:
+#   pull_request:
+#     types: [opened, synchronize, reopened]
+# 
+# jobs:
+#   auto-approve:
+#     runs-on: ubuntu-latest
+#     permissions:
+#       pull-requests: write
+#     
+#     steps:
+#       - name: Checkout code
+#         uses: actions/checkout@v4
+#       
+#       - name: Auto-approve PR
+#         uses: Unsupervisedcom/autoapprove_action@v1
+#         with:
+#           github-token: ${{ secrets.GITHUB_TOKEN }}
+#           patterns-file: '.github/autoapprove-patterns.txt'
+#           approval-message: 'Auto-approved: all changes match allowed patterns ✅'
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,30 @@
+name: Run Tests
+
+on:
+  pull_request:
+    branches: [ main ]
+  push:
+    branches: [ main ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run tests
+        run: npm test
+
+      - name: Build action
+        run: npm run build
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,30 @@
+# Dependencies
+node_modules/
+
+# Build artifacts
+# dist/ is intentionally NOT ignored - it needs to be committed for GitHub Actions
+# package-lock.json is intentionally NOT ignored - it ensures reproducible builds
+
+# Test coverage
+coverage/
+*.lcov
+
+# Logs
+*.log
+npm-debug.log*
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# Temporary files
+tmp/
+temp/
+*.tmp
diff --git a/AGENTS.md b/AGENTS.md
@@ -0,0 +1,212 @@
+# Auto-Approve Action - Agent Instructions
+
+This file contains critical instructions for AI agents working on this codebase.
+
+## Project Overview
+
+This is a GitHub Action that automatically approves pull requests when all changed files match configured glob patterns. The action is written in JavaScript and uses the GitHub Actions toolkit.
+
+## Architecture
+
+### Core Components
+
+1. **action.yml** - GitHub Action metadata file defining inputs, outputs, and runtime
+2. **src/index.js** - Main action logic implementing:
+   - Pattern file reading
+   - File matching logic using minimatch
+   - GitHub API integration for PR approval
+3. **test/index.test.js** - Jest tests for core functionality
+4. **package.json** - Node.js dependencies and build scripts
+
+### Key Dependencies
+
+- `@actions/core` - GitHub Actions toolkit for logging and inputs
+- `@actions/github` - GitHub API client (Octokit)
+- `minimatch` - Glob pattern matching library
+- `@vercel/ncc` - Bundler for creating single-file distribution
+
+## Development Workflow
+
+### Making Changes
+
+1. **Source Code**: All source code lives in `src/index.js`
+2. **Tests**: Tests are in `test/index.test.js` using Jest
+3. **Building**: Run `npm run build` to compile with ncc into `dist/index.js`
+4. **Testing**: Run `npm test` to execute the test suite
+
+### Important Build Process
+
+⚠️ **CRITICAL**: The `dist/index.js` file is what GitHub Actions actually runs, NOT `src/index.js`. After making changes to source code, you MUST:
+
+1. Run `npm run build` to update `dist/index.js`
+2. Commit BOTH `src/index.js` AND `dist/index.js` changes
+
+### Testing Strategy
+
+The test suite focuses on:
+- **Pattern reading**: Validates file parsing, comment handling, whitespace trimming
+- **Pattern matching**: Tests glob pattern matching with various file paths
+- **Edge cases**: Empty files, empty patterns, non-existent files, case sensitivity
+
+Integration testing with GitHub API is not included - those are tested in real workflows.
+
+## Code Style and Conventions
+
+### JavaScript Conventions
+
+- Use CommonJS modules (`require`/`module.exports`)
+- Use `async/await` for asynchronous operations
+- Include JSDoc comments for all exported functions
+- Use descriptive variable names
+
+### Logging
+
+- Use `core.info()` for important information
+- Use `core.debug()` for detailed debugging information
+- Use `core.setFailed()` for fatal errors
+
+### Error Handling
+
+- Wrap main logic in try/catch
+- Provide clear error messages
+- Fail gracefully when not in PR context
+
+## Pattern Matching Logic
+
+The core matching algorithm (`checkFilesMatchPatterns`) follows these rules:
+
+1. **All-or-nothing**: EVERY file must match at least ONE pattern
+2. **First match wins**: As soon as a file matches any pattern, it's considered matched
+3. **No files = no approval**: Empty changesets are not approved
+4. **No patterns = no approval**: Empty pattern lists are not approved
+
+This ensures conservative behavior - only approve when we're certain all changes are safe.
+
+## Common Tasks
+
+### Adding a New Feature
+
+1. Update `src/index.js` with new logic
+2. Add tests in `test/index.test.js`
+3. Run `npm test` to verify
+4. Run `npm run build` to update dist
+5. Update README.md with documentation
+6. Update action.yml if adding new inputs
+
+### Fixing a Bug
+
+1. Add a test that reproduces the bug
+2. Fix the issue in `src/index.js`
+3. Verify test passes with `npm test`
+4. Run `npm run build` to update dist
+5. Commit both source and dist changes
+
+### Updating Dependencies
+
+1. Update `package.json`
+2. Run `npm install`
+3. Run `npm test` to verify compatibility
+4. Run `npm run build` to rebuild with new dependencies
+5. Commit package.json, package-lock.json, and dist/index.js
+
+## Security Considerations
+
+### Token Permissions
+
+The action requires `pull-requests: write` permission to approve PRs. When editing the action:
+
+- Never log the GitHub token
+- Use the token only for GitHub API calls
+- Don't expose the token in error messages
+
+### Pattern Validation
+
+Patterns come from user configuration. Be aware:
+
+- Malicious patterns could cause performance issues (e.g., excessive backtracking)
+- The minimatch library handles most edge cases safely
+- Always validate that patterns file exists and is readable
+
+### Auto-Approval Risks
+
+This action automatically approves PRs. When making changes:
+
+- Ensure matching logic is conservative (all files must match)
+- Don't add "default" patterns that could be too permissive
+- Log clearly which files match and which don't
+
+## Testing Locally
+
+Since this is a GitHub Action, full integration testing requires:
+
+1. A test repository
+2. A pull request to test against
+3. Proper permissions configured
+
+For local development:
+
+```bash
+# Run unit tests
+npm test
+
+# Build the action
+npm run build
+
+# Lint code (if configured)
+npm run lint
+```
+
+## Debugging in GitHub Actions
+
+When debugging action failures in real workflows:
+
+1. Check the action logs in the GitHub UI
+2. Look for `core.info()` messages showing which files matched/didn't match
+3. Verify the patterns file exists and has correct content
+4. Check PR permissions are correctly set
+5. Verify the action is triggered on PR events
+
+## File Structure
+
+```
+autoapprove_action/
+├── .git/
+├── .github/                    # Example workflows (if any)
+├── src/
+│   └── index.js               # Source code (edit here)
+├── test/
+│   └── index.test.js          # Tests
+├── dist/
+│   └── index.js               # Built file (generated, commit this)
+├── action.yml                 # Action metadata
+├── package.json               # Dependencies and scripts
+├── package-lock.json          # Locked dependencies
+├── README.md                  # User documentation
+├── AGENTS.md                  # This file
+└── LICENSE.md                 # Business Source License 1.1
+```
+
+## Common Pitfalls
+
+1. **Forgetting to build**: Always run `npm run build` after source changes
+2. **Not committing dist**: The dist/index.js file must be committed
+3. **Pattern file path**: Path is relative to repository root, not .github/
+4. **Token permissions**: Action needs `pull-requests: write` in workflow
+5. **Event triggers**: Action only works on `pull_request` events
+
+## Dependencies and Versioning
+
+- **Node.js**: Action runs on Node 20 (specified in action.yml)
+- **GitHub Actions**: Compatible with GitHub Actions runner
+- **Breaking changes**: Increment major version for breaking changes to inputs/behavior
+
+## Contributing Guidelines
+
+When reviewing or making contributions:
+
+1. Maintain backward compatibility when possible
+2. Add tests for all new functionality
+3. Update README.md with new features or behavior changes
+4. Keep the action simple and focused on its core purpose
+5. Follow existing code style and patterns
+6. Ensure all tests pass before merging
diff --git a/LICENSE.md b/LICENSE.md
@@ -0,0 +1,60 @@
+# Business Source License 1.1
+
+## Parameters
+
+**Licensor:** Unsupervised.com, Inc.
+
+**Licensed Work:** Auto-Approve Action  
+The Licensed Work is © 2024-2026 Unsupervised.com, Inc.
+
+**Additional Use Grant:** You may use the Licensed Work for any purpose other than the prohibited uses described below.
+
+**Change Date:** 2030-01-14
+
+**Change License:** Apache License, Version 2.0
+
+---
+
+## License Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative works, redistribute, and make non-production use of the Licensed Work. The Licensor may make an Additional Use Grant, above, permitting limited production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly available distribution of a specific version of the Licensed Work under this License, whichever comes first, the Licensor hereby grants you rights under the terms of the Change License, and the rights granted in the paragraph above terminate.
+
+If your use of the Licensed Work does not comply with the requirements currently in effect as described in this License, you must purchase a commercial license from the Licensor, its affiliated entities, or authorized resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works of the Licensed Work, are subject to this License. This License applies separately for each version of the Licensed Work and the Change Date may vary for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy of the Licensed Work. If you receive the Licensed Work in original or modified form from a third party, the terms and conditions set forth in this License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically terminate your rights under this License for the current and all other versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of Licensor or its affiliates (provided that you may use a trademark or logo of Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND TITLE.
+
+---
+
+## Prohibited Uses
+
+You may not use the Licensed Work for any of the following purposes:
+
+1. **Competing Products for Workflow Automation**: You may not use the Licensed Work to create, operate, or provide a product or service that competes with Auto-Approve Action or any product or service offered by Unsupervised.com, Inc. in the field of automating workflows, including but not limited to:
+   - AI-powered workflow automation tools
+   - Multi-step task execution frameworks
+   - AI agent orchestration platforms
+   - Workflow definition and execution systems
+
+2. **Competing Products for Data Analysis**: You may not use the Licensed Work to create, operate, or provide a product or service that competes with Auto-Approve Action or any product or service offered by Unsupervised.com, Inc. in the field of data analysis, including but not limited to:
+   - AI-powered data analysis platforms
+   - Automated data processing and analysis tools
+   - AI-driven analytics services
+   - Data workflow automation systems
+
+A product or service "competes" with Auto-Approve Action or Unsupervised.com, Inc. if it is marketed to users or customers as a substitute for, or alternative to, Auto-Approve Action or any workflow automation or data analysis product or service offered by Unsupervised.com, Inc.
+
+**Clarification**: This prohibition does not prevent you from:
+- Using the Licensed Work internally within your organization for your own workflow automation or data analysis needs
+- Building complementary tools or extensions that integrate with Auto-Approve Action
+- Using the Licensed Work in educational or research contexts
+- Contributing to the Licensed Work under the terms of the Contributor License Agreement