## Summary
- Deflake setup-flow E2E by clearing the fake OPENAI_API_KEY when a test
explicitly wants the setup screen.
- Update custom provider key setup to wait for the saved masked key UI
instead of the raw secret text.
- Wait for Smart Context settings persistence and give cloud sandbox
undo enough time to finish snapshot reconciliation.

## Root cause
Run: https://github.com/dyad-sh/dyad/actions/runs/25189808932

The red setup-flow failure was caused by two test assumptions drifting
from app behavior. The setup-screen fixture could inherit OPENAI_API_KEY
from an earlier test in the same worker, causing the setup banner to
disappear. The provider helper also waited for the full raw test API
key, while the app now saves and renders the key masked as test...2345.

Two retry-only flakes were separate E2E timing contracts: the Smart
Context test sent the next dump prompt before the off setting was
persisted, and cloud sandbox undo could still be syncing/restarting when
the digest poll hit the LONG timeout.

## Why this fix is correct
- Tests that opt into showSetupScreen now get an environment without the
fake OpenAI key, matching the setup-screen contract.
- The provider helper waits for the persisted saved-key state the UI
actually exposes, without asserting raw secret text.
- The Smart Context test waits on the settings file before sending the
prompt that depends on it.
- Cloud sandbox undo already uses EXTRA_LONG for preview startup;
applying the same budget to undo reconciliation matches the slower cloud
path seen in CI.

## Test plan
- npm run fmt && npm run lint:fix && npm run ts
- npm test
- PYTHON=/usr/bin/python3 npm run build
- PLAYWRIGHT_HTML_OPEN=never npm run e2e -- e2e-tests/setup_flow.spec.ts
- PLAYWRIGHT_HTML_OPEN=never npm run e2e --
e2e-tests/context_manage.spec.ts e2e-tests/cloud_sandbox.spec.ts

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>

## Summary
- Deflake CI E2E failures from
https://github.com/dyad-sh/dyad/actions/runs/25126503338.
- Await streamed token-usage persistence before token-count invalidation
so the context-limit banner sees the real max token usage.
- Harden E2E helpers around GitHub sync completion, already-applied
proposals, queued Lexical submissions, visual-save button re-renders,
and Windows line endings.
- Update the component-tagger upgrade snapshot from 0.8.0 to 0.9.0.

## Root Cause
The failing run had several independent races and one stale snapshot:
- The context-limit banner could refetch token counts before the
assistant message's max token usage had been saved, leaving
actualMaxTokens null after a high-token stream.
- GitHub assertions snapshotted the connected-repo panel while the sync
button was still in its transient Syncing state.
- Some E2E helpers used one-shot Lexical fills/clicks where Playwright
can act during React or DOM replacement windows.
- The code-editor assertion compared raw file contents, which fails on
Windows CRLF output.
- The select-component upgrade snapshot still expected the older
component tagger version.

## Why This Fix Is Correct
- Awaiting the existing max-token update makes the later chat/token
invalidations observe the persisted usage instead of racing it.
- GitHub sync waits now use the stable connected-repo panel state:
Syncing hidden, Sync to GitHub enabled, and the panel-local success text
visible.
- Queued-message and visual-save actions now retry the exact UI contract
the tests require: the queued row appears or the save button is visible,
enabled, and clickable.
- The editor test normalizes only line endings, preserving the
file-content assertion while making it platform-independent.

## Test Plan
- npm run fmt && npm run lint:fix && npm run ts
- PYTHON=/usr/bin/python3 npm run build
- PLAYWRIGHT_HTML_OPEN=never npm run e2e --
e2e-tests/select_component.spec.ts --update-snapshots
- PLAYWRIGHT_HTML_OPEN=never npm run e2e --
e2e-tests/context_limit_banner.spec.ts e2e-tests/debugging_logs.spec.ts
e2e-tests/edit_code.spec.ts e2e-tests/github.spec.ts
e2e-tests/queued_message.spec.ts e2e-tests/visual_editing.spec.ts
- First run: 21 passed, 6 GitHub helper strict-mode failures due
duplicate success toast text.
- PLAYWRIGHT_HTML_OPEN=never npm run e2e -- e2e-tests/github.spec.ts
- npm test

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3311"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3302"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

A few notes:
- The fallback rule (i.e. if `search_replace` fails twice, use
`write_file` instead) is included.
- I also included instructions to use multiple `search_replace` calls
for moderately large edits with distinct sections. My general
observation has been that often models tend to lean towards using
`write_file` rather than `search_replace` when it's ambiguous, so I
_think_ it should be okay to nudge them towards `search_replace` a
little bit more. Please correct me if I'm wrong about this.
- Gemini pointed out that this can lead to a race condition if two
`search_replace` calls run simultaneously on the same file. I've added
locks to `search_replace` and `write_file` to account for this just in
case.
- Another option would be to extend `search_replace` to account for
multiple changes so they can get batched, but this would be a larger
change.
- I have not changed the basic agent. I can do that if desired.
- I did do some testing to check that models can still manage with the
change of prompt. I haven't noticed any issues.

The following snapshots/fixtures have been updated:
- src/\_\_tests\_\_/\_\_snapshots\_\_/local_agent_prompt.test.ts.snap
-
e2e-tests/snapshots/local_agent_basic.spec.ts_local-agent---dump-request-1.txt
-
e2e-tests/snapshots/local_agent_basic.spec.ts_local-agent---read-then-edit-1.aria.yml
- e2e-tests/snapshots/local_agent_basic.spec.ts_after-edit.txt
-
e2e-tests/snapshots/local_agent_advanced.spec.ts_local-agent---mention-apps-1.txt
-
e2e-tests/snapshots/local_agent_auto.spec.ts_local-agent---auto-model-1.txt
- e2e-tests/fixtures/engine/local-agent/read-then-edit.ts

Which affect the following tests:
- src/\_\_tests\_\_/local_agent_prompt.test.ts
- e2e-tests/local_agent_basic.spec.ts
- e2e-tests/local_agent_auto.spec.ts
- e2e-tests/local_agent_summarize.spec.ts
- e2e-tests/local_agent_advanced.spec.ts

These tests appear to pass.

This PR would also leave a lot of unused code related to `edit_file`,
which might be worth removing (not sure whether to do this).

## Summary
- Adds a `previewIdleTimeoutPolicy` enum setting (`"default"` |
`"never"`) that controls the 10-minute idle GC for app previews.
- When set to `"never"`, the idle GC is skipped so previews stay warm
across app switches (more memory, faster preview loads).
- Exposes a new toggle in Workflow Settings: **Keep app previews running
forever** (disabled by default).

## Test plan
- [ ] Leave the toggle off: open an app preview, switch to another app,
wait 10+ minutes — original preview should be stopped as before.
- [ ] Turn the toggle on: do the same — the original preview should keep
running after the idle window.
- [ ] Toggling off should restore GC on the next minute-interval.
- [x] All existing unit tests pass (snapshots updated).
- [x] Lint + typecheck pass.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3273"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

## Summary

- Avoid sending a fallback temperature of 0 for custom models unless the
custom model has an explicit temperature configured.
- Add unit coverage for custom-model temperature handling and non-custom
fallback behavior.
- Document that new git worktrees need their own npm install before
development.

## Tests

- Not run in this metadata-only update; existing PR changes add Vitest
coverage in src/__tests__/token_utils.test.ts.

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3301"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Add a Codex PR Review workflow modeled after Keppo's trusted context
and validated findings pipeline.
- Add Codex auth/run helpers, PR review context builders, validators,
and inline-comment posting scripts.
- Document the new workflow in the GitHub workflows overview.

## Test plan
- node --check for new PR review scripts
- bash -n for new Codex shell helpers
- Ruby YAML parse for .github/workflows/codex-pr-review.yml
- npm run fmt && npm run lint:fix && npm run ts
- npm test
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3303"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>

closes #3199 
## summary

This PR introduces a secure toggle mechanism to reveal or hide the keys,
preventing accidental exposure of sensitive credentials during screen
sharing or general use.


<img width="550" height="488" alt="image"
src="https://github.com/user-attachments/assets/638aef02-9036-4bdd-8a3a-10d33baba5cd"
/>


<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3274"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3293"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Move the author-vs-commenter check from the Claude prompt into
workflow-level `if:` conditions so Case 1 (original author follow-up)
and Case 2 (third-party comment) route deterministically.
- Case 2 no longer invokes Claude — it just posts the fixed redirect
comment with `gh issue comment`.
- Skip bot-authored comments to prevent loops.

Previously the single-prompt design conflated the two cases when a
maintainer's closing comment mentioned the original author and described
the symptom, causing the bot to re-open the issue under Case 1 even
though COMMENT_AUTHOR did not match ISSUE_AUTHOR (see
dyad-sh/dyad#3228).

## Test plan
- [ ] Trigger a closed-issue comment from a non-author account → expect
only the redirect comment, no re-open, no LLM usage.
- [ ] Trigger a closed-issue comment from the original author expressing
the issue still occurs → expect re-open + "we've re-opened the issue"
comment.
- [ ] Trigger a closed-issue comment from the original author that's
just a thank-you → expect no action.
- [ ] Bot comment on a closed issue → no workflow run.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3270"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary

Addresses the two "needs update" items from the weekly rules review in
#3238:

- **`rules/openai-reasoning-models.md`**: Replace reference to
non-existent `filterOrphanedReasoningParts()` with the actual function
`cleanMessage()` in `src/ipc/utils/ai_messages_utils.ts`.
- **`rules/chat-message-indicators.md`**: Replace `"in-progress"` with
`"pending"` to match the actual `CustomTagState` type (`"pending" |
"finished" | "aborted"`) defined in `src/components/chat/stateTypes.ts`.

Closes #3238.

## Test plan

- [x] Verified `cleanMessage()` exists at
`src/ipc/utils/ai_messages_utils.ts:67`
- [x] Verified `CustomTagState` type in
`src/components/chat/stateTypes.ts:1`
- [x] `npm run fmt && npm run lint:fix && npm run ts` passes
- [x] `npm test` passes (1139 tests)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3271"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3300"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3292"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Add a project-scoped Supabase deploy queue with concurrency capped at
8.
- Run deploy-all through bounded concurrency instead of unbounded
parallel requests.
- Stream Supabase deploy progress as a dyad-status indicator, with an
E2E covering queue progress.

## Test plan
- npm run fmt && npm run lint:fix && npm run ts
- npm test -- src/__tests__/supabase_utils.test.ts
src/__tests__/local_agent_handler.test.ts
- npm test
- PYTHON=/usr/local/bin/python3.13 npm run build
- npm run e2e e2e-tests/local_agent_supabase_deploy_progress.spec.ts
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3289"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>

## Summary
- Append shared Supabase deploy warnings and errors as inline
dyad-output cards in Local Agent mode.
- Keep post-turn commits non-fatal when shared edge function redeploys
fail, matching single function deploy behavior.
- Refresh formatting/lint for eval fixtures touched by pre-commit
checks.

## Test plan
- npm run fmt && npm run lint:fix && npm run ts
- npm test

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3288"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3280"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3286"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

See `src/__tests__/evals/README.md` for usage. 

Other notes:
- The test fixtures are 300+ lines each. Even so, I still think some of
them are a little too easy. I might swap some of them out for more
challenging ones, or edit them so that they're not so straightforward.
- This currently still only tests `search_replace`, so I don't yet have
a way to compare correctness/token usage/time taken of `search_replace`
vs `edit_file` vs `write_file`.
- Otherwise, though, I think I'm fairly thorough about collecting data.
One thing I'm missing is the cost (it would probably be a rough estimate
at best) but I'm at least able to store the number of input/output
tokens for each tool call.
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3205"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3134"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary

- Update the dyad:deflake-e2e-from-run workflow so artifact-based
diagnosis is still first, but post-fix verification now requires a local
rebuild and affected E2E rerun.
- Document the Python fallback build command and require PR bodies to
list the local build/E2E commands.

## Testing

- Not run; documentation-only skill workflow update.

#skip-bugbot

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3262"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>

## Summary
- Stop treating set_chat_summary as a local-agent stream stop condition.
- Update local-agent prompt and tool guidance to call the chat summary
tool early and exactly once.
- Add coverage and update prompt/request snapshots for the new behavior.

## Test plan
- npm run fmt && npm run lint:fix && npm run ts
- npm test
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3260"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

Pin claude code action to v1.0.96 b/c of https://github.com/anthropics/claude-code-action/issues/1220 (#3261)

https://github.com/anthropics/claude-code-action/issues/1220

## Summary
- Add include_ignored to local-agent grep and list_files so ignored and
hidden paths can be inspected only when requested.
- Remove include_hidden from list_files, add a root recursive
ignored-listing guard, cap list output at 1000 paths, and sort
directories before files.
- Update local-agent tests and snapshots, including a less brittle
read_logs E2E assertion.

## Test plan
- PYTHON=/usr/bin/python3 npm run build
- PLAYWRIGHT_HTML_OPEN=never npm run e2e --
e2e-tests/local_agent_search_replace.spec.ts
e2e-tests/local_agent_step_limit.spec.ts
e2e-tests/local_agent_consent.spec.ts
e2e-tests/local_agent_code_search.spec.ts
e2e-tests/local_agent_advanced.spec.ts
e2e-tests/local_agent_file_upload.spec.ts
e2e-tests/local_agent_basic.spec.ts e2e-tests/local_agent_grep.spec.ts
e2e-tests/local_agent_auto.spec.ts
e2e-tests/local_agent_list_files.spec.ts
e2e-tests/local_agent_ask.spec.ts
e2e-tests/local_agent_todo_followup.spec.ts
e2e-tests/local_agent_summarize.spec.ts
e2e-tests/local_agent_read_logs.spec.ts
e2e-tests/local_agent_generate_image.spec.ts
e2e-tests/local_agent_connection_retry.spec.ts
e2e-tests/local_agent_persistent_todos.spec.ts
e2e-tests/local_agent_web_fetch.spec.ts
e2e-tests/local_agent_run_type_checks.spec.ts
- npm run fmt && npm run lint:fix && npm run ts
- npm test
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3256"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3257"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3259"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

This PR should fix CI build failure 
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3258"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

closes #1772 

When an AI request fails during build, the error popup would appear and
cover the retry button at the bottom of the chat, forcing users to
manually scroll down to access it. This fix adds an auto-scroll effect
that scrolls up ~150px when an error occurs, ensuring the retry button
remains visible and accessible above the error popup. This improves the
UX for error recovery scenarios.
before:
<img width="550" height="365" alt="Capture d&#39;écran 2026-04-18
031044"
src="https://github.com/user-attachments/assets/61b4108b-0732-469e-abae-bd6ba86ee7ab"
/>
after 
<img width="583" height="439" alt="Capture d&#39;écran 2026-04-18
030508"
src="https://github.com/user-attachments/assets/917ac306-a7eb-41ae-959c-aadf9d87b2c2"
/>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3231"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

This is related to #3240, but likely does not fix the crash.

#3240 mentions heavy rate-limits from Supabase. This happens because
currently:
- we are polling the Supabase endpoint every 5 seconds, and
- we do not stop making requests when we get rate limited.

This PR makes a few changes:
1. When we get rate-limited by Supabase, we'll check the `Retry-After`
property that Supabase sends back. This tells us when Supabase will
allow us to make our next request, and we'll honor that value.
2. Changes the polling rate from once every 5 seconds to once every 15
seconds. From what I can tell the requests are just fetching logs from
the Supabase API, so I don't think that it's critical enough to need to
happen once every 5 seconds. If I'm wrong about this though, please
correct me.
3. Refactors `loadEdgeLogsMutation` into a `useQuery` call, which is
probably what we want it to be given that we're periodically polling an
API endpoint. The side effects can be handled in a separate `useEffect`
call, so the behavior should stay essentially the same. This does also
prevent us from making extra requests to the endpoint when we already
have an active request.

Also closes #3244.

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3250"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3254"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Adds chat mode persistence to chats so Ask, Build, and Plan are
remembered per conversation.
- Resolves effective chat mode for chat creation and streaming paths,
including fallback metadata for the UI.
- Updates chat mode hooks, selectors, tab flows, and coverage for
persistence behavior.

## Test plan
- npm run fmt && npm run lint:fix && npm run ts
- npm test
- npm run build
- PLAYWRIGHT_HTML_OPEN=never npm run e2e -- e2e-tests/chat_mode.spec.ts

Generated with Codex

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3249"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>

@azizmejri1 - I added an info banner with a link to
https://neon.com/docs/auth/production-checklist#email-provider under the
email verification toggle so users know to not rely on it for production

<img width="506" height="377" alt="image"
src="https://github.com/user-attachments/assets/7f403de7-de2f-462e-84c0-8eb0779af87a"
/>

## Summary
- Add a compact, clickable info banner below the Neon email verification
toggle that recommends configuring a custom email provider for
production.
- Link opens the Neon Auth production checklist (email provider
section).
- Add `integrations.neon.customEmailProviderHint` strings for English,
Portuguese (Brazil), and Chinese (Simplified).

## Test plan
- Open Neon integration for a connected Next.js app and confirm the
banner appears under email verification with correct copy.
- Click the banner and confirm the Neon docs open in the browser.

## Summary
- Escape the keppo-bot[bot] Bash case pattern so it matches the literal
bot login.
- Add RyanGroch to the privileged CI author allow-list for E2E test
routing.

## Test plan
- npm run fmt && npm run lint:fix && npm run ts
- npm test

#skip-bugbot
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3248"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary

Fixes the 6 `TimeoutError: locator.click: ... element is not enabled`
failures in `chat_tabs.spec.ts` and `per_chat_input.spec.ts` on CI run
[24692456779](https://github.com/dyad-sh/dyad/actions/runs/24692456779)
caused by a Lexical/jotai race during chat switches.

## Root cause

Trace + screenshot from the failing shards show chat 2 with an empty
input and a disabled Send button the moment the second `sendPrompt()`
runs. The race:

1. `clickNewChat()` navigates to chat 2 (`selectedChatIdAtom` flips, URL
updates, `ChatInput` re-renders with `chatId=2`).
2. Playwright's `fill()` into the Lexical editor fires
`OnChangePlugin.onChange` before React has flushed the atom update for
this render cycle.
3. `chatInputValueAtom`'s writer is keyed off `selectedChatIdAtom`, so
the typed text gets stored under the **previous** chat's slot.
4. On the next render `ExternalValueSyncPlugin` sees `value=""` for chat
2 and resets the editor to empty.
5. `inputValue.trim()` is empty → Send button stays `disabled` → 30s
click timeout.

Only the *second* `sendPrompt()` after a `clickNewChat()` fails, and
it's flaky because it depends on render/event ordering.

## Fix

Wrap `click → fill` in `expect.toPass()` and assert the editor actually
contains the prompt and the Send button is enabled before clicking. On a
dropped fill the loop re-runs once atoms settle, eliminating the race
deterministically. No product changes.

## Test plan

- [x] `npm run fmt && npm run lint && npm run ts`
- [ ] CI: chat_tabs.spec.ts and per_chat_input.spec.ts pass on shards
1/2

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3246"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

## Summary

Adds a new skill, `dyad:deflake-e2e-from-run`, for root-causing E2E
failures from a specific CI run by reading the Playwright HTML report
artifacts directly — traces, screenshots, error-context, and app
stdout/stderr — instead of rebuilding and rerunning locally.

This complements the existing `deflake-e2e` and
`deflake-e2e-recent-commits` skills, which drive *discovery* by
repeat-running tests. This new skill is for when you already have a
failing run and want to root-cause fast.

## What the skill covers

- Downloading the merged `html-report` artifact with `gh run download -R
dyad-sh/dyad -n html-report`.
- `jq` queries against `results.json` for `unexpected` vs `flaky` test
buckets.
- Matching trace `.zip` hashes (paths in `results.json` are CI-side;
files are local in `/tmp/pw-report/data/`).
- Reading `test.trace` as JSONL to extract the step timeline.
- Correlating with app IPC logs that show up as `stderr`/`stdout` trace
events (gold for race-condition root-causing — e.g. `(proposal_handlers)
› IPC: get-proposal returned: …` at failure time).
- A short playbook of common failure shapes (disabled-button-after-fill,
navigation races, cross-test state) and their usual fixes.

Derived from the workflow used to root-cause #3246.

## Test plan

- [x] Skill file follows the same frontmatter format as existing skills
in `.claude/skills/`.
- [x] Verified via the use case in #3246 (full investigation done
end-to-end using exactly these steps).

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3247"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>