vijay_admin/sentryagent-idp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5e580b51dd5baa1f509105b3157c548603a277cb
sentryagent-idp/.github/actions/issue-token/action.yml
SentryAgent.ai Developer fefbf1e3ea feat(phase-4): WS5 — GitHub Actions OIDC token exchange and trust policies 
- POST /oidc/token: GitHub OIDC JWT exchange (bootstrap + agent-scoped modes)
- POST/GET/DELETE /oidc/trust-policies: trust policy CRUD with enforcement
- DB migration 022: oidc_trust_policies table with provider/repo/branch/agent_id
- GitHub Actions: register-agent and issue-token actions with full READMEs
- Trust policy enforcement rejects token exchanges not matching registered policies
- Bootstrap mode issues agents:write token for new agent registration without agentId

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-02 10:37:39 +00:00

38 lines
1.0 KiB
YAML
Raw Blame History

name: 'SentryAgent Issue Token'
description: >
Issues a SentryAgent.ai OAuth2 access token for an agent using GitHub OIDC
token exchange. No long-lived API credentials required. The issued access
token is automatically masked in GitHub Actions logs via core.setSecret().
author: 'SentryAgent.ai'
branding:
icon: 'key'
color: 'blue'
inputs:
api-url:
description: >
Base URL of the SentryAgent.ai AgentIdP API.
Example: https://idp.sentryagent.ai
required: true
agent-id:
description: >
The UUID of the agent for which to issue an access token.
Obtain this from the register-agent action output or from the API.
required: true
outputs:
access-token:
description: >
A short-lived Bearer access token for the specified agent.
The token value is masked in all GitHub Actions log output.
expires-at:
description: >
ISO 8601 timestamp indicating when the access token expires.
Use this to decide when to re-issue a fresh token.
runs:
using: 'node20'
main: 'action.js'
Reference in New Issue View Git Blame Copy Permalink