<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3254"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Adds chat mode persistence to chats so Ask, Build, and Plan are
remembered per conversation.
- Resolves effective chat mode for chat creation and streaming paths,
including fallback metadata for the UI.
- Updates chat mode hooks, selectors, tab flows, and coverage for
persistence behavior.

## Test plan
- npm run fmt && npm run lint:fix && npm run ts
- npm test
- npm run build
- PLAYWRIGHT_HTML_OPEN=never npm run e2e -- e2e-tests/chat_mode.spec.ts

Generated with Codex

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3249"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>

@azizmejri1 - I added an info banner with a link to
https://neon.com/docs/auth/production-checklist#email-provider under the
email verification toggle so users know to not rely on it for production

<img width="506" height="377" alt="image"
src="https://github.com/user-attachments/assets/7f403de7-de2f-462e-84c0-8eb0779af87a"
/>

## Summary
- Add a compact, clickable info banner below the Neon email verification
toggle that recommends configuring a custom email provider for
production.
- Link opens the Neon Auth production checklist (email provider
section).
- Add `integrations.neon.customEmailProviderHint` strings for English,
Portuguese (Brazil), and Chinese (Simplified).

## Test plan
- Open Neon integration for a connected Next.js app and confirm the
banner appears under email verification with correct copy.
- Click the banner and confirm the Neon docs open in the browser.

## Summary
- Escape the keppo-bot[bot] Bash case pattern so it matches the literal
bot login.
- Add RyanGroch to the privileged CI author allow-list for E2E test
routing.

## Test plan
- npm run fmt && npm run lint:fix && npm run ts
- npm test

#skip-bugbot
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3248"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary

Fixes the 6 `TimeoutError: locator.click: ... element is not enabled`
failures in `chat_tabs.spec.ts` and `per_chat_input.spec.ts` on CI run
[24692456779](https://github.com/dyad-sh/dyad/actions/runs/24692456779)
caused by a Lexical/jotai race during chat switches.

## Root cause

Trace + screenshot from the failing shards show chat 2 with an empty
input and a disabled Send button the moment the second `sendPrompt()`
runs. The race:

1. `clickNewChat()` navigates to chat 2 (`selectedChatIdAtom` flips, URL
updates, `ChatInput` re-renders with `chatId=2`).
2. Playwright's `fill()` into the Lexical editor fires
`OnChangePlugin.onChange` before React has flushed the atom update for
this render cycle.
3. `chatInputValueAtom`'s writer is keyed off `selectedChatIdAtom`, so
the typed text gets stored under the **previous** chat's slot.
4. On the next render `ExternalValueSyncPlugin` sees `value=""` for chat
2 and resets the editor to empty.
5. `inputValue.trim()` is empty → Send button stays `disabled` → 30s
click timeout.

Only the *second* `sendPrompt()` after a `clickNewChat()` fails, and
it's flaky because it depends on render/event ordering.

## Fix

Wrap `click → fill` in `expect.toPass()` and assert the editor actually
contains the prompt and the Send button is enabled before clicking. On a
dropped fill the loop re-runs once atoms settle, eliminating the race
deterministically. No product changes.

## Test plan

- [x] `npm run fmt && npm run lint && npm run ts`
- [ ] CI: chat_tabs.spec.ts and per_chat_input.spec.ts pass on shards
1/2

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3246"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

## Summary

Adds a new skill, `dyad:deflake-e2e-from-run`, for root-causing E2E
failures from a specific CI run by reading the Playwright HTML report
artifacts directly — traces, screenshots, error-context, and app
stdout/stderr — instead of rebuilding and rerunning locally.

This complements the existing `deflake-e2e` and
`deflake-e2e-recent-commits` skills, which drive *discovery* by
repeat-running tests. This new skill is for when you already have a
failing run and want to root-cause fast.

## What the skill covers

- Downloading the merged `html-report` artifact with `gh run download -R
dyad-sh/dyad -n html-report`.
- `jq` queries against `results.json` for `unexpected` vs `flaky` test
buckets.
- Matching trace `.zip` hashes (paths in `results.json` are CI-side;
files are local in `/tmp/pw-report/data/`).
- Reading `test.trace` as JSONL to extract the step timeline.
- Correlating with app IPC logs that show up as `stderr`/`stdout` trace
events (gold for race-condition root-causing — e.g. `(proposal_handlers)
› IPC: get-proposal returned: …` at failure time).
- A short playbook of common failure shapes (disabled-button-after-fill,
navigation races, cross-test state) and their usual fixes.

Derived from the workflow used to root-cause #3246.

## Test plan

- [x] Skill file follows the same frontmatter format as existing skills
in `.claude/skills/`.
- [x] Verified via the use case in #3246 (full investigation done
end-to-end using exactly these steps).

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3247"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

closes #2416 
This PR addresses the following improvements and fixes in the chat
message UI for assistant messages:

Commit Hash Display: The commit hash is now shown as a sibling to the
commit message in the metadata row, following the commit message and
icon.
Minimal Tooltip: The tooltip for the commit hash now displays only the
commit hash itself (no commit message or extra text), providing a clean
and focused UX.
Copy-to-Clipboard: Users can copy the full commit hash by clicking the
hash or copy icon
<img width="769" height="199" alt="image"
src="https://github.com/user-attachments/assets/9b28db64-6521-4ee7-b46c-a3b9e8ee9389"
/>


<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3191"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3243"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

Closes #3185.

For context, a while back I had opened #2511 to close #1272. For some
reason the change got reverted, though, which I think is why #3185 was
opened.

This PR makes the essentially the same change as #2511, so it has the
"refactor" button tooltip show the full path of the file it's going to
refactor. #2511 also changed the width of the button, but I've changed
my mind on that.
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3237"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3241"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open in Devin Review">
  </picture>
</a>
<!-- devin-review-badge-end -->

### Context for review bots :

1.The agent can execute sql commands directly on production , this is
fine because they user may choose to start with a simple setup first and
use the production database directly (in a follow up PR we should give
the users the ability to sync dev branch to match production branch).The
user also has the possiblity to revert database changes .
2.Right now there’s no warning for destructive changes before migration
, this is fine for now as we're gonna add a follow up PR for this
3.When linking an existing neon project that doesnt have a developement
database , we're setting the default branch as the active branch . This
is fine because the user may prefer to start a simple setup at the
beginning and work directly on the production database , in addition
since the project was created outside dyad it may have a developement
branch named differently so it wouldnt be wise to auto create one here .
However, in a follow up PR we should allow the user to manually create
branches and sync dev branch to match production .
4.neon is only available for next.js now
5.We dont have enough tests for now, i am gonna add a follow-up PR to
cover this
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3178"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

This plan solves the React/Vite + Neon integration issue by adding a
server layer to the app using Nitro.

- Nitro deploys cleanly to Vercel

- API routes are automatically exposed as Vercel Functions

- it keeps the setup lightweight and requires minimal effort from both
the user and the AI agent
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3090"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

closes #3075 
Implements pause/resume functionality for the message queue processing
system, allowing users to pause automatic processing of queued messages
and selectively resume. Includes session-level persistence via
sessionStorage.


<img width="594" height="694" alt="Capture d&#39;écran 2026-03-26
045040"
src="https://github.com/user-attachments/assets/2cf9648f-7be1-466c-971c-e2e96faccd0d"
/>


9 comprehensive E2E test cases covering:
Pause/Resume button visibility
Pause functionality and message blocking
Resume processing
SessionStorage persistence (empty & non-empty cases)
Multiple pause/resume cycles
Per-chat isolation
Visual styling

When mid-turn compaction ran during a multi-step tool loop (e.g., after
web_crawl completed), injected user messages (like screenshots) were
registered at an array index based on the compacted message history. The
AI SDK's internal messages don't include the compaction summary, so in
subsequent steps the stale index caused the injected user message to
land between a tool_use and its tool_result, breaking the SDK's
validation.

Fix 1: Track the delta between compacted and SDK base message counts,
and adjust injection indices after prepareStepMessages runs so future
re-injections land at the correct position.

Fix 2: Add ensureToolResultOrdering() as a defensive safety net that
detects and fixes any user messages misplaced between tool_use/
tool_result pairs before returning from prepareStep.
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3213"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3194"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## What changed
- switch the cloud sandbox upload client to a multipart
manifest-plus-file request instead of JSON `Record<string, string>`
payloads
- read synced files as raw bytes for both full and incremental uploads
while preserving `replaceAll`, `deletedFiles`, and queued incremental
sync behavior
- update the fake cloud sandbox server and desktop-side tests to
validate multipart uploads and binary byte preservation

## Why
The previous upload path decoded files as UTF-8 strings before sending
them to the engine, which corrupted binary assets and broke cloud
previews for files like images, fonts, and wasm.

## Impact
Desktop cloud sandbox syncs now send byte-exact file contents to the
engine, including incremental syncs.

## Compatibility
- depends on the engine multipart upload support in
dyad-sh/dyad-llm-engine#146
- the engine PR keeps legacy JSON uploads available for older desktop
clients, but this desktop change is required for binary-safe uploads

## Validation
- `npm test -- src/ipc/utils/cloud_sandbox_provider.test.ts`
- `npm run ts`
- `npm run lint`
- `npm run fmt:check`

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3188"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>

## Summary
- replace context_manage snapshot assertions with narrower UI and
dump-path checks
- wait for context rows to appear or disappear before continuing so the
picker interactions are deterministic
- remove the obsolete context_manage snapshot baselines

## Test plan
- npm run build
- PLAYWRIGHT_RETRIES=0 PLAYWRIGHT_HTML_OPEN=never npm run e2e --
e2e-tests/context_manage.spec.ts --repeat-each=10
- npm run fmt
- npm run lint:fix
- npm run ts
- npm test

#skip-bugbot
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3187"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3179"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

- **Cloud sandbox**
- **docs: record session learnings**
- **settings: gate cloud sandbox behind experiment**
- **cloud: sync dirty paths incrementally**

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3177"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3183"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3176"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3173"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3172"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- remove unsupported `node-pty` artifacts before Windows signing runs,
including Darwin prebuild directories and the extra `bin` directory
- keep the supported Windows `node-pty` runtime binaries in place for
packaged app execution
- expand the Windows signing unit test to verify unsupported artifacts
are removed and Windows binaries remain

## Test plan
- npm run fmt
- npm run lint:fix
- npm run ts
- npm test

#skip-bugbot

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3171"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3170"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Claude <noreply@anthropic.com>

## Summary
- remove the two bundled node-pty PowerShell helper scripts before
Windows signing runs
- keep the Azure Trusted Signing flow unchanged for signable binaries
and libraries
- add a unit test covering the packaging cleanup helper

## Test plan
- npm run fmt
- npm run lint:fix
- npm run ts
- npm test

Generated with Claude Code
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3169"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3168"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

## Summary
- replace add-dependency command execution with a cross-platform
node-pty runner in the Electron main process
- preserve add-dependency output and failure handling while adding PTY
output normalization and command timeouts
- package node-pty correctly in Electron Forge by externalizing it from
Vite, rebuilding it, and unpacking its helper binaries

## Test plan
- npm run fmt
- npm run lint:fix
- npm run ts
- npm test
- npm run build

🤖 Generated with Claude Code
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3167"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: devin-ai-integration[bot] <158243242+devin-ai-integration[bot]@users.noreply.github.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3165"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Chat input state management to use per-chat values
 
 Closes #3128 
 
 
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3129"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

## Summary
- run Socket Firewall through `npx sfw@2.0.4` instead of relying on a
global install
- keep the socket firewall command path reproducible and avoid Windows
global path issues
- update command-shape assertions in the related IPC tests

## Test plan
- npm run fmt
- npm run lint:fix
- npm run ts
- npm test

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3163"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- accept `keppo-bot[bot]` in GitHub Actions author checks that read raw
`github.*` logins
- switch Claude PR Review to `allowed_bots: \"keppo-bot[bot]\"` instead
of treating the bot as a non-write user
- trust `copilot-pull-request-reviewer` in the PR comment-fixing skill

## Test plan
- `npm run fmt`
- `npm run lint:fix`
- `npm run ts`
- `npm test`

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3162"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>

This PR changes the SQLite database setting to use WAL (Write-Ahead
Logging) mode. From what I can tell, it should be an easy performance
improvement with no real downside for our case. Documentation is here:
https://sqlite.org/wal.html

Also, the [docs for
better-sqlite3](https://www.npmjs.com/package/better-sqlite3) explicitly
recommend it:

> Though not required, it is generally important to set the WAL pragma
for performance reasons.

I came across this as I was looking into the issue where the chat code
blocks slow down Dyad's framerate. I'm not entirely sure whether this is
related, but I did notice that sometimes database calls were taking a
lot longer than I expected, and that would cause Dyad's framerate to
drop significantly on my machine. This change seems to be an improvement
in that regard, so it might also have an effect on the code blocks issue
as well.

It's hard to accurately benchmark this because its effect is only
substantial when there are multiple database calls going on at the same
time. I can definitely attempt a benchmark if that would be worthwhile
though.
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3140"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3161"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Claude <noreply@anthropic.com>

Co-authored-by: Claude <noreply@anthropic.com>

## Summary
- stop the preview route dropdown from showing "Loading routes..." after
route discovery has already finished
- expand React Router discovery to scan common route files like
`src/routes/*`, `*routes.tsx`, and `router.tsx` instead of only
`src/App.tsx`
- add parser tests covering modular route files and merged route
discovery

## Test plan
- `npm run fmt && npm run lint:fix && npm run ts`
- `npm test`

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3158"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>

## Summary
- Adds a new right-click context menu option on chat tabs that reorders
tabs so they are grouped by app
- Within each app group the original relative order is preserved, and
app groups appear in the order their first tab was encountered
- The option is disabled when all open tabs belong to the same app
- Includes i18n support (en, pt-BR, zh-CN) and unit tests

Closes #3126

## Test plan
- Right-click on a chat tab and verify the "Group tabs by app" option
appears
- With tabs from multiple apps open, click the option and verify tabs
are reordered by app grouping
- With tabs from only one app, verify the option is disabled
- Run `npm test` — all 1003 tests pass

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3150"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>

Fixes #3139 

## Summary
- Fixes the bug where clicking **Sync to GitHub** on the Publish tab and
navigating away before the push finishes dropped the in-flight state —
the push actually continued in the main process, but on return the UI
showed neither success nor failure.
- Moves sync state (`isSyncing`, `syncError`, `syncSuccess`,
`conflicts`, rebase status, etc.) out of local `useState` in
`ConnectedGitHubConnector` and into a Jotai atom keyed by `appId`
(`src/atoms/githubSyncAtoms.ts`), so it survives unmount/remount.
- Adds success/error toasts on completion so users get feedback even
when they're viewing a different preview tab.

## Test plan
- [x] New unit tests in `src/atoms/githubSyncAtoms.test.tsx` verify
state is preserved across unmount/remount, that a "completion" happening
while unmounted is visible on remount, that state is isolated per
`appId`, and that `null` appId is a no-op.
- [x] `npm run ts` — clean
- [x] `npm run fmt` / `npm run lint:fix` — clean (only the pre-existing
unrelated warning in `local_agent_handler.test.ts`)
- [x] `npm test` — 1003/1003 passing
- [ ] Manual: click Sync to GitHub, immediately switch to Code tab,
switch back — spinner should still show (if still running) or the
success message should be visible (if finished); a toast should appear
on completion regardless of tab.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3151"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

## Summary
- add a default-on Experiments setting to block unsafe npm packages with
Socket Firewall
- wrap shared add-dependency installs in sfw when available and
bootstrap sfw via npm install -g sfw when it is missing
- surface firewall bootstrap warnings through build-mode approvals and
local-agent add_dependency flows, with tests for the new setting and
install path

## Test plan
- npm run fmt && npm run lint:fix && npm run ts
- npm test

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3152"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <7344640+wwwillchen@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3146"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>