fix(resolver): bypass cooldown for transitive deps when top-level pin exists

[LalatenduMohanty]

When a package is both a top-level exact-pinned requirement (e.g., foo==1.0) and a transitive dependency of another package (e.g., bar depends on foo>=0.9), the cooldown check was blocking the transitive resolution even though the user explicitly approved that version via the pin. This could cause version downgrades or resolution failures.

resolve_package_cooldown() now checks the dependency graph for an existing top-level exact pin before enforcing cooldown on transitive dependencies.

Closes: #1153

• PR follows CONTRIBUTING.md guidelines

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR extends the cooldown bypass logic in resolve_package_cooldown() to handle transitive dependencies that match a top-level exact pin. When resolving a non-top-level requirement, the resolver now checks the dependency graph for root-level edges with RequirementType.TOP_LEVEL and an exact == pin for the same package; if found, it bypasses cooldown by returning None. The change includes two comprehensive test cases validating both the direct bypass logic and end-to-end resolution behavior when a transitive dependency matches an already-approved top-level pin.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: bypassing cooldown for transitive dependencies when a top-level pin exists, which is the core functionality added in this PR.
Linked Issues check	✅ Passed	The PR implementation directly addresses all coding requirements from issue #1153: detecting top-level exact-pinned entries in the dependency graph and bypassing cooldown for transitive resolutions when such pins exist.
Out of Scope Changes check	✅ Passed	All changes are scoped to the cooldown bypass logic for transitive dependencies with top-level pins, plus corresponding test coverage. No extraneous modifications detected.
Description check	✅ Passed	The pull request description clearly explains the problem (cooldown blocking transitive dependencies despite top-level exact pins) and the solution (checking dependency graph for existing pins).

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rd4398]

LGTM!

[ryanpetrello]

I'm late to party on review here, but just thinking out loud.

@LalatenduMohanty @rd4398

I think it makes sense to always do this, but I'm wondering about edge cases?

  - top-level: foo==1.5, transitive: foo — bypass lets 1.5 be a candidate. Resolver picks it. Correct.
  - top-level: foo==1.5, transitive: foo>=1.0 — same thing.
  - top-level: foo==1.5, transitive: foo>=1.5 — same thing.
  - top-level: foo==1.5, transitive: foo>=2.0 — dependency conflict, cooldown is irrelevant

[smoparth]

Nit: this graph lookup (get_root_node + get_outgoing_edges) runs for every non-top-level resolution even when ctx.cooldown is None. We could add an early if ctx.cooldown is None: return None guard at the top of the function to skip both this check and the existing top-level pin check when cooldown isn't active.