Dependency Governance¶
Dependency governance reduces hidden upgrade risk in maintainer tooling and preserves predictable gate behavior.
Visual Summary¶
flowchart TD
change[dependency change] --> assess[assess scope and risk]
assess --> verify[run suites and diagnostics]
verify --> document[document rationale]
document --> monitor[monitor regressions]Rules¶
- prefer minimal dependencies with clear ownership rationale
- review transitive impact on command outputs and test behavior
- pin or constrain versions for compatibility-sensitive tooling
- require evidence updates when dependency changes affect policy surfaces
High-Risk Triggers¶
- serialization or schema dependencies used in evidence outputs
- tooling dependencies that change shell/process behavior
- dependencies used by release and documentation pipelines
Code Anchors¶
crates/bijux-dev/Cargo.tomlcrates/bijux-dev/src/tooling/crates/bijux-dev/src/commands/shared_io.rs