- Rename statuses: needs-review→Mergeable, waiting→Needs Action (gordon-code#9)
- Add Pending Rebase status group with first-priority classification (gordon-code#14)
- Remove duplicate All entries from filter popovers (gordon-code#1)
- Restyle status group headers to match RepoGroupHeader patterns (gordon-code#2)
- Add ExpandCollapseButtons for status groups (gordon-code#3)
- Add StatusDot, SizeBadge, ReviewBadge to PR rows (gordon-code#4)
- Persist expand state in viewState.dependencyExpandedGroups (gordon-code#5)
- Structured title display with package name and version arrow (gordon-code#6)
- Wire viewState.globalSort into classifiedPRs with repo tiebreaker (gordon-code#7)
- Remove count badges from status group headers (gordon-code#10)
- Unknown bot detection with one-time info notification (gordon-code#12)
- Filter out dep-tool labels (dependencies, renovate) from PR rows (gordon-code#13)

…ping (#96)

* feat(deps): adds dependency detection module and config schema

* feat(deps): adds Renovate Dashboard abandoned-section parser

* feat(deps): add dependencies tab filter schema and TabBar integration

* feat(deps): add dependencies settings section

* feat(deps): add DependenciesTab with status-based grouping and abandoned pills

* feat(deps): integrate pre-exclusivity dep PR detection into DashboardPage

* fix(deps): address review findings from Phase 4

* fix(deps): preserve stale abandoned-deps on total API failure

* fix(deps): derive DEP_FILTER_DEFAULTS from schema (STRUCT-008)

* docs: update documentation for Dependencies tab feature

* fix(deps): correct USER_GUIDE docs and clear regex cache on auth reset

* test(deps): add coverage for fetchDashboardIssueBodies, ignore/track, filter schema, and integration

* refactor(deps): removes redundant filters and slop comments

* perf(deps): removes redundant state filter in bot options memo

* fix(deps): removes dead props, adds dependencies to settings export

* fix(deps): defaults only Needs Review group expanded per plan

* fix(deps): gates pre-exclusivity on config.dependencies.enabled

* fix(deps): corrects stale comment in PersonalSummaryStrip

* fix(deps): resolves 9 quality-gate gaps

- Add e2e/dependencies.spec.ts with 4 tests: tab auto-appears, absent when
  no dep PRs, hidden when settings disabled, status groups render
- Add bot avatar (20px round) before badges in DependenciesTab PR rows
- Gate dependencyPullRequests memo with config.dependencies.enabled check
- Fix aria-controls violation: replace <Show> with CSS hidden class so
  content div stays in DOM when collapsed
- Wire Dependencies settings toggles through saveWithFeedback for saved
  indicator parity with notification toggles
- Add tests: loading skeleton, no-filter-matches empty state,
  resetAbandonedPatternCache cache clearing, equal-version semver edge case
- Update collapse tests to check hidden class instead of DOM absence

* feat(deps): resolves 12 UAT findings

- Rename statuses: needs-review→Mergeable, waiting→Needs Action (#9)
- Add Pending Rebase status group with first-priority classification (#14)
- Remove duplicate All entries from filter popovers (#1)
- Restyle status group headers to match RepoGroupHeader patterns (#2)
- Add ExpandCollapseButtons for status groups (#3)
- Add StatusDot, SizeBadge, ReviewBadge to PR rows (#4)
- Persist expand state in viewState.dependencyExpandedGroups (#5)
- Structured title display with package name and version arrow (#6)
- Wire viewState.globalSort into classifiedPRs with repo tiebreaker (#7)
- Remove count badges from status group headers (#10)
- Unknown bot detection with one-time info notification (#12)
- Filter out dep-tool labels (dependencies, renovate) from PR rows (#13)

* fix(deps): fixes unknown bot detection bugs

- Excludes authenticated user from unknown bot flagging
- Handles dependabot vs dependabot[bot] via base-name matching
- Replaces pushNotification with inline banner + Track/Dismiss buttons
- Passes userLogin prop from DashboardPage to DependenciesTab

* fix(deps): fixes header styling, title parsing, and sort

- Adds repo-header-text class to status group headers for consistent color
- Moves version info into title string (package: from → to) for visibility
- Adds Python requirement pattern (>=A to >=B) to extractVersionInfo
- Default sort clusters by repo first, then updatedAt within each repo

* refactor(deps): reuses RepoGroupHeader for status groups

Replaces custom header div+button+ChevronIcon with the existing
RepoGroupHeader component, guaranteeing identical styling.

* fix(deps): matches filter bar layout, strips commit prefixes from titles

- Matches PullRequestsTab filter bar: gap-3 compact:gap-2, shrink-0 wrapper
- Strips chore(deps)/fix(deps) prefix from all displayed titles
- Lock file maintenance → Lock file maintenance
- Pin dependencies → Pin dependencies
- Update all major dependencies → Update all major dependencies

* fix(deps): matches tracked bots with and without [bot] suffix

expandBotLogins() generates both variants — tracking 'khepri-bot'
now matches PRs from 'khepri-bot[bot]' and vice versa. Applied in
both DashboardPage (isDependencyPr) and DependenciesTab (unknown
bot banner).

* fix(deps): normalizes bot logins on write, expands on read

- handleTrackBot strips [bot] suffix before storing
- validateGitHubUser strips [bot] from input before API call
- fetchIssuesAndPullRequests runs both base and [bot] variant
  searches for tracked bots (mergeTrackedUserResults deduplicates)
- expandBotLogins still covers local matching in both memos

* feat(deps): triggers refresh after tracking a bot

onRefresh callback fires manualRefresh via the poll coordinator
so newly tracked bot PRs appear immediately.

* fix(deps): adds [bot] fallback in validateGitHubUser

Tries base login first, then auto-appends [bot] on 404. Entering
'khepri-bot' in Settings now finds the GitHub App bot automatically.
Response login normalized (strips [bot]) for consistent storage.

* fix(deps): assigns category to every PR, fixes filter passthrough

Every PR gets a DepCategory: major | minor | patch | maintenance |
other. Filter is now exact match — no more unconditional passthrough
for undetected types. Maintenance (pin, lock file) and Other (unknown
bump magnitude) are filterable options.

* feat(deps): adds pin category and label fallback for update type

- Pin dependencies is now its own filterable category
- Lock file maintenance stays as 'maintenance'
- When title parsing can't determine major/minor/patch, checks PR
  labels as fallback (Renovate/Dependabot may label PRs)
- Body parsing for Renovate tables is a future enhancement

* feat(deps): body fallback for update type, ignored visibility

- Add parseRenovateBody to parse update type from Renovate PR body table
- Fetch PR bodies on demand for dep PRs where title yields no updateType
- Merge body-derived version info (packageName, from, to, updateType) into
  classifiedPRs for richer display titles and accurate category badges
- Expand VersionInfo.updateType to include pin and digest
- Add needsBodyFallback helper to identify PRs needing body fetch
- Add fetchDepPRBodies GraphQL query in api.ts (nodes batch pattern)
- Ignored dep PRs now stay visible on Dependencies tab (exclusive
  ownership still prevents them from appearing on Pull Requests tab)
- Change empty filter message to 'No dependency PRs match your current
  filters'

* fix(deps): body version priority, category badges, IgnoreBadge

- Prefer body-derived versions over imprecise title versions (body has
  full semver, title may only have tag like v9)
- Show category badge for all types including pin and maintenance
  (previously only shown when versionInfo.updateType was set)
- Wire IgnoreBadge into Dependencies tab toolbar for unignoring dep PRs
- Exclude dep PR IDs from Pull Requests tab IgnoreBadge via depPrIds prop
- Restore ignored item filtering in Dependencies tab classifiedPRs

* fix(deps): parse all Renovate table variants for update type

- Detect table schema from header row (Package/Update/Change columns)
- Handle 3-column format (Package | Update | Change) used by some PRs
- Handle tables without Update column (Package | Change | Age | ...)
  by deriving updateType from semver comparison of version change
- Strip markdown links from header cells (e.g. [Age](url))
- Scan all cells for version arrow when no Change column exists

* feat(deps): cleans up row layout for deps tab

- Add hideAuthor, hideNumber, subtleRepo, titlePrefix props to ItemRow
- Dependencies tab: repo toned down (no pill, just monospace text),
  fixed min-width for vertical alignment of titles across rows
- Type badge moved to titlePrefix slot (between repo and title)
  with fixed min-width for column alignment
- Author name and PR number hidden (noise for dep PRs)
- Bot avatar removed (redundant when author is hidden)

* fix(deps): persists body data to dashboard cache

Body fetch effect writes updated PR data (with body field) back to
localStorage after the produce. On next page load, cached dep PRs
already have bodies for immediate version info enrichment.

* feat(deps): sorts by category priority, detects abandoned titles

- Default sort: maintenance→pin→patch→minor→major→other, then repo
  within each category group (major at bottom, easy merges at top)
- Detect Renovate ' - abandoned' title suffix as abandoned signal
  independent of Dashboard issue matching
- Strip ' - abandoned' from title before version parsing and display
- Shortened badge label from 'Abandoned dep' to 'Abandoned'

* fix(deps): fires body fetch on cache load, not just poll

Body fetch effect now tracks dependencyPullRequests() directly instead
of coordinator lastRefreshAt. This fires on both cache load (page
reload) and poll completion, so body-derived badges appear immediately
from cached data without waiting for a full poll cycle.

* fix(deps): preserves body across poll cycles

carryOverBodies merges body from existing PR objects into fresh API
data during both produce-path and full-replacement-path store updates.
Bodies no longer flash away on each 5-minute poll cycle.

* fix(deps): aligns filter dropdown order with sort order

Update type filter options now match the table sort order:
maintenance → pin → patch → minor → major → other (safest first).

* fix(deps): category sort is always primary, not just default

Category priority (maintenance→major→other) is now the primary sort
axis regardless of the user-selected globalSort. The dropdown sort
(repo, title, etc.) serves as secondary within each category group.

* fix(deps): category sort is secondary to user-selected sort

User-selected sort (repo, title, etc.) is primary. Update type
category (maintenance→major→other) is secondary within each group.
With Repo A-Z: PRs grouped by repo, then sorted by category within.

* fix: resolves rebase artifacts (missing brace, unused import)

* fix(deps): uses reactive signal for body data, not store mutation

dependencyPullRequests() returns filtered plain objects that lose
SolidJS store proxy tracking. Mutations via produce() to pr.body
never triggered classifiedPRs recomputation. Replaced with a
separate depBodies signal (Map<id, body>) passed as a prop —
reads in classifiedPRs now trigger reactivity correctly.

* feat(deps): persist parsed dep metadata to localStorage

Replaces ephemeral depBodies signal (raw body strings) with depMeta
signal (parsed VersionInfo objects) backed by localStorage. Bodies are
parsed immediately on fetch via parseRenovateBody and the result is
cached, eliminating classification jank on page refresh. Stale entries
are pruned against the current dependency PR set.

* fix(deps): address PR review findings

- Remove dead STATUS_META fields (badgeClass, defaultExpanded)
- Collapse duplicated label-scanning loops in depCategory
- Remove redundant /i regex flags on lowercased strings
- Replace badge class ternary with CATEGORY_BADGE_CLASS lookup
- Pass trackedBotLogins as prop instead of duplicate memo
- Exclude all tracked user logins from unknownBots banner
- Remove dead pr.body guard from needsBodyFallback
- Remove unused updateDependencyConfig export
- Restore hideDepDashboard toggle when dep tab is disabled
- Fix tabCounts badge/content mismatch for hidden dep dashboard issues
- Fix stale E2E comment referencing nonexistent 'Waiting' status
- Add fetchDepPRBodies unit tests (10 tests)
- Add approved+stale classifyDepStatus test
- Add hideDepDashboard filter tests (4 tests)

* docs(deps): adds dep tab screenshot

Synthetic dep PRs from dependabot[bot] and renovate[bot] across
all four status groups: mergeable, pending-rebase, needs-action,
and stale. Seeds dep-meta localStorage for version info display.

* fix(deps): adds DEP_META_STORAGE_KEY to auth mock

The DashboardPage test mock for stores/auth was missing the new
DEP_META_STORAGE_KEY export, causing onAuthCleared callback tests
to fail when accessing the constant at runtime.

* fix(e2e): increases timeout for dep tab cold-start flake

The first test in the suite hits Vite's cold-start module compilation,
causing the 5s default assertion timeout to expire before the graphql
response is processed. Waits for tablist first, then uses 10s timeout.

- Rename statuses: needs-review→Mergeable, waiting→Needs Action (gordon-code#9)
- Add Pending Rebase status group with first-priority classification (gordon-code#14)
- Remove duplicate All entries from filter popovers (gordon-code#1)
- Restyle status group headers to match RepoGroupHeader patterns (gordon-code#2)
- Add ExpandCollapseButtons for status groups (gordon-code#3)
- Add StatusDot, SizeBadge, ReviewBadge to PR rows (gordon-code#4)
- Persist expand state in viewState.dependencyExpandedGroups (gordon-code#5)
- Structured title display with package name and version arrow (gordon-code#6)
- Wire viewState.globalSort into classifiedPRs with repo tiebreaker (gordon-code#7)
- Remove count badges from status group headers (gordon-code#10)
- Unknown bot detection with one-time info notification (gordon-code#12)
- Filter out dep-tool labels (dependencies, renovate) from PR rows (gordon-code#13)

* feat(deps): adds dependency detection module and config schema

* feat(deps): add dependencies tab filter schema and TabBar integration

* feat(deps): add dependencies settings section

* feat(deps): integrate pre-exclusivity dep PR detection into DashboardPage

* fix(deps): address review findings from Phase 4

* test(deps): add coverage for fetchDashboardIssueBodies, ignore/track, filter schema, and integration

* refactor(deps): removes redundant filters and slop comments

* perf(deps): removes redundant state filter in bot options memo

* fix(deps): removes dead props, adds dependencies to settings export

* feat(deps): resolves 12 UAT findings

- Rename statuses: needs-review→Mergeable, waiting→Needs Action (#9)
- Add Pending Rebase status group with first-priority classification (#14)
- Remove duplicate All entries from filter popovers (#1)
- Restyle status group headers to match RepoGroupHeader patterns (#2)
- Add ExpandCollapseButtons for status groups (#3)
- Add StatusDot, SizeBadge, ReviewBadge to PR rows (#4)
- Persist expand state in viewState.dependencyExpandedGroups (#5)
- Structured title display with package name and version arrow (#6)
- Wire viewState.globalSort into classifiedPRs with repo tiebreaker (#7)
- Remove count badges from status group headers (#10)
- Unknown bot detection with one-time info notification (#12)
- Filter out dep-tool labels (dependencies, renovate) from PR rows (#13)

* fix(deps): fixes unknown bot detection bugs

- Excludes authenticated user from unknown bot flagging
- Handles dependabot vs dependabot[bot] via base-name matching
- Replaces pushNotification with inline banner + Track/Dismiss buttons
- Passes userLogin prop from DashboardPage to DependenciesTab

* fix(deps): fixes header styling, title parsing, and sort

- Adds repo-header-text class to status group headers for consistent color
- Moves version info into title string (package: from → to) for visibility
- Adds Python requirement pattern (>=A to >=B) to extractVersionInfo
- Default sort clusters by repo first, then updatedAt within each repo

* fix(deps): matches tracked bots with and without [bot] suffix

expandBotLogins() generates both variants — tracking 'khepri-bot'
now matches PRs from 'khepri-bot[bot]' and vice versa. Applied in
both DashboardPage (isDependencyPr) and DependenciesTab (unknown
bot banner).

* feat(deps): triggers refresh after tracking a bot

onRefresh callback fires manualRefresh via the poll coordinator
so newly tracked bot PRs appear immediately.

* feat(deps): body fallback for update type, ignored visibility

- Add parseRenovateBody to parse update type from Renovate PR body table
- Fetch PR bodies on demand for dep PRs where title yields no updateType
- Merge body-derived version info (packageName, from, to, updateType) into
  classifiedPRs for richer display titles and accurate category badges
- Expand VersionInfo.updateType to include pin and digest
- Add needsBodyFallback helper to identify PRs needing body fetch
- Add fetchDepPRBodies GraphQL query in api.ts (nodes batch pattern)
- Ignored dep PRs now stay visible on Dependencies tab (exclusive
  ownership still prevents them from appearing on Pull Requests tab)
- Change empty filter message to 'No dependency PRs match your current
  filters'

* fix(deps): body version priority, category badges, IgnoreBadge

- Prefer body-derived versions over imprecise title versions (body has
  full semver, title may only have tag like v9)
- Show category badge for all types including pin and maintenance
  (previously only shown when versionInfo.updateType was set)
- Wire IgnoreBadge into Dependencies tab toolbar for unignoring dep PRs
- Exclude dep PR IDs from Pull Requests tab IgnoreBadge via depPrIds prop
- Restore ignored item filtering in Dependencies tab classifiedPRs

* fix(deps): preserves body across poll cycles

carryOverBodies merges body from existing PR objects into fresh API
data during both produce-path and full-replacement-path store updates.
Bodies no longer flash away on each 5-minute poll cycle.

* fix(deps): category sort is always primary, not just default

Category priority (maintenance→major→other) is now the primary sort
axis regardless of the user-selected globalSort. The dropdown sort
(repo, title, etc.) serves as secondary within each category group.

* fix: resolves rebase artifacts (missing brace, unused import)

* fix(deps): uses reactive signal for body data, not store mutation

dependencyPullRequests() returns filtered plain objects that lose
SolidJS store proxy tracking. Mutations via produce() to pr.body
never triggered classifiedPRs recomputation. Replaced with a
separate depBodies signal (Map<id, body>) passed as a prop —
reads in classifiedPRs now trigger reactivity correctly.

* feat(deps): persist parsed dep metadata to localStorage

Replaces ephemeral depBodies signal (raw body strings) with depMeta
signal (parsed VersionInfo objects) backed by localStorage. Bodies are
parsed immediately on fetch via parseRenovateBody and the result is
cached, eliminating classification jank on page refresh. Stale entries
are pruned against the current dependency PR set.

* fix(deps): address PR review findings

- Remove dead STATUS_META fields (badgeClass, defaultExpanded)
- Collapse duplicated label-scanning loops in depCategory
- Remove redundant /i regex flags on lowercased strings
- Replace badge class ternary with CATEGORY_BADGE_CLASS lookup
- Pass trackedBotLogins as prop instead of duplicate memo
- Exclude all tracked user logins from unknownBots banner
- Remove dead pr.body guard from needsBodyFallback
- Remove unused updateDependencyConfig export
- Restore hideDepDashboard toggle when dep tab is disabled
- Fix tabCounts badge/content mismatch for hidden dep dashboard issues
- Fix stale E2E comment referencing nonexistent 'Waiting' status
- Add fetchDepPRBodies unit tests (10 tests)
- Add approved+stale classifyDepStatus test
- Add hideDepDashboard filter tests (4 tests)

* fix(deps): fixes post-deploy dependency tab issues

- Includes offending login in Invalid userLogin error message
- Strips Python version specifiers (==, >=, ~=) from parsed versions
- Constrains repo badge width to prevent layout overflow on long names
- Removes sort dropdown from Dependencies tab, uses fixed repo+category sort

* fix(deps): migrates tracked user logins to strip [bot] suffix

Pre-migration data stores logins like 'khepri-bot[bot]'. The bot
variant search appends [bot] again, creating 'khepri-bot[bot][bot]'
which fails VALID_TRACKED_LOGIN and surfaces as an Invalid userLogin
toast on every poll cycle.

* fix(deps): constrains compact-mode repo badge width for long names

The previous fix only applied to comfortable mode. Compact mode also
has shrink-0 + min-w-[9.5rem] with no max-width, so long repo names
like rosa-eng-inventory-dashboard break column alignment.

* fix(deps): uses inline-block for subtleRepo badge truncation

text-overflow: ellipsis only works on block containers, not inline-flex.
Switches subtleRepo badge to inline-block with align-middle so truncate
actually produces an ellipsis on long repo names.

* fix(deps): uses inline style for repo badge max-width

Tailwind v4 was not generating CSS for max-w-[14rem]/max-w-[16rem]
arbitrary values. Uses inline style for max-width to ensure the
constraint is applied regardless of Tailwind CSS scanning.

* fix(deps): replaces inline styles with Tailwind max-w classes

Tailwind v4 does generate max-w-[16rem]/max-w-[14rem] correctly.
The earlier issue was inline-flex + truncate incompatibility, not
CSS generation. Reverts to pure Tailwind classes (no inline styles).

* fix(deps): shows short repo name in comfortable subtleRepo mode

Full owner/repo names wasted horizontal space and broke column
alignment. Comfortable mode with subtleRepo now shows the short
name (repo only, no org prefix) matching compact mode behavior.
Full name remains accessible via title tooltip on hover.

* fix(deps): uses fixed-width repo badge column for consistent alignment

Variable min-w/max-w caused each badge to size to its content,
so category badges and titles started at different x-positions
per row. Fixed w-[14rem] ensures consistent column alignment.

* fix(deps): narrows repo badge column to 11rem for tighter layout

* fix(deps): narrows compact repo badge column to 9rem

* fix(deps): tighten title pattern and address PR review findings

- DEP_TITLE_PATTERN requires bot action words after conventional commit
  prefix, preventing false positives on human fix(deps) PRs
- Reset _fetchingDepBodies on auth clear to prevent stale lock
- Replace inline regex with stripVersionSpecifier() (DRY)
- Align USER_GUIDE status groups with code's 4-status model
- Add tests for hideDepDashboard, depPrIds filtering, == specifier

* fix(deps): restores missing prop and test after rebase