chore(deps): bundle 10 Dependabot bumps (claude-agent-sdk 0.3, dotenv 17, vitest 4, ts 6, types/node 25, react 19.2.6, checkout/setup-node v6)

[rohitg00]

Summary

Closes the open Dependabot wave in one PR — saves ten merge round-trips for one effective change set.

PR	Bump	Surface	Severity
#389	@anthropic-ai/claude-agent-sdk 0.2.141 → 0.3.142 (+ @anthropic-ai/sdk, tsdown) — root minor-and-patch group	root npm	breaking on SDK semver
#356	dotenv 16.6.1 → 17.4.2	root npm	major
#357	@types/node 22 → 25.7.0	root npm	major
#358	typescript 5.9.3 → 6.0.3	root npm	major
#359	vitest 3.2.4 → 4.1.6	root npm	major
#354	@types/node 22.10.2 → 25.7.0 in /website	website npm	major
#353	typescript 5.7.2 → 6.0.3 in /website	website npm	major
#352	react, react-dom 19.2.5 → 19.2.6 — website minor-and-patch group	website npm	patch
#351	actions/checkout v4 → v6	github-actions	major
#350	actions/setup-node v4 → v6	github-actions	major

Validation

Root npm:

• npm run build — clean against TypeScript 6 + vitest 4 + claude-agent-sdk 0.3.x
• npm test — 903 / 903 pass

Website npm:

• npm run build — clean (next 16.2.6 + react 19.2.6 + ts 6 stack generates 5 static pages, finalises optimisation)

No source changes were needed for any breaking bump. The
agent-sdk 0.3.x removal of unstable_v2_createSession et al. is not on any path agentmemory exercises (we use the stable query() shape via AgentSDKProvider).

Closes

Closes #389, #356, #357, #358, #359, #354, #353, #352, #351, #350.

Plus a small README refresh

Out-of-scope but rides along since the diff lands in the same surface anyway:

• Added OpenHuman entry to the "Works with every agent" grid pointing at the recently-landed Memory-trait backend (PR tinyhumansai/openhuman#1743)
• Added pi as a native-plugin entry (we already ship integrations/pi/security.ts + the plugin file in-tree)
• Reordered the grid so native-plugin agents sit in row 1 and MCP-only / REST-only agents sit in row 2
• Sub-text on Claude Code / Codex CLI / OpenClaw / Hermes / pi unified to "native plugin"
• Counter on assets/tags/section-agents.svg moved from "16 integrations" to "15 integrations" — dropped the meta "Any agent" + "Claude SDK" cells that double-counted REST and the AgentSDKProvider path already represented by Claude Code

Test plan

• root npm run build
• root npm test (903 / 903)
• website npm run build
• CI green on PR

Summary by CodeRabbit

• Documentation

  • Updated agent compatibility table with refined capability labels and improved formatting; removed two agent rows to simplify listings

• Chores

  • Bumped CI and publishing workflow action versions
  • Upgraded core and dev dependencies (including runtime libs, TypeScript, typings, and test tooling)

• Website

  • Slight React/react-dom and toolchain dependency updates for the site

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agentmemory	Ready	Preview, Comment	May 15, 2026 10:02am

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d6d156fa-5448-4789-a224-ac0c8b5a8ae5

📥 Commits

Reviewing files that changed from the base of the PR and between 7159819 and fe0ffef.

⛔ Files ignored due to path filters (1)

• assets/agents/pi.svg is excluded by !**/*.svg

📒 Files selected for processing (1)

• README.md

✅ Files skipped from review due to trivial changes (1)

• README.md

---

📝 Walkthrough

Walkthrough

This PR bumps GitHub Actions steps to v6, revises the README agent compatibility table, and updates dependency and devtool versions in root and website package.json files.

Changes

Dependency and Documentation Updates

Layer / File(s)	Summary
GitHub Actions version upgrades .github/workflows/ci.yml, .github/workflows/publish.yml	CI and publish workflows updated to use actions/checkout@v6 and actions/setup-node@v6.
Agent compatibility documentation README.md	Updated "Works with every agent" table: standardized several agent sublabels to "native plugin + … + MCP", simplified OpenCode/Cline markup, and removed Claude SDK and Any agent (REST API) rows.
Root package dependency updates package.json	Bumped @anthropic-ai/claude-agent-sdk ^0.2.56 → ^0.3.142, dotenv ^16.4.7 → ^17.4.2; devDeps: @types/node ^22.0.0 → ^25.7.0, typescript ^5.7.0 → ^6.0.3, vitest ^3.0.0 → ^4.1.6.
Website package dependency updates website/package.json	Bumped react/react-dom ^19.2.5 → ^19.2.6; updated @types/node → ^25.7.0 and typescript → ^6.0.3.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• rohitg00/agentmemory#5: Both PRs modify README.md's agent support and capability documentation tables.

Poem

🐰 Hopping through YAML and JSON bright,

Actions upgraded to v6 tonight,
Docs polished, versions raised in cheer,
Root and website align, dependencies clear,
A rabbit's nibble of tidy code delight.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main change: bundling 10 Dependabot version bumps with specific packages listed, matching the primary objective.
Linked Issues check	✅ Passed	Code changes validate compatibility with breaking changes from claude-agent-sdk 0.3.142, sdk 0.96.0, and tsdown 0.22.0; all dependency updates align with issue #389 requirements.
Out of Scope Changes check	✅ Passed	README.md updates to agent compatibility table and logo changes are minor documentation refreshes aligned with PR objectives; all changes are within scope of the bundled dependency updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/dependabot-bundle

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

website/package.json (1)

23-26: ⚡ Quick win

Align Node runtime/type baselines before merge.

Line 23 upgrades @types/node to v25 while the package declares runtime support as engines.node: >=20. This allows Node 25-only APIs to type-check against a package that advertises Node 20 support. Additionally, Next.js 16.2.6 requires Node 20.9+, making the declared >=20 looser than the actual framework minimum.

Tighten engines.node to >=20.9.0 to align with Next.js 16 and consider whether @types/node should match your minimum runtime major version.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@website/package.json` around lines 23 - 26, Update the package.json runtime
baseline by changing the engines.node entry to ">=20.9.0" to match Next.js
16.2.6 requirements and ensure consistency with declared support, and align the
dev dependency `@types/node` to the same major runtime baseline (e.g., use a ^20.x
`@types/node` version) so type definitions don’t permit Node 25-only APIs; modify
the "engines.node" field and the "@types/node" dependency in package.json
accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@website/package.json`:
- Around line 23-26: Update the package.json runtime baseline by changing the
engines.node entry to ">=20.9.0" to match Next.js 16.2.6 requirements and ensure
consistency with declared support, and align the dev dependency `@types/node` to
the same major runtime baseline (e.g., use a ^20.x `@types/node` version) so type
definitions don’t permit Node 25-only APIs; modify the "engines.node" field and
the "@types/node" dependency in package.json accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 121e4580-bd7a-4e11-a886-5163cfe0fb72

📥 Commits

Reviewing files that changed from the base of the PR and between 8b98432 and 7159819.

⛔ Files ignored due to path filters (3)

• assets/tags/light/section-agents.svg is excluded by !**/*.svg
• assets/tags/section-agents.svg is excluded by !**/*.svg
• website/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (5)

• .github/workflows/ci.yml
• .github/workflows/publish.yml
• README.md
• package.json
• website/package.json