Skip to content

chore(skills): add /dependabot for end-to-end alert and PR processing#1567

Merged
steilerDev merged 1 commit into
betafrom
chore/dependabot-skill
May 25, 2026
Merged

chore(skills): add /dependabot for end-to-end alert and PR processing#1567
steilerDev merged 1 commit into
betafrom
chore/dependabot-skill

Conversation

@steilerDev
Copy link
Copy Markdown
Owner

@steilerDev steilerDev commented May 25, 2026

Summary

  • Adds .claude/skills/dependabot/SKILL.md — a new orchestration skill that processes every open Dependabot PR and security alert in a single pass.
  • Mandatory parallel changelog analysis (security-engineer + product-architect) before any merge, catching breaking changes and surfacing adoption opportunities as batched enhancement issues.
  • Fix loop (up to 3 iterations) for failing Dependabot PRs, with delegation to the appropriate agent based on failure category (app code, tests, CI/workflow, lockfile).
  • Orphan alerts (no matching PR) get their own fix/dependabot-<ghsa-id>-<short> branch via dev-team-lead [MODE: spec]. Never auto-dismisses — surfaces dismissal recommendations to the user.

Test plan

  • Quality Gates pass
  • Skill discoverable via the standard skill list (confirmed locally: dependabot appears in available-skills)
  • Frontmatter parses; all agent references resolve to files under .claude/agents/; every gh command targets steilerDev/cornerstone
  • Dry-run when a Dependabot batch is open: Inventory + Classify steps produce expected output before any destructive action

Tooling-only change — no production files under server/, client/, or shared/ modified.

🤖 Generated with Claude Code

@claude
chore(skills): add /dependabot for end-to-end alert and PR processing
c0a2007 
Orchestrates the full agent team to process every open Dependabot PR
and security alert in one pass: parallel changelog analysis
(security-engineer + product-architect) before merge, fix loop for
failing PRs (up to 3 iterations), fix/dependabot-<ghsa> branch for
orphan alerts, and batched enhancement issues for adoption
opportunities. Never auto-dismisses alerts.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@steilerDev steilerDev force-pushed the chore/dependabot-skill branch from 1820b60 to c0a2007 Compare May 25, 2026 08:34
@steilerDev steilerDev merged commit 8f30048 into beta May 25, 2026
12 checks passed
@steilerDev steilerDev deleted the chore/dependabot-skill branch May 25, 2026 08:44
@github-actions
Copy link
Copy Markdown
Contributor

ghost commented May 25, 2026

🎉 This PR is included in version 2.7.0-beta.12 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

released on @beta

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@steilerDev