docs(examples): provide dependency review spawner

[knechtionscoding]

What type of PR is this?

/kind docs

What this PR does / why we need it:

Add a use case example for automated dependency review via TaskSpawner. When
Renovate or Dependabot opens a PR, a read-only agent investigates the package
change, assesses risk, and either auto-approves safe bumps or escalates to the
best human reviewer (identified via git blame history).

Includes a TaskSpawner manifest with author-filtered webhooks, structured review
output, conditional auto-approval, and reviewer identification patterns.

Which issue(s) this PR is related to:

Refs #981
Refs #945

#981 proposes supply chain compliance (SBOM, license auditing, provenance).
Dependency review is the first step toward that goal — understanding each
dependency change as it arrives.

#945 proposes IaC lifecycle automation for Terraform providers. This use case
demonstrates the same "external tool opens a PR → agent reviews it" pattern that
IaC provider upgrades would follow.

Special notes for your reviewer:

This is a documentation-only change adding example manifests under a use case
directory. No API or controller changes.

Does this PR introduce a user-facing change?

NONE

[greptile-apps]

Greptile Summary

This PR adds a documentation-only example (14-dependency-review-spawner) showing how to use a Kelos TaskSpawner to auto-review Renovate/Dependabot PRs — assessing risk, auto-approving safe bumps, and escalating risky ones to the best human reviewer via git-blame history. It also introduces a new shared-agent-configs.yaml with reusable readonly-agent and solver-agent AgentConfig definitions referenced by use-case examples.

• The example's own README.md does not instruct users to apply shared-agent-configs.yaml before deploying; Tasks will fail at runtime when the agentConfigRef: readonly-agent reference cannot be resolved.
• The "Production-tested" label in examples/README.md is unsupported for a newly added example.

Confidence Score: 5/5

Safe to merge — all findings are P2 documentation improvements that do not block functionality.

Both findings are P2: a missing cross-reference to the prerequisite apply step and a minor wording concern. Neither affects API contracts, controller logic, or CRD schemas. The YAML is well-structured with clear TODO markers and the overall pattern is sound.

examples/14-dependency-review-spawner/README.md — missing explicit instruction to apply shared-agent-configs.yaml before deploying the TaskSpawner.

Important Files Changed

Filename	Overview
examples/14-dependency-review-spawner/README.md	Documentation for the new example; missing an explicit instruction to apply shared-agent-configs.yaml before the TaskSpawner, which will cause runtime failures when Tasks try to resolve the AgentConfig reference.
examples/14-dependency-review-spawner/taskspawner.yaml	New TaskSpawner manifest with webhook filters, reviewer-identification logic, and structured prompt template; well-structured with appropriate TODO markers, but the README doesn't document that shared-agent-configs.yaml must be applied first.
examples/shared-agent-configs.yaml	New shared AgentConfig definitions (readonly-agent and solver-agent); clear role/restriction descriptions and reasonable defaults.
examples/README.md	Index updated with new 'Use Case Patterns' subsection linking to example 14; 'Production-tested' label is unsupported for a newly added example.

Sequence Diagram

sequenceDiagram
    participant Bot as Renovate/Dependabot
    participant GH as GitHub
    participant Kelos as TaskSpawner
    participant Agent as Agent Pod
    participant Dev as Human Reviewer

    Bot->>GH: Opens dependency upgrade PR
    GH->>Kelos: pull_request webhook event
    Kelos->>Kelos: Apply author/state/draft filters
    Kelos->>Agent: Spawn read-only Task
    Agent->>GH: Read PR diff and changelog
    Agent->>Agent: Search codebase for package usage
    Agent->>Agent: Assess risk level
    alt Safe to merge
        Agent->>GH: Approve PR via gh pr review
        Agent->>GH: Add agent-reviewed label
    else Needs human review
        Agent->>GH: Look up frequent committers via git log
        Agent->>GH: Resolve committer to GitHub login
        Agent->>GH: Request reviewer via gh pr edit
        Agent->>GH: Post analysis comment
        Agent->>GH: Add agent-reviewed label
        GH-->>Dev: Review requested notification
    end

Loading

Prompt To Fix All With AI

Fix the following 2 code review issues. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 2
examples/14-dependency-review-spawner/README.md:42-46
**Missing prerequisite apply step for shared AgentConfig**

The **Prerequisites** section lists "A shared read-only AgentConfig" but never tells users to apply `shared-agent-configs.yaml`. The **Files** section only lists `taskspawner.yaml`, omitting the dependency. When a spawned Task tries to resolve `agentConfigRef: name: readonly-agent`, it will fail at runtime because no `AgentConfig` of that name exists in the cluster unless the user has applied `examples/shared-agent-configs.yaml` first.

Consider adding an explicit step and listing the shared config in the Files section:

```markdown
## Prerequisites

- GitHub webhook configured to send `pull_request` events to Kelos
- `gh` CLI available in the agent image
- A shared read-only AgentConfig (apply once per cluster):
  ```bash
  kubectl apply -f examples/shared-agent-configs.yaml
  ```
```

### Issue 2 of 2
examples/README.md:29-30
**"Production-tested" claim unsupported for a brand-new example**

The section description reads "Production-tested TaskSpawner patterns" but this is a newly added example with no stated production history. Consider wording like "Production-ready patterns" or simply "TaskSpawner use-case patterns" to avoid an unsupported claim.

_{Reviews (1): Last reviewed commit: "docs(examples): provide dependency revi..." | Re-trigger Greptile}

[cubic-dev-ai]

No issues found across 4 files