ci(deps): add dependency health workflow

.github/workflows/dependency-health.yml

@@ -0,0 +1,58 @@
+name: Dependency Health — NoteLett
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "21 9 * * 1"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  dependency-health:
+    name: Dependency health report
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Checkout common-plat (for @bytelyst/* packages)
+        uses: actions/checkout@v4
+        with:
+          repository: saravanakumardb1/learning_ai_common_plat
+          path: learning_ai_common_plat
+          token: ${{ secrets.GH_PAT }}
+
+      - name: Link common-platform workspace path
+        run: |
+          mkdir -p ../learning_ai
+          ln -sfn "$GITHUB_WORKSPACE/learning_ai_common_plat" ../learning_ai/learning_ai_common_plat
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+          cache-dependency-path: pnpm-lock.yaml
+
+      - name: Enable pnpm
+        run: corepack enable
+
+      - name: Build @bytelyst/* packages
+        working-directory: learning_ai_common_plat
+        run: |
+          pnpm install --frozen-lockfile
+          pnpm build
+
+      - name: Install workspace dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run dependency health script
+        run: bash scripts/dependency-health.sh | tee dependency-health-report.txt
+
+      - name: Upload dependency health report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: dependency-health-report
+          path: dependency-health-report.txt
+          if-no-files-found: error

package.json

@@ -9,6 +9,7 @@
     "smoke:local": "bash scripts/local-smoke.sh",
     "smoke:compose": "bash scripts/compose-smoke.sh",
     "audit:release-guards": "bash scripts/release-guard-audit.sh",
+    "dependency:health": "bash scripts/dependency-health.sh",
     "verify": "pnpm run typecheck && pnpm run test && pnpm run build",
     "prepare": "husky"
   },

scripts/dependency-health.sh

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+# Dependency health report for NoteLett and common-platform package compatibility.
+
+set -euo pipefail
+
+ROOT="$(git rev-parse --show-toplevel)"
+cd "$ROOT"
+
+echo "=== Runtime ==="
+node --version
+pnpm --version
+
+echo ""
+echo "=== Key dependency versions ==="
+node <<'NODE'
+const fs = require('fs');
+const packages = [
+  ['root', 'package.json'],
+  ['backend', 'backend/package.json'],
+  ['web', 'web/package.json'],
+  ['mobile', 'mobile/package.json'],
+];
+const keys = [
+  '@bytelyst/api-client',
+  '@bytelyst/auth-client',
+  '@bytelyst/datastore',
+  '@bytelyst/fastify-core',
+  '@bytelyst/llm',
+  '@bytelyst/platform-client',
+  '@bytelyst/react-auth',
+  '@playwright/test',
+  'expo',
+  'fastify',
+  'next',
+  'react',
+  'react-native',
+  'vitest',
+];
+for (const [label, file] of packages) {
+  const pkg = JSON.parse(fs.readFileSync(file, 'utf8'));
+  const deps = { ...(pkg.dependencies || {}), ...(pkg.devDependencies || {}) };
+  console.log(`[${label}]`);
+  for (const key of keys) {
+    if (deps[key]) console.log(`${key}=${deps[key]}`);
+  }
+}
+NODE
+
+echo ""
+echo "=== TypeScript compatibility sweep ==="
+pnpm run typecheck
+
+echo ""
+echo "=== Outdated dependency report (non-blocking) ==="
+pnpm outdated -r --long || true
+
+echo ""
+echo "Dependency health check completed."