mackowski
diff --git a/‎.ai/implementation-plans/implement-automated-actions.plan.md‎
Lines changed: 198 additions & 0 deletions b/‎.ai/implementation-plans/implement-automated-actions.plan.md‎
Lines changed: 198 additions & 0 deletions
diff --git a/‎.github/config.yaml‎
Lines changed: 26 additions & 0 deletions b/‎.github/config.yaml‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎10xGitHubPolicies.App/Program.cs‎
Lines changed: 3 additions & 23 deletions b/‎10xGitHubPolicies.App/Program.cs‎
Lines changed: 3 additions & 23 deletions
@@ -0,0 +1,198 @@
+# Implement Automated Actions for Policy Violations
+
+## Overview
+
+Replace the `LoggingActionService` with a full implementation that executes configured actions (create-issue, archive-repo) for policy violations, with proper duplicate prevention, error handling, and audit logging.
+
+## Implementation Steps
+
+### 1. Create IssueDetails Model
+
+**File**: `10xGitHubPolicies.App/Services/Configuration/Models/IssueDetails.cs`
+
+Create a new model class to represent issue configuration:
+
+```csharp
+public class IssueDetails
+{
+    [YamlMember(Alias = "title")]
+    public string Title { get; set; }
+    
+    [YamlMember(Alias = "body")]
+    public string Body { get; set; }
+    
+    [YamlMember(Alias = "labels")]
+    public List<string> Labels { get; set; } = new();
+}
+```
+
+### 2. Update PolicyConfig Model
+
+**File**: `10xGitHubPolicies.App/Services/Configuration/Models/PolicyConfig.cs`
+
+Add missing properties to match the documented configuration format:
+
+```csharp
+public class PolicyConfig
+{
+    [YamlMember(Alias = "name")]
+    public string Name { get; set; }
+    
+    [YamlMember(Alias = "type")]
+    public string Type { get; set; }
+    
+    [YamlMember(Alias = "action")]
+    public string Action { get; set; }
+    
+    [YamlMember(Alias = "issue_details")]
+    public IssueDetails IssueDetails { get; set; }
+}
+```
+
+### 3. Implement ActionService
+
+**File**: `10xGitHubPolicies.App/Services/Action/ActionService.cs`
+
+Create a new implementation that replaces `LoggingActionService`:
+
+**Key responsibilities:**
+
+- Retrieve violations for the scan from database
+- Load policy configuration to determine actions
+- For each violation:
+  - Match violation to policy configuration by PolicyType
+  - Execute the configured action (create-issue or archive-repo)
+  - Log the action to ActionLog table
+  - Handle errors gracefully
+
+**Core logic:**
+
+```csharp
+public async Task ProcessActionsForScanAsync(int scanId)
+{
+    // 1. Load violations with related entities (Repository, Policy)
+    var violations = await _dbContext.PolicyViolations
+        .Include(v => v.Repository)
+        .Include(v => v.Policy)
+        .Where(v => v.ScanId == scanId)
+        .ToListAsync();
+    
+    // 2. Get configuration to determine actions
+    var config = await _configurationService.GetConfigAsync();
+    
+    // 3. Process each violation
+    foreach (var violation in violations)
+    {
+        var policyConfig = config.Policies
+            .FirstOrDefault(p => p.Type == violation.Policy.PolicyKey);
+        
+        if (policyConfig == null) continue;
+        
+        // 4. Execute action based on configuration
+        if (policyConfig.Action == "create-issue")
+        {
+            await CreateIssueForViolationAsync(violation, policyConfig);
+        }
+        else if (policyConfig.Action == "archive-repo")
+        {
+            await ArchiveRepositoryForViolationAsync(violation, policyConfig);
+        }
+    }
+}
+```
+
+**Duplicate Prevention for Issues (US-010):**
+
+- Before creating an issue, check for existing open issues with the same title and label
+- Use `IGitHubService` to search existing issues in the repository
+- Skip issue creation if duplicate found, log the skip action
+
+**Error Handling:**
+
+- Wrap each action in try-catch to prevent one failure from blocking others
+- Log failures with details to ActionLog table with Status = "Failed"
+- Continue processing remaining violations even if one fails
+
+### 4. Update Service Registration
+
+**File**: `10xGitHubPolicies.App/Program.cs`
+
+Replace the service registration:
+
+```csharp
+// Change from:
+builder.Services.AddScoped<IActionService, LoggingActionService>();
+
+// To:
+builder.Services.AddScoped<IActionService, ActionService>();
+```
+
+### 5. Add GitHub Service Methods (if missing)
+
+**File**: `10xGitHubPolicies.App/Services/GitHub/IGitHubService.cs` and `GitHubService.cs`
+
+Verify these methods exist (they should based on documentation):
+
+- `Task<Issue> CreateIssueAsync(long repositoryId, string title, string body, IEnumerable<string> labels)`
+- `Task ArchiveRepositoryAsync(long repositoryId)`
+
+If a method to check for existing issues doesn't exist, add:
+
+- `Task<IReadOnlyList<Issue>> GetOpenIssuesAsync(long repositoryId, string label)`
+
+### 6. Update ActionLog Usage
+
+Ensure ActionLog entries are created for each action with:
+
+- `ActionType`: "create-issue" or "archive-repo"
+- `Status`: "Success", "Failed", or "Skipped"
+- `Details`: JSON or text with action details/error messages
+- `Timestamp`: DateTime.UtcNow
+
+### 7. Delete LoggingActionService
+
+**File**: `10xGitHubPolicies.App/Services/Action/LoggingActionService.cs`
+
+Remove this file after ActionService is implemented and registered.
+
+### 8. Cleanup Test Endpoints
+
+**File**: `10xGitHubPolicies.App/Program.cs`
+
+Remove the test/verification endpoints that are no longer needed:
+
+- Remove `/verify-scan` endpoint (lines 78-90) - functionality exists in UI via "Scan Now" button
+- Remove `/log-job` endpoint (lines 93-97) - was only for testing Hangfire
+
+## Key Considerations
+
+**Dependencies:**
+
+- `IGitHubService`: For GitHub API operations
+- `IConfigurationService`: To retrieve policy configurations
+- `ApplicationDbContext`: For database operations
+- `ILogger<ActionService>`: For logging
+
+**Service Lifetime:** Scoped (matches current registration)
+
+**Thread Safety:** Not required - Hangfire processes jobs sequentially per worker
+
+**Idempotency:** Actions should be safe to retry (duplicate prevention for issues, archive is idempotent)
+
+**Testing:** After implementation, test via:
+
+1. Use the "Scan Now" button in the UI dashboard to trigger a scan
+2. Monitor Hangfire dashboard at `/hangfire` for job execution
+3. Check ActionLog table for action records
+4. Verify GitHub issues created and repositories archived
+
+### To-dos
+
+- [ ] Create IssueDetails model class for YAML configuration
+- [ ] Add Name and IssueDetails properties to PolicyConfig model
+- [ ] Create ActionService with create-issue and archive-repo logic
+- [ ] Implement duplicate issue detection logic in ActionService
+- [ ] Replace LoggingActionService with ActionService in Program.cs
+- [ ] Verify and add any missing GitHub service methods for issue checking
+- [ ] Delete LoggingActionService.cs file
+- [ ] Remove test endpoints (/verify-scan and /log-job) from Program.cs
@@ -0,0 +1,26 @@
+# Access control: Specify the GitHub team authorized to access the dashboard.
+# Format: 'organization-slug/team-slug'
+access_control:
+  authorized_team: 'my-org/security-team'
+
+# Policies: Define the rules to enforce across your organization's repositories.
+policies:
+  - name: 'Check for AGENTS.md'
+    type: 'has_agents_md'
+    action: 'create_issue'
+    issue_details:
+      title: 'Compliance: AGENTS.md file is missing'
+      body: 'This repository is missing the AGENTS.md file in its root directory. Please add this file to comply with organization standards.'
+      labels: ['policy-violation', 'documentation']
+
+  - name: 'Check for catalog-info.yaml'
+    type: 'has_catalog_info_yaml'
+    action: 'create_issue'
+    issue_details:
+      title: 'Compliance: catalog-info.yaml is missing'
+      body: 'This repository is missing the catalog-info.yaml file. This file is required for backstage.io service discovery.'
+      labels: ['policy-violation', 'backstage']
+      
+  - name: 'Verify Workflow Permissions'
+    type: 'correct_workflow_permissions'
+    action: 'log_only'
@@ -7,7 +7,9 @@
 using _10xGitHubPolicies.App.Services.Policies;
 using _10xGitHubPolicies.App.Services.Policies.Evaluators;
 using _10xGitHubPolicies.App.Services.Scanning;
+
 using Hangfire;
+
 using Microsoft.AspNetCore.Components;
 using Microsoft.AspNetCore.Components.Web;
 using Microsoft.EntityFrameworkCore;
@@ -48,7 +50,7 @@
 builder.Services.AddScoped<IPolicyEvaluator, HasAgentsMdEvaluator>();
 builder.Services.AddScoped<IPolicyEvaluator, HasCatalogInfoYamlEvaluator>();
 builder.Services.AddScoped<IPolicyEvaluator, CorrectWorkflowPermissionsEvaluator>();
-builder.Services.AddScoped<IActionService, LoggingActionService>();
+builder.Services.AddScoped<IActionService, ActionService>();
 
 
 builder.Services.Configure<GitHubAppOptions>(builder.Configuration.GetSection(GitHubAppOptions.GitHubApp));
@@ -74,28 +76,6 @@
 
 app.UseHangfireDashboard();
 
-// Verification endpoint
-app.MapGet("/verify-scan", async (IScanningService scanningService, ILogger<Program> logger) =>
-{
-    try
-    {
-        await scanningService.PerformScanAsync();
-        return Results.Ok("Scan completed successfully. Check logs for details.");
-    }
-    catch (Exception ex)
-    {
-        logger.LogError(ex, "Failed to perform scan.");
-        return Results.Problem("Failed to perform scan.");
-    }
-});
-
-// Endpoint to enqueue a test job
-app.MapGet("/log-job", (IBackgroundJobClient backgroundJobClient) =>
-{
-    var jobId = backgroundJobClient.Enqueue(() => Console.WriteLine("Hello from a Hangfire job!"));
-    return Results.Ok($"Job '{jobId}' enqueued.");
-});
-
 app.MapBlazorHub();
 app.MapFallbackToPage("/_Host");