matthew-a-carr/triage-dependabot
Repo-aware triage of open Dependabot PRs. Applies this repo's hard-won dependency rules (the Expo-SDK-managed lockstep set, the TS6 / Vite8 holds, dev-only security transitives, the mobile-e2e cache interaction) to recommend merge / hold / close / escalate per PR. Use when a human says "triage the dependabot PRs" or "look at dependabot PR #NNN". Conservative by default: recommends, and only merges green minor/patch PRs when explicitly asked.
84
90%
Does it follow best practices?
Impact
100%
1.17xAverage score across 2 eval scenarios
Advisory
Suggest reviewing before use
Evaluation results
100%
9%Triage a Batch of Open Dependabot PRs
Triage mixed Dependabot PRs against the repo's version-lock rules
RN minor -> Close/Hold
100%
100%
Grouped green npm -> Merge
100%
100%
TypeScript 6 -> Hold
80%
100%
Expo-router group -> Split/Close
86%
100%
github-actions patch -> Merge
100%
100%
Cites rule / TD per row
69%
100%
No auto-merge of majors
100%
100%
Recommend-only, no unilateral action
100%
100%
100%
20%Triage a Security Update on a Dev-Only Transitive
Triage a dev-only transitive security update vs a production one
Identifies dev-only / no prod impact
100%
100%
Recommends bundling per TD-005
20%
100%
Production-dependency exception
100%
100%
Recommend-only, no unilateral action
100%
100%
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6