@zibby/workflow-templates 0.7.1 → 0.9.1

package/index.js

@@ -173,7 +173,7 @@ export const TEMPLATES = {
     description: 'Reusable child workflow — posts a structured Block Kit alert to a Slack channel. Dispatched by other workflows (Sentry triage, autofix, incident) via sub-graph.',
     path: join(__dirname, 'notify-slack'),
     defaultSlug: 'alert-slack',
-    deps: { zod: '^3.23.0' },
+    deps: { zod: '^3.23.0 || ^4.0.0', '@zibby/skills': '^0.1.28' },
     features: [
       'Single-node, no LLM — deterministic ~500ms post',
       'Block Kit message with severity-coded color + emoji',
@@ -215,7 +215,7 @@ export const TEMPLATES = {
     description: 'Reusable child workflow — posts a structured Interactive Card to a Lark / Feishu chat. Dispatched by other workflows via sub-graph.',
     path: join(__dirname, 'notify-lark'),
     defaultSlug: 'alert-lark',
-    deps: { zod: '^3.23.0' },
+    deps: { zod: '^3.23.0 || ^4.0.0', '@zibby/skills': '^0.1.28' },
     features: [
       'Single-node, no LLM',
       'Lark Interactive Card with severity template (red/orange/yellow/grey)',
@@ -387,7 +387,357 @@ export const TEMPLATES = {
         'Post the digest to our #leadership Lark group + #eng Slack channel',
       ],
     },
-  }
+  },
+
+  // ── pipeline-supervisor: Zibby managing Zibby (read + propose + notify) ─
+  'pipeline-supervisor': {
+    name: 'pipeline-supervisor',
+    displayName: 'Pipeline Supervisor',
+    description: 'Zibby managing Zibby — a scheduled supervisor that scans the project\'s other pipelines, flags the ones failing or running slow, and posts human-reviewable improvement proposals (add a test gate / tweak a prompt / add an approval gate / drop a redundant step) to Slack or Lark. Read + propose + notify only; it never edits another workflow.',
+    path: join(__dirname, 'pipeline-supervisor'),
+    defaultSlug: 'pipeline-supervisor',
+    deps: { zod: '^3.23.0', '@zibby/skills': '^0.1.26' },
+    features: [
+      '3-node graph: scan_pipelines → propose_improvements → notify',
+      'Reads other pipelines\' executions via the Zibby REST API (user-PAT authed)',
+      'Per-pipeline health rollup: fail-rate, median duration, worst recent run',
+      'LLM proposes ONE concrete, evidence-backed change per flagged pipeline',
+      'Posts a review card to Slack OR Lark (chat_notify OR-group)',
+      'Read + propose + notify only — never edits another workflow\'s graph (safe L3)',
+      'Cron-friendly: e.g. daily, default lookbackHours=24 / minFailRate=0.4',
+    ],
+    marketplace: {
+      slug: 'pipeline-supervisor',
+      tagline: 'Zibby watching Zibby — find your flaky pipelines and propose the fix.',
+      iconPrompt: [
+        'Hand-painted storybook illustration in a warm gouache style with soft brushwork and gentle painterly texture, featuring a friendly round robot-supervisor mascot character with two big kindly eyes and a rosy blush, wearing a tiny site-foreman hard hat in soft violet (#7553FF), standing on a little mint-green platform and holding a small glowing clipboard with a checkmark.',
+        'In front of the mascot float three small rounded pipeline-segment shapes connected left-to-right like a little assembly line: the first two glow calm green, the third glows a gentle warning amber with a tiny magnifier-free spotlight on it — reinforcing the "watch the pipelines, spot the broken one, suggest a fix" idea WITHOUT any literal magnifying glass.',
+        'Background is a soft sunrise gradient of pale peach at the top blending through buttercream into a wash of dusty lavender at the base, tying the warm scene to the violet hard hat; a few small fluffy pastel clouds float in for friendliness.',
+        'Centered composition with the robot-supervisor as the focal point, the three pipeline segments arrayed below-front; plenty of breathing room so the silhouette reads at 64×64.',
+        'Mood is warm, reassuring, helpful — a friendly watchful helper, NOT tactical or corporate or alarming.',
+        'Soft rounded square 1024×1024 canvas with a subtle paper-grain texture.',
+        'NO text, NO letters, NO photo-realism, NO sleek 3D render, NO magnifying glass, NO speech bubbles, NO dark navy or near-black backgrounds, NO literal Slack / Lark / Zibby wordmark.',
+      ].join('\n'),
+      tags: ['On-call', 'Bug Triage', 'Notifications'],
+      capabilities: [
+        'Scheduled scan of every pipeline\'s recent run history',
+        'Flags pipelines by failure rate and slow-outlier duration',
+        'LLM proposes a specific, evidence-backed improvement per problem pipeline',
+        'Posts a review card to Slack or Lark — whichever your project has connected',
+        'Proposal-only: a human reviews and applies; the supervisor changes nothing',
+      ],
+      conversationStarters: [
+        'Scan my pipelines from the last 24h and flag the ones failing 40%+ of runs',
+        'Which of my workflows is the flakiest, and what should I change?',
+        'Propose a fix for any pipeline that keeps failing on the same step',
+        'Only supervise my deploy pipelines and post proposals to #eng',
+      ],
+    },
+  },
+
+  // ── ticket-triage: tracker-neutral triage building block ──────────
+  'ticket-triage': {
+    name: 'ticket-triage',
+    displayName: 'Ticket Triage',
+    description: 'Tracker-neutral triage building block — LLM-classifies one ticket (from any tracker) into a severity (CRITICAL…NOISE), a shouldAutofix decision, and a human summary. The first block of the bug-autofix pipeline; usable on its own.',
+    path: join(__dirname, 'ticket-triage'),
+    defaultSlug: 'ticket-triage',
+    deps: { zod: '^3.23.0' },
+    features: [
+      'Single LLM node: classify → { severity, shouldAutofix, summary }',
+      'Tracker-neutral input (Jira today; GitHub / Linear are extension points)',
+      'Severity rubric adapted from sentry-triage, with auditable reasoning',
+      'Tunable SEVERITY_THRESHOLD + free-form AUTOFIX_RULES per deploy',
+      'Designed to be dispatched as a sub-graph by the bug-autofix orchestrator',
+    ],
+    marketplace: {
+      slug: 'ticket-triage',
+      tagline: 'Triage any ticket: how bad is it, and should a bot fix it?',
+      iconPrompt: [
+        'A clean, friendly flat-design app icon for "Ticket Triage" — a workflow that sorts incoming tickets by severity.',
+        'Subject: a single rounded paper ticket/tag shape (like a luggage tag) centered on the canvas, tilted slightly, with three small colored signal dots stacked along its right edge — one green, one amber, one red — reading top-to-bottom as a severity scale.',
+        'Background: a soft rounded square with a gentle teal-to-sky gradient (#2DD4BF → #38BDF8). Subtle long shadow under the ticket for depth.',
+        'Style: modern flat illustration with soft gradients, the family of Linear / Height product icons. Crisp at 64×64.',
+        'NO text, NO letters, NO photorealism, NO mascot, NO trademarked Jira/Linear logos.',
+      ].join('\n'),
+      tags: ['Bug Triage', 'child-workflow'],
+      capabilities: [
+        'Classifies one ticket into a severity bucket with auditable reasoning',
+        'Decides shouldAutofix — is this concrete enough for an agent to fix?',
+        'Tracker-agnostic input; only Jira flows end-to-end in v1',
+        'Composable: the bug-autofix orchestrator calls it as a sub-graph',
+      ],
+      conversationStarters: [
+        'Triage this bug ticket and tell me if a bot could fix it',
+        'How severe is PROJ-123, and should we auto-fix it?',
+        'Never mark auth tickets as auto-fixable',
+      ],
+    },
+  },
+
+  // ── code-fix: clone → agent fix + inline test-gate → PR ───────────
+  'code-fix': {
+    name: 'code-fix',
+    displayName: 'Code Fix (clone → fix → PR)',
+    description: 'Clones a repo into an isolated workspace, has an agent fix one ticket with an inline test-gate (run the tests, feed failures back for one retry), and opens a PR. Output: { pr_url, branch }. The "do the work" block of the bug-autofix pipeline.',
+    path: join(__dirname, 'code-fix'),
+    defaultSlug: 'code-fix',
+    deps: { zod: '^3.23.0', axios: '^1.6.0' },
+    features: [
+      '3-node graph: setup (clone) → fix_code (agent + inline test-gate) → create_pr',
+      'Agent edits in an isolated Fargate workspace; SKILLS.GIT auto-auth clone',
+      'Inline test-gate: run npm test / pytest, feed failures back for ONE retry',
+      'Opens a GitHub PR off the pushed branch → { pr_url, branch }',
+      'Stops at the PR — a human reviews + merges (no auto-merge, no in-engine approval)',
+      'Auto-detects the test command (or override via TEST_COMMAND)',
+    ],
+    marketplace: {
+      slug: 'code-fix',
+      tagline: 'Hand it a ticket + a repo; get back a tested fix PR.',
+      iconPrompt: [
+        'A bold, modern app icon for "Code Fix" — a workflow that fixes a bug and opens a pull request.',
+        'Subject: a rounded wrench crossed subtly behind a git-branch / pull-request glyph (two nodes joined by a curved line), with a small green checkmark badge in the lower-right indicating tests passed.',
+        'Background: a soft rounded square with a deep indigo-to-violet gradient (#4F46E5 → #7C3AED). Soft inner glow behind the glyph.',
+        'Style: clean flat-with-depth product illustration, glossy but not skeuomorphic; the family of GitHub / Linear product marks. Crisp at 64×64.',
+        'NO text, NO letters, NO photorealism, NO mascot, NO trademarked GitHub/GitLab logos.',
+      ].join('\n'),
+      tags: ['Bug Triage', 'Testing', 'child-workflow'],
+      capabilities: [
+        'Clones the target repo into an isolated per-run workspace',
+        'Agent makes the smallest correct change to fix the ticket',
+        'Inline test-gate runs the suite and retries once on failure',
+        'Opens a GitHub PR with the diff, test status, and ticket link',
+        'Composable: the bug-autofix orchestrator calls it as a sub-graph',
+      ],
+      conversationStarters: [
+        'Fix PROJ-123 in the web repo and open a PR',
+        'Run the tests after fixing and retry once if they fail',
+        'Use pytest -q as the test command',
+      ],
+    },
+  },
+
+  // ── tracker-writeback: transition + comment + chat notify ─────────
+  'tracker-writeback': {
+    name: 'tracker-writeback',
+    displayName: 'Tracker Writeback',
+    description: 'Closes the loop after triage/fix — transitions the tracker issue (Jira → In Review when a PR opened), comments the PR link + verdict, and posts a Slack or Lark note. The writeback block of the bug-autofix pipeline (Jira in v1; GitHub / Linear are extension points).',
+    path: join(__dirname, 'tracker-writeback'),
+    defaultSlug: 'tracker-writeback',
+    deps: { zod: '^3.23.0', '@zibby/skills': '^0.1.26' },
+    features: [
+      'Single LLM node with SKILLS.JIRA + SKILLS.CHAT_NOTIFY',
+      'Jira: transition (fuzzy status match, reused) + comment the PR link/verdict',
+      'PR link rides in a comment (no Jira remote-link tool) — documented v1 fallback',
+      'Posts a short Slack OR Lark note (chat_notify, like notify-slack)',
+      'Runs on both branches: autofixed (PR up for review) and notify-only',
+      'jiraFetch is now exported so the remote-link extension point can reuse it',
+    ],
+    marketplace: {
+      slug: 'tracker-writeback',
+      tagline: 'Update the ticket, link the PR, ping the channel — done.',
+      iconPrompt: [
+        'A clean, friendly flat-design app icon for "Tracker Writeback" — a workflow that updates a ticket and notifies a chat channel.',
+        'Subject: a rounded ticket/card shape with a small curved "return" arrow looping back into it, and a tiny speech-bubble badge in the upper-right (the chat notification).',
+        'Background: a soft rounded square with a warm coral-to-amber gradient (#FB7185 → #FBBF24). Subtle drop shadow for depth.',
+        'Style: modern flat illustration with soft gradients, the family of Linear / Slack product icons. Crisp at 64×64.',
+        'NO text, NO letters, NO photorealism, NO mascot, NO trademarked Jira/Slack/Lark logos.',
+      ].join('\n'),
+      tags: ['Notifications', 'child-workflow'],
+      capabilities: [
+        'Transitions the Jira issue to a review/triage status (fuzzy-matched)',
+        'Comments the triage summary + the PR link on the ticket',
+        'Posts a short Slack or Lark note — whichever the project has connected',
+        'Runs on both the autofixed and notify-only branches',
+        'Composable: the bug-autofix orchestrator calls it as a sub-graph',
+      ],
+      conversationStarters: [
+        'Move PROJ-123 to In Review and comment the PR link',
+        'Post to #eng when a fix PR is opened',
+        'When a ticket can\'t be auto-fixed, comment why and ping a human',
+      ],
+    },
+  },
+
+  // ── bug-autofix: the ⭐ orchestrator (poll → triage → fix → writeback) ─
+  'bug-autofix': {
+    name: 'bug-autofix',
+    displayName: 'Bug Autofix Pipeline',
+    description: 'The composable bug-autofix SDLC pipeline. Polls a tracker, then connects three reusable building blocks via sub-graph dispatch: ticket-triage → (autofixable?) → code-fix → tracker-writeback. High-severity autofixable bugs get a tested fix PR opened and the ticket moved to In Review; everything else is triaged and a human is notified. Stops at the PR — a human merges.',
+    path: join(__dirname, 'bug-autofix'),
+    defaultSlug: 'bug-autofix',
+    deps: { zod: '^3.23.0', '@zibby/skills': '^0.1.26' },
+    features: [
+      'Orchestrator: poll → ticket-triage → code-fix → tracker-writeback',
+      'Composes 3 marketplace templates via Zibby sub-graph dispatch ({ workflow: slug })',
+      'Routes on triage: severity ≥ floor AND shouldAutofix → fix; else notify-only',
+      'Cron-poll of the tracker, or per-ticket webhook (ticketKey)',
+      'Each child is a separate linked execution (parentExecutionId tree-view)',
+      'Stops at PR opened + tracker written back — human merges (no in-engine approval)',
+    ],
+    marketplace: {
+      slug: 'bug-autofix',
+      tagline: 'Poll bugs, triage, open a tested fix PR, write the ticket back — on autopilot.',
+      iconPrompt: [
+        'A premium, hi-fi app icon for "Bug Autofix" — an orchestrator that turns a bug ticket into a reviewed fix PR automatically.',
+        'Visual style: 3D-rendered hero object floating in space, in the style of Apple Vision Pro icons or a Stripe product render. Glossy, dimensional, soft rim-light.',
+        'Subject: a friendly 3D ladybug-style bug figure being lifted/healed by a glowing violet loop-arrow that circles it (the autofix cycle), with three small connected glossy nodes orbiting around — suggesting a pipeline of stages. A tiny green checkmark spark where the loop closes.',
+        'Background: a deep midnight-navy gradient (#0F172A → #1E1B4B) with a soft violet glow (#7C3AED) behind the subject and a few faint star specks. Square 1024×1024.',
+        'Composition: subject centered, subtle drop shadow. Mood: confident, premium, "it just handles it" — the flagship of the set.',
+        'NO text, NO letters, NO flat sticker style, NO trademarked logos. This one is DEEP and 3D-rendered, distinct from the three flat building-block icons.',
+      ].join('\n'),
+      tags: ['Bug Triage', 'Incidents'],
+      capabilities: [
+        'Polls your tracker for candidate bugs (JQL) or runs per-ticket via webhook',
+        'Triages each ticket, then routes autofixable ones to an agent fix',
+        'Opens a tested fix PR and moves the ticket to In Review',
+        'Notifies a human for anything it shouldn\'t auto-fix',
+        'Composes three reusable templates — swap or reuse the blocks independently',
+      ],
+      conversationStarters: [
+        'Poll my open bugs and auto-fix the autofixable ones',
+        'When a P1 bug comes in, open a fix PR and move it to In Review',
+        'Only auto-fix HIGH+ severity bugs; notify a human for the rest',
+        'Run the bug-autofix pipeline on PROJ-123',
+      ],
+    },
+  },
+
+  // ── github-ai-scout: daily AI-project discovery → Slack shortlist ─
+  'github-ai-scout': {
+    name: 'github-ai-scout',
+    displayName: 'Daily GitHub AI Scout',
+    description: 'A daily scout that searches GitHub for new/trending AI projects, scores them against YOUR configurable rubric with an LLM, and posts a Slack shortlist for a human to review. General + config-driven — the query, recency/star thresholds, and rubric are all deploy-time inputs. Proposes a shortlist; never stars, forks, or auto-adds anything.',
+    path: join(__dirname, 'github-ai-scout'),
+    defaultSlug: 'github-ai-scout',
+    deps: { zod: '^3.23.0', '@zibby/skills': '^0.1.25' },
+    features: [
+      '3-node graph: scan (GitHub search API) → score (LLM rubric) → digest (Slack)',
+      'Cron-friendly: daily schedule, default daysBack=30 / minStars=30',
+      'Configurable query + rubric — point it at any topic + taste, nothing is hard-coded',
+      'LLM ranks + filters candidates; only ever picks from the scanned repos (no invented repos)',
+      'excludeRepos allow-list dedups against projects you already track',
+      'Renders a native Slack Block-Kit card via the notify-slack sub-graph',
+      'Proposes a shortlist — a human reviews, the scout never auto-acts',
+    ],
+    marketplace: {
+      slug: 'github-ai-scout',
+      tagline: 'Scout new AI projects on GitHub every morning — scored to your taste, shortlisted in Slack.',
+      iconPrompt: [
+        'A premium, hi-fi app icon for "Daily GitHub AI Scout" — a workflow that scans GitHub for new AI projects and shortlists the best ones.',
+        'Visual style: 3D-rendered hero object floating in space, in the style of Apple Vision Pro icons or a Stripe product render. Glossy, dimensional, with subtle reflections and a soft rim-light.',
+        'Subject: a sleek 3D-rendered pair of binoculars (or a small telescope) tilted up in three-quarter perspective, its glossy violet body catching a soft rim-light, sweeping a thin glowing scan-beam across a small cluster of glossy golden five-pointed STARS — two or three stars caught bright in the beam, a few fainter ones drifting past. A single tiny AI spark — a small four-point sparkle in soft cyan — glints near the lens to signal the smart-scoring step, and one small rounded code-bracket glyph "{ }" floats subtly in the lower corner to hint at "code repositories" WITHOUT any logo.',
+        'Background: a deep midnight-navy gradient (#0F172A at the top, #1E1B4B at the bottom) with a single soft violet glow (#7553FF) behind the binoculars and a scatter of faint star-like specks across the canvas. Square format, 1024×1024.',
+        'Composition: binoculars centered and slightly raised, scan-beam angled up-right toward the brightest star, subtle drop shadow on the canvas. Mood: curious, premium, "always watching the frontier".',
+        'NO text, NO letters, NO numbers, NO flat sticker style, NO mascot face, NO magnifying glass, NO trademarked GitHub octocat / Slack / OpenAI logos — this one is DEEP and 3D-rendered.',
+      ].join('\n'),
+      tags: ['Reports', 'Notifications'],
+      capabilities: [
+        'Searches GitHub daily for newly-created, trending repositories matching your query',
+        'Filters by recency (created within N days) and a minimum star count',
+        'Scores every candidate 1-5 against your plain-English rubric with an LLM',
+        'Keeps a tight shortlist of the best finds — drops abandoned demos and trivial wrappers',
+        'Dedups against repos you already track via an excludeRepos allow-list',
+        'Posts a numbered Block-Kit shortlist to Slack — stars, language, license, one-line reason, link',
+      ],
+      conversationStarters: [
+        'Scout new AI agent frameworks on GitHub every morning',
+        'Find trending RAG and LLM repos created this month and shortlist the best 8',
+        'Only surface repos with 100+ stars and a real README; skip the ones I already track',
+        'Post a daily GitHub AI radar to our #ai-radar Slack channel',
+      ],
+    },
+  },
+
+  // ── github-code-review: review a GitHub PR → post the review back ─
+  'github-code-review': {
+    name: 'github-code-review',
+    displayName: 'GitHub Code Review',
+    description: 'Reviews a GitHub pull request with an LLM and posts the review back to the PR — a summary plus inline comments and an APPROVE / COMMENT / REQUEST_CHANGES verdict. If the PR is linked to a Jira or Linear ticket (and that integration is connected), it ALSO validates the change against the ticket\'s acceptance criteria and renders an objectives-met table, the way CodeRabbit does. GitHub required; Jira/Linear optional (ticket context only).',
+    path: join(__dirname, 'github-code-review'),
+    defaultSlug: 'github-code-review',
+    deps: { zod: '^3.23.0', '@zibby/skills': '^0.1.33' },
+    features: [
+      '3-node graph: fetch_pr (github) → fetch_ticket (optional) → review (LLM)',
+      'Posts a real PR review via github_create_review — summary body + inline comments + verdict',
+      'DYNAMIC prompt: linked ticket → objectives-met table vs ticket acceptance criteria; no ticket → standalone diff review (never mentions a ticket)',
+      'Jira/Linear are OPTIONAL — fetched via direct tool calls so they don\'t gate deploy',
+      'Webhook-triggered on a PR: { owner, repo, prNumber }',
+      'Reviews + comments only — never merges, closes, or pushes',
+    ],
+    marketplace: {
+      slug: 'github-code-review',
+      tagline: 'Auto-review every GitHub PR — inline comments, a verdict, and objectives checked against the linked ticket.',
+      iconPrompt: [
+        'A premium, hi-fi app icon for "GitHub Code Review" — a workflow that reviews a GitHub pull request and posts the review back inline.',
+        'Visual style: 3D-rendered hero object floating in space, in the style of Apple Vision Pro icons or a Stripe product render. Glossy, dimensional, with subtle reflections and a soft rim-light.',
+        'Subject: a sleek 3D-rendered DARK octocat-style cat-with-tentacles silhouette (an original friendly cephalopod-cat creature, NOT the literal trademarked GitHub Octocat logo) rendered in glossy obsidian-black with a soft violet rim-light, holding a small glowing magnifier over a floating diff card; on the diff card two short code lines glow — one soft red (a removed line), one soft green (an added line) — and a small cyan check-mark sparkle sits at the corner to signal "reviewed". The whole motif reads "dark code-review".',
+        'Background: a deep charcoal-to-midnight gradient (#0D1117 at the top — GitHub\'s dark canvas — to #161B22 at the bottom) with a single soft violet glow (#7C3AED) behind the creature and a scatter of faint specks. Square format, 1024×1024.',
+        'Composition: creature centered and slightly raised, magnifier angled toward the diff card, subtle drop shadow. Mood: focused, premium, "nothing ships unreviewed".',
+        'NO text, NO letters, NO numbers, NO flat sticker style, NO the real trademarked GitHub Octocat logo or GitHub wordmark — make it an ORIGINAL dark cephalopod-cat. This one is DEEP and 3D-rendered.',
+      ].join('\n'),
+      tags: ['Code Review'],
+      capabilities: [
+        'Reads the PR diff + changed files and reviews correctness, bugs, security, tests, design, and style',
+        'Posts the review back to the PR: a summary, inline comments on specific lines, and a verdict',
+        'When a ticket is linked, validates the change against its acceptance criteria with an objectives-met table',
+        'Optionally pulls ticket context from Jira or Linear — but neither is required to run',
+        'Webhook-driven: point a PR-opened/synchronize hook at it',
+        'Proposes feedback only — a human still decides and merges',
+      ],
+      conversationStarters: [
+        'Review pull request #412 in acme/web-app',
+        'Auto-review every new PR and post inline comments',
+        'Review this PR and check it against the linked Jira ticket\'s acceptance criteria',
+        'Block the merge if a PR introduces a security or missing-test issue',
+      ],
+    },
+  },
+
+  // ── gitlab-code-review: review a GitLab MR → post the review back ─
+  'gitlab-code-review': {
+    name: 'gitlab-code-review',
+    displayName: 'GitLab Code Review',
+    description: 'Reviews a GitLab merge request with an LLM and posts the review back to the MR — a summary note plus inline discussion comments and a clear verdict. If the MR is linked to a Jira or Linear ticket (and that integration is connected), it ALSO validates the change against the ticket\'s acceptance criteria and renders an objectives-met table, the way CodeRabbit does. GitLab required; Jira/Linear optional (ticket context only).',
+    path: join(__dirname, 'gitlab-code-review'),
+    defaultSlug: 'gitlab-code-review',
+    deps: { zod: '^3.23.0', '@zibby/skills': '^0.1.33' },
+    features: [
+      '3-node graph: fetch_mr (gitlab) → fetch_ticket (optional) → review (LLM)',
+      'Posts a real MR review via gitlab_create_mr_review — summary note + inline discussions',
+      'DYNAMIC prompt: linked ticket → objectives-met table vs ticket acceptance criteria; no ticket → standalone diff review (never mentions a ticket)',
+      'Jira/Linear are OPTIONAL — fetched via direct tool calls so they don\'t gate deploy',
+      'Webhook-triggered on an MR: { projectId, mrIid }',
+      'Works against gitlab.com and self-hosted instances',
+    ],
+    marketplace: {
+      slug: 'gitlab-code-review',
+      tagline: 'Auto-review every GitLab MR — inline discussions, a verdict, and objectives checked against the linked ticket.',
+      iconPrompt: [
+        'A premium, hi-fi app icon for "GitLab Code Review" — a workflow that reviews a GitLab merge request and posts the review back inline.',
+        'Visual style: 3D-rendered hero object floating in space, in the style of Apple Vision Pro icons or a Stripe product render. Glossy, dimensional, with subtle reflections and a soft rim-light.',
+        'Subject: a sleek 3D-rendered ORANGE FOX head (an original friendly fox character evoking GitLab\'s tanuki-fox spirit WITHOUT copying the literal trademarked GitLab logo), rendered in glossy gradient orange (#FC6D26 → #E24329) with a soft rim-light, peering over a floating merge-request card; on the card two short code lines glow — one soft red (a removed line), one soft green (an added line) — and two small branch lines MERGE into one with a glowing node at the join to signal "merge request". A tiny cyan check-mark sparkle sits at the corner for "reviewed".',
+        'Background: a deep midnight-navy gradient (#1F1B3A at the top to #2E2150 at the bottom) that makes the orange fox POP, with a soft warm-orange glow behind the fox and a scatter of faint specks. Square format, 1024×1024.',
+        'Composition: fox centered and slightly raised, peering down at the merge-request card, subtle drop shadow. Mood: clever, warm, premium — clearly ORANGE-FOX so it is instantly distinguishable from the dark GitHub review icon.',
+        'NO text, NO letters, NO numbers, NO flat sticker style, NO the real trademarked GitLab tanuki logo or wordmark — make it an ORIGINAL orange fox. This one is DEEP and 3D-rendered.',
+      ].join('\n'),
+      tags: ['Code Review'],
+      capabilities: [
+        'Reads the MR diff + changed files and reviews correctness, bugs, security, tests, design, and style',
+        'Posts the review back to the MR: a summary note, inline discussion comments on specific lines, and a verdict',
+        'When a ticket is linked, validates the change against its acceptance criteria with an objectives-met table',
+        'Optionally pulls ticket context from Jira or Linear — but neither is required to run',
+        'Works against gitlab.com and self-hosted GitLab instances',
+        'Proposes feedback only — a human still decides, approves, and merges',
+      ],
+      conversationStarters: [
+        'Review merge request !73 in acme/web-app',
+        'Auto-review every new MR and post inline discussions',
+        'Review this MR and check it against the linked Jira ticket\'s acceptance criteria',
+        'Flag any MR that introduces a security or missing-test issue',
+      ],
+    },
+  },
 };
 
 export class TemplateFactory {

package/notify-lark/package.json

@@ -10,7 +10,8 @@
   },
   "dependencies": {
     "@zibby/core": "^0.5.1",
-    "zod": "^3.23.0"
+    "@zibby/skills": "^0.1.28",
+    "zod": "^3.23.0 || ^4.0.0"
   },
   "devDependencies": {
     "vitest": "^2.1.5"

package/notify-slack/package.json

@@ -10,7 +10,8 @@
   },
   "dependencies": {
     "@zibby/core": "^0.5.1",
-    "zod": "^3.23.0"
+    "@zibby/skills": "^0.1.28",
+    "zod": "^3.23.0 || ^4.0.0"
   },
   "devDependencies": {
     "vitest": "^2.1.5"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zibby/workflow-templates",
-  "version": "0.7.1",
+  "version": "0.9.1",
   "description": "Built-in workflow templates for Zibby — browser-test-automation, code-analysis, generate-test-cases, notify-slack, notify-lark, notify-notion, sentry-triage.",
   "type": "module",
   "main": "index.js",
@@ -25,6 +25,8 @@
     "./sentry-triage/*": "./sentry-triage/*",
     "./ai-spend-weekly-digest": "./ai-spend-weekly-digest/graph.mjs",
     "./ai-spend-weekly-digest/*": "./ai-spend-weekly-digest/*",
+    "./pipeline-supervisor": "./pipeline-supervisor/graph.mjs",
+    "./pipeline-supervisor/*": "./pipeline-supervisor/*",
     "./package.json": "./package.json"
   },
   "scripts": {
@@ -56,6 +58,7 @@
     "notify-lark/",
     "notify-notion/",
     "sentry-triage/",
+    "pipeline-supervisor/",
     "index.js",
     "register-nodes.js",
     "global-setup.js",

package/pipeline-supervisor/README.md

@@ -0,0 +1,51 @@
+# pipeline-supervisor
+
+**Zibby managing Zibby.** A scheduled "监工 / supervisor" workflow that watches
+the project's *other* pipelines, finds the ones that are failing or slow, and
+posts a human-reviewable improvement proposal to Slack or Lark.
+
+v1 is strictly **READ → PROPOSE → NOTIFY**. It never edits another workflow's
+graph — that's the safe L3 starting point. The auto-PATCH step is a marked TODO
+in `nodes/propose-node.js`, deliberately not implemented.
+
+## Graph
+
+```
+scan_pipelines        (deterministic + Zibby REST API, PAT-authed)
+   → propose_improvements (LLM — one proposal per flagged pipeline)
+   → notify               (LLM + SKILLS.CHAT_NOTIFY — one review card)
+```
+
+If `scan_pipelines` flags nothing, the graph short-circuits straight to
+`notify` (which posts/skips without a Claude call on the proposer).
+
+## How it reads other pipelines
+
+A direct authed `GET /executions?projectId=<id>&limit=200` against the Zibby
+REST API (the same route the dashboard + remote MCP server use), carrying a
+**user personal access token** in `Authorization: Bearer`.
+
+It must be a USER PAT (`zby_pat_…`), **not** the Fargate-injected
+`PROJECT_API_TOKEN`: every cross-pipeline read route (`/executions`, `/jobs`,
+`/all`) requires a `userId` from the authorizer, and a project token carries
+none — so it 401s. See the header comment in `nodes/scan-pipelines-node.js`
+for the full rationale.
+
+## Config (ENV tab)
+
+Required:
+- `ZIBBY_PAT` — user personal access token the supervisor reads executions with.
+- `SLACK_CHANNEL` **or** `LARK_RECEIVE_ID` — where the review card goes.
+
+Optional:
+- `SUPERVISOR_PROJECT_ID` — project to supervise (defaults to the running project).
+- `SLACK_MENTIONS` / `LARK_MENTIONS` — JSON array of mentions on the card.
+
+## Input (per-run dials)
+
+| field | default | meaning |
+|---|---|---|
+| `lookbackHours` | 24 | hours of execution history to scan |
+| `minFailRate` | 0.4 | flag a pipeline failing ≥ this fraction of recent runs |
+| `targetWorkflowTypes` | — | optional name filter (case-insensitive substring) |
+| `maxPipelines` | 25 | cap on distinct pipelines analyzed per run |

package/pipeline-supervisor/graph.mjs

@@ -0,0 +1,75 @@
+/**
+ * pipeline-supervisor — Zibby's flagship "监工 / supervisor" workflow.
+ * "Zibby managing Zibby": a scheduled run that watches the project's OTHER
+ * pipelines and PROPOSES improvements. v1 is strictly READ + PROPOSE +
+ * NOTIFY — it never edits another workflow's graph (the safe L3 boundary).
+ *
+ *   scan_pipelines        (deterministic + Zibby REST) → pull recent
+ *                          executions across pipelines (PAT-authed), roll
+ *                          up per-pipeline health, flag failing/slow ones.
+ *        ↓
+ *   propose_improvements  (LLM)                         → one concrete,
+ *                          reviewable proposal per flagged pipeline
+ *                          (add test gate / tweak prompt / add approval
+ *                          gate / drop redundant step).
+ *        ↓
+ *   notify                (LLM + SKILLS.CHAT_NOTIFY)    → ONE review card
+ *                          to Slack OR Lark: "Pipeline X failed 4/5 on step
+ *                          Y. I'd suggest <change>. (review)".
+ *
+ * Short-circuit: if scan_pipelines flags nothing, skip the LLM proposer and
+ * route straight to notify (which posts a green "all healthy" no-op). The
+ * idle path is the common case — most runs find nothing wrong — so we don't
+ * spend a Claude call manufacturing proposals from an empty list.
+ */
+
+import { WorkflowAgent, WorkflowGraph } from '@zibby/core';
+
+import { scanPipelinesNode } from './nodes/scan-pipelines-node.js';
+import { proposeNode } from './nodes/propose-node.js';
+import { notifyNode } from './nodes/notify-node.js';
+
+import {
+  pipelineSupervisorInputSchema,
+  pipelineSupervisorContextSchema,
+} from './state.js';
+
+export class PipelineSupervisorAgent extends WorkflowAgent {
+  buildGraph() {
+    const graph = new WorkflowGraph();
+    graph
+      .setInputSchema(pipelineSupervisorInputSchema)
+      .setContextSchema(pipelineSupervisorContextSchema);
+
+    graph.addNode('scan_pipelines', scanPipelinesNode);
+    graph.addNode('propose_improvements', proposeNode);
+    graph.addNode('notify', notifyNode);
+
+    graph.setEntryPoint('scan_pipelines');
+
+    // No flagged pipelines → skip the proposer, go straight to notify. The
+    // notify node's no-op short-circuit posts (or skips) without a model
+    // round-trip, so an all-healthy scan costs one Claude call at most.
+    graph.addConditionalEdges('scan_pipelines', (state) => {
+      const flagged = (state?.scan_pipelines?.pipelines || []).filter((p) => p.flagged);
+      return flagged.length === 0 ? 'notify' : 'propose_improvements';
+    });
+    graph.addEdge('propose_improvements', 'notify');
+    graph.addEdge('notify', 'END');
+
+    return graph;
+  }
+
+  async onComplete(result) {
+    const pipelines = result?.state?.scan_pipelines?.pipelines || [];
+    const flagged = pipelines.filter((p) => p.flagged).length;
+    const proposals = result?.state?.propose_improvements?.proposals?.length || 0;
+    const s = result?.state?.notify?.summary || {};
+    console.log(
+      `[pipeline-supervisor] complete — pipelines=${pipelines.length}, flagged=${flagged}, ` +
+      `proposals=${proposals}, sent=${s.sent || 0}, skipped=${s.skipped || 0}, failed=${s.failed || 0}`,
+    );
+  }
+}
+
+export default PipelineSupervisorAgent;

package/pipeline-supervisor/node_modules/.vite/vitest/da39a3ee5e6b4b0d3255bfef95601890afd80709/results.json

@@ -0,0 +1 @@
+{"version":"4.1.7","results":[[":__tests__/graph.integration.test.js",{"duration":7.337875000000054,"failed":false}]]}