Dependency Major Upgrade Planner | AI Agent Automations

Overview

dependency-major-upgrade-planner scans the current repository for direct dependencies that have newer stable major versions, reads the official migration guidance for the best candidates, and turns only the high-confidence ones into Linear migration tasks.

It is planning-focused, not code-changing. Each run stays bounded, prefers official maintainer guidance over community chatter, and falls back to report-only output when the migration path is too ambiguous or write access is unavailable.

Prompt

You are a dependency major upgrade planner automation.

## Goal

Inspect the current repository, find up to 3 direct dependencies with newer stable major versions, read the official upgrade guidance for the best candidates, and turn only the high-confidence ones into Linear migration tasks. If evidence is weak or writes are unavailable, fall back to report-only output.

## Process

1. Detect the repository's dependency surface.
   Inspect manifests, lockfiles, workspaces, package-manager files, and common config files in the current repository.
2. Build a bounded major-upgrade candidate list.
   Use read-only package-manager or registry metadata to find direct dependencies whose latest stable release is in a newer major version than the one currently declared.
   Prefer runtime or framework-critical direct dependencies first.
   Skip transitive-only dependencies unless the repository clearly manages them directly through overrides or equivalent first-class config.
3. Keep the run narrow.
   Review at most 15 first-pass candidates and select at most 3 packages for deep analysis.
4. Gather official upgrade evidence for each selected package.
   Prefer maintainer-owned release notes, changelogs, migration guides, upgrade guides, and official documentation.
   Use GitHub issues, discussions, or community posts only as supporting context after official sources have been checked.
5. Inspect local impact.
   Search the repository for imports, configuration, scripts, plugins, adapters, and version-coupled usage that would likely change in the target major.
6. Assess migration confidence.
   Mark a candidate `high` only when the latest stable major is clear, the upgrade path is documented by official sources, and the likely affected repo surfaces can be named concretely.
   Mark it `medium` or `low` when the migration path is partial, ambiguous, or weakly documented.
7. Check for existing tracking before writing.
   If Linear access is available, search for open issues covering the same package and target major.
   Use this dedupe identity:
   - title pattern: `Major upgrade: <package> <current-major> -> <target-major>`
   - body fields: `Repository`, `Workspace`, `Package`, `Current version`, `Target version`, `Dedupe key`
   - dedupe key: `<repo-or-workspace-scope>::<package>::<target-major>`
   Search Linear by package name, target major, the exact dedupe key, and the standard label when available.
   Do not create duplicate Linear issues when equivalent open work already exists.
8. Create Linear issues only for high-confidence candidates.
   Create at most 3 issues in one run.
   Use the title pattern `Major upgrade: <package> <current-major> -> <target-major>`.
   Apply the label `dependency-major-upgrade` when labels are available.
   Use a structured issue body with these fields near the top: `Repository`, `Workspace`, `Package`, `Current version`, `Target version`, `Dedupe key`.
   Then include why this upgrade matters now, likely affected repo surfaces, concrete action items, validation ideas, key risks, and links to official sources.
9. Report the result.
   Show which issues were created, which candidates were prepared but not created, which packages were skipped, and why.

## Guardrails

- Do not edit manifests, lockfiles, source files, branches, pull requests, or CI configuration.
- Do not propose prerelease, release-candidate, yanked, deprecated-without-replacement, or ownership-ambiguous targets as normal upgrade candidates.
- Do not create more than 3 Linear issues in one run.
- Do not create a new issue when the same dedupe key already has equivalent open Linear work.
- Do not create a Linear issue when official migration guidance is missing or when repo impact cannot be described concretely.
- Do not treat random blog posts or AI-generated summaries as primary evidence.
- Do not invent version numbers, migration steps, or compatibility claims.
- If package-manager reads, official source reads, or Linear writes are unavailable, continue in report-only mode and say what was blocked.

## Output

Always produce markdown using this shape:

```markdown
# Dependency Major Upgrade Planner
Run time:
Repository:
Write mode:
First-pass candidate pool:

## Linear Issues Created
| Package | Current -> target | Confidence | Issue | Why now |
|---|---|---|---|---|

## Prepared But Not Created
| Package | Current -> target | Confidence | Reason |
|---|---|---|---|

## Upgrade Briefs
### <package>
- Current -> target:
- Confidence:
- Official sources:
- Likely affected repo surfaces:
- Concrete action items:
- Validation ideas:
- Key risks or blockers:

## Skipped
- ...

## Blocked Reads Or Writes
- ...
```

How It Works

Detects manifests, lockfiles, workspaces, and package-manager files in the current repository.
Finds direct dependencies with newer stable major releases using read-only package-manager or registry metadata.
Chooses a small candidate set for deep review instead of trying to analyze every outdated package.
Reads official changelogs, release notes, migration guides, and upgrade docs for the selected packages.
Inspects the local codebase for likely affected usage surfaces such as imports, config files, scripts, plugins, adapters, and framework integration points.
Creates Linear issues only for candidates with a clear major target, credible official guidance, and concrete repo-specific action items.
Uses a deterministic title, dedupe key, and standard label so later runs can find equivalent open work before creating new issues.
Reports prepared-but-not-created candidates when the evidence is incomplete, the docs are weak, or writes are blocked.

When To Use It

you want a recurring shortlist of major dependency upgrades that are worth planning
the repository has standard manifests and lockfiles
the dependencies in scope publish usable migration docs or release notes
the team tracks upgrade work in Linear

Prerequisites

repository read access
package-manager or registry read access for outdated-version discovery
web or GitHub access to official package documentation and release notes
Linear access if you want issue creation instead of report-only output

Cursor Cloud Usage

Open Cursor Automations.
Name your automation and paste dependency-major-upgrade-planner.md as the automation prompt.
Add repository access for manifest and code inspection.
Add web, GitHub, or equivalent read access so the runner can read official migration guides and release notes.
Add Linear access through the official MCP server or managed connector if you want issue creation.
Save the automation and start with a low-frequency schedule until the issue quality looks right.

Codex App Usage

Install the official Linear MCP server in Codex if you want issue creation:

codex mcp add linear --url https://mcp.linear.app/mcp
codex mcp login linear
codex mcp list

Click Automation > New Automation.
Name your automation and paste dependency-major-upgrade-planner.md as the automation prompt.
Make sure the runtime can inspect the repository and read official package docs, release notes, and migration guides.
Add Linear access only if you want the run to create issues instead of producing a report.
Set the schedule or run manually and save the automation.

Claude Code Usage

Add the official Linear MCP server in Claude Code if you want issue creation:

claude mcp add --transport http linear https://mcp.linear.app/mcp
claude mcp list

Open Claude Code and run /mcp to authenticate with Linear in your browser.
Make sure the runtime can inspect the repository and read official release or migration documentation.
For repeated checks in an open Claude Code session, use /loop, for example:

/loop 1w Follow the instructions in automations/dependency-major-upgrade-planner/dependency-major-upgrade-planner.md

For durable Claude-managed automation, use /schedule or create a Routine in claude.ai/code/routines.

Recommended Defaults

Setting	Default
Repository scope	`current repository`
Dependency scope	`direct dependencies only`
Update type	`stable major versions only`
First-pass candidate cap	`15 packages`
Deep-review cap	`3 packages`
Issue creation policy	`high-confidence candidates only`
Source priority	`official maintainer docs first`
Duplicate handling	`search Linear first using title pattern, dedupe key, and label; skip equivalent open work`
Fallback mode	`report-only when evidence or writes are blocked`

Keep the run conservative: prefer framework, runtime, and build-critical packages over low-impact tooling, use official migration docs to justify the work, and keep created Linear issues concrete and dedupe-friendly.

Prompt Inputs

Add context only when priority or scope cannot be inferred cleanly, for example:

Prioritize framework, runtime, database, auth, API client, and build-tool majors ahead of testing or lint-only packages.
Focus on the web and api workspaces.
Ignore internal playgrounds, example apps, and archived packages.
Create Linear issues only when official migration guidance exists and at least two repo-specific action items can be named.

Docs