一键导入
dependabot-remediation
Plan and execute backend and frontend Dependabot remediation with wave-based sequencing, resolver validation, and post-merge closure checks.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Plan and execute backend and frontend Dependabot remediation with wave-based sequencing, resolver validation, and post-merge closure checks.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Check CI status for the current branch, analyze failures, distinguish failures caused by our changes from pre-existing flakes, and propose specific fixes. Use when the user asks about CI, build status, failing checks, failing jobs, test failures in CI, or whether the branch is ready after a push.
Multi-pass AI workflow for shipping high-quality code. Use when the user is about to finalize a change, wants a standards review, or asks to ship/workflow/review their code. Covers plan review, self-review, standards pass, documentation, and PR creation.
Pedantic backend PR workflow skill that follows repo-local workflow docs, GitHub issue linkage, safe Django migrations, and downtime-safe schema changes.
Create and manage promotion and release PRs for Django4Lyfe. Use this when preparing dev→release promotion PRs, release→master release PRs, validating exact branch heads with local-ci, triggering validated backend deploys, bumping versions, resolving merge conflicts, and publishing GitHub releases.
Pedantic backend pre-commit + atomic-commit skill for Django/Optimo repos that enforces local AGENTS.md, repo-local docs, pre-commit hooks, and repo-local commit hygiene without AI signatures.
Digest-first frontend skill with repo classification, dynamic detection, and internal lane routing for review, API, testing, analytics, observability, CI/CD, planning, and commit workflows.
| name | dependabot-remediation |
| description | Plan and execute backend and frontend Dependabot remediation with wave-based sequencing, resolver validation, and post-merge closure checks. |
| allowed-tools | Bash Read Edit Write Glob Grep |
| argument-hint | [backend <triage|execute-wave <N>|release> | frontend <triage|execute|release>] [--repo owner/repo] [--base-branch <name>] [--config-only] [--write-config] |
Use this skill when a repository has open Dependabot security alerts and you need a deterministic remediation flow with clear evidence and rollback paths.
Use it for:
uv + pyproject.toml repos).npm, yarn, or pnpm).backend <triage|execute-wave <N>|release>:
triage: Review/create dependabot.yml, then build backend alert inventory and wave plan.execute-wave <N>: Execute one backend wave with strict gates.release: Validate closure and prepare backend remediation release summary.frontend <triage|execute|release>:
triage: Review/create dependabot.yml, then build frontend PR/alert triage matrix.execute: Execute frontend close/recreate/merge/manual flow.release: Create frontend release summary for remediation changes.Severity tags:
[BLOCKING] cannot proceed safely[SHOULD_FIX] high-value correction before merge[NIT] optional improvementBefore backend or frontend execution:
git status -sb
git branch --show-current
gh auth status
If GitHub auth is missing or token lacks alert permissions, stop with [BLOCKING].
triage)Before backend/frontend alert triage, validate repository configuration:
gh repo view..github/dependabot.yml:
references/dependabot-yml-minimal-template.md.--write-config is set: create .github/dependabot.yml.references/dependabot-yml-review-checklist.md.[BLOCKING] config gaps that invalidate remediation claims.If --config-only is set, stop after config create/review + CI policy advice.
backend triage)Goal: produce deduplicated advisory inventory plus executable waves.
Required workflow:
package + GHSA + first_patched_version.Primary references:
references/backend-github-dependabot-cli.mdreferences/backend-wave-plan-template.mdreferences/dependabot-yml-minimal-template.mdreferences/dependabot-yml-review-checklist.mdreferences/dependency-review-ci-policy-template.mdbackend execute-wave <N>)Execution rules:
Backend validation gates must include:
uv lock --check or repo equivalent)ty firstpyright secondmypy thirdIf ty is configured ([tool.ty], ty.toml, .bin/ty, or CI usage), treat it
as mandatory and blocking.
backend release)After waves merge:
frontend triage)Goal: classify open bot PRs and alerts into actionable lanes.
Always scope PR inventory to the frontend base branch (auto-detect from
gh repo view ... defaultBranchRef unless overridden) so backend Dependabot
PRs are not mixed into the matrix.
Required workflow:
actionable, obsolete, or stale-but-recreate.Classification classes:
actionableobsoletestale-but-recreateReferences:
references/frontend-triage-matrix.mdreferences/dependabot-yml-minimal-template.mdreferences/dependabot-yml-review-checklist.mdreferences/dependency-review-ci-policy-template.mdfrontend execute)Execution policy:
@dependabot recreate.References:
references/frontend-triage-matrix.mdreferences/frontend-manual-remediation-playbook.mdfrontend release)Generate remediation release summary for integration branch -> production branch:
Reference:
references/frontend-release-pr-template.mdAlways return:
Current StateDependabot Config Status (existing/reviewed or created/proposed)Backend Scope Filter (ecosystem/path rules used)Deduplicated Alert InventoryRoot-Cause Dependency PathsProposed Waves or Wave Execution SummaryValidation GatesRisks and RollbackNext ActionsAlways return:
InventoryDependabot Config Status (existing/reviewed or created/proposed)Triage MatrixExecution SummaryRisk SnapshotNext Actionsdependabot.yml is reviewed or created.