review-bot

rodin/review-bot

Fork 0

Commit Graph

Author	SHA1	Message	Date
Rodin	4b96231b32	docs: strict dependency allowlist with CI enforcement PR Ready Gate / clear-labels (pull_request) Successful in 2s Details CI / test (pull_request) Successful in 15s Details CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 28s Details CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m40s Details CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m48s Details STRICT ALLOWLIST policy: Only packages explicitly listed in CONVENTIONS.md may be imported. No exceptions. ## Changes - Updates CONVENTIONS.md with strict allowlist language - Adds scripts/check-deps.sh to enforce the allowlist - Adds 'make check-deps' and 'make precommit' targets - CI will fail if any unapproved dependency is detected ## Approved packages - gopkg.in/yaml.v3 — YAML parsing - github.com/google/go-cmp — test comparisons ## Process for new dependencies 1. Open a PR that ONLY updates CONVENTIONS.md 2. Requires explicit approval from Aaron 3. After merge, a separate PR may use the package	2026-05-10 13:45:12 -07:00

Author

SHA1

Message

Date

Rodin

4b96231b32

docs: strict dependency allowlist with CI enforcement

PR Ready Gate / clear-labels (pull_request) Successful in 2s

Details

CI / test (pull_request) Successful in 15s

Details

CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 28s

Details

CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m40s

Details

CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m48s

Details

STRICT ALLOWLIST policy: Only packages explicitly listed in CONVENTIONS.md
may be imported. No exceptions.

## Changes

- Updates CONVENTIONS.md with strict allowlist language
- Adds scripts/check-deps.sh to enforce the allowlist
- Adds 'make check-deps' and 'make precommit' targets
- CI will fail if any unapproved dependency is detected

## Approved packages

- gopkg.in/yaml.v3 — YAML parsing
- github.com/google/go-cmp — test comparisons

## Process for new dependencies

1. Open a PR that ONLY updates CONVENTIONS.md
2. Requires explicit approval from Aaron
3. After merge, a separate PR may use the package

2026-05-10 13:45:12 -07:00

1 Commits