diff --git a/agent-queue/docs/jobs/dependabot-triage.md b/agent-queue/docs/jobs/dependabot-triage.md
new file mode 100644
index 0000000..e374693
--- /dev/null
+++ b/agent-queue/docs/jobs/dependabot-triage.md
@@ -0,0 +1,86 @@
+---
+engine: devin
+cwd: /Users/sd9235/code/mygh/learning_ai_common_plat
+yolo: true
+lock: common-plat-dependabot
+timeout: 4h
+---
+
+ROLE: Senior platform engineer. TRIAGE the open Dependabot dependency-update PRs in
+`learning_ai_common_plat`, verify each one builds + tests green against CURRENT main,
+and MERGE only the safe ones. This is a maintenance sweep — be conservative: a green
+verify gate is the bar for merging; anything that fails, conflicts, or is a risky major
+bump gets left open with a clear note. NEVER weaken or skip a test to make a PR pass.
+
+PARALLEL-SAFETY: Other Devins may be running in this repo and in learning_ai_devops_tools
+on gigafactory `fleet` work. You touch ONLY dependency manifests + lockfile as Dependabot
+already changed them — do NOT edit application source. If a Dependabot branch conflicts
+with main on anything other than package.json / pnpm-lock.yaml, SKIP it (leave open, note
+why) rather than hand-resolving source conflicts.
+
+THE BRANCHES (each is one open PR, ahead of main by ~1 commit):
+- dependabot/npm_and_yarn/azure/cosmos-4.9.2
+- dependabot/npm_and_yarn/fastify/cors-11.2.0
+- dependabot/npm_and_yarn/happy-dom-20.8.4
+- dependabot/npm_and_yarn/jose-6.2.2
+- dependabot/npm_and_yarn/lint-staged-16.4.0
+- dependabot/npm_and_yarn/multi-6d7db9f379   (a grouped multi-package bump)
+- dependabot/npm_and_yarn/react-dom-19.2.4
+- dependabot/npm_and_yarn/stripe-20.4.1
+- dependabot/npm_and_yarn/types/node-25.5.0
+- dependabot/npm_and_yarn/typescript-eslint/parser-8.57.1
+- dependabot/github_actions/actions/checkout-6
+- dependabot/github_actions/actions/setup-node-6
+- dependabot/github_actions/actions/setup-python-6
+(Re-list with `git branch -r | grep dependabot` in case the set changed.)
+
+PER-PR PROCEDURE (do each in an ISOLATED worktree off CURRENT origin/main so the main
+checkout + other Devins are never disturbed):
+1. `git fetch origin --prune`; create a temp worktree at origin/main; merge the dependabot
+   branch into it (`--no-commit --no-ff`).
+   - If the merge touches ANY file other than package.json / pnpm-lock.yaml /
+     .github/workflows/* -> ABORT, classify SKIP (unexpected scope), note it.
+   - If it conflicts -> ABORT, classify SKIP (conflicts main), note it.
+2. Identify the bump TYPE from the version delta (semver): patch / minor / major.
+3. Run the VERIFY GATE in the merged worktree:
+   - `pnpm install --frozen-lockfile` (must succeed with the bumped lockfile)
+   - `pnpm build`
+   - `pnpm test`
+   - For react-dom: also run the dashboards' web tests if they have their own suite.
+   - GitHub-actions bumps (checkout/setup-node/setup-python): no pnpm gate; just confirm
+     the workflow YAML still parses and the action major is supported by our runners.
+4. CLASSIFY:
+   - MERGE if: scope is only manifests/lockfile/workflow, no conflicts, verify gate fully
+     green. (Patch/minor with green gate = merge. A MAJOR bump may merge ONLY if the gate
+     is green AND nothing in our code uses a removed/changed API — if unsure, HOLD.)
+   - HOLD (leave open) if: gate fails, major bump with any ambiguity, or behavioral risk
+     (e.g. stripe / jose / react-dom majors that need a human eye).
+   - SKIP if: conflicts main or touches unexpected files.
+5. To MERGE: merge the branch into main with `--no-ff` (first parent = main), message
+   `chore(deps): <package> <old> -> <new> (#<pr>)`, push origin HEAD:main, then delete the
+   dependabot branch. Re-fetch main before the NEXT PR so each builds on the latest (avoids
+   lockfile churn between merges). Do the LOW-RISK ones first (types/node, lint-staged,
+   happy-dom, the actions bumps), majors last.
+
+CONSTRAINTS: no app-source edits; never modify/skip tests; ESM repo conventions; conventional
+commits (chore(deps): ...); do not touch the gigafactory `fleet` modules; do not delete
+backup/* branches; leave the gigafactory + hermes branches alone. Stay entirely in isolated
+worktrees; clean every worktree up afterward (`git worktree remove --force` + `prune`).
+
+VERIFY GATE (per merged PR, must be green to merge):
+- pnpm install --frozen-lockfile && pnpm build && pnpm test  (no regression)
+
+FINAL OUTPUT — report in EXACTLY this format:
+## Dependency Triage Report — common-plat Dependabot
+### Summary table
+| PR / package | old -> new | bump | verify gate | decision |
+(one row per branch: MERGE / HOLD / SKIP)
+### Merged (pushed to main)
+- <package> <old->new> (#pr) — commit <sha>
+### Held open (with reason)
+- <package> — <why: failing gate / major risk / needs human>
+### Skipped (with reason)
+- <package> — <conflicts main / unexpected scope>
+### Verify gate results (build/test summary per merged PR)
+### Branches deleted
+### Anything that needs a human decision