diff --git a/src/handbook/engineering/dependency-updates.md b/src/handbook/engineering/dependency-updates.md index 2b576df8fd..4b4b475568 100644 --- a/src/handbook/engineering/dependency-updates.md +++ b/src/handbook/engineering/dependency-updates.md @@ -18,10 +18,12 @@ The triage rotation is owned by the engineering team. One engineer takes the slo Work through Dependabot PRs in this order: -1. **Check for an active npm advisory or breach report on the package.** Look at the package's npm page and the GitHub advisory database before approving. If anything is open against that version, hold the PR until it clears. -2. **Read the release notes for each bump.** Confirm there are no breaking changes that affect how we use the package. Patch and minor bumps still occasionally ship behavior changes worth knowing about. -3. **Merge the safe, small bumps first.** Patch and minor updates with a contained diff and clean release notes go in early. Leave anything with an unusually large diff for closer review. -4. **CI must pass before merging — no exceptions.** A red build on a dependency PR is the signal that something needs investigation, not a bypass. +1. **Wait at least 12 hours after a version is published before merging.** Compromised or broken releases are usually flagged within that window. Merging immediately after publish removes that safety margin. +2. **Check for an active npm advisory or breach report on the package.** Look at the package's npm page and the GitHub advisory database before approving. If anything is open against that version, hold the PR until it clears. +3. **Read the release notes for each bump.** Confirm there are no breaking changes that affect how we use the package. Patch and minor bumps still occasionally ship behavior changes worth knowing about. +4. **Merge the safe, small bumps first.** Patch and minor updates with a contained diff and clean release notes go in early. Leave anything with an unusually large diff for closer review. +5. **CI must pass before merging — no exceptions.** A red build on a dependency PR is the signal that something needs investigation, not a bypass. +6. **Check all repositories.** - Dependabot is active in all our repositiories. ## Major version bumps diff --git a/src/handbook/engineering/frontend/layouts.md b/src/handbook/engineering/frontend/layouts.md index 5424e22fe1..0afbf3305c 100644 --- a/src/handbook/engineering/frontend/layouts.md +++ b/src/handbook/engineering/frontend/layouts.md @@ -4,11 +4,12 @@ title: Front-End Layouts # Layouts -The frontend has 4 layouts which can be found in `frontend/src/layouts`: +The frontend has 5 layouts which can be found in `frontend/src/layouts`: - Platform - Plain - Page - Box +- Immersive ## Layout Variants @@ -30,6 +31,11 @@ The plain layout serves as a blank structure primarily used for embedded pages o Has support for alerts and dialog/modals. +### Immersive +The immersive layout serves as the flexbox for the hosted and remoted editor instances. + +Does not have support for left drawers. All drawers are shown as a layout over the expert drawer. + ### Box The box layout is used in the initial Setup phase and consists of a boxed layout which guides you through the required steps in configuring the Flow Fuse Application. diff --git a/src/handbook/engineering/tools.md b/src/handbook/engineering/tools.md index daaca30fbb..4f60a750a2 100644 --- a/src/handbook/engineering/tools.md +++ b/src/handbook/engineering/tools.md @@ -19,8 +19,6 @@ When using AI tools for development, never share: 2. Company secrets like API keys, private credentials, etc, etc. 3. Customer code or other assets under NDA -### GitHub Copilot +### Claude Code -GitHub Copilot Business is available to team members by raising an [access request issue](https://github.com/FlowFuse/admin/issues/new?template=access-request.md) and assigning it to the CTO. - -Alternatively, individuals can self-purchase Copilot Pro/+ and expense the cost, or qualify for free access due to their role as an Open Source maintainer. +Claude Code is available to team members by raising an [access request issue](https://github.com/FlowFuse/admin/issues/new?template=access-request.md) and assigning it to the CTO.