docs: Dependabot preflight + widened merge review rule#15
Conversation
- Preflight: check `gh pr list --author app/dependabot --state open` before each batch; resolve or disposition any affecting current batch - Merge rule: widened from "PR comments + bot/agent feedback" to "PR comments, formal reviews, bot/agent code review feedback, AND relevant automated review findings (CodeQL, Copilot, Dependabot, Snyk)" External repo-bootstrap SKILL.md updated in parallel with same additions plus storage-location note (canonical-for-this-machine, versioned shared skills repo as future migration candidate). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the AGENTS.md documentation to provide more detailed instructions for AI agents regarding PR reviews and preflight checks. It expands the merge checklist to include formal reviews and automated findings, and adds a requirement to check for open Dependabot PRs. A review comment suggests optimizing the gh CLI commands for better agent compatibility by using JSON output and providing a specific command for check-run annotations.
| - `gh pr view <number> --comments` — inline + conversation comments | ||
| - `gh pr view <number> --json reviews` — formal reviews | ||
| - `gh pr checks <number>` — automated review findings (CodeQL, Copilot review, Dependabot, Snyk, etc.) | ||
| - Any bot/agent output in check-run annotations |
There was a problem hiding this comment.
For AI agents, using a consistent JSON output format is more reliable and efficient than mixing text and JSON. Consolidating the gh pr view calls into a single request reduces API overhead. Furthermore, since gh pr checks only provides a high-level status summary, providing a specific command for annotations ensures the agent can actually inspect the 'bot/agent output' required in line 26, which is often where the most critical automated findings reside.
| - `gh pr view <number> --comments` — inline + conversation comments | |
| - `gh pr view <number> --json reviews` — formal reviews | |
| - `gh pr checks <number>` — automated review findings (CodeQL, Copilot review, Dependabot, Snyk, etc.) | |
| - Any bot/agent output in check-run annotations | |
| - `gh pr view <number> --json comments,reviews,statusCheckRollup` — comments, reviews, and check status | |
| - `gh api repos/:owner/:repo/check-runs/{check_run_id}/annotations` — detailed findings in check-run annotations |
1 participant
Summary
Updates
AGENTS.mdExecution Discipline section based on new verified learning:gh pr list --author app/dependabot --state openbefore each batch; resolve or disposition any affecting current workExternal
~/.claude/skills/repo-bootstrap/SKILL.mdupdated in parallel with the same rules plus a storage-location note (canonical-for-this-machine now; versioned shared skills repo flagged as future migration candidate for portability).Evidence
This repo currently has 5 open Dependabot PRs (#1-#5) that pre-date this batch — exactly the kind of signal the new preflight rule surfaces.
Checklist