ENGINEERING
Open a Linear remediation ticket when a forbidden license lands on main
When a merge to the default branch introduces a dependency with a forbidden license, files a prioritized Linear issue assigned to the owning team with the package, license…
How it runs
The automated pipeline, trigger to output.
- TriggerPush to default branchGitHub
- ActionDiff lockfile and isolate newly added packagesGitHub
- ActionResolve SPDX license per new packageHTTP webhook
- LogicFilter to forbidden/copyleft violations
- OutputCreate assigned Linear remediation issue per violationLinear
What it does
Turns post-merge license escapes into tracked work. When a push to the default branch changes the lockfile, it identifies newly added dependencies, resolves their licenses, and for any forbidden match it creates a Linear issue with the package name, version, offending license, and a link to the introducing commit and PR. The issue is routed to the team that owns the affected repository.
When to use it
Use it as a safety net behind your PR gate, or when a gate isn't yet enforced everywhere. It ensures that anything copyleft that slips onto main becomes an assigned, prioritized remediation task instead of an untracked liability.
How it works
- 1A push to the default branch fires the trigger.
- 2The flow diffs the lockfile and isolates newly added packages.
- 3It resolves each new package's SPDX license.
- 4A policy check filters to forbidden/copyleft matches only; clean pushes exit silently.
- 5For each violation it creates a Linear issue with package, license, and commit/PR links, assigned to the repo's owning team and labeled for compliance.
Set it up
What you configure once, before turning it on.
- 1Connect GitHubRepos, issues, pull requests, actions.
- 2Connect LinearIssues, projects, cycles, triage.
- 3Connect HTTP webhookTrigger any URL on agent actions.
- 4Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 5Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 6Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More Engineering workflows
Gate breaking API PRs behind downstream consumer acknowledgement
When a PR introduces a breaking contract change, comments the impact summary back on the PR, applies a blocking label.
Publish a versioned API changelog to Confluence on each release tag
On a new semver release tag, gathers the contract changes since the last release and writes a clean.
Agent reviews model-license fit and suggests compliant swaps on the PR
When a PR adds a Hugging Face model, an agent reads the model card and license, judges fit against your commercial-use policy.
Upgrade Impact Router to Module Code Owners
Maps a dependency-bump PR's affected modules to their CODEOWNERS, then DMs each owner on Slack with only the changelog slice that touches code they own.
Re-Voice IVR Prompts on Phone-Tree Config Merge
When a phone-tree config change merges in GitHub, regenerates the ElevenLabs audio for any prompt whose script changed in the diff and opens a follow-up PR adding the new audio…
Upstream Release to Notion Upgrade Brief
When a watched package publishes a new release, fetches the release notes, maps them to the internal modules that depend on it.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.