fix(autodoc): address code review — Epic type, Bedrock model, step split

[jdcmsd]

Addresses Freddy's review comments on the autodoc workflow.

Changes

• Epic type vs label: contains(...labels..., 'Epic') → github.event.issue.type.name == 'Epic' in both the job-level if and the HAS_EPIC env var. GraphQL parent lookup updated from labels { nodes { name } } to issueType { name }.
• Bedrock model switching: Replaced npm install -g @anthropic-ai/claude-code + claude --print with anthropics/claude-code-action@v1. Model and Bedrock role read from vars.BEDROCK_MODEL_ID / vars.BEDROCK_ROLE_ARN so they can be swapped without editing the workflow. Added id-token: write permission for OIDC.
• Step split: "Post comment, apply to dotCMS, commit report" → three discrete steps: Post report comment / Apply doc update to dotCMS / Apply doc create to dotCMS. Each apply step has an explicit if: env.ACTION == '...' condition visible in the Actions UI.

Notes

• If vars.BEDROCK_ROLE_ARN is unset, the action falls back to direct Anthropic API via secrets.ANTHROPIC_API_KEY (existing behaviour unchanged).
• Comment 3 (Epic-only scope question) was answered in the PR thread — no code change needed.

[github-actions]

❌ Issue Linking Required

This PR could not be linked to an issue. All PRs must be linked to an issue for tracking purposes.

How to fix this:

Option 1: Add keyword to PR body (Recommended - auto-removes this comment)
Edit this PR description and add one of these lines:

• This PR fixes #123 or Fixes: #123

• This PR closes #123 or Closes: #123

• This PR resolves #123 or Resolves: #123

• Other supported keywords: fix, fixed, close, closed, resolve, resolved
  Option 2: Link via GitHub UI (Note: won't clear the failed check)

1. Go to the PR → Development section (right sidebar)

2. Click "Link issue" and select an existing issue

3. Push a new commit or re-run the workflow to clear the failed check
   Option 3: Use branch naming
   Create a new branch with one of these patterns:

• 123-feature-description (number at start)

• issue-123-feature-description (issue-number at start)

• feature-issue-123 (issue-number anywhere)

Why is this required?

Issue linking ensures proper tracking, documentation, and helps maintain project history. It connects your code changes to the problem they solve.---

This comment was automatically generated by the issue linking workflow

[claude]

Claude finished @jdcmsd's task in 1m 43s —— View job

---

Autodoc analysis — complete

• Read doc-object schema & rollback-unsafe categories
• Fetch PR metadata, diff, linked issues, epic
• Generate doc object (Output A)
• Assess rollback safety (Output B)
• Post results & apply label

---

🟢 Rollback safety: Safe to Rollback

This PR modifies a single file — .github/workflows/issue_autodoc.yml — and nothing else. I checked the diff against every category in ROLLBACK_UNSAFE_CATEGORIES.md:

• No DB migrations / runonce tasks (C-1, C-4, H-1, H-2, H-3, H-6, H-7, M-1) — no SQL, no schema change.
• No Elasticsearch mapping changes (C-2) — the only ES reference is an unchanged /api/es/search query string used at runtime by the workflow; no putMapping/reindex.
• No content JSON model version bump (C-3), no field type (H-4), no storage provider change (H-5).
• No REST/GraphQL/OSGi contract change (M-3, M-4) — the GraphQL edit is to the workflow's own consuming query (labels → issueType), not to a dotCMS-exposed API; no bundle format change (M-2).

The change is CI/CD-only (Area : CI/CD), affects only the documentation-automation pipeline, and reverting the file fully restores prior behavior. Applied label AI: Safe To Rollback.

Note on linking: no closes/fixes/resolves #N in the PR body, so no linked issues. The dotcms-aios epics path returned 404 from this runner, so the epic field is omitted (not guessed).

---

📄 Doc Object Draft (attached to merge commit post-merge)

---
commit: PLACEHOLDER_SHORT_SHA
title: "fix(autodoc): address code review — Epic type, Bedrock model, step split"
type: ci
module: "autodoc CI workflow (issue_autodoc.yml)"
customer_visible: no
security_relevant: false
breaking_change: false
pr:
  primary: 502
release_notes:
  audience: internal
  priority: low
  reasoning: "Internal CI workflow refactor with no customer-observable behavior change."
provenance:
  generator: doc-object-skill
  model: claude-opus-4-8-20251001
  prompt_version: v0.1
  generated_at: 2026-06-26T12:47:44Z
  source_pr: 502
  source_diff_sha: PLACEHOLDER_FULL_SHA
---

What changed

Refines the issue_autodoc GitHub Actions workflow per review feedback. Epic detection now keys off GitHub's native issue type (github.event.issue.type.name == 'Epic') instead of an Epic label, including the GraphQL parent lookup which now reads issueType { name } rather than labels { nodes { name } }. The Claude invocation moves from a globally-installed @anthropic-ai/claude-code CLI to the anthropics/claude-code-action@v1 action, with model and Bedrock role sourced from vars.BEDROCK_MODEL_ID / vars.BEDROCK_ROLE_ARN so they can be swapped without editing the workflow (falls back to direct Anthropic API when the role var is unset). The monolithic finalize step is split into three discrete, independently-visible steps — Post report comment, Apply doc update to dotCMS, Apply doc create to dotCMS — each gated by an explicit if: env.ACTION == '...' condition, with slug/UUID validation retained on the apply paths.

Risk / watch

Adds id-token: write permission to the job for Bedrock OIDC. Behavior is unchanged when vars.BEDROCK_ROLE_ARN is empty. Affects only the documentation-automation pipeline; no product code, API, or data is touched.