dependabot-mergelisted

Bulk-process open dependabot PRs: audit each dependency, comment findings, merge if CI green, request rebase on conflicts or CI failures. Use to merge dependabot PRs, process dependency bumps, auto-merge bot PRs, or handle dependabot backlog.
lklimek/claudius · ★ 1 · AI & Automation · score 74

Install: claude install-skill lklimek/claudius

# Dependabot PR Bulk Processor Audit, comment, and merge open dependabot PRs in a repository. Each PR gets a security review via the `review-dependency` skill, a comment with findings, and — if safe — a squash merge. **Argument**: `$ARGUMENTS` — optional filter (e.g., `golang`, `docker`, `npm`). If empty, process all open dependabot PRs. ## Prerequisites - `ghsudo` installed for write operations (`pip install ghsudo`) - GitHub MCP tools available (`mcp__plugin_claudius_github__*`) - `review-dependency` skill available ## Workflow ### 1. Discover Open Dependabot PRs Search for open PRs authored by `app/dependabot`: ```bash gh pr list --repo <owner>/<repo> --author 'app/dependabot' \ --json number,title,statusCheckRollup,mergeable --limit 50 ``` Extract for each PR: number, title, CI status (which checks passed/failed), and mergeable state. If `$ARGUMENTS` is set, filter PRs whose title contains the filter string. ### 2. Check for Unpushed Commits Before spawning worktree agents: ```bash git log @{upstream}..HEAD --oneline ``` If unpushed commits exist, **alert the user and stop**. Worktree agents fork from the remote state — unpushed local commits will be missing. If no upstream is configured, use `git log origin/$(git branch --show-current)..HEAD` as fallback. ### 3. Classify PRs Sort PRs into three groups: | Group | Condition | Action | |---|---|---| | **Green** | All CI checks passed + MERGEABLE | Audit, Comment, Merge | | **Red** | CI failures + MERGEABL