From cfad1366b53bc404444e4556a074d4d85ffc4889 Mon Sep 17 00:00:00 2001
From: Test User <john.david.dalton@gmail.com>
Date: Fri, 3 Apr 2026 14:50:40 -0400
Subject: [PATCH 1/3] chore(ci): add GPG commit signing to weekly-update
 workflow

---
 .github/workflows/weekly-update.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/weekly-update.yml b/.github/workflows/weekly-update.yml
index 9ce55f2..a205490 100644
--- a/.github/workflows/weekly-update.yml
+++ b/.github/workflows/weekly-update.yml
@@ -59,12 +59,14 @@ jobs:
           GH_TOKEN: ${{ github.token }}
         run: |
           BRANCH_NAME="weekly-update-$(date +%Y%m%d)"
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
           git remote set-url origin "https://x-access-token:${GH_TOKEN}@github.com/${{ github.repository }}.git"
           git checkout -b "$BRANCH_NAME"
           echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT
 
+      - uses: SocketDev/socket-registry/.github/actions/setup-git-signing@6096b06b1790f411714c89c40f72aade2eeaab7c # main
+        with:
+          gpg-private-key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}
+
       - name: Run updating skill with Claude Code
         id: claude
         timeout-minutes: 30
@@ -157,6 +159,9 @@ jobs:
           path: claude-output.log
           retention-days: 7
 
+      - uses: SocketDev/socket-registry/.github/actions/cleanup-git-signing@6096b06b1790f411714c89c40f72aade2eeaab7c # main
+        if: always()
+
   notify:
     name: Notify results
     needs: [check-updates, apply-updates]

From 95256a31a82fd60b81a8a4a19bea89664ff879d8 Mon Sep 17 00:00:00 2001
From: Test User <john.david.dalton@gmail.com>
Date: Fri, 3 Apr 2026 15:16:19 -0400
Subject: [PATCH 2/3] chore(ci): improve Claude prompt structure in
 weekly-update

---
 .github/workflows/weekly-update.yml | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/weekly-update.yml b/.github/workflows/weekly-update.yml
index a205490..d804d94 100644
--- a/.github/workflows/weekly-update.yml
+++ b/.github/workflows/weekly-update.yml
@@ -85,7 +85,28 @@ jobs:
           set +e
           claude --print --dangerously-skip-permissions \
             --model sonnet \
-            "/updating - Run the updating skill to update all dependencies. Create atomic commits for each update. You are running in CI mode - skip builds and tests. Do not push or create a PR." \
+            "$(cat <<'PROMPT'
+          /updating
+
+          <context>
+          You are an automated CI agent in a weekly dependency update workflow.
+          Git is configured with GPG signing. A branch has been created for you.
+          </context>
+
+          <instructions>
+          Update all dependencies to their latest versions.
+          Create one atomic commit per dependency update with a conventional commit message.
+          Leave all changes local — the workflow handles pushing and PR creation.
+          Skip running builds, tests, and type checks — CI runs those separately.
+          </instructions>
+
+          <success_criteria>
+          Each updated dependency has its own commit.
+          The lockfile is consistent with package.json changes.
+          No uncommitted changes remain in the working tree.
+          </success_criteria>
+          PROMPT
+          )" \
             2>&1 | tee claude-output.log
           CLAUDE_EXIT=${PIPESTATUS[0]}
           set -e

From 13813f86bb9ed9e6c8d77f3b75ded7f5eddd2345 Mon Sep 17 00:00:00 2001
From: Test User <john.david.dalton@gmail.com>
Date: Fri, 3 Apr 2026 23:00:22 -0400
Subject: [PATCH 3/3] chore(ci): simplify Claude prompt to just invoke
 /updating skill

---
 .github/workflows/weekly-update.yml | 23 +----------------------
 1 file changed, 1 insertion(+), 22 deletions(-)

diff --git a/.github/workflows/weekly-update.yml b/.github/workflows/weekly-update.yml
index d804d94..9dcc87a 100644
--- a/.github/workflows/weekly-update.yml
+++ b/.github/workflows/weekly-update.yml
@@ -85,28 +85,7 @@ jobs:
           set +e
           claude --print --dangerously-skip-permissions \
             --model sonnet \
-            "$(cat <<'PROMPT'
-          /updating
-
-          <context>
-          You are an automated CI agent in a weekly dependency update workflow.
-          Git is configured with GPG signing. A branch has been created for you.
-          </context>
-
-          <instructions>
-          Update all dependencies to their latest versions.
-          Create one atomic commit per dependency update with a conventional commit message.
-          Leave all changes local — the workflow handles pushing and PR creation.
-          Skip running builds, tests, and type checks — CI runs those separately.
-          </instructions>
-
-          <success_criteria>
-          Each updated dependency has its own commit.
-          The lockfile is consistent with package.json changes.
-          No uncommitted changes remain in the working tree.
-          </success_criteria>
-          PROMPT
-          )" \
+            "/updating" \
             2>&1 | tee claude-output.log
           CLAUDE_EXIT=${PIPESTATUS[0]}
           set -e