ENGINEERING
Route GitLab MRs to reviewer pools by changed-path risk
When a merge request opens, score its changed files against risk path rules, apply the matching security label, and assign reviewers from the correct pool.
How it runs
The automated pipeline, trigger to output.
- TriggerGitLab merge request opened or updatedGitLab
- ActionFetch changed file paths for the MRGitLab
- LogicMatch paths to risk tier (critical / elevated / routine)
- ActionApply security label and assign matching reviewer poolGitLab
- OutputNotify the chosen reviewer pool in SlackSlack
What it does
Classifies every new merge request by which files it touches and routes it to the right reviewers automatically. Touch `auth/`, `crypto/`, `payments/`, or CI config and it gets a `security-review` label plus the security reviewer pool. Everything else lands with the default team. No more security-sensitive diffs slipping through on a generic round-robin.
When to use it
Use it when your repo has clearly higher-stakes directories and you want a guaranteed second set of eyes on them without relying on authors to self-flag. Ideal for teams with a small security pool who only want to be pulled in when it actually matters.
How it works
- 1A GitLab webhook fires on merge request `open` and `update`.
- 2The flow pulls the MR's changed file paths from the GitLab API.
- 3A logic step matches paths against tiered risk rules (critical / elevated / routine).
- 4It applies the matching label and assigns reviewers from the corresponding pool via the GitLab API.
- 5A Slack message notifies the chosen pool's channel with the MR link and matched risk reason.
Set it up
What you configure once, before turning it on.
- 1Connect GitLabRepos, MRs, pipelines, registry.
- 2Connect SlackChannels, DMs, threads, mentions.
- 3Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 4Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 5Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More Engineering workflows
Upgrade Impact Router to Module Code Owners
Maps a dependency-bump PR's affected modules to their CODEOWNERS, then DMs each owner on Slack with only the changelog slice that touches code they own.
Re-Voice IVR Prompts on Phone-Tree Config Merge
When a phone-tree config change merges in GitHub, regenerates the ElevenLabs audio for any prompt whose script changed in the diff and opens a follow-up PR adding the new audio…
Agent reviews model-license fit and suggests compliant swaps on the PR
When a PR adds a Hugging Face model, an agent reads the model card and license, judges fit against your commercial-use policy.
Scan for deprecated endpoints and email consumers a weekly sunset countdown
On a weekly schedule, scans the OpenAPI spec for endpoints marked deprecated with a sunset date, and emails each consuming team a countdown of how many days remain before removal.
Publish a versioned API changelog to Confluence on each release tag
On a new semver release tag, gathers the contract changes since the last release and writes a clean.
Gate breaking API PRs behind downstream consumer acknowledgement
When a PR introduces a breaking contract change, comments the impact summary back on the PR, applies a blocking label.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.