name: 'SentryAgent Issue Token'
description: >
  Issues a SentryAgent.ai OAuth2 access token for an agent using GitHub OIDC
  token exchange. No long-lived API credentials required. The issued access
  token is automatically masked in GitHub Actions logs via core.setSecret().

author: 'SentryAgent.ai'

branding:
  icon: 'key'
  color: 'blue'

inputs:
  api-url:
    description: >
      Base URL of the SentryAgent.ai AgentIdP API.
      Example: https://idp.sentryagent.ai
    required: true
  agent-id:
    description: >
      The UUID of the agent for which to issue an access token.
      Obtain this from the register-agent action output or from the API.
    required: true

outputs:
  access-token:
    description: >
      A short-lived Bearer access token for the specified agent.
      The token value is masked in all GitHub Actions log output.
  expires-at:
    description: >
      ISO 8601 timestamp indicating when the access token expires.
      Use this to decide when to re-issue a fresh token.

runs:
  using: 'node20'
  main: 'action.js'