agentic-jumpstart-dependency-management
Dependency management guidelines for Jarvy - crate selection criteria, feature flag best practices, version management, security auditing with cargo-audit and cargo-deny.
Best use case
agentic-jumpstart-dependency-management is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Dependency management guidelines for Jarvy - crate selection criteria, feature flag best practices, version management, security auditing with cargo-audit and cargo-deny.
Teams using agentic-jumpstart-dependency-management should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/agentic-jumpstart-dependency-management/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How agentic-jumpstart-dependency-management Compares
| Feature / Agent | agentic-jumpstart-dependency-management | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Dependency management guidelines for Jarvy - crate selection criteria, feature flag best practices, version management, security auditing with cargo-audit and cargo-deny.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Dependency Management Guidelines
This skill provides guidance for managing Rust dependencies in the Jarvy project.
## Dependency Selection Criteria
### Prefer Standard Library First
Before adding external crates, verify stdlib cannot handle the need:
```rust
// PREFER: stdlib for simple operations
use std::fs;
use std::path::PathBuf;
use std::process::Command;
// AVOID: Adding crates for trivial functionality
```
### Evaluation Checklist
When considering a new dependency:
1. **Necessity**: Can this be implemented in <100 lines?
2. **Maintenance**: Is the crate actively maintained?
3. **Transitive deps**: How many dependencies does it bring?
4. **Compile time**: What is the build time impact?
5. **License**: Is it compatible (MIT, Apache-2.0, BSD)?
### Reuse Existing Dependencies
| Need | Use Existing |
|------|--------------|
| JSON | `serde_json` |
| YAML | `serde_yaml` |
| TOML | `toml` |
| Error types | `thiserror` |
| HTTP | `ureq` |
| Logging | `tracing` |
| CLI args | `clap` with derive |
| Interactive prompts | `inquire` |
| Unique IDs | `uuid` v7 |
| Platform dirs | `dirs` |
## Feature Flag Best Practices
### Minimize Enabled Features
```toml
# GOOD: Explicit minimal features
clap = { version = "4.5", features = ["derive"] }
uuid = { version = "1.10", features = ["v7"] }
serde = { version = "1.0", features = ["derive"] }
ureq = { version = "3.1", features = ["json"] }
# BAD: Enabling all features
# clap = { version = "4.5", features = ["full"] }
```
### Document Non-Obvious Features
```toml
# v7 provides time-ordered UUIDs for telemetry event ordering
uuid = { version = "1.10", features = ["v7"] }
```
### Disable Default Features When Appropriate
```toml
some-crate = { version = "1.0", default-features = false, features = ["needed"] }
```
## Version Management
### Version Specification
```toml
# Standard: Allow patch and minor updates
serde = "1.0"
# Specific: Pin only when necessary
opentelemetry-otlp = "0.31.0"
```
### Update Commands
```bash
# Update all dependencies
cargo update
# Update specific dependency
cargo update -p serde
# Check for outdated dependencies
cargo outdated
```
### Lockfile Management
- **Commit `Cargo.lock`**: This is an application, not a library
- **Review lockfile changes**: Check diffs for unexpected updates
## Security Auditing
### Automated Auditing
```bash
# Install audit tools
cargo install cargo-audit
cargo install cargo-deny
# Run security advisory check
cargo audit
# Comprehensive check (security, licenses, duplicates)
cargo deny check
```
### cargo-deny Configuration
Create `deny.toml`:
```toml
[advisories]
vulnerability = "deny"
unmaintained = "warn"
yanked = "deny"
[licenses]
unlicensed = "deny"
allow = ["MIT", "Apache-2.0", "BSD-2-Clause", "BSD-3-Clause", "ISC", "Zlib"]
[bans]
multiple-versions = "warn"
wildcards = "deny"
[sources]
unknown-registry = "deny"
unknown-git = "deny"
```
### Security Workflow
1. **Pre-commit**: Run `cargo audit` locally
2. **CI Pipeline**: Run `cargo deny check` on every PR
3. **Weekly**: Automated dependency update PRs
4. **Release**: Full audit before publishing
## Adding New Dependencies
### Process
1. **Justify**: Document why needed
2. **Research**: Check alternatives and maintenance status
3. **Audit**: Run `cargo audit` after adding
4. **Minimize**: Enable only required features
5. **Test**: Verify compile time impact
### PR Template
```markdown
## New Dependency: `crate-name`
**Purpose**: [What functionality?]
**Alternatives Considered**:
- stdlib: [Why not sufficient?]
**Metrics**:
- Transitive dependencies: [count]
- Build time impact: [minimal/moderate/significant]
- Last updated: [date]
**Features Enabled**: [list and why]
```
## Build Optimization
### Current Build Configuration
```toml
[build]
rustc-wrapper = "sccache"
jobs = 16
[profile.dev]
opt-level = 1
[profile.release]
lto = "thin"
```
### Monitor Build Times
```bash
# Measure build time
cargo build --timings
# Generate HTML report
cargo build --timings=html
```
## Platform-Specific Dependencies
```toml
[target.'cfg(target_os = "macos")'.dependencies]
macos-crate = "1.0"
[target.'cfg(target_os = "windows")'.dependencies]
windows-crate = "1.0"
```
Verify cross-platform compilation:
```bash
cargo check --target x86_64-unknown-linux-gnu
cargo check --target x86_64-apple-darwin
cargo check --target x86_64-pc-windows-msvc
```
## Current Project Dependencies
### Runtime Dependencies
| Crate | Version | Purpose |
|-------|---------|---------|
| clap | 4.5.6 | CLI parsing |
| serde | 1.0.204 | Serialization |
| toml | 0.9.5 | Config parsing |
| thiserror | 2.0.16 | Error types |
| tracing | 0.1.40 | Logging |
| ureq | 3.1.2 | HTTP client |
| inquire | 0.9.1 | Interactive prompts |
| dirs | 6.0.0 | Platform directories |
| uuid | 1.10.0 | Unique IDs |
| machineid-rs | 1.2 | Machine fingerprint |
### Dev Dependencies
| Crate | Version | Purpose |
|-------|---------|---------|
| tempfile | 3.20.0 | Temp file handling |
| assert_cmd | 2.0.17 | CLI testing |
## Dependency Checklist
1. [ ] Checked if stdlib can handle the need
2. [ ] Reviewed existing dependencies for reuse
3. [ ] Minimized enabled features
4. [ ] Ran `cargo audit` after adding
5. [ ] Tested cross-platform compilation
6. [ ] Documented justification in PRRelated Skills
memory-management
Guide for managing Claude Code memory effectively. Use when setting up project memory, optimizing CLAUDE.md files, configuring rules directories, or establishing cross-session knowledge patterns. Covers memory hierarchy, best practices, and context optimization.
Library Management
User library, favorites, and reading progress
heir-sync-management
Master-Heir synchronization, contamination prevention, and promotion workflows
gradle-dependency-checker
Executes Gradle dependency check commands, retrieves and analyzes dependency trees, and extracts version information for key dependencies such as kotlin/kotlinx/skiko/androidx. Use when users need to check Gradle project dependency versions or analyze dependency relationships.
file-management-rules
Specifies file management guidelines, including including full file paths as comments, updating project structure in AI.MD, and maintaining package.json. This rule ensures organized and well-documente
dependency-upgrade
Manage major dependency version upgrades with compatibility analysis, staged rollout, and comprehensive testing. Use when upgrading framework versions, updating major dependencies, or managing brea...
database-management
Database schema design, migrations, query optimization, and ORM best practices. Use for database setup, performance tuning, and data modeling.
coffee-staff-management
Coffee Staff Management - Admin Dashboard for a coffee shop. Focus: Backend (.NET, EF Core, MediatR), Frontend (React/TypeScript, Vite), PostgreSQL schema (csm_db).
Bankr x402 SDK - Job Management
This skill should be used when the user asks about "job status", "check if request completed", "cancel request", "why is my request taking so long", "poll for result", "batch requests", "retry failed request", "request timeout", "async operations", "job lifecycle", "manual polling", or needs advanced control over SDK async operations, manual job polling, batch processing, retry logic, or job cancellation.
angular-state-management
Master modern Angular state management with Signals, NgRx, and RxJS. Use when setting up global state, managing component stores, choosing between state solutions, or migrating from legacy patterns.
agentic_architecture
Enforces high-level architectural thinking, separation of concerns, and scalability checks before coding.
agentic-structure
Collaborative programming framework for production-ready development. Use when starting features, writing code, handling security/errors, adding comments, discussing requirements, or encountering knowledge gaps. Applies to all development tasks for clear, safe, maintainable code.