Dependency Health Check (Inline Orchestration)
You ARE the orchestrator. Execute this workflow directly without spawning a separate orchestrator agent.
Workflow Overview
Audit → Validate → Update by Priority → Verify → Repeat if needed
Max iterations: 3 Priorities: critical → high → medium → low
Phase 1: Pre-flight
- •
Setup directories:
bashmkdir -p .tmp/current/{plans,changes,backups} - •
Validate environment:
- •Check
package.jsonexists - •Check
type-checkandbuildscripts exist - •Check lockfile exists (pnpm-lock.yaml, package-lock.json, yarn.lock)
- •Check
- •
Initialize TodoWrite:
json[ {"content": "Dependency audit", "status": "in_progress", "activeForm": "Auditing dependencies"}, {"content": "Fix critical dependency issues", "status": "pending", "activeForm": "Fixing critical deps"}, {"content": "Fix high priority dependency issues", "status": "pending", "activeForm": "Fixing high deps"}, {"content": "Fix medium priority dependency issues", "status": "pending", "activeForm": "Fixing medium deps"}, {"content": "Fix low priority dependency issues", "status": "pending", "activeForm": "Fixing low deps"}, {"content": "Verification audit", "status": "pending", "activeForm": "Verifying updates"} ]
Phase 2: Detection
Invoke dependency-auditor via Task tool:
subagent_type: "dependency-auditor" description: "Audit all dependencies" prompt: | Audit the entire codebase for dependency issues: - Security vulnerabilities (npm audit / pnpm audit) - Outdated packages (major/minor/patch) - Unused dependencies (via Knip) - Deprecated packages - License compliance issues - Categorize by priority (critical/high/medium/low) Generate: dependency-scan-report.md Return summary with issue counts per priority.
After dependency-auditor returns:
- •Read
dependency-scan-report.md - •Parse issue counts by priority
- •If zero issues → skip to Final Summary
- •Update TodoWrite: mark audit complete
Phase 3: Quality Gate (Detection)
Run inline validation:
pnpm type-check pnpm build
- •If both pass → proceed to updates
- •If fail → report to user, exit
Phase 4: Update Loop
For each priority (critical → high → medium → low):
- •
Check if issues exist for this priority
- •If zero → skip to next priority
- •
Update TodoWrite: mark current priority in_progress
- •
Invoke dependency-updater via Task tool:
codesubagent_type: "dependency-updater" description: "Update {priority} dependencies" prompt: | Read dependency-scan-report.md and fix all {priority} priority issues. For each issue: 1. Backup package.json and lockfile 2. Update ONE dependency at a time 3. Run type-check and build after each update 4. If fails, rollback and skip 5. Log change to .tmp/current/changes/deps-changes.json Generate/update: dependency-updates-implemented.md Return: count of updated deps, count of failed updates. - •
Quality Gate (inline):
bashpnpm type-check pnpm build
- •If FAIL → report error, suggest rollback, exit
- •If PASS → continue
- •
Update TodoWrite: mark priority complete
- •
Repeat for next priority
Phase 5: Verification
After all priorities updated:
- •
Update TodoWrite: mark verification in_progress
- •
Invoke dependency-auditor (verification mode):
codesubagent_type: "dependency-auditor" description: "Verification audit" prompt: | Re-audit dependencies after updates. Compare with previous dependency-scan-report.md. Report: - Issues fixed (count) - Issues remaining (count) - New issues introduced (count)
- •
Decision:
- •If issues_remaining == 0 → Final Summary
- •If iteration < 3 AND issues_remaining > 0 → Go to Phase 2
- •If iteration >= 3 → Final Summary with remaining issues
Phase 6: Final Summary
Generate summary for user:
## Dependency Health Check Complete
**Iterations**: {count}/3
**Status**: {SUCCESS/PARTIAL}
### Results
- Found: {total} dependency issues
- Fixed: {fixed} ({percentage}%)
- Remaining: {remaining}
### By Priority
- Critical: {fixed}/{total}
- High: {fixed}/{total}
- Medium: {fixed}/{total}
- Low: {fixed}/{total}
### Validation
- Type Check: {status}
- Build: {status}
### Artifacts
- Audit: `dependency-scan-report.md`
- Updates: `dependency-updates-implemented.md`
Error Handling
If quality gate fails:
Rollback available: .tmp/current/changes/deps-changes.json To rollback: 1. Read changes log 2. Restore package.json and lockfile from .tmp/current/backups/ 3. Run pnpm install 4. Re-run workflow
If worker fails:
- •Report error to user
- •Suggest manual intervention
- •Exit workflow
Key Differences from Old Approach
| Old (Orchestrator Agent) | New (Inline Skill) |
|---|---|
| 9+ orchestrator calls | 0 orchestrator calls |
| ~1400 lines (cmd + agent) | ~150 lines |
| Context reload each call | Single session context |
| Plan files for each phase | Direct execution |
| ~10,000+ tokens overhead | ~500 tokens |
Worker Prompts
See references/worker-prompts.md for detailed prompts.