ENGINEERING

Nightly dependency-license inventory snapshot to Postgres

Each night, walks every tracked repository's lockfile, records each dependency and its resolved license into a Postgres table.

CategoryEngineering

Enginesim

Difficultyintermediate

Triggerschedule

Steps5

Setup~15 min

How it runs

The automated pipeline, trigger to output.

TriggerNightly schedule
ActionList repositories and fetch each lockfileGitHub
ActionResolve SPDX license for every dependencyHTTP webhook
ActionUpsert per-package license rows into PostgresPostgres
OutputWrite snapshot summary row with copyleft/unknown countsPostgres

What it does

Builds and maintains a queryable license inventory. On a nightly schedule it enumerates your repositories, reads each lockfile, resolves every dependency's license, and upserts the full set into a Postgres table keyed by repo, package, version, and snapshot date. Over time this becomes a historical record you can diff to see exactly when a copyleft package entered the tree.

When to use it

Use it when you need an auditable, point-in-time source of truth for legal or compliance teams, or when you want to run ad-hoc SQL like "which repos pulled in an AGPL package this quarter." Complements a PR gate by giving you the long view.

How it works

1A nightly schedule triggers the run.
2The flow lists target repositories and pulls the current lockfile from each.
3It resolves the SPDX license for every dependency in every lockfile.
4Each row (repo, package, version, license, snapshot timestamp) is upserted into the Postgres inventory table.
5The final step writes a snapshot summary row recording total packages and count of copyleft/unknown licenses for trend reporting.

Set it up

What you configure once, before turning it on.

1
Connect GitHubRepos, issues, pull requests, actions.
2
Connect PostgresAny Postgres URL — query, write, migrate.
3
Connect HTTP webhookTrigger any URL on agent actions.
4
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
5
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
6
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Engineering workflows

Gate breaking API PRs behind downstream consumer acknowledgement

When a PR introduces a breaking contract change, comments the impact summary back on the PR, applies a blocking label.

Publish a versioned API changelog to Confluence on each release tag

On a new semver release tag, gathers the contract changes since the last release and writes a clean.

Agent reviews model-license fit and suggests compliant swaps on the PR

When a PR adds a Hugging Face model, an agent reads the model card and license, judges fit against your commercial-use policy.

Upgrade Impact Router to Module Code Owners

Maps a dependency-bump PR's affected modules to their CODEOWNERS, then DMs each owner on Slack with only the changelog slice that touches code they own.

Re-Voice IVR Prompts on Phone-Tree Config Merge

When a phone-tree config change merges in GitHub, regenerates the ElevenLabs audio for any prompt whose script changed in the diff and opens a follow-up PR adding the new audio…

Upstream Release to Notion Upgrade Brief

When a watched package publishes a new release, fetches the release notes, maps them to the internal modules that depend on it.

Browse all Engineering →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Marketing

Content Marketing Agency

SEO, blogs, social, and reporting on autopilot.

Operations

Internal Operations

Runbooks, on-call, vendor management — disciplined and audited.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →