chore(deps): bump @sourcegraph/amp-sdk from 0.1.0-20260312122132-g783443e to 0.1.0-20260323082839-g076cc37

[dependabot]

Bumps @sourcegraph/amp-sdk from 0.1.0-20260312122132-g783443e to 0.1.0-20260323082839-g076cc37.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[github-actions]

Issue Linking Reminder

This PR doesn't appear to have a linked issue. Consider linking to:

• This repo: Closes #123
• ralph-ideas: Closes multivmlabs/ralph-ideas#123

Using Closes, Fixes, or Resolves will auto-close the issue when this PR is merged.

---

If this PR doesn't need an issue, you can ignore this message.

[github-actions]

✔️ Bundle Size Analysis

Metric	Value
Base	2638.70 KB
PR	2638.70 KB
Diff	0 KB (0%)

Bundle breakdown

156K	dist/auth
80K	dist/automation
4.0K	dist/cli.d.ts
4.0K	dist/cli.d.ts.map
20K	dist/cli.js
12K	dist/cli.js.map
584K	dist/commands
28K	dist/config
4.0K	dist/index.d.ts
4.0K	dist/index.d.ts.map
4.0K	dist/index.js
4.0K	dist/index.js.map
896K	dist/integrations
100K	dist/llm
1.2M	dist/loop
188K	dist/mcp
60K	dist/presets
92K	dist/setup
40K	dist/skills
392K	dist/sources
76K	dist/ui
144K	dist/utils
336K	dist/wizard

[greptile-apps]

Greptile Summary

This PR is a routine Dependabot version bump of the optional @sourcegraph/amp-sdk dependency from 0.1.0-20260312122132-g783443e to 0.1.0-20260323082839-g076cc37. No application logic is touched.

The most notable aspect of this update is a significant reduction in the transitive dependency tree: the new SDK version no longer depends on @sourcegraph/amp or @napi-rs/keyring, eliminating 14 packages (the keyring package itself plus 13 platform-specific native binaries for macOS, Linux, Windows, and FreeBSD). The only remaining dependency of the SDK is zod, which is already a direct project dependency.

• package.json: Single version string update in optionalDependencies.
• pnpm-lock.yaml: Version references updated and all @napi-rs/keyring* and @sourcegraph/amp entries removed.

Confidence Score: 5/5

• Safe to merge — automated version bump with no logic changes and a net reduction in native binary dependencies.
• This is a single optional dependency bump generated by Dependabot. The new version simplifies the dependency graph by dropping @sourcegraph/amp and the entire @napi-rs/keyring native binary family. There are no code changes, no API surface changes visible in this repo, and the affected package is marked optional, meaning its absence or breakage cannot block the main application.
• No files require special attention.

Important Files Changed

Filename	Overview
package.json	Version bump of optional dependency @sourcegraph/amp-sdk from 0.1.0-20260312122132-g783443e to 0.1.0-20260323082839-g076cc37; no structural changes.
pnpm-lock.yaml	Lock file updated to reflect the new SDK version and the removal of the now-unused transitive dependencies: @sourcegraph/amp and the full @napi-rs/keyring platform-specific binary set (13 packages).

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["@sourcegraph/amp-sdk\n(before: 0.1.0-20260312122132)"] --> B["@sourcegraph/amp\n0.0.1773345908-g7c6c67"]
    B --> C["@napi-rs/keyring 1.1.9"]
    C --> D["13 platform-specific binaries\n(darwin, linux, win32, freebsd)"]
    A --> E["zod"]

    A2["@sourcegraph/amp-sdk\n(after: 0.1.0-20260323082839)"] --> E2["zod"]

    style A fill:#f9c,stroke:#c66
    style B fill:#f9c,stroke:#c66
    style C fill:#f9c,stroke:#c66
    style D fill:#f9c,stroke:#c66
    style A2 fill:#cfc,stroke:#6c6
    style E2 fill:#cfc,stroke:#6c6

Loading

_{Reviews (1): Last reviewed commit: "chore(deps): bump @sourcegraph/amp-sdk" | Re-trigger Greptile}

[claude]

LGTM — straightforward Dependabot version bump of an optional dependency with no logic changes.

Extended reasoning...

Overview

This PR bumps @sourcegraph/amp-sdk (an optionalDependency) from 0.1.0-20260312122132-g783443e to 0.1.0-20260323082839-g076cc37 in package.json and pnpm-lock.yaml. The only code changes are version strings and the corresponding lockfile snapshot.

Security Risks

None identified. The package is declared as optional, limiting blast radius. The new version actually reduces the transitive dependency tree by dropping @sourcegraph/amp and @napi-rs/keyring (and all its platform-specific binaries), which removes native keyring access — a net reduction in attack surface.

Level of Scrutiny

Low. This is a mechanical Dependabot bump of a pre-release, optional dependency. No application logic, configuration, or critical paths are touched.

Other Factors

No bugs were reported by the automated bug hunting system. No outstanding reviewer comments. The change is self-contained and easily reversible.