Add dependency version check policy

[venikman]

Summary

• add dependency version policy requiring checks for latest stable versions

Testing

• not run (docs-only change)

Summary by CodeRabbit

• Documentation
  • Updated internal development policy documentation to include guidelines for managing dependency versions and package updates.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[continue]

Learn more

---

All Green is an AI agent that automatically:

✅ Addresses code review comments

✅ Fixes failing CI checks

✅ Resolves merge conflicts

---

Unsubscribe from All Green comments

[gemini-code-assist]

Summary of Changes

Hello @venikman, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new policy document aimed at standardizing dependency management within the project. The primary goal is to ensure that all dependency additions or updates are thoroughly checked against the latest stable releases, promoting consistency and clarity in versioning practices across the codebase.

Highlights

• New Dependency Version Policy: A new section titled 'Dependency Version Policy' has been added to the AGENTS.md file.
• Policy Requirements: The policy mandates checking for the latest stable versions of dependencies, tooling actions, or package versions (npm, Deno, GitHub Actions) when making changes. It also requires documenting the reason if the latest version is not used.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

📝 Walkthrough

Walkthrough

AGENTS.md documentation updated with new "Dependency Version Policy" section under JavaScript/TypeScript Runtime policy. The section instructs checking latest stable releases from official sources before finalizing dependency-related changes and documenting version selection rationale in PR summaries.

Changes

Cohort / File(s)	Summary
Documentation Update AGENTS.md	Added "Dependency Version Policy" section specifying requirements to check latest stable releases and document version selection rationale in PR summaries

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A fresh policy hops in line,
Dependencies versioned, so fine!
Check what's stable and new,
Document your choice true,
Guidelines that help us align! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately describes the main change: adding a new dependency version check policy to the documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

🧹 Recent nitpick comments

AGENTS.md (1)

17-23: Good addition, but consider refining for edge cases.

The policy establishes a clear practice for dependency management. However, consider these refinements:

1. "Latest stable" may not always be safest: The latest version might have undiscovered bugs, breaking changes, or compatibility issues. Consider adding language like "latest stable and compatible version" or "unless stability/compatibility concerns exist."

2. "Official source" could be more specific: Examples would help (e.g., "npm registry, deno.land/x, GitHub releases page").

3. Security considerations: Add guidance that security patches should override the "note reason" requirement—security updates should be prioritized even if not on latest.

Line count note: The file is now at 196 lines, approaching the 200-line guideline limit. As the file grows, consider moving detailed operational policies like this into .codex/skills/dependency-management.md with just a brief reference here.

📝 Suggested refinement

 ### Dependency Version Policy
 
 - For any change that adds or updates dependencies, tooling actions, or package
-  versions (npm, Deno, GitHub Actions), check the latest stable release from the
-  official source (registry or release page) before finalizing.
+  versions (npm, Deno, GitHub Actions), check the latest stable and compatible 
+  release from the official source (npm registry, deno.land/x, GitHub releases) 
+  before finalizing.
 - If not using the latest version, note the reason in the PR summary.
+- Prioritize security patches regardless of version recency.

Based on coding guidelines about keeping AGENTS.md under 200 lines.

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f2c81b2 and 54a6bae.

📒 Files selected for processing (1)

• AGENTS.md

🧰 Additional context used

📓 Path-based instructions (2)

{AGENTS.md,.agents/roles.yaml,.codex/skills/**,docs/adr/**}

📄 CodeRabbit inference engine (AGENTS.md)

Keep AGENTS.md file concise at under 200 lines; push detailed documentation into skills in .codex/skills/, role definitions in .agents/roles.yaml, and decision records in docs/adr/

Files:

• AGENTS.md

**/AGENTS.md

📄 CodeRabbit inference engine (AGENTS.md)

Subdirectories may override root AGENTS.md rules with their own AGENTS.md files; use nearest AGENTS.md for scope precedence

Files:

• AGENTS.md

🧠 Learnings (3)

📓 Common learnings

Learnt from: CR
Repo: venikman/PromptAgent PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-15T13:48:27.166Z
Learning: Applies to {AGENTS.md,.agents/roles.yaml,.codex/skills/**,docs/adr/**} : Keep AGENTS.md file concise at under 200 lines; push detailed documentation into skills in .codex/skills/, role definitions in .agents/roles.yaml, and decision records in docs/adr/

Learnt from: CR
Repo: venikman/PromptAgent PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-15T13:48:27.166Z
Learning: Applies to **/AGENTS.md : Subdirectories may override root AGENTS.md rules with their own AGENTS.md files; use nearest AGENTS.md for scope precedence

📚 Learning: 2026-01-15T13:48:27.166Z

Learnt from: CR
Repo: venikman/PromptAgent PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-15T13:48:27.166Z
Learning: Deploy only through GitHub Actions pipelines; no manual production deploys allowed

Applied to files:

• AGENTS.md

📚 Learning: 2026-01-15T13:48:27.166Z

Learnt from: CR
Repo: venikman/PromptAgent PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-15T13:48:27.166Z
Learning: Use Deno as the primary runtime for scripts, tooling, and TypeScript code

Applied to files:

• AGENTS.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Playwright Tests
• GitHub Check: Agent

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR adds a new dependency version management policy to the repository's agent contract documentation (AGENTS.md), requiring teams to check for latest stable releases before finalizing dependency updates and document any decisions to use older versions.

Changes:

• Added "Dependency Version Policy" subsection under "Language & Runtime Policy" with guidelines for checking latest stable versions of dependencies, tooling actions, and package versions

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[gemini-code-assist]

Code Review

The pull request introduces a clear and valuable 'Dependency Version Policy' to the AGENTS.md document. This policy promotes good practices by requiring checks for the latest stable releases and documentation of reasons for not using them. The change is well-articulated and enhances the repository's guidelines for dependency management. No specific issues were found in the added content that require further review comments.

[venikman]

Superseded by #18