# Dependabot Resolution Workflow for Agents

This document outlines the standard procedure for an AI agent to handle Dependabot pull requests in the Yorvana project.

## Workflow Overview

Dependabot updates should be processed one at a time to ensure stability and avoid dependency conflicts. The goal is to verify that the update does not break JVM tests, end-to-end smoke tests, or code style/linting rules.

### 1. Identify Open PRs
Use the GitHub CLI to list open Dependabot PRs:
```bash
gh pr list --author "app/dependabot"
```

### 2. Process Each PR
For each PR, follow these steps:

#### A. Checkout the PR Branch
```bash
gh pr checkout <PR_ID>
```

#### B. Integrate Latest Upstream Master
Pull the latest changes from `origin/master` directly into the PR branch. This ensures you are testing against the absolute latest codebase and resolves potential conflicts before validation begins:
```bash
git fetch origin master && git merge origin/master
```
*Note: If there are conflicts, resolve them manually before proceeding to testing.*

#### C. Run JVM Tests
Run the fast unit and Robolectric tests:
```bash
./gradlew test
```

#### D. Run Smoke Tests (with GPU Acceleration)
Verify core user journeys on a real Android environment using a Gradle Managed Device (GMD).
**Always use GPU acceleration (`host` mode) for speed and fidelity:**
```bash
./gradlew pixel2api33Check -Pandroid.testoptions.manageddevices.emulator.gpu=host
```
*Note: If `host` mode fails due to environment restrictions, fallback to `angle_indirect`.*

#### E. Verify Code Style and Linting
Ensure the update didn't trigger new lint, formatting, or static analysis issues (common with `ktlint` or Android lint changes):
```bash
./gradlew lintDebug ktlintCheck detekt
```
If violations are found, fix them (e.g., using `./gradlew ktlintFormat`) and commit the changes.

#### F. Handling Failures and Fixes
If the build fails, tests fail, or code quality checks require manual fixes:
1.  **Apply Fixes:** Implement the necessary code changes to resolve the issue.
2.  **Commit and Push:** Commit your fixes and push them to the PR branch.
3.  **Wait for Review:** Notify the user via **terminal output** that fixes were required. You **must** wait for the standard PR review process and for the PR to be merged before proceeding to the next Dependabot update.

#### G. Merge the PR
If all tests pass and no manual fixes were required (or style fixes were purely automatic/trivial):
```bash
gh pr merge --squash --delete-branch
```

## Best Practices for Agents

- **Sequential Execution:** Never merge multiple Dependabot PRs simultaneously. Always verify on the latest upstream state.
- **Upstream First:** Always merge `origin/master` into your PR branch before running any tests.
- **Pre-authorized Fixes:** For Dependabot PRs, the agent is pre-authorized to commit and push mechanical auto-fixes (e.g., the output of `./gradlew ktlintFormat`) directly to the PR branch without per-action approval. Any manual code edits or logical changes—even those needed to resolve `lintDebug` or `detekt` violations—must follow the Step F workflow (commit, push, and wait for manual review).
- **No Concurrent Work:** If a PR requires manual intervention and review, stop and wait. Do not start on the next PR until the current one is merged.
- **GPU Acceleration:** Smoke tests are significantly faster with `-Pandroid.testoptions.manageddevices.emulator.gpu=host`.
- **Validation is Key:** Never merge a Dependabot PR without running the full suite: JVM tests, smoke tests, and all code quality checks (`lintDebug`, `ktlintCheck`, `detekt`).