A way to bulk-import notes from a YAML or JSON file would help when setting up policy on a new repo.

Currently you'd need to run git pkgs notes add in a loop for each package. Something like:

# policy.yaml
- purl: "pkg:gem/rack"
  namespace: policy
  message: "Approved for production use"
  metadata:
    status: approved
    reviewed: "2026-01-15"
- purl: "pkg:gem/some-abandoned-lib"
  namespace: policy
  message: "Deprecated, migrate to alternative"
  metadata:
    status: deprecated
    alternative: "pkg:gem/better-lib"

$ git pkgs notes import policy.yaml --namespace policy

This would make it practical to version-control package policies as a file and apply them to repos, rather than treating notes as purely imperative state.