Safely triage and remediate GitHub dependency hygiene issues with explicit guardrails. Use when Dependabot PRs fail, pnpm lockfiles break, transitive vulnerabilities appear (e.g., glob/lodash/brace-expansion), or CI/Vercel fails due to dependency resolution. Prioritize low-risk fixes, branch+PR workflow, and plain-English explanations.
- Expanded safety guardrails to prohibit direct pushes to both `main` and `master` branches. - Refined the approval gate to explicitly require displaying planned file/version changes and always request approval for non-trivial edits. - Added a new "Required Permissions & Least-Privilege Policy" section outlining strict access and permission boundaries. - Strengthened prohibitions against modifying files outside the target repository and performing external actions without explicit request. - Clarified steps for handling missing permissions, emphasizing minimum access and transparent permission requests.