ENGINEERING
Renovate PR Call-Site Blast-Radius Mapper (GitHub)
When Renovate opens a dependency-bump PR on GitHub, this traces the bumped package to every import and call site it actually touches in the repo.
How it runs
The automated pipeline, trigger to output.
- TriggerRenovate PR opened/updated webhookGitHub
- LogicConfirm bump; extract package + version delta
- ActionGrep repo for import/call sites of packageShell
- LogicScore blast radius from call sites + path weight
- OutputPost ranked comment + label on PRGitHub
What it does
Every Renovate PR says "bumped lodash 4.17.20 -> 4.17.21" but not what in *your* code depends on it. This workflow parses the bump, greps the repository for real import and call sites of the changed package, and writes a structured PR comment: which files import it, which exported symbols they use, and a risk score weighted by how many call sites sit on hot paths.
When to use it
Use it on any repo where Renovate (or Dependabot) raises bump PRs and reviewers rubber-stamp them blind. It turns "looks fine, merging" into an evidence-backed call: high blast radius gets eyes, zero-call-site bumps get fast-tracked.
How it works
- 1A GitHub PR webhook fires when a branch named `renovate/*` opens or updates.
- 2A logic step confirms it is a dependency bump and extracts the package name and old/new versions from the PR body and lockfile diff.
- 3A shell step runs a workspace-wide search for imports and references to that package, collecting file paths and used symbols.
- 4A logic step scores blast radius from call-site count and path sensitivity.
- 5The workflow posts a ranked comment back on the GitHub PR and applies a `blast-radius/high|low` label.
Set it up
What you configure once, before turning it on.
- 1Connect GitHubRepos, issues, pull requests, actions.
- 2Connect ShellRun sandboxed commands inside the workspace.
- 3Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 4Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 5Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More Engineering workflows
Gate breaking API PRs behind downstream consumer acknowledgement
When a PR introduces a breaking contract change, comments the impact summary back on the PR, applies a blocking label.
Publish a versioned API changelog to Confluence on each release tag
On a new semver release tag, gathers the contract changes since the last release and writes a clean.
Agent reviews model-license fit and suggests compliant swaps on the PR
When a PR adds a Hugging Face model, an agent reads the model card and license, judges fit against your commercial-use policy.
Upgrade Impact Router to Module Code Owners
Maps a dependency-bump PR's affected modules to their CODEOWNERS, then DMs each owner on Slack with only the changelog slice that touches code they own.
Re-Voice IVR Prompts on Phone-Tree Config Merge
When a phone-tree config change merges in GitHub, regenerates the ElevenLabs audio for any prompt whose script changed in the diff and opens a follow-up PR adding the new audio…
Upstream Release to Notion Upgrade Brief
When a watched package publishes a new release, fetches the release notes, maps them to the internal modules that depend on it.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.