-
Notifications
You must be signed in to change notification settings - Fork 1
Pipeline Plan 58
Seth Ford edited this page Feb 14, 2026
·
1 revision
The plan file is in a sensitive directory. Let me output the plan directly instead.
The implementation plan has been written to .claude/pipeline-artifacts/plan.md. Here's the summary:
| File | Action | Purpose |
|---|---|---|
scripts/sw-deps.sh |
Create | Core module — PR detection, risk classification, auto-merge |
scripts/sw-deps-test.sh |
Create | Unit tests — version parsing, risk scoring, merge decisions |
scripts/sw-daemon.sh |
Modify | Add daemon_poll_dependabot() in sweep loop + config loading |
scripts/sw |
Modify | Add deps subcommand to CLI router |
.claude/daemon-config.json |
Modify | Add dependabot configuration section |
.github/workflows/shipwright-deps.yml |
Create | CI-native Dependabot PR handling |
package.json |
Modify | Register test suite |
Core functions:
-
deps_fetch_prs()— Fetch open PRs byapp/dependabotandapp/renovateviagh pr list, cached (TTL 300s) -
deps_classify_risk()— Parse PR titles for semver bumps:"Bump <pkg> from <old> to <new>". Classify as patch (score=10, low risk), minor (score=50, medium), major (score=90, high), or group (score=60, medium) -
deps_select_strategy()— Map risk to template: patch→fast+auto_merge, minor→standard+CI-gated, major→full+human review -
deps_check_breaking_changes()— Scan PR body for "BREAKING", "deprecation", "removed" keywords; elevate risk if found -
deps_run_tests()— Checkout PR branch, run test suite, capture results -
deps_auto_merge()— Approve + merge eligible PRs, flag others with comment -
deps_process_all()— Orchestrate: fetch → classify → check → test → merge/flag; emitdeps.sweepevent
CLI subcommands: scan, review <pr>, merge <pr>, status
In sw-daemon.sh:
-
load_config(): AddDEPS_ENABLED,DEPS_AUTO_MERGE,DEPS_POLL_INTERVAL,DEPS_BATCH_SIZEfromdependabot.*config -
daemon_poll_loop()(~line 4898): Add Dependabot sweep every N cycles alongside existing patrol - New
daemon_poll_dependabot(): Sourcessw-deps.sh, runsdeps_process_all, respectsNO_GITHUB, rate limits, andMAX_PARALLEL
Add deps) case in scripts/sw dispatching to sw-deps.sh
"dependabot": { "enabled": true, "auto_merge": true, "poll_interval_cycles": 3, "risk_thresholds": { "patch": {"template": "fast", "auto_merge": true, "auto_approve": true}, "minor": {"template": "standard", "auto_merge": true, "auto_approve": false}, "major": {"template": "full", "auto_merge": false, "auto_approve": false} }, "max_auto_merges_per_sweep": 3 }
Triggers on pull_request from dependabot[bot], runs tests, auto-merges patch-level updates
7 test categories: version parsing (6 tests), risk classification (5), strategy selection (4), breaking change detection (4), merge decisions (4), event emission (3), integration (3). Uses mock gh binary, NO_GITHUB=true, standard PASS/FAIL harness.
- Task 1: Create
sw-deps.shboilerplate + CLI router - Task 2: Implement
deps_fetch_prs() - Task 3: Implement
deps_classify_risk() - Task 4: Implement
deps_select_strategy() - Task 5: Implement
deps_check_breaking_changes() - Task 6: Implement
deps_run_tests() - Task 7: Implement
deps_auto_merge()+deps_process_all() - Task 8: Daemon integration (config + sweep loop)
- Task 9: CLI router update
- Task 10: daemon-config.json update
- Task 11: GitHub Actions workflow
- Task 12: Tests — version parsing + risk classification
- Task 13: Tests — strategy, breaking changes, merge decisions
- Task 14: Tests — events + integration flow
- Task 15: Register in package.json + verify
npm test
- Dependabot PRs detected and classified by risk (scan subcommand)
- Patch updates auto-merge after tests pass
- Major updates flagged for human review with comment
- Breaking change detection works
- All tests pass (
sw-deps-test.sh+npm test) - Bash 3.2 compatible (no associative arrays, no
readarray, no${var,,}) - Events emitted:
deps.sweep,deps.merged,deps.flagged