ENGINEERING
Group Open Dependabot PRs by Blast Radius for Batched Review
Scans all open Dependabot PRs across your repos, computes a blast-radius score for each from version-bump severity and the number of dependent packages touched.
How it runs
The automated pipeline, trigger to output.
- TriggerDaily schedule fires
- ActionList open Dependabot PRs + changed filesGitHub
- LogicScore each PR by semver jump and import fan-out
- LogicBucket PRs into low/medium/high blast radius
- ActionCompose ranked batched-review digest
- OutputPost digest to Slack review channelSlack
What it does
Instead of reviewers drowning in one-off Dependabot pings, this collects every open Dependabot PR and sorts them into review batches by blast radius. Patch bumps to leaf dev-dependencies land in a "safe to batch-merge" bucket; major bumps to widely-imported runtime packages get flagged for solo review. The result is one ranked Slack digest your team works through in a single sitting.
When to use it
Run it on a schedule (e.g. every weekday morning) when Dependabot opens more PRs than anyone reviews individually, and patch noise is burying the genuinely risky upgrades.
How it works
- 1A daily schedule fires the workflow.
- 2GitHub lists all open PRs authored by Dependabot across the configured repos, with their changed files and labels.
- 3A scoring step parses each PR's semver jump (patch/minor/major) and counts how many first-party modules import the bumped package.
- 4A branch buckets PRs into low / medium / high blast radius from that score.
- 5A digest is composed grouping PRs by bucket with merge recommendations.
- 6The ranked digest posts to a Slack review channel.
Set it up
What you configure once, before turning it on.
- 1Connect GitHubRepos, issues, pull requests, actions.
- 2Connect SlackChannels, DMs, threads, mentions.
- 3Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 4Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 5Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More Engineering workflows
Upgrade Impact Router to Module Code Owners
Maps a dependency-bump PR's affected modules to their CODEOWNERS, then DMs each owner on Slack with only the changelog slice that touches code they own.
Re-Voice IVR Prompts on Phone-Tree Config Merge
When a phone-tree config change merges in GitHub, regenerates the ElevenLabs audio for any prompt whose script changed in the diff and opens a follow-up PR adding the new audio…
Agent reviews model-license fit and suggests compliant swaps on the PR
When a PR adds a Hugging Face model, an agent reads the model card and license, judges fit against your commercial-use policy.
Scan for deprecated endpoints and email consumers a weekly sunset countdown
On a weekly schedule, scans the OpenAPI spec for endpoints marked deprecated with a sunset date, and emails each consuming team a countdown of how many days remain before removal.
Publish a versioned API changelog to Confluence on each release tag
On a new semver release tag, gathers the contract changes since the last release and writes a clean.
Gate breaking API PRs behind downstream consumer acknowledgement
When a PR introduces a breaking contract change, comments the impact summary back on the PR, applies a blocking label.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.