<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Updates AI SDK imports to use the top-level `ai` package instead of
`node_modules/ai/dist`.
> 
> - In `prepare_step_utils.ts` and its tests, replace imports of
`ImagePart`, `ModelMessage`, `TextPart`, and `UserModelMessage` to come
from `ai`
> - No functional code changes beyond import paths
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
117078577aa8f7a86564f8a133c2708601f4acb1. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Replaced deep imports from node_modules/ai/dist with the ai package
entrypoint to standardize and simplify module imports. This avoids
brittle paths and improves build compatibility.

<sup>Written for commit 117078577aa8f7a86564f8a133c2708601f4acb1.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Fix stable user-message injection across steps**
> 
> - Extracts `prepareStepMessages` logic into `prepare_step_utils` with
`transformContentPart`, `processPendingMessages`, and
`injectMessagesAtPositions` to track injected messages with
`insertAtIndex` and FIFO `sequence`, then re-inject them each step at
the same positions
> - Updates `local_agent_handler` to use `prepareStepMessages`,
maintaining `pendingUserMessages` and accumulated `allInjectedMessages`
> 
> **Web crawl behavior update**
> 
> - `web_crawl` now requires a screenshot and injects only screenshot +
markdown (HTML removed); clone instructions emphasize screenshot as
primary visual reference
> 
> **Tests**
> 
> - Adds comprehensive unit tests for the new utilities and an
integration-style multi-step simulation validating stable ordering and
reinjection
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
3b02b73cf25b497a2d09ab6239ec9e3598ae823e. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes incorrect injection of web-crawl user messages across agent steps.
Messages are now re-injected at stable positions each step so screenshot
and markdown context persist across tool rounds.

- **Bug Fixes**
- Track injected user messages with an insertion index and re-inject
them every step (sorted in reverse) to keep order and prevent loss.
- Web crawl now requires a screenshot and injects only screenshot +
markdown (HTML removed). Updated clone instructions to emphasize the
screenshot.

<sup>Written for commit 3b02b73cf25b497a2d09ab6239ec9e3598ae823e.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Introduces Responses API support for local-agent flows and aligns
OpenAI reasoning options.
> 
> - In `get_model_client.ts`, when using Dyad Pro and `selectedChatMode`
is `"local-agent"` with OpenAI, route to `provider.responses(...)`
instead of chat model
> - In `llm_engine_provider.ts`, add `responses(modelId)` returning
`OpenAIResponsesLanguageModel`, refactor request handling into
`createDyadFetch()`, and expose `provider.responses`
> - In `thinking_utils.ts`, for OpenAI in `local-agent` mode, send `{
reasoning: { summary: "detailed", effort: "medium" } }`; otherwise keep
`reasoning_effort: "medium"`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
f434775c1c42fd9a647b5ee0e51cf5aecc7a7c8f. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Improves the Supabase integration completion UX by adding an
actionable control that advances the chat flow.
> 
> - Adds a `Continue` button (using `useStreamChat`) that sends
`"Continue. I have completed the Supabase integration."` to the active
chat via `selectedChatIdAtom`
> - Disables the button while `isStreaming` and shows an error toast if
no chat is available
> - Removes the prior instructional text about clicking a chat
suggestion
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
b384d8756c6861c7682b422883314eea522cc060. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a Continue button to the Supabase integration flow that sends a
“Continue. I have completed the Supabase integration.” message to the
current chat, so users can proceed without hunting for the chat
suggestion.

- **New Features**
- Added Continue button that calls streamMessage with the active chatId
and disables while streaming.
  - Shows an error toast if no chat is available.

<sup>Written for commit b384d8756c6861c7682b422883314eea522cc060.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Introduces lighter, more targeted Supabase DB tooling and matching UI
to reduce heavy schema fetches.
> 
> - Adds `get_supabase_project_info` and `get_supabase_table_schema`
tools (XML streaming with `dyad-supabase-project-info` and
`dyad-supabase-table-schema`), and registers them in `TOOL_DEFINITIONS`
> - Removes `get_database_schema` tool
> - UI: new `DyadSupabaseProjectInfo` and `DyadSupabaseTableSchema`
components; `DyadMarkdownParser` recognizes/render new tags with
loading/aborted states
> - Supabase admin refactor: `buildSupabaseSchemaQuery(tableName)` for
per-table filtering, add `SUPABASE_FUNCTIONS_QUERY`,
`getSupabaseProjectInfo`, and `getSupabaseTableSchema`; lightweight
table-names query; preserves test-build outputs
> - Touches agent consent/execute path and renderer parsing for new tags
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
b772b0d48daf5798541597bcecfde42c39ea0e34. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds two Supabase DB tools for lightweight project info and targeted
table schema retrieval, replacing the previous catch-all schema tool.
Improves performance by letting the agent discover tables first, then
fetch specific schemas as needed.

- **New Features**
- Added get_supabase_project_info: returns project ID, publishable key,
secret names, and table names; optionally includes database functions.
- Added get_supabase_table_schema: optional tableName for per-table
schema; returns columns, policies, triggers.
- Replaced SUPABASE_SCHEMA_QUERY with buildSupabaseSchemaQuery to
support per-table filtering and escape inputs.
- Removed get_database_schema and updated TOOL_DEFINITIONS to register
the new tools.
- Added UI tags and components to render results:
dyad-supabase-project-info and dyad-supabase-table-schema.

<sup>Written for commit b772b0d48daf5798541597bcecfde42c39ea0e34.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> - **Image attachments handling:** In `prepareMessageWithAttachments`,
images are now read, converted to base64, and included as `image`
(base64) with `mediaType` instead of raw Buffers, ensuring proper JSON
serialization for `aiMessagesJson`.
> - **Storage limit increase:** `MAX_AI_MESSAGES_SIZE` raised from 1MB
to 10MB in `ai_messages_utils.ts` to accommodate larger serialized
message payloads.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
b81483775dc7e6535c7396f417818eb638003248. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Fixes image attachments by storing images as base64 with a mediaType so
they serialize to JSON correctly. Also increases ai_messages_json size
limit to 10MB to prevent save failures.

- **Bug Fixes**
- Store .jpg, .jpeg, .png, .gif, .webp as base64 and set mediaType
(e.g., image/jpeg, image/png) for safe JSON serialization.
  - Raise MAX_AI_MESSAGES_SIZE from 1MB to 10MB.

<sup>Written for commit b81483775dc7e6535c7396f417818eb638003248.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Introduces website crawling for cloning workflows and updates tool I/O
to support multimodal follow-ups while keeping tool results text-only
for model compatibility.
> 
> - Adds `web_crawl` tool (consent preview, XML marker, Dyad Engine call
requiring Dyad Pro API key) that returns HTML/markdown/screenshot and
appends cloning instructions plus screenshot and content snippets via
`appendUserMessage`
> - Updates tool system: new `ToolResult` types,
`UserMessageContentPart`, and conversion to AI SDK V3
(`convertToolResultForAiSdk`); tool `execute` now returns `ToolResult`
> - Enhances streaming: handler tracks `pendingUserMessages` and injects
them between steps via `prepareStep` to deliver images/content to the
model
> - Registers `web_crawl` in `TOOL_DEFINITIONS`; e2e snapshot updated to
include the new tool
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
0205e38c2f067a1c2307b17a1397e4dcf3ce422d. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a web_crawl agent tool to crawl a URL and return page content and a
screenshot for cloning. Tool results are structured text, and the
screenshot is injected as a follow-up user image for multimodal models.

- New Features
- Added web_crawl tool with consent preview and XML marker; calls Dyad
Engine /tools/web-crawl.
- Returns markdown and HTML plus a screenshot URL, with clear
placeholder image instructions for replication.
- Introduced ToolResult (text-only) and convertToolResultForAiSdk to
LanguageModelV3; updated tool execution to use it.
- Added appendUserMessage and step injection to include images after
tool results.
- Registered the tool in TOOL_DEFINITIONS with default consent set to
ask; requires a Dyad Pro API key in settings.

<sup>Written for commit 0205e38c2f067a1c2307b17a1397e4dcf3ce422d.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Added a link to the DeepWiki documentation in CONTRIBUTING.md to give
contributors an in-depth overview of the Dyad codebase.

<sup>Written for commit 035bc8d1951dfcb99113f80953b82dc10173c66a.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Keep the + button in chat enabled while a message is streaming, so users
can attach files or toggle the token bar without waiting. Removed the
disabled prop from AuxiliaryActionsMenu and stopped passing
disabled={isStreaming} from ChatInput.

<sup>Written for commit fbe88ac6e708be9e06c9d7a8afe08a913905bddf.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Improves TypeScript check performance and dev ergonomics.
> 
> - Switches `ts:main` from `tsc` to `tsgo` with `--incremental`; adds
`--incremental` to `ts:workers`
> - Adds `@typescript/native-preview` (and platform binaries) to dev
deps/lockfile to support `tsgo`
> - Moves lint-staged config from `package.json` to
`lint-staged.config.js` and runs `npm run ts` on staged `*.ts,*.tsx`
> - Updates TS configs to remove `baseUrl` and add catch‑all `paths`
mapping (`"*": ["./*"]`) across `tsconfig*.json`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
d25edc6782daf89b40d7c45c3ac25e6ad5bf5ee5. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
2f1690223730f1f6709afacf1ee302ee20d86a3e. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add a central log store and a new read_logs tool so the agent can fetch
recent client, server, build-time, and network logs on demand, with a
dyad-read-logs UI tag that shows progress and results in chat. This
improves debugging by giving the agent a filtered snapshot of logs at
the time of the call.

- **New Features**
  - Central in-memory log store (per app, capped at 1000 entries).
- PreviewIframe and runtime forward client, network, build-time, and
server logs to the store via IPC; Supabase logs included.
- New read_logs agent tool with filters: type, level, searchTerm, limit;
returns a formatted snapshot and emits dyad-read-logs with results.
- Added dyad-read-logs custom tag and DyadLogs component for collapsible
output with pending/aborted indicators and result counts.
- New IPC channels (add-log, clear-logs) whitelisted in preload, handled
in main, and exposed via IpcClient.addLog and clearLogs.
  - E2E test for local agent validates filtered log reads.

- **Bug Fixes**
- Fixed missing forwarding of network-error logs from PreviewIframe to
the central store.
- Clear logs on app restart and deletion to prevent stale data and
memory growth.

<sup>Written for commit ab52f494158cea54f5e996349097abb597b1fd92.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- greptile_comment -->

<h3>Greptile Summary</h3>


- Implements centralized log store and `read_logs` agent tool enabling
AI to fetch console logs on demand for debugging with comprehensive
filtering options (time window, log type, level, source name, search
terms)
- Integrates log collection from client console, network events, and
server stdout/stderr through IPC channels, forwarding logs to main
process store with 1000-entry circular buffer per app
- Adds `dyad-read-logs` UI component for collapsible log display in chat
with proper state management and visual indicators for
pending/aborted/completed states

<h3>Important Files Changed</h3>


| Filename | Overview |
|----------|----------|
| `src/components/preview_panel/PreviewIframe.tsx` | Forwards client
console and network events to central log store; network-error events
missing `IpcClient.addLog()` call |
| `src/pro/main/ipc/handlers/local_agent/tools/read_logs.ts` | New
read_logs tool with comprehensive filtering, smart stack trace
truncation, and direct log store access |
| `src/ipc/handlers/app_handlers.ts` | Added server stdout/stderr to log
store and registered add-log IPC handler; entry parameter uses `any`
type instead of `ConsoleEntry` |
| `src/lib/log_store.ts` | New central in-memory log store with circular
buffer; duplicate `ConsoleEntry` type definition exists |

<h3>Confidence score: 4/5</h3>


- This PR requires attention before merging due to incomplete log
forwarding that could impact debugging effectiveness
- Score reduced due to missing network-error log forwarding in
`PreviewIframe.tsx` lines 414-428, type safety issue in
`app_handlers.ts` using `any` instead of proper typing, and duplicate
type definitions that need consolidation
- Pay close attention to
`src/components/preview_panel/PreviewIframe.tsx` network-error handler
and `src/ipc/handlers/app_handlers.ts` type definitions

<h3>Sequence Diagram</h3>

```mermaid
sequenceDiagram
    participant User as User
    participant IFrame as PreviewIframe<br/>(Client)
    participant IPC as IpcClient
    participant Main as app_handlers<br/>(Main Process)
    participant LogStore as LogStore
    participant Agent as read_logs tool
    participant UI as DyadReadLogs<br/>(Chat Component)

    Note over User,UI: Log Collection Flow
    
    User->>IFrame: "Triggers network/console event"
    IFrame->>IFrame: "Handles event (console-log, network-request, etc.)"
    IFrame->>IPC: "addLog(logEntry)"
    IPC->>Main: 'invoke("add-log", entry)'
    Main->>LogStore: "addLog(entry)"
    LogStore->>LogStore: "Store in Map<appId, ConsoleEntry[]>"
    
    Note over User,UI: Server Log Collection
    Main->>Main: "Process stdout/stderr from app"
    Main->>LogStore: "addLog(serverLogEntry)"
    
    Note over User,UI: Agent Tool Flow
    User->>Agent: "Agent executes read_logs tool"
    Agent->>LogStore: "getLogs(appId)"
    LogStore-->>Agent: "ConsoleEntry[]"
    Agent->>Agent: "Filter by time/type/level/search"
    Agent->>Agent: "Format logs for AI consumption"
    Agent-->>UI: '<dyad-read-logs> XML tag'
    UI->>UI: "Render collapsible log viewer"
```

<!-- greptile_other_comments_section -->

**Context used:**

- Context from `dashboard` - .cursor/rules/ipc.mdc
([source](https://app.greptile.com/review/custom-context?memory=92de190d-1eac-4167-a0e4-35db6533fe3d))
- Context from `dashboard` - AGENTS.md
([source](https://app.greptile.com/review/custom-context?memory=32c86e9e-6a00-48f2-ac32-69590e8d298c))

<!-- /greptile_comment -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Adds an in-memory, per-app log store and wires all major sources into
it, enabling the agent to fetch filtered log snapshots and render them
in chat.
> 
> - New central store `lib/log_store.ts` with
`addLog`/`getLogs`/`clearLogs` and `ConsoleEntry` moved to
`ipc/ipc_types.ts`
> - IPC: preload whitelists `add-log` and `clear-logs`; main handlers in
`app_handlers.ts`; renderer API via `IpcClient.addLog`/`clearLogs`
> - Log producers now forward to store:
> - `PreviewIframe.tsx`: client console, network request/response/error,
runtime errors; also keeps UI atom in sync
> - `useRunApp.ts`: build-time and client-error logs; restart clears
logs via IPC
>   - `app_handlers.ts`: server stdout/stderr appended to store
>   - `useSupabase.ts`: edge function logs appended to store
> - New agent tool `read_logs` (`pro/main/.../tools/read_logs.ts`) with
filters (`type`, `level`, `searchTerm`, `limit`), formats results, and
emits `<dyad-read-logs>` with counts
> - Chat UI: `DyadLogs` component and parser updates to render
collapsible results (`dyad-read-logs`)
> - E2E: fixture and spec validate filtered log reads in local-agent
mode
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
d77e209c269ad2de80e2c57ed0c8824a288244a2. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Refines the home experience and Pro visibility/CTA while updating
related copy and tests.
> 
> - Changes hero title to `Build a new app` in `SetupBanner` and updates
e2e expectations (`e2e-tests/*.spec.ts`)
> - Adds fixed Dyad Pro CTA on `home.tsx` top-right: shows
`ManageDyadProButton` when `hasDyadProKey(settings)` else
`SetupDyadProButton`
> - Makes `ImportAppButton` accept an optional `className`; updates
layout usage on home
> - Simplifies `ProBanner`: now hidden when `hasDyadProKey(settings)`;
refreshed icons/labels for `ManageDyadProButton`
> - Updates Smart Context savings copy to “up to 3x” in `ProBanner` and
`chat/PromoMessage`
> - Adjusts provider config: Dyad `websiteUrl` now `/subscription`;
removes Dyad-specific override in `ProviderSettingsPage`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
3abffd759951f473f9ba0949fdc4f72f49ff5ca3. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Refined the home page with a new hero title and a fixed Dyad Pro button,
plus cleaner Pro/Smart Context messaging and styling.

- **New Features**
- Added a fixed top-right Dyad Pro CTA on home: shows Manage when a Dyad
Pro key is present, otherwise Setup.
- ImportAppButton now accepts className for flexible layout; updated
usage on home.

- **Refactors**
- Simplified ProBanner: hides when userBudget exists; moved the Pro CTA
to home; refreshed icons and label.
- Updated Smart Context savings copy to “up to 3x” (was 5x), including
chat promo.
- Dyad provider URL now points to /subscription; removed Dyad-specific
override in ProviderSettingsPage.
  - Updated e2e tests to expect “Build a new app” headline.

<sup>Written for commit 5eee69fc80ee021e6a4684213e04206e1fed76c6.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Introduces contributor licensing and automated CLA enforcement.
> 
> - Adds `CLA.md` (individual agreement) and documents FSL licensing for
`src/pro` (`CONTRIBUTING.md`, `src/pro/CONTRIBUTING.md`)
> - New GitHub Actions workflow `/.github/workflows/cla.yml` using
`contributor-assistant/github-action@v2.6.1` on `pull_request_target`
and `issue_comment`
> - Stores signatures at `signatures/version1/cla.json` on branch `cla`
and updates PR status; supports signing via comment or `recheck`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5706a5ace13aabd8e8e83fdd071d65f7fc40500f. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add a Contributor License Agreement and a GitHub Action that blocks PRs
until all authors sign the CLA. Also clarifies that contributions in
src/pro are licensed under FSL.

- **New Features**
  - Added CLA.md for individual contributors.
- Enabled CLA Assistant on pull_request_target and issue_comment events.
- Stores signatures at signatures/version1/cla.json on the cla branch
and updates PR status.
  - Supports “recheck” and signing via comment.
  - Documented FSL licensing for src/pro contributions.

- **Migration**
- Ensure the cla branch is not protected, or change the action’s target
branch.
  - Optionally configure an allowlist to fit your org.
- If storing signatures remotely, add the PERSONAL_ACCESS_TOKEN secret.
- Contributors sign by commenting: “I have read the CLA Document and I
hereby sign the CLA”.

<sup>Written for commit 5706a5ace13aabd8e8e83fdd071d65f7fc40500f.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Updates the turbo GLM entry to the newer version and tweaks its
generation settings.
> 
> - Replace `glm-4.6:turbo` with `glm-4.7:turbo` in `TURBO_MODELS` and
update `displayName`
> - Increase `temperature` for GLM turbo from `0` to `0.7`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
c6aabf935bebf642548d4583d1842f89a6214601. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Replace GLM 4.6 turbo with GLM 4.7 turbo and raise the default
temperature to 0.7. Token limits and context window are unchanged.

<sup>Written for commit c6aabf935bebf642548d4583d1842f89a6214601.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Modernizes AI integration across the app.
> 
> - Upgrade `ai` to v6 and all `@ai-sdk/*` providers to v3/v4; add
`@ai-sdk/mcp`, remove `@openrouter/ai-sdk-provider`
> - Migrate from `LanguageModelV2` to `LanguageModel`/`LanguageModelV3`;
refactor fallback model to v3 streaming API
> - Switch OpenRouter to `createOpenAICompatible`
(`https://openrouter.ai/api/v1`)
> - Replace experimental MCP with `@ai-sdk/mcp` (`createMCPClient`);
update tool execution to `ToolExecutionOptions` and sanitize tool keys
> - Update AI message envelope to `ai@v6` and types
(`AiMessagesJsonV6`); adjust DB schema and parsing utilities
> - Update chat/local-agent handlers to v6 stream parts (reasoning/tool
parts), persist `aiMessagesJson`, and wire MCP tools into `ToolSet`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
fc966595cbd9c6ff7d261497f00bfe79d0fff9e3. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Upgrade the app to AI SDK v6 to modernize model integrations, MCP
tooling, and streaming. This improves stability, unifies types on v3,
and removes the OpenRouter provider in favor of an OpenAI-compatible
setup.

- **Dependencies**
  - Upgraded ai to 6.0.14 and all @ai-sdk providers to v3/v4.
  - Added @ai-sdk/mcp; removed @openrouter/ai-sdk-provider.
  - Pinned @ai-sdk/provider to 3.0.2.
- Updated transitive deps (e.g., google-auth-library, gaxios) for Node
>=18.

- **Refactors**
- Moved from LanguageModelV2 to v3 and standardized on ai’s
LanguageModel.
  - Rebuilt fallback model to v3 spec with safer stream retries.
- Switched MCP client to createMCPClient and updated tool execution to
ToolExecutionOptions.
- Replaced OpenRouter integration with createOpenAICompatible (baseURL
https://openrouter.ai/api/v1).
- Updated AI messages envelope to "ai@v6"; older "ai@v5" envelopes are
ignored.

<sup>Written for commit fc966595cbd9c6ff7d261497f00bfe79d0fff9e3.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Improves e2e stability by pruning/deferring brittle cases.
> 
> - Skips flaky `copy button tooltip states` in
`e2e-tests/copy_chat.spec.ts` using `test.skip`
> - Removes `dyadwrite edit and cancel` flow from
`e2e-tests/chat_mode.spec.ts`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
fb6816c8d603e429a337db277c681e6d2bd0cf1e. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Stabilizes the E2E test suite and updates snapshots to reflect current
behavior, reducing flakiness and improving CI reliability.

- **Bug Fixes**
  - Removed the chat_mode “edit and cancel” flow test.
  - Skipped the flaky “copy button tooltip states” test.
- Regenerated snapshots for engine, smart context, thinking budget, and
turbo edits specs.

<sup>Written for commit fb6816c8d603e429a337db277c681e6d2bd0cf1e.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Stabilizes e2e behavior and snapshots; adds fixtures and minor UI test
hook.
> 
> - **Snapshot determinism**: Normalize `dyad_options.versioned_files`
fileIds to `[[FILE_ID_*]]` in `test_helper.ts` and apply during request
dumps; refresh related snapshots
> - **Token bar reliability**: Add `data-testid="token-bar-toggle"` in
`AuxiliaryActionsMenu` and new `po.toggleTokenBar()` helper; update
Supabase branch test
> - **Version integrity tests**: Add fixture app (`version-integrity`)
and new/updated tests + snapshots validating add/edit/delete/move and
restore flow with explicit wait
> - **Misc**: Update local agent snapshot to include `web_search` tool;
bump `package-lock.json` to `0.33.0-beta.1`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
1415ef1379a71bf6efe61da5079ff65dead84ba4. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Stabilizes e2e tests by making snapshot data deterministic and fixing
races in token bar toggle and restore flows. Updates snapshots
(including web_search) and adds a version-integrity app fixture; also
adds a test id for reliable selectors.

- **Bug Fixes**
- Normalize versioned_files fileIds in dumps to deterministic
placeholders before snapshotting.
- Add data-testid="token-bar-toggle" and PageObject.toggleTokenBar() to
avoid flakiness; update Supabase branch test to use it.
- Refresh snapshots to reflect deterministic IDs and the web_search
tool.
- Add version-integrity import app fixture and snapshot coverage; wait
for restore completion in version_integrity.spec to prevent flakiness.

- **Dependencies**
  - Bump package-lock version to 0.33.0-beta.1.

<sup>Written for commit 1415ef1379a71bf6efe61da5079ff65dead84ba4.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Introduces real-time web search in chat with streaming results and a
richer UI.
> 
> - Adds `web_search` tool (`tools/web_search.ts`) with zod schema,
consent prompt, SSE parsing, and streaming via
`onXmlStream`/`onXmlComplete` (requires Dyad Pro API key; respects
`DYAD_ENGINE_URL`)
> - Registers tool in `TOOL_DEFINITIONS`
> - Updates markdown parser to pass `query` and `state` into
`dyad-web-search`
> - Enhances `DyadWebSearch` component: expandable/collapsible card,
loading spinner while `pending`, keyboard/ARIA support, and displays
query preview + results
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
53c9c7b65eb8dee07d8320837b39d72bf5b42b92. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds web search to chat with live streaming results from Dyad Engine.
The Web Search card shows the query, a loading state, and
expand/collapse for details.

- **New Features**
- New web_search tool that streams SSE results and writes partial
updates via onXmlStream, final via onXmlComplete.
  - Registered tool in TOOL_DEFINITIONS with consent and zod schema.
- DyadWebSearch UI: accepts query/state, shows spinner when pending, and
toggles preview/details.
  - Markdown parser now passes query and state to DyadWebSearch.

- **Migration**
- Requires Dyad Pro API key in settings (providerSettings.auto.apiKey).
- Optional: set DYAD_ENGINE_URL; defaults to https://engine.dyad.sh/v1.

<sup>Written for commit 53c9c7b65eb8dee07d8320837b39d72bf5b42b92.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Implements targeted file editing via an external API and updates the
local agent/tooling to use it by default.
> 
> - Adds `edit_file` tool
(`src/pro/main/ipc/handlers/local_agent/tools/edit_file.ts`) calling
`POST /tools/turbo-file-edit` with original and edit snippets; writes
returned content; optionally deploys Supabase functions; default consent
"always"
> - Registers `edit_file` in `TOOL_DEFINITIONS`; disables
`search_replace` in `tool_definitions.ts`
> - Simplifies error handling in tool execution wrapper to output only
the message (no stack)
> - Requires Dyad Pro API key from `providerSettings.auto.apiKey`;
`DYAD_ENGINE_URL` env var overrides default
> - Updates e2e fixtures and snapshots to use `edit_file` and reflect
"Turbo Edit" flow; adds fake server endpoint `POST
/engine/v1/tools/turbo-file-edit` returning a canned result
> - Snapshot changes show edited content placeholder (`TURBO EDITED
filePath`) replacing previous search/replace output
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
eec1753aa4805a5633a31f4457ee882b04cafd3b. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a new edit_file tool that uses the Dyad Turbo File Edit API to
apply targeted edits to existing files and write the result. Also
disables the search_replace tool and simplifies error output to only
show the message.

- **Dependencies**
- Requires Dyad Pro API key in settings (providerSettings.auto.apiKey).
- DYAD_ENGINE_URL env var can override the default
https://engine.dyad.sh/v1.

<sup>Written for commit eec1753aa4805a5633a31f4457ee882b04cafd3b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
a2045f4029fc01b7555548f691fddc40959d485d. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Enable native git by default**
> 
> - Sets `enableNativeGit: true` in `DEFAULT_SETTINGS` within
`src/main/settings.ts` so new users have native git enabled by default.
> - Updates `package.json` version to `0.33.0-beta.1`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
0f8b0c3a47fc48b6efe5ba844176b6844dc31eb5. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Enabled native Git by default and bumped the app version to
0.33.0-beta.1. Default settings now set enableNativeGit to true so new
installs use the system Git out of the box.

<sup>Written for commit 0f8b0c3a47fc48b6efe5ba844176b6844dc31eb5.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Refactored e2e settings snapshots to record and snapshot only deltas,
with redaction for volatile fields. This makes snapshots smaller,
deterministic, and easier to read.

- **Refactors**
- Replaced snapshotSettings with recordSettings and
snapshotSettingsDelta (git diff-style output).
  - Renamed captureSettings to recordSettings.
- Redacted telemetryUserId and lastShownReleaseNotesVersion for stable
snapshots.
  - Updated tests to capture pre-change settings and assert the delta.
- Removed full JSON snapshots; added minimal diff snapshots for changed
values.

- **Migration**
- In tests, call po.recordSettings() before a settings change, then
po.snapshotSettingsDelta(beforeSettings).
  - Remove any remaining uses of snapshotSettings.

<sup>Written for commit 5837d759687cd72ed635137a6fe19049bebe18bc.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Replaces full `user-settings.json` snapshots with concise,
deterministic diffs in e2e tests.
> 
> - Adds `recordSettings()` and `snapshotSettingsDelta()` in
`test_helper.ts` to compare before/after settings and output git-style
diffs
> - Redacts volatile keys (e.g., `telemetryUserId`,
`lastShownReleaseNotesVersion`) for stable snapshots
> - Refactors settings-related tests (`telemetry`, `auto_update`,
`release_channel`, `smart_context_options`, `turbo_edits_options`,
`thinking_budget`, `context_window`, `template-*`) to use the new APIs
> - Updates snapshot files to contain only the changed keys/values
(adds/removes/changes)
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5837d759687cd72ed635137a6fe19049bebe18bc. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Ensures native Git commits correctly set both author and committer
identities.
> 
> - Add `withGitAuthor` to prepend `-c user.name=...` and `-c
user.email=...` to git args using settings-derived author
> - Update `gitCommit` (native path) to replace `--author` with
`withGitAuthor([..."commit", "-m", message])`, preserving `--amend`
handling and commit hash retrieval
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
67b33e2c2165ae9ebd84549abf8129d9bd9c6bef. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Fixes incorrect Git committer identity when creating commits with native
Git. We now set user.name and user.email via -c flags so both author and
committer match app settings.

- **Bug Fixes**
- Added withGitAuthor to prepend -c user.name and -c user.email to git
args.
- Updated gitCommit to use withGitAuthor instead of --author (works with
--amend).

<sup>Written for commit 67b33e2c2165ae9ebd84549abf8129d9bd9c6bef.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Ensures GitHub disconnect fully removes credentials and verifies via
targeted e2e coverage.
> 
> - Clear both `githubAccessToken` and `githubUser` in
`GitHubIntegration` when disconnecting
> - New Playwright test `github clear integration settings` verifies the
disconnect button disappears and snapshots only the settings delta
> - Test helpers: add `captureSettings()` and `snapshotSettingsDelta()`
to diff `user-settings.json` for concise snapshots
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
0c47bee06d145737e10c58c8133da35c0c9553bb. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Disconnecting from GitHub now clears both the access token and user info
to prevent stale credentials. Added an e2e test to verify the settings
file is cleaned and the UI updates correctly.

- **Bug Fixes**
  - Clear githubUser alongside githubAccessToken on disconnect.
- Added Playwright e2e to ensure both fields are removed and the
disconnect button disappears.

<sup>Written for commit 0c47bee06d145737e10c58c8133da35c0c9553bb.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: William Chen <will@mac.lan>

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Unified secondary chat input actions into a single “+” dropdown to
declutter the UI and make codebase context, file attachments, and token
usage easier to access.

- **Refactors**
- Added AuxiliaryActionsMenu with “Codebase context”, “Attach files”,
and “Show/Hide token usage”.
- Moved token usage toggle into the menu; removed the inline toggle
button from ChatInput.
- Updated FileAttachmentDropdown to render as menu items and support
both chat-context and upload-to-codebase flows.
- Converted ContextFilesPicker to a modal dialog and moved its trigger
into the menu; removed the standalone context button from
ChatInputControls.

<sup>Written for commit 5cdb2737170edfc9aef97a52d3397295552ad2ab.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- greptile_comment -->

<h3>Greptile Summary</h3>


This PR consolidates secondary chat input actions into a unified "+"
dropdown menu, improving UI organization and discoverability. The
refactoring moves codebase context, file attachments, and token usage
toggle from separate buttons into a single menu with proper nesting
(file attachments as a submenu).

**Key changes:**
- Created `AuxiliaryActionsMenu` component that consolidates three
previously separate UI controls
- Refactored `FileAttachmentDropdown` to support dual rendering modes
(standalone or as menu items)
- Converted `ContextFilesPicker` trigger from button to menu item
- Updated `ChatInput` to use new menu and pass
`showContextFilesPicker={false}` to `ChatInputControls`
- Updated e2e tests and helpers to navigate the new nested menu
structure

**Code quality:**
- Clean component composition with proper prop drilling
- Maintained backward compatibility where needed (`renderAsMenuItems`
prop)
- E2E tests properly updated with menu navigation and cleanup
- Consistent styling and accessibility preserved

<h3>Confidence Score: 5/5</h3>


- This PR is safe to merge with minimal risk
- Well-structured UI refactoring with comprehensive test coverage
updates, no logic changes to core functionality, and proper component
reusability patterns
- No files require special attention

<h3>Important Files Changed</h3>




| Filename | Overview |
|----------|----------|
| src/components/chat/AuxiliaryActionsMenu.tsx | Introduced new
component to consolidate secondary actions (codebase context, file
attachments, token usage) into a single "+" dropdown menu |
| src/components/chat/FileAttachmentDropdown.tsx | Refactored to support
rendering as both standalone dropdown and as menu items within parent
dropdown via `renderAsMenuItems` prop |
| src/components/ContextFilesPicker.tsx | Converted trigger from
standalone button with tooltip to menu item for integration into parent
dropdown menu |
| src/components/chat/ChatInput.tsx | Replaced individual action buttons
with `AuxiliaryActionsMenu` component, passing
`showContextFilesPicker={false}` to `ChatInputControls` |

</details>



<h3>Sequence Diagram</h3>

```mermaid
sequenceDiagram
    participant User
    participant AuxiliaryActionsMenu
    participant DropdownMenu
    participant ContextFilesPicker
    participant FileAttachmentDropdown
    participant ChatInput

    User->>AuxiliaryActionsMenu: Click "+" button
    AuxiliaryActionsMenu->>DropdownMenu: Open menu
    
    alt Codebase Context
        User->>ContextFilesPicker: Click "Codebase context"
        ContextFilesPicker->>ContextFilesPicker: Open popover with context settings
        User->>ContextFilesPicker: Configure paths/excludes
        ContextFilesPicker->>ChatInput: Update context configuration
    end
    
    alt Attach Files
        User->>DropdownMenu: Hover "Attach files"
        DropdownMenu->>FileAttachmentDropdown: Show submenu
        User->>FileAttachmentDropdown: Click attachment option
        FileAttachmentDropdown->>FileAttachmentDropdown: Trigger hidden file input
        User->>FileAttachmentDropdown: Select file(s)
        FileAttachmentDropdown->>ChatInput: onFileSelect(files, type)
        ChatInput->>ChatInput: Handle file attachment
    end
    
    alt Toggle Token Usage
        User->>AuxiliaryActionsMenu: Click "Show/Hide token usage"
        AuxiliaryActionsMenu->>ChatInput: toggleShowTokenBar()
        ChatInput->>ChatInput: Update showTokenBar state
        ChatInput->>ChatInput: Render/hide TokenBar
    end
```

<!-- greptile_other_comments_section -->

<!-- /greptile_comment -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Streamlines chat input by consolidating secondary actions into a
single menu and updating related components and tests.
> 
> - Adds `AuxiliaryActionsMenu` with `Codebase context`, `Attach files`
submenu, and token usage toggle
> - Updates `ChatInput` to use the new menu; removes inline token
toggle; sets `ChatInputControls` `showContextFilesPicker=false`
> - Refactors `ContextFilesPicker` to a menu-item trigger
(`codebase-context-trigger`) within its `Popover`
> - Enhances `FileAttachmentDropdown` to optionally `renderAsMenuItems`,
retaining hidden inputs for `chat-context` and `upload-to-codebase`
> - Adjusts E2E tests and helpers to open the new menu, hover "Attach
files", use new triggers, and close via Escape; verifies
upload-to-codebase write
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
425a26e3f2a471f5b6850148eb8ddc3737db38b0. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

To do list:
Clean up and try to reuse the existing fnc to avoid altering many files.

Closes #1991 


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Let users pick where each app is stored and move apps safely. Adds a
simple “Change location” flow, supports absolute paths, and shows each
app’s resolved path.

- **New Features**
- Paths: getDyadAppPath accepts absolute paths; apps include
resolvedPath; removed global appBasePath from list-apps and state.
- UI: App Details shows full path with “Show in folder” and a “Change
location” dialog. We stop the app, copy without node_modules, check
conflicts, and update DB to an absolute path.
- IPC: Added select-app-location and change-app-location. Rename blocks
absolute paths; copy/rename exclude node_modules; conflict checks use
resolved paths.
  - Tests: Added e2e test for moving an app to a custom folder.

<sup>Written for commit 8a417fb2b5a28efebed2778d8e5715180dfd6bc7.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->




<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Introduces per-app folder relocation with safety checks and exposes
each app’s resolved path for clarity.
> 
> - **IPC/Backend**: Adds `select-app-location` and
`change-app-location` to move app folders (stop app, validate absolute
destination, conflict checks via `getDyadAppPath`, copy without
`node_modules`, cleanup/rollback, store absolute `path`).
`list-apps`/`get-app` now include `resolvedPath`. `getDyadAppPath`
accepts absolute paths. `rename-app` forbids absolute targets, preserves
dir for existing absolute paths, adds robust conflict checks and
cleanup; copy/rename exclude `node_modules`.
> - **UI**: App Details shows `resolvedPath`, adds "Move folder" dialog
and "Show in folder" action; removes reliance on `appBasePath`.
> - **Client/Preload**: `IpcClient` methods for new handlers; preload
whitelists new channels.
> - **Tests**: New e2e covers moving an app and verifying path update.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
8a417fb2b5a28efebed2778d8e5715180dfd6bc7. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Updates contributor and agent docs for testing, DB migrations, and
reviews.
> 
> - Expands `AGENTS.md` with a pointer to `CONTRIBUTING.md` and a new
**Testing** section outlining when to use unit vs E2E tests
> - In `CONTRIBUTING.md`, clarifies **DB migration** flow: use `npm run
db:generate` (remove `db:push`) and how to reset by deleting
`userData/sqlite.db`
> - Adds a **Code reviews** section noting AI reviewers and local review
tooling (`codex`, `claude`)
> - Minor cleanup/edits for setup and guidance; no code changes
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
517c8f7a0a4a56487707e8711bfe1b1a4bd95431. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Updated AGENTS.md and CONTRIBUTING.md to clarify testing approach (unit
vs E2E), update database migration steps, and document the code review
process and local review tools. This helps agents and contributors
follow a consistent workflow.

<sup>Written for commit 517c8f7a0a4a56487707e8711bfe1b1a4bd95431.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
86bbb9df559c6a6a1197585d96e9847ce4fa7e71. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Promoted v0.32 from beta to stable by updating the version to 0.32.0 in
package.json. This finalizes the v0.32 release for builds and
distribution.

<sup>Written for commit 86bbb9df559c6a6a1197585d96e9847ce4fa7e71.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

closes #2038 #2055 








<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes chat panel scrolling (issue #2038). Auto-scroll only runs while
streaming and when you’re near the bottom, and a “scroll to bottom”
button appears when you scroll away.

- **Bug Fixes**
- Use Virtuoso scrollerRef and a conditional followOutput to control
auto-scroll based on streaming state and distance from bottom.
- Track distance and user scrolling to show/hide the button; clean up
listeners on unmount.
- Add overflow-y-auto to the messages list and a test-mode fallback that
uses the container’s scroll events.

<sup>Written for commit 2307453c7f1ad721d6eca9cfc5a9a24224f5da26.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->









<!-- greptile_comment -->

<h3>Greptile Summary</h3>


Replaced custom scroll tracking logic with Virtuoso's native scroll
state management to fix the issue where users couldn't scroll up during
streaming.

**Key Changes:**
- Removed manual scroll event listeners, timeout refs, and distance
calculations from `ChatPanel.tsx`
- Delegated scroll state to Virtuoso's `atBottomStateChange` callback
which detects when user is within 150px of bottom
- Converted `followOutput` from always `"smooth"` to a function that
returns `"smooth"` only when `isStreaming && isAtBottom`, otherwise
returns `false` to prevent forced scrolling
- This allows users to scroll up and read earlier messages while the AI
generates a response, restoring the behavior that existed before PR
#1993

<h3>Confidence Score: 5/5</h3>


- This PR is safe to merge with minimal risk
- The changes are well-architected and leverage Virtuoso's built-in
functionality instead of reinventing scroll tracking logic. The fix
directly addresses the reported issue by making `followOutput`
conditional on user position, which is the correct approach for this
library.
- No files require special attention

<h3>Important Files Changed</h3>




| Filename | Overview |
|----------|----------|
| src/components/ChatPanel.tsx | Refactored scroll handling to delegate
to Virtuoso's native `atBottomStateChange`, removed custom scroll
tracking logic and manual scroll event listeners |
| src/components/chat/MessagesList.tsx | Added `atBottomStateChange` and
conditional `followOutput` to Virtuoso, allowing users to scroll up
while streaming without forced auto-scroll |

</details>



<h3>Sequence Diagram</h3>

```mermaid
sequenceDiagram
    participant User
    participant ChatPanel
    participant MessagesList
    participant Virtuoso
    
    Note over User,Virtuoso: Streaming Scenario
    User->>MessagesList: Scrolls to read earlier messages
    Virtuoso->>Virtuoso: Detects scroll position > 150px from bottom
    Virtuoso->>MessagesList: atBottomStateChange(false)
    MessagesList->>ChatPanel: onScrollStateChange(false)
    ChatPanel->>ChatPanel: setShowScrollButton(true)
    
    Note over Virtuoso: New message chunk arrives
    Virtuoso->>Virtuoso: followOutput((isAtBottom) => isAtBottom && isStreaming ? "smooth" : false)
    Virtuoso->>Virtuoso: Returns false (user scrolled away)
    Virtuoso->>Virtuoso: Does NOT auto-scroll
    
    Note over User,Virtuoso: User Returns to Bottom
    User->>ChatPanel: Clicks scroll-to-bottom button
    ChatPanel->>MessagesList: scrollToBottom("smooth")
    MessagesList->>Virtuoso: scrollIntoView on messagesEndRef
    Virtuoso->>Virtuoso: Scrolls to bottom
    Virtuoso->>MessagesList: atBottomStateChange(true)
    MessagesList->>ChatPanel: onScrollStateChange(true)
    ChatPanel->>ChatPanel: setShowScrollButton(false)
    
    Note over Virtuoso: Subsequent message chunks
    Virtuoso->>Virtuoso: followOutput returns "smooth" (isAtBottom = true)
    Virtuoso->>Virtuoso: Auto-scrolls smoothly
```

<!-- greptile_other_comments_section -->

<!-- /greptile_comment -->


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Improves chat scrolling reliability across production (Virtuoso) and
test modes.
> 
> - Integrates `MessagesList` with Virtuoso `scrollerRef` and
conditional `followOutput` (auto-scroll only when `isStreaming` and
within ~280px of bottom), with proper listener cleanup
> - Centralizes scroll tracking in `ChatPanel` using
`distanceFromBottomRef` and a timeout to debounce user scrolling;
toggles a "scroll to bottom" button when scrolled away
> - Adds test-mode behavior: non-virtualized rendering, container scroll
listeners, and manual auto-scroll near bottom
> - Ensures smooth scroll-to-bottom after streaming completes; applies
`overflow-y-auto` and passes new props (`onScrollerRef`,
`distanceFromBottomRef`, `isUserScrolling`) between components
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
2307453c7f1ad721d6eca9cfc5a9a24224f5da26. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
76800249a715fd264b17db61ca0813ba892cb1d6. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
42d84531e99ac84b5576f6c490a36813706d8c25. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Adds a debug job to the Claude PR review workflow for easier CI
troubleshooting.
> 
> - New `debug-author` job prints `user.login`, `author_association`,
`event_name`, and `action` on `pull_request_target` events
> - No app code changes; only CI workflow updates
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
34e5e4b30a370701a608281e2368ce5428ba6897. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Added a debug job to the Claude PR review workflow to print PR author,
author_association, and event details for easier CI troubleshooting.
Updated the chat input e2e test to expect the send button remains
disabled after approving a proposal.

<sup>Written for commit 34e5e4b30a370701a608281e2368ce5428ba6897.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Workflows**
> 
> - Updates `playwright-comment.yml` to reliably find the associated PR,
including forks: extracts `head_branch`/`head_repository`, logs context,
and falls back to `pulls.list` with `head: "owner:branch"` when commit
association lookup returns no PR.
> - Revises `claude-pr-review.yml` to use `pull_request_target`,
restricts execution via `author_association` (`OWNER`/`MEMBER`), and
checks out the PR head repo/ref explicitly for fork safety.
> - Configures the Claude action with `github_token` (OIDC bypass),
`allowed_non_write_users`, and disables `track_progress`;
trims/clarifies review prompt guidelines.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
8267093820bd968db57167a37b2d2570e94fe010. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes the Playwright comment workflow so it reliably finds the
associated PR, including PRs from forks. Updates the Claude PR Review
workflow to run safely on forked PRs and only for org members.

- **Bug Fixes**
- Playwright: add fallback search by head owner:branch; better logging
(SHA, branch, owner) to post to the right PR.
- Claude PR Review: switch to pull_request_target with OWNER/MEMBER
filter; checkout fork head; disable progress; drop id-token.

<sup>Written for commit 8267093820bd968db57167a37b2d2570e94fe010.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->



<!-- greptile_comment -->

<h3>Greptile Summary</h3>


This PR restores the fallback mechanism for finding PR numbers from
forked repositories. The previous commit (41a46a9b) inadvertently removed
the fork PR detection logic, breaking Playwright comment posting for
external contributors. This fix re-introduces a two-method approach:

- **Method 1**: Uses `listPullRequestsAssociatedWithCommit` (works for
same-repo PRs)
- **Method 2**: Falls back to `pulls.list` with `head: "owner:branch"`
when Method 1 fails (handles fork PRs)

The change extracts additional context (`head_branch`,
`head_repository.owner.login`) from the workflow run payload and adds
improved logging for debugging PR lookups.

<h3>Confidence Score: 5/5</h3>


- This PR is safe to merge with no risk
- The change restores critical functionality that was accidentally
removed in the previous commit. The implementation is correct,
well-commented, and follows GitHub Actions best practices. No logic
errors, security issues, or breaking changes detected.
- No files require special attention

<h3>Important Files Changed</h3>




| Filename | Overview |
|----------|----------|
| .github/workflows/playwright-comment.yml | Added fallback logic for
fork PRs by searching head branch when commit lookup fails |

</details>



<h3>Sequence Diagram</h3>

```mermaid
sequenceDiagram
    participant CI as CI Workflow
    participant WR as Workflow Run Event
    participant GH as GitHub API
    participant Script as PR Lookup Script
    
    CI->>WR: Completes (triggers workflow_run)
    WR->>Script: Provides head_sha, head_branch, head_repository
    Script->>Script: Extract sha, headBranch, headRepoOwner
    
    Script->>GH: listPullRequestsAssociatedWithCommit(sha)
    alt Commit found (same-repo PRs)
        GH-->>Script: Returns PR data
        Script->>Script: Set PR number output
    else No PR found
        Script->>Script: Check if headRepoOwner & headBranch exist
        alt Fork PR fallback
            Script->>GH: pulls.list(head: "owner:branch")
            GH-->>Script: Returns PR from fork
            Script->>Script: Set PR number output
        else Still no PR
            Script->>Script: Set empty output (skip commenting)
        end
    end
    
    Script->>WR: Output PR number or empty
    
    alt PR found
        WR->>Script: Download artifacts & generate comment
        Script->>GH: Post/update PR comment
    else No PR
        WR->>WR: Skip remaining steps
    end
```

<!-- greptile_other_comments_section -->

<!-- /greptile_comment -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Improves reliability of the Playwright comment workflow by deriving
the PR from the `workflow_run` commit and gating execution accordingly.
> 
> - Add `actions/github-script` step to look up PR via
`listPullRequestsAssociatedWithCommit` and expose
`steps.pr.outputs.number`
> - Conditionally skip all subsequent steps when no PR is found; remove
job-level `if`
> - Checkout base branch using `workflow_run.base_ref`; update
`PR_NUMBER` to use the step output
> - Use `types: [completed]` for `workflow_run` and remove
`if-no-artifact-found` options on artifact downloads
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
581369150b84ba4bc6a680f309f78afd399d93ca. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Fixes the Playwright report comment workflow so it reliably posts to the
correct PR, including from forks. Skips cleanly when the CI run isn’t
tied to a PR.

- **Bug Fixes**
- Resolve PR by commit SHA via listPullRequestsAssociatedWithCommit;
works when workflow_run.pull_requests is empty (e.g., forks).
- Add early exit and guard all steps behind a PR check to avoid running
on push/scheduled builds.
- Checkout base_ref and pass the resolved PR number to the summary
comment step.

<sup>Written for commit 581369150b84ba4bc6a680f309f78afd399d93ca.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Moves Windows code signing to a Forge `postMake` hook and removes the
previous MakerSquirrel hook.
> 
> - Adds `postMake` to iterate `makeResults` and sign Windows `.exe`
artifacts via `signtool` using `SM_CODE_SIGNING_CERT_SHA1_HASH`
> - Introduces `signWindowsExecutable` and `SIGNTOOL_PATH` in
`forge.config.ts`; logs and skips when env var is absent
> - Simplifies `MakerSquirrel` config (removes `windowsSign`) and
deletes `scripts/windows-sign-hook.js`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
50432058855cce4a688a4be81fb692e705c6db71. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Moved Windows code signing to Electron Forge’s postMake hook and now
sign all .exe artifacts (installer and Setup.exe) on win32 builds. This
ensures consistent signing across architectures and removes the custom
MakerSquirrel hook.

- **Refactors**
- Sign Windows artifacts in postMake using DigiCert’s signtool bundled
with electron-winstaller.
- Removed MakerSquirrel windowsSign config and
scripts/windows-sign-hook.js.
- Signing runs only when SM_CODE_SIGNING_CERT_SHA1_HASH is set;
otherwise it logs and skips.

<sup>Written for commit 50432058855cce4a688a4be81fb692e705c6db71.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- greptile_comment -->

<h3>Greptile Summary</h3>


Refactored Windows code signing from MakerSquirrel's `hookModulePath`
approach to Electron Forge's `postMake` hook, consolidating signing
logic directly in `forge.config.ts`.

**Key Changes:**
- Moved signing logic from `scripts/windows-sign-hook.js` to `postMake`
hook in `forge.config.ts`
- Changed signing scope from only `dyad.exe` to all `.exe` files
(Squirrel installer and Setup.exe)
- Removed cert hash redaction from logging that was present in the
previous implementation
- Simplified to use TypeScript instead of CommonJS module

**Behavioral Changes:**
- The PR reverses commit 9107ec7c which specifically restricted signing
to only `dyad.exe` to "avoid signing other files and prevent CI signing
errors"
- Comment on line 138 indicates signing all `.exe` files is intentional,
but this should be verified against the reasoning in the earlier commit

<h3>Confidence Score: 3/5</h3>


- This PR refactors code signing with a significant behavioral change
that needs verification
- The refactoring itself is clean and consolidates signing logic
appropriately, but it introduces two concerns: (1) expands signing from
just `dyad.exe` to all `.exe` files, reversing a previous intentional
restriction, and (2) removes cert hash redaction from logs. The
intentionality of signing all executables should be confirmed.
- Verify `forge.config.ts` line 139 behavior matches intent - signing
all .exe files vs only dyad.exe

<h3>Important Files Changed</h3>




| Filename | Overview |
|----------|----------|
| forge.config.ts | Moved Windows signing from MakerSquirrel hook to
postMake hook, now signs all .exe files instead of just dyad.exe,
removed cert hash redaction from logs |
| scripts/windows-sign-hook.js | Deleted file - signing logic moved to
forge.config.ts postMake hook |

</details>



<h3>Sequence Diagram</h3>

```mermaid
sequenceDiagram
    participant Forge as Electron Forge
    participant PM as postMake Hook
    participant Sign as signWindowsExecutable()
    participant ST as signtool.exe
    participant DC as DigiCert Timestamp

    Forge->>Forge: Run makers (MakerSquirrel, etc)
    Forge->>PM: Call postMake with makeResults
    
    loop For each result in makeResults
        PM->>PM: Check if platform === "win32"
        alt Windows platform
            PM->>PM: Log "Processing Windows artifacts"
            loop For each artifact
                PM->>PM: Check if filename ends with .exe
                alt Is .exe file
                    PM->>Sign: signWindowsExecutable(artifact)
                    Sign->>Sign: Check SM_CODE_SIGNING_CERT_SHA1_HASH env var
                    alt Cert hash not set
                        Sign->>PM: Return (skip signing)
                    else Cert hash set
                        Sign->>Sign: Build signtool command with cert hash
                        Sign->>ST: execSync signtool.exe sign /sha1 [hash] [params] [file]
                        ST->>DC: Request timestamp from timestamp.digicert.com
                        DC->>ST: Return timestamp
                        alt Signing successful
                            ST->>Sign: Success
                            Sign->>PM: Log "Signing successful"
                        else Signing failed
                            ST->>Sign: Error
                            Sign->>PM: Throw error
                        end
                    end
                end
            end
        end
    end
    
    PM->>Forge: Return makeResults
```

<!-- greptile_other_comments_section -->

<!-- /greptile_comment -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Improves release workflow logging and visibility during publishing.
> 
> - Run `electron-forge publish` directly instead of `npm run publish`
to surface full logs
> - Expand `DEBUG` to
`"@electron/*,electron-forge:*,electron-windows-installer:main"` for
granular Electron Forge and Windows installer output in `release.yml`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
498d93aff656dc635bc60880a3887d3d67ddf291. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Expose detailed Electron Forge logs in the release workflow by running
electron-forge publish directly (instead of npm) and setting DEBUG to
"@electron/*,electron-forge:*,electron-windows-installer:main". This
improves visibility and makes publish failures easier to debug.

<sup>Written for commit 498d93aff656dc635bc60880a3887d3d67ddf291.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->



<!-- greptile_comment -->

<h3>Greptile Summary</h3>


This PR improves debugging capabilities for the release workflow by
enhancing electron-forge logging. It adds more granular DEBUG flags
(`electron-forge:*` and `electron-windows-installer:main`) and switches
from `npm run publish` to direct `electron-forge publish` execution to
prevent npm from suppressing logs, following electron-forge's official
support documentation.

- Added more comprehensive DEBUG environment variables for better
visibility into the build process
- Changed to direct `electron-forge publish` command to ensure logs are
properly captured
- Removed implicit `npm run clean` step (redundant in CI environment
with fresh checkout)

<h3>Confidence Score: 5/5</h3>


- This PR is safe to merge with no risk
- The changes are minimal and focused on improving debugging visibility.
Switching from `npm run publish` to `electron-forge publish` only
removes the redundant clean step, which is unnecessary in CI
environments that start from fresh checkouts. The additional DEBUG flags
provide better logging without changing any build logic.
- No files require special attention

<h3>Important Files Changed</h3>




| Filename | Overview |
|----------|----------|
| .github/workflows/release.yml | Enhanced debug logging and switched to
direct `electron-forge publish` for better log visibility |

</details>



<h3>Sequence Diagram</h3>

```mermaid
sequenceDiagram
    participant GHA as GitHub Actions
    participant WF as Release Workflow
    participant NPM as npm
    participant EF as electron-forge
    participant Logger as Debug Logger

    Note over GHA,Logger: Previous Flow (npm run publish)
    GHA->>WF: Trigger release workflow
    WF->>NPM: npm run publish
    NPM->>NPM: Execute clean script
    NPM->>EF: electron-forge publish
    EF->>Logger: Log output (suppressed by npm)
    Logger-->>NPM: Limited logs
    NPM-->>WF: Exit code only

    Note over GHA,Logger: New Flow (direct electron-forge)
    GHA->>WF: Trigger release workflow
    WF->>EF: electron-forge publish (direct)
    activate Logger
    Note over Logger: DEBUG=@electron/*,<br/>electron-forge:*,<br/>electron-windows-installer:main
    EF->>Logger: Full debug logs
    Logger-->>WF: Complete logs visible
    deactivate Logger
    EF-->>WF: Exit code + logs
```

<!-- greptile_other_comments_section -->

<!-- /greptile_comment -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Improves observability of Windows signing during releases.
> 
> - Enable Electron Forge debug output in the workflow by setting
`DEBUG="@electron/*"` during `Publish app`
> - Turn on `windowsSign.debug` in `forge.config.ts`
> - Add detailed, redacted logging and error handling to
`scripts/windows-sign-hook.js` (logs inputs, command, success/failure;
still only signs `dyad.exe`)
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
bfdbc12a7a0e5a5eb0810a3303e732c6ad0a4eef. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Enable verbose debugging for Windows code signing to make CI signing
issues easier to diagnose. Adds detailed logs in the signing hook and
enables Electron Forge debug output during release.

- **New Features**
- Set DEBUG="@electron/*" in the release workflow to capture
Forge/Squirrel logs.
  - Enable windowsSign.debug in forge.config.
- Add verbose logging and error handling in windows-sign-hook (inputs,
command, success/failure).

<sup>Written for commit bfdbc12a7a0e5a5eb0810a3303e732c6ad0a4eef.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->