ENGINEERING
Nightly dependency-license drift audit to Notion and Slack
On a daily schedule, audits the full dependency tree of your repositories for license changes since the last run, logs any newly non-compliant packages to a Notion register.
How it runs
The automated pipeline, trigger to output.
- TriggerDaily schedule
- ActionEnumerate full dependency tree per repositoryGitHub
- ActionResolve and policy-check each package licenseGitHub
- LogicDiff against prior audit for newly non-compliant packages
- ActionAppend new violations to Notion compliance registerNotion
- OutputSend drift summary to SlackSlack
What it does
This scheduled workflow catches license drift that slips past per-PR gates — for example transitive dependencies whose license changed in a patch release. Each night it resolves the complete dependency tree for the configured repositories, compares every package's current license to your policy, and detects packages that became non-compliant since the previous audit. New violations are written to a Notion compliance register and summarized to Slack.
When to use it
Use this as a safety net alongside the PR gate, or as the primary control for repositories where per-PR enforcement is not yet set up. It is built for compliance teams who need a durable, dated audit trail of license posture over time.
How it works
- 1A daily schedule triggers the workflow.
- 2It enumerates dependencies (including transitives) for each tracked GitHub repository.
- 3Every package license is resolved and checked against the policy.
- 4A logic step diffs current violations against the prior audit to find what is newly non-compliant.
- 5New violations are appended as rows to a Notion register with date and severity.
- 6A Slack summary reports new, resolved, and total outstanding violations.
Set it up
What you configure once, before turning it on.
- 1Connect GitHubRepos, issues, pull requests, actions.
- 2Connect NotionPages, databases, comments.
- 3Connect SlackChannels, DMs, threads, mentions.
- 4Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 5Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 6Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More Engineering workflows
Gate breaking API PRs behind downstream consumer acknowledgement
When a PR introduces a breaking contract change, comments the impact summary back on the PR, applies a blocking label.
Publish a versioned API changelog to Confluence on each release tag
On a new semver release tag, gathers the contract changes since the last release and writes a clean.
Agent reviews model-license fit and suggests compliant swaps on the PR
When a PR adds a Hugging Face model, an agent reads the model card and license, judges fit against your commercial-use policy.
Upgrade Impact Router to Module Code Owners
Maps a dependency-bump PR's affected modules to their CODEOWNERS, then DMs each owner on Slack with only the changelog slice that touches code they own.
Re-Voice IVR Prompts on Phone-Tree Config Merge
When a phone-tree config change merges in GitHub, regenerates the ElevenLabs audio for any prompt whose script changed in the diff and opens a follow-up PR adding the new audio…
Upstream Release to Notion Upgrade Brief
When a watched package publishes a new release, fetches the release notes, maps them to the internal modules that depend on it.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.