@kody-ade/kody-engine-lite 0.1.147 → 0.1.148

package/kody.config.schema.json

@@ -196,6 +196,11 @@
         "digestIssue": {
           "type": "number",
           "description": "GitHub issue number for posting digest reports. Auto-created by bootstrap."
+        },
+        "model": {
+          "type": "string",
+          "description": "Model for watch agents. When provider is set in agent config, this should be the provider's model name. Falls back to agent.modelMap.cheap if not set.",
+          "examples": ["claude-sonnet-4-6", "claude-haiku-4-5-20251001", "MiniMax-M1"]
         }
       },
       "additionalProperties": false

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kody-ade/kody-engine-lite",
-  "version": "0.1.147",
+  "version": "0.1.148",
   "description": "Autonomous SDLC pipeline: Kody orchestration + Claude Code + LiteLLM",
   "license": "MIT",
   "type": "module",

package/templates/kody-watch.yml

@@ -17,7 +17,7 @@ concurrency:
 jobs:
   watch:
     runs-on: ubuntu-latest
-    timeout-minutes: 10
+    timeout-minutes: 15
     permissions:
       issues: write
       contents: read
@@ -28,6 +28,10 @@ jobs:
         with:
           node-version: 22
 
+      - name: Install Claude Code
+        if: hashFiles('.kody/watch/agents/*/agent.json') != ''
+        run: npm install -g @anthropic-ai/claude-code
+
       - name: Install Kody Engine
         run: npm install -g @kody-ade/kody-engine-lite
 
@@ -36,5 +40,6 @@ jobs:
           GH_TOKEN: ${{ github.token }}
           REPO: ${{ github.repository }}
           WATCH_DIGEST_ISSUE: ${{ vars.WATCH_DIGEST_ISSUE }}
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
           DRY_RUN: ${{ inputs.dry_run || 'false' }}
         run: npx kody-engine-lite watch ${{ inputs.dry_run == 'true' && '--dry-run' || '' }}

package/templates/watch-agents/dependency-checker/agent.json

@@ -0,0 +1,7 @@
+{
+  "name": "dependency-checker",
+  "description": "Checks for outdated or vulnerable dependencies and creates tracking issues",
+  "schedule": {
+    "every": 96
+  }
+}

package/templates/watch-agents/dependency-checker/agent.md

@@ -0,0 +1,14 @@
+Audit the repository's dependencies for known vulnerabilities.
+
+1. Read `package.json` to understand the project's dependency stack.
+2. Run `npm audit --json` (or `pnpm audit --json` if pnpm-lock.yaml exists) to check for known vulnerabilities.
+3. Focus only on **high** and **critical** severity vulnerabilities.
+
+For each finding:
+1. Check if there is already an open issue with label `kody:watch:vulnerability` mentioning the package name. If so, skip it.
+2. Create a GitHub issue with:
+   - Title: `Vulnerability: <package-name> (<severity>)`
+   - Label: `kody:watch:vulnerability`
+   - Body containing: package name, current version, severity, advisory URL (if available), and suggested fix (upgrade command)
+
+If no high/critical vulnerabilities are found, do not create any issues.

package/templates/watch-agents/stale-pr-reviewer/agent.json

@@ -0,0 +1,7 @@
+{
+  "name": "stale-pr-reviewer",
+  "description": "Finds pull requests with no recent activity and creates tracking issues",
+  "schedule": {
+    "every": 48
+  }
+}

package/templates/watch-agents/stale-pr-reviewer/agent.md

@@ -0,0 +1,13 @@
+List all open pull requests. For each PR, check the last activity date (most recent of: last commit, last comment, last review).
+
+Flag any PR that has had **no activity in the last 7 days** as stale.
+
+For each stale PR:
+1. First, check if there is already an open issue with the label `kody:watch:stale-pr` that mentions this PR number. If so, skip it.
+2. Create a GitHub issue with:
+   - Title: `Stale PR #<number>: <pr-title>`
+   - Label: `kody:watch:stale-pr`
+   - Body containing: PR number, author, days since last activity, a link to the PR, and a suggested action (ping author, close, or merge)
+
+Ignore PRs that have any of these labels: `on-hold`, `wip`, `draft`.
+Do not flag draft PRs.