bochi is a GitHub bot that automatically tracks dependencies across npm, pip, and uv. It analyzes breaking changes using Mistral AI and creates intelligent pull requests with detailed impact analysis.
Three simple steps to enable dependency tracking
Visit the GitHub Marketplace and add bochi to your repositories
Create a .bochi.yml file in your repo to customize update policies and grouping
Review PRs and use @bochi approve, @bochi skip, or @bochi scan commands
grouping: minor security: priority: true notify_immediately: true breaking_changes: require_approval: true assign_to: maintainers
Track dependencies from npm, pip, and uv package managers with extensible architecture
Rule-based filtering combined with Mistral AI for deep breaking change analysis
Immediate alerts for critical vulnerabilities with priority handling
No external database needed - uses GitHub issues and PRs as state management
Comment @bochi approve, skip, or scan for full control over updates
Per-repository .bochi.yml for customized update policies and grouping
Parses lockfiles (package-lock.json, requirements.txt, uv.lock) and detects package managers
Adapters check npm, PyPI, and other registries for available updates
Hybrid analysis: rule-based semver checks + Mistral AI for complex breaking changes
Creates grouped PRs with detailed descriptions, risk scores, and maintainer assignments