rodin/review-bot
2
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 6 Wiki Activity

docs: allow approved third-party packages
CI / test (pull_request) Successful in 15s
Details
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 24s
Details
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 52s
Details
CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 56s
Details

Browse Source 
Updates dependency policy from 'stdlib only' to 'stdlib preferred,
approved packages allowed'. Adds initial approved list:

- gopkg.in/yaml.v3: YAML parsing for persona files
- github.com/google/go-cmp: Test comparisons with readable diffs

Includes process for adding new dependencies.
This commit is contained in:
Rodin
2026-05-10 13:43:59 -07:00
parent 230419f0e2
commit 0e9ddc3c57
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CONVENTIONS.md
+13 -1
View File
@@ -2,8 +2,20 @@
## Language & Dependencies
- Go standard library only — no external dependencies.
- Target the latest stable Go release.
- Prefer Go standard library; approved third-party packages allowed (see below).
### Approved Third-Party Packages
| Package | Use Case | Notes |
|---------|----------|-------|
| `gopkg.in/yaml.v3` | YAML parsing | Persona files, config |
| `github.com/google/go-cmp` | Test comparisons | `cmp.Diff` for readable diffs |
To add a new dependency:
1. Open a PR with justification (why stdlib is insufficient)
2. Package must be well-maintained, widely used, minimal transitive deps
3. Update this table when approved
## Error Handling