Update dependency update guidelines (#5007)

Author: allthedoll

src/handbook/engineering/dependency-updates.md

@@ -18,10 +18,12 @@ The triage rotation is owned by the engineering team. One engineer takes the slo
 
 Work through Dependabot PRs in this order:
 
-1. **Check for an active npm advisory or breach report on the package.** Look at the package's npm page and the GitHub advisory database before approving. If anything is open against that version, hold the PR until it clears.
-2. **Read the release notes for each bump.** Confirm there are no breaking changes that affect how we use the package. Patch and minor bumps still occasionally ship behavior changes worth knowing about.
-3. **Merge the safe, small bumps first.** Patch and minor updates with a contained diff and clean release notes go in early. Leave anything with an unusually large diff for closer review.
-4. **CI must pass before merging — no exceptions.** A red build on a dependency PR is the signal that something needs investigation, not a bypass.
+1. **Wait at least 12 hours after a version is published before merging.** Compromised or broken releases are usually flagged within that window. Merging immediately after publish removes that safety margin.
+2. **Check for an active npm advisory or breach report on the package.** Look at the package's npm page and the GitHub advisory database before approving. If anything is open against that version, hold the PR until it clears.
+3. **Read the release notes for each bump.** Confirm there are no breaking changes that affect how we use the package. Patch and minor bumps still occasionally ship behavior changes worth knowing about.
+4. **Merge the safe, small bumps first.** Patch and minor updates with a contained diff and clean release notes go in early. Leave anything with an unusually large diff for closer review.
+5. **CI must pass before merging — no exceptions.** A red build on a dependency PR is the signal that something needs investigation, not a bypass.
+6. **Check all repositories.** - Dependabot is active in all our repositiories. 
 
 ## Major version bumps
 

src/handbook/engineering/frontend/layouts.md

@@ -4,11 +4,12 @@ title: Front-End Layouts
 
 # Layouts
 
-The frontend has 4 layouts which can be found in `frontend/src/layouts`:
+The frontend has 5 layouts which can be found in `frontend/src/layouts`:
 - Platform
 - Plain
 - Page
 - Box
+- Immersive
 
 ## Layout Variants
 
@@ -30,6 +31,11 @@ The plain layout serves as a blank structure primarily used for embedded pages o
 
 Has support for alerts and dialog/modals.
 
+### Immersive 
+The immersive layout serves as the flexbox for the hosted and remoted editor instances. 
+
+Does not have support for left drawers. All drawers are shown as a layout over the expert drawer. 
+
 ### Box
 The box layout is used in the initial Setup phase and consists of a boxed layout which guides you through the required steps in configuring the Flow Fuse Application.
 

src/handbook/engineering/tools.md

@@ -19,8 +19,6 @@ When using AI tools for development, never share:
 2. Company secrets like API keys, private credentials, etc, etc.
 3. Customer code or other assets under NDA
 
-### GitHub Copilot
+### Claude Code
 
-GitHub Copilot Business is available to team members by raising an [access request issue](https://github.com/FlowFuse/admin/issues/new?template=access-request.md) and assigning it to the CTO.
-
-Alternatively, individuals can self-purchase Copilot Pro/+ and expense the cost, or qualify for free access due to their role as an Open Source maintainer.
+Claude Code is available to team members by raising an [access request issue](https://github.com/FlowFuse/admin/issues/new?template=access-request.md) and assigning it to the CTO.