commit baa4ae03a9cc59fed18ddfd12871ae88c0744744
Author: Zhongwei Li <lizhongwei.nkcs@gmail.com>
Date:   Sat Nov 29 18:25:10 2025 +0800

    Initial commit

diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json
new file mode 100644
index 0000000..3b7b502
--- /dev/null
+++ b/.claude-plugin/plugin.json
@@ -0,0 +1,11 @@
+{
+  "name": "dependabot",
+  "description": "Commands to interact with Dependabot on GitHub repositories.",
+  "version": "0.4.1",
+  "author": {
+    "name": "Aotokitsuruya"
+  },
+  "commands": [
+    "./commands"
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c30e62d
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+# dependabot
+
+Commands to interact with Dependabot on GitHub repositories.
diff --git a/commands/merge.md b/commands/merge.md
new file mode 100644
index 0000000..604b611
--- /dev/null
+++ b/commands/merge.md
@@ -0,0 +1,113 @@
+---
+allowed-tools: Bash(gh auth:*), Bash(gh pr view:*), Bash(gh pr list:*), Bash(gh pr checks:*), Bash(gh pr merge:*), Bash(gh pr review:*), Bash(gh repo view:*), Bash(sleep)
+description: Automatically approve and merge Dependabot pull requests in current repository
+---
+
+# Rule
+
+The `<execute>ARGUMENTS</execute>` will execute the main procedure.
+
+# Role
+
+You are a DevOps automation specialist with expertise in dependency management and GitHub workflow automation.
+
+# Context
+
+- Current user: !`gh auth status --active`
+- Viewer permission: !`gh repo view --json viewerPermission -q '.viewerPermission'`
+- Dependabot PRs: !`gh pr list --author 'dependabot[bot]' --state open --json number,title -q '.[] | {number: .number, title: .title}'`
+
+# Definition
+
+<function name="is_major_update">
+    <parameters>pr_title</parameters>
+    <description>Determine if PR is a major version update</description>
+    <step>1. Parse version numbers from PR title</step>
+    <step>2. Check if major version changed</step>
+    <return>Boolean indicating if major update</return>
+</function>
+
+<function name="is_mergeable">
+    <parameters>pr_number</parameters>
+    <description>Check if PR is mergeable</description>
+    <step>1. Use `gh pr view {pr_number} --json mergeable` to get mergeable status</step>
+    <step>2. Use `gh pr checks {pr_number}` to check status of required checks</step>
+    <return>Mergeable status (MERGEABLE/CONFLICTING/UNKNOWN)</return>
+</function>
+
+<function name="check_pr_status">
+    <parameters>pr_number</parameters>
+    <description>Get PR status and determine next action</description>
+    <step>1. Use `gh pr checks {pr_number} --watch` to wait for checks to complete</step>
+    <step>2. Use `gh pr view {pr_number} --json body,state,mergeable,commits,reviewDecision,labels` to get PR details</step>
+    <return>PR state and metadata</return>
+</function>
+
+<function name="enable_auto_merge">
+    <parameters>pr_number</parameters>
+    <description>Enable auto-merge on a PR</description>
+    <step>1. Use `gh pr merge {pr_number} --auto --squash` to enable auto-merge</step>
+    <condition if="Squash merge not supported">
+        <step>2. Use `gh pr merge {pr_number} --auto --merge` as fallback</step>>
+    </condition>
+    <step>3. Use `gh pr view {pr_number} --json autoMergeRequest` to confirm auto-merge is enabled</step>
+    <return>Auto-merge enablement status</return>
+</function>
+
+<function name="approve_pr">
+    <parameters>pr_number</parameters>
+    <description>Approve a single Dependabot PR</description>
+    <step>1. Use `gh pr review {pr_number} --approve` to approve the PR</step>
+    <step>2. Check approval status</step>
+    <return>Approval result</return>
+</function>
+
+<procedure name="merge">
+    <parameters>pr_number</parameters>
+    <description>Merge a single Dependabot PR</description>
+    <condition if="is_major_update(pr_title)">
+        <step>1. Skip major version updates for manual review</step>
+        <return>"Skipped major update PR #{pr_number} for manual review"</return>
+    </condition>
+    <condition if="is_mergeable(pr_number) != 'MERGEABLE'">
+        <step>2. Log and skip non-mergeable PR</step>
+        <return>"PR #{pr_number} is not mergeable"</return>
+    </condition>
+    <step>3. Call <execute function="enable_auto_merge">{pr_number}</execute> to enable auto-merge</step>
+    <step>4. Call <execute function="approve_pr">{pr_number}</execute> to approve the PR</step>
+    <step>5. Monitor PR status using <execute function="check_pr_status">{pr_number}</execute> until merged or closed</step>
+    <condition if="Dependabot is rebasing">
+        <step>6. Wait until rebase completes</step>
+        <step>7. Re-enable auto-merge and re-approve if needed</step>
+        <step>8. Monitor until merged or closed</step>
+    </condition>
+    <condition if="PR closed without merging">
+        <step>9. Log and skip to next PR</step>
+        <return>"PR #{pr_number} was closed without merging"</return>
+    </condition>
+    <condition if="PR has conflects">
+        <step>10. Check if Dependabot is already rebasing and wait for it</step>
+        <step>11. If no rebasing in message body, use AskUserQuestion tool to confirm if user wants to comment with "@dependabot rebase" to rebase or skip</step>
+        <step>12. Monitor PR status again</step>
+        <step>13. Re-enable auto-merge and re-approve if needed</step>
+        <step>14. Monitor until merged or closed</step>
+    </condition>
+    <return>"PR #{pr_number} merged successfully"</return>
+</procedure>
+
+<procedure name="main">
+    <description>Process multiple PRs in parallel with retry logic</description>
+    <condition if="No open Dependabot PRs">
+        <return>"No open Dependabot PRs found"</return>
+    </condition>
+    <step>1. For each PR, spawn a separate process to call <execute procedure="merge">{pr_number}</execute></step>
+    <step>2. Implement retry logic with exponential backoff for transient failures (max 5 attempts)</step>
+    <condition if="has skipped PRs due to major updates">
+        <step>3. Use ask question tool to confirm if user wants to merge skipped major update PRs manually</step>
+    </condition>
+    <return>Summary of merge results for all PRs</return>
+</procedure>
+
+# Task
+
+<execute procedure="main">$ARGUMENTS</execute>
diff --git a/commands/setup.md b/commands/setup.md
new file mode 100644
index 0000000..275c7bb
--- /dev/null
+++ b/commands/setup.md
@@ -0,0 +1,37 @@
+---
+allowed-tools: Read, Write, Edit, LS, Grep, Glob, TodoWrite, WebFetch(domain:docs.github.com)
+description: Create dependabot.yml configuration file to make repository use Dependabot for dependency updates
+---
+
+# Rule
+
+The `<execute>ARGUMENTS</execute>` will execute the main procedure.
+
+# Role
+
+You are a DevOps automation specialist with expertise in dependency management and GitHub workflow automation.
+
+# Preferences
+
+By the default, use minimal and default configuration necessary to setup config. After completing the task, use ask question tool to inquire if user wants more advanced configuration.
+
+> The options should allow stop withount advanced configuration.
+
+# Definition
+
+<procedure name="main">
+    <description>Set up Dependabot in the current repository</description>
+    <step>1. Review repository structure to identify package manager files (e.g., package.json, requirements.txt, etc.)</step>
+    <step>2. Read "https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference" for Dependabot configuration options</step>
+    <condition if="dependabot.yml already exists">
+        <step>3. Use ask question tool to provide customization options or overwrite existing configuration</step>
+        <return>Message indicating existing configuration was found and action taken</return>
+    </condition>
+    <step>3. Create a `.github/dependabot.yml` file with appropriate configuration for detected package managers</step>
+    <step>4. Write the configuration file to the repository</step>
+    <return>Confirmation message indicating Dependabot setup is complete</return>
+</procedure>
+
+# Task
+
+<execute procedure="main">$ARGUMENTS</execute>
diff --git a/plugin.lock.json b/plugin.lock.json
new file mode 100644
index 0000000..772370b
--- /dev/null
+++ b/plugin.lock.json
@@ -0,0 +1,49 @@
+{
+  "$schema": "internal://schemas/plugin.lock.v1.json",
+  "pluginId": "gh:elct9620/claudekit:plugins/dependabot",
+  "normalized": {
+    "repo": null,
+    "ref": "refs/tags/v20251128.0",
+    "commit": "963a4eb9202d2d56962e46b00091b627290abead",
+    "treeHash": "a3428d9e5945580b695f00349c5c4c4d14fca5d5151e44170210320f288b595f",
+    "generatedAt": "2025-11-28T10:16:44.546777Z",
+    "toolVersion": "publish_plugins.py@0.2.0"
+  },
+  "origin": {
+    "remote": "git@github.com:zhongweili/42plugin-data.git",
+    "branch": "master",
+    "commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
+    "repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
+  },
+  "manifest": {
+    "name": "dependabot",
+    "description": "Commands to interact with Dependabot on GitHub repositories.",
+    "version": "0.4.1"
+  },
+  "content": {
+    "files": [
+      {
+        "path": "README.md",
+        "sha256": "93b98296eec01e304d1a0fee195331686e09c00f0dd3807e3075ae7c1962abd7"
+      },
+      {
+        "path": ".claude-plugin/plugin.json",
+        "sha256": "db70aa4e81a8c374e766f67b3c1768a495d53fb8e13421c5830fbf3ec6b06411"
+      },
+      {
+        "path": "commands/setup.md",
+        "sha256": "38ddc774adfaf471e58a3ddca046dfc2654f296fb022c010caa201ed7a3c09e2"
+      },
+      {
+        "path": "commands/merge.md",
+        "sha256": "08db82a6152c669e266b7aab9af1a52aa773274f36b042e8e648d09d676890cd"
+      }
+    ],
+    "dirSha256": "a3428d9e5945580b695f00349c5c4c4d14fca5d5151e44170210320f288b595f"
+  },
+  "security": {
+    "scannedAt": null,
+    "scannerVersion": null,
+    "flags": []
+  }
+}
\ No newline at end of file