chore: move ccw-skill-hub to standalone repository

Migrated ccw-skill-hub to D:/ccw-skill-hub as independent git project. Removed nested git repos (ccw/frontend/ccw-skill-hub, skill-hub-repo, skill-hub-temp).
2026-02-28 09:23:08 +08:00 · 2026-02-24 11:57:26 +08:00
parent 6f0bbe84ea
commit 61e313a0c1
35 changed files with 3189 additions and 362 deletions
--- a/codex-lens/DEPENDENCIES.md
+++ b/codex-lens/DEPENDENCIES.md
@@ -0,0 +1,38 @@
+# Dependency Management
+
+This project uses setuptools with `pyproject.toml` for dependency management.
+
+## Locking Dependencies
+
+To generate a fully pinned `requirements.txt` from `requirements.in`:
+
+```bash
+# Install pip-tools
+pip install pip-tools
+
+# Compile requirements
+pip-compile requirements.in --output-file=requirements.txt
+
+# To upgrade dependencies
+pip-compile --upgrade requirements.in --output-file=requirements.txt
+```
+
+## Version Constraints
+
+This project uses **pessimistic versioning** (`~=`) for dependency specifications per PEP 440:
+
+- `typer~=0.9.0` means: `>=0.9.0, ==0.9.*`
+- Allows bugfix updates (0.9.0, 0.9.1, 0.9.2) but not feature/minor updates (0.10.0)
+
+This provides stability while allowing automatic patch updates.
+
+## Security Scanning
+
+The project includes automated security scanning via GitHub Actions:
+- Runs on every push to main branch
+- Runs weekly (Sundays at 00:00 UTC)
+- Can be triggered manually
+
+The scan uses:
+- `pip-audit`: Checks for known vulnerabilities in dependencies
+- `bandit`: Security linter for Python code