## Summary
- Replaced manual `useState`/`useEffect` data fetching patterns with
React Query's `useQuery` and `useMutation` in `useSettings`,
`useLoadAppFile`, `useLoadApps`, `useAppVersion`, and related hooks
- Added centralized query keys for `system`, `settings`, `appFiles`, and
`github` domains in `queryKeys.ts`
- Added new `useGithubRepos` and `useSystemPlatform` hooks using React
Query
- Simplified `TitleBar` and `ImportAppDialog` to use the updated hook
interfaces

## Test plan
- All 784 unit tests pass
- Verify settings load correctly on app startup
- Verify file loading works in the code viewer
- Verify app list loads and refreshes properly
- Verify title bar shows correct app version

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2536"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches core loading paths (settings, app list, file reads) and
caching/invalidations, so regressions could show up as stale data or
missing refreshes; changes are mostly refactors with minimal behavioral
intent.
> 
> **Overview**
> **Migrates several app/system/settings data flows from local
state/Jotai-driven fetching to React Query.** `useLoadApps`,
`useLoadAppFile`, `useAppVersion`, and `useSettings` now use
`useQuery`/`useMutation` with cache updates and refresh via query
invalidation, and app favorites (`useAddAppToFavorite`) update the React
Query apps cache instead of an `appsListAtom` (which is removed).
> 
> Adds new React Query-powered hooks (`useSystemPlatform`,
`useGithubRepos`) and extends `queryKeys` with `system`, `settings`,
`appFiles`, and `github` domains; UI callers (`TitleBar`,
`ImportAppDialog`, `app-details`) are adjusted to consume the new hooks.
E2E favorite-app tests are hardened by hovering before clicks and using
a longer assertion timeout.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
c82dfca589d0186d25cec33a2453fc5b3f28520b. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Migrated core data fetching to React Query to standardize caching,
loading, and error handling. Cleaned up UI and tests, removed the apps
Jotai atom, and made refresh flows consistent via query invalidation.

- **Refactors**
- Replaced manual state/effect with useQuery/useMutation in useSettings,
useLoadApps, useLoadAppFile, and useAppVersion.
- Centralized query keys for system, settings, appFiles, and github in
queryKeys.ts.
- Removed appsListAtom; apps now read/write via React Query. Kept Jotai
sync for settings and env vars.
- Simplified TitleBar (uses useSystemPlatform), ImportAppDialog (uses
useGithubRepos), and app-details (reads apps from useLoadApps).
  - Updated useAddAppToFavorite to update the React Query cache.
- Reduced flakiness in favorite app e2e tests by hovering before clicks
and using a medium timeout.

- **New Features**
- Added useGithubRepos and useSystemPlatform hooks with session-level
caching.

<sup>Written for commit c82dfca589d0186d25cec33a2453fc5b3f28520b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2543"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

#skip-bb

The migration from Radix to Base UI broke file attachments because
calling e.preventDefault() in the onClick handler does not stop Base UI
menus from closing. Base UI relies on an internal closeOnClick mechanism
instead. As a result, when the menu closed, the portaled hidden <input
type="file"> elements were unmounted from the DOM before the user could
select a file.
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2541"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Fixes the file attachment menu so selecting “Attach chat context” or
“Upload to codebase” no longer closes the dropdown too early. Uses
closeOnClick={false} with direct onClick handlers to keep hidden inputs
mounted and make file selection reliable.

<sup>Written for commit afe8de3b5de300b8c2254418aa9bbd87d818c0bf.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

## Summary
- Extracted topic-specific learnings and guidelines from AGENTS.md into
9 separate files under `rules/` for better discoverability and
maintainability
- AGENTS.md now has a concise rules index table with "read when..."
descriptions so agents know which file to consult
- No content was lost — all learnings are preserved in their respective
rule files

## Test plan
- [x] Verify all rule files exist and contain the expected content
- [x] Verify AGENTS.md rules index links are correct
- [x] Lint, type checks, and tests all pass

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2540"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Modularized guidance from AGENTS.md into nine focused docs under rules/,
and added a concise rules index in AGENTS.md for quick navigation. No
content was removed; it’s now easier to find and maintain.

- **Refactors**
- Extracted topic docs into rules/: electron-ipc, e2e-testing,
git-workflow, base-ui-components, database-drizzle,
typescript-strict-mode, openai-reasoning-models, adding-settings,
chat-message-indicators.
- Updated .claude/commands/remember-learnings.md to write learnings to
rules/ (use AGENTS.md only when needed) and maintain the index when new
files are added.

<sup>Written for commit 7d217b84ce3d1e434f28a31bb6a2329c672d2bcf.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Fixed UI element occlusion bug where the "Copy" utility button was
unusable due to layout overlap with the language identifier label in
code blocks
- Added flexbox properties (gap, items-center, truncate, min-w-0,
flex-shrink-0) to ensure proper spacing and prevent overflow

## Test plan
- Open a chat with code blocks containing language labels (e.g.,
typescript, javascript)
- Verify the language label and copy button no longer overlap
- Test with narrow window widths to ensure the layout remains correct
- Click the copy button to confirm it's clickable and functional

Fixes #2466

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2533"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes an overlap in code blocks where the Copy button covered the
language label, so the button stays visible and clickable at all widths.
Fixes #2466.

- **Bug Fixes**
- Aligned header padding with pre (left/right 0, px-6) and added
gap-2/items-center for spacing.
- Applied truncate and min-w-0 to the language label to prevent
overflow.
  - Set the Copy button to flex-shrink-0 to avoid shrinking.

<sup>Written for commit 246b0df6569b41f813f0843b048125da8efe9830.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

Closes #1272.

Currently, the refactor suggestion button doesn't show the full path of
the file that it's going to refactor. This PR adds the file path in the
tooltip so that the user can see the path if they hover over the button.

I also took the liberty to make the button slightly wider by 20px. This
means that the button will typically show ~2-4 more characters than it
does currently, which I think makes it a bit easier at a glance to infer
which file the AI will refactor without needing to hover. For example,
if the suggestion is to refactor `src/components/big-file.tsx`, this
might make the difference of having the button show "Refactor
components/big-fil..." instead of "Refactor components/big...".
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2511"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Added the full file path to the refactor button tooltip for clarity.
Widened the button from 180px to 200px to show a few more characters in
the label.

<sup>Written for commit c8824c43fa66506ba6ced69b0c6675c4978ecaf9.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

Currently, after confirming the reset, there is no feedback in the
dialog to indicate that the operation has started, which makes it appear
as if the button is not working.
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2537"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Disable the reset confirmation button after confirmation and show
“Resetting…” to give clear feedback and prevent duplicate resets.

- **Bug Fixes**
- ConfirmationDialog: added confirmDisabled prop to control disabled
state and styling.
- Settings: when isResetting is true, disable confirm button and set
text to “Resetting…”.

<sup>Written for commit 02397273dcf8e04ae7b8b39fea2f58b767edc6b6.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

## Summary
This PR introduces a new `DyadCardPrimitives` component library and
refactors all Dyad markdown action cards to use these reusable
primitives. This improves consistency, reduces code duplication, and
makes styling changes easier to maintain across the codebase.

## Key Changes

- **New `DyadCardPrimitives.tsx`**: Created a comprehensive library of
reusable card components including:
- `DyadCard`: Main container with accent color support and state
indicators
  - `DyadCardHeader`: Header row with icon and flexible content area
  - `DyadBadge`: Small pill badges for card type labels
  - `DyadExpandIcon`: Animated chevron for expand/collapse
- `DyadStateIndicator`: Spinner/X/checkmark for pending/aborted/finished
states
  - `DyadCardContent`: Expandable content area with smooth animations
- `DyadFilePath`, `DyadDescription`, `DyadFinishedIcon`: Additional
utility components
- Support for 11 accent colors (blue, purple, violet, red, amber, green,
emerald, teal, sky, indigo, slate)

- **Refactored components** to use new primitives:
- `DyadAddDependency`: Simplified layout, improved package display
styling
- `DyadAddIntegration`: Consistent card styling for both pending and
completed states
  - `DyadCodeSearch`: Cleaner header with state indicator
  - `DyadCodeSearchResult`: Standardized file list display
  - `DyadCodebaseContext`: Unified expand/collapse behavior
  - `DyadDatabaseSchema`: Simplified header structure
  - `DyadDelete`: Consistent red accent styling
  - `DyadEdit`: Improved state indicators and layout
  - `DyadExecuteSql`: Cleaner SQL badge and state handling
  - And 19+ additional components

## Implementation Details

- All components now use semantic color tokens (`foreground`,
`muted-foreground`, `background-lightest`, etc.) for better dark mode
support
- Consistent spacing and sizing across all cards (px-3, py-2 for
headers, px-3 pb-3 for content)
- Smooth transitions for expand/collapse animations using `max-h` and
`opacity`
- Left border accent (3px) appears only when card is in pending or
aborted state
- Removed inline icon imports from individual components; now
centralized in primitives
- Improved accessibility with proper semantic HTML and ARIA attributes

https://claude.ai/code/session_01AAvVLShqeRjs42LhUdeK3e
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2482">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Large UI refactor across many chat card components and accessibility
attributes; primary risk is visual/interaction regressions and
snapshot/test churn rather than data/security impact.
> 
> **Overview**
> **Refactors Dyad chat “action cards” to a shared component library.**
Introduces `DyadCardPrimitives` (e.g., `DyadCard`, `DyadCardHeader`,
`DyadBadge`, `DyadStateIndicator`, `DyadCardContent`) and migrates many
markdown-rendered cards
(edit/write/delete/grep/logs/list-files/code-search, integrations, etc.)
to use these primitives for consistent styling, expand/collapse
behavior, and keyboard/ARIA interaction.
> 
> Updates E2E ARIA snapshots to match the new card structure and
accessibility tree, slightly tweaks chat message typography, bumps
`@playwright/test` to `^1.58.2`, and expands `lint-staged` formatting
(`oxfmt`) to include `*.json`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
e020627fdb8955d948d982cb525c929b0610ee77. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Refactored all Dyad markdown action cards to use new DyadCardPrimitives
for a consistent, accessible card UI with smoother interactions and
easier styling. Adds lazy-mounted content and keyboard-accessible
expand/collapse, reduces duplication, and improves dark mode across 28+
components.

- **New Features**
- Added DyadCardPrimitives: DyadCard, DyadCardHeader, DyadBadge,
DyadExpandIcon, DyadStateIndicator (with finished state),
DyadCardContent, plus helpers (DyadFilePath, DyadDescription,
DyadFinishedIcon).
- 11 accent colors with tinted icon circles and a left accent border
shown for pending/aborted states; showAccent prop for explicit control.
- Smooth expand/collapse using CSS grid with a rotating chevron;
DyadCardContent lazy-mounts heavy children.
  - Semantic color tokens for reliable light/dark theming.
- Improved accessibility: role="button", tabIndex, Enter/Space handlers,
and aria-expanded on interactive cards.

- **Refactors**
- Migrated 28+ markdown action cards (e.g., AddDependency, CodeSearch,
Edit, ExecuteSql, Status, WebSearch, Write) to the primitives; unified
headers, badges, spacing, state indicators, and expand/collapse
behavior.
- Fixed regressions: correct state extraction (Delete/Rename/Output),
restored children rendering (Delete/Read/Rename), passed isExpanded to
all interactive cards, click propagation fix in Grep.
- Removed per-component icon imports and ad‑hoc styles; net reduction of
~480 LOC.

<sup>Written for commit e020627fdb8955d948d982cb525c929b0610ee77.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2539"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Resolve stash merge conflicts in `app_handlers.ts` — use
`updateAppCommands` handler without `withLock`
- Resolve stash merge conflicts in `app_commands.spec.ts` — consolidate
into a single E2E test covering validation, cancel, configure/edit/clear
flows
- Include updated `test_helper.ts` and `package-lock.json`

## Test plan
- [ ] Verify `npm run ts` passes (type checks)
- [ ] Verify `npm test` passes (unit tests)
- [ ] Run app commands E2E test: `PLAYWRIGHT_HTML_OPEN=never npm run e2e
-- --grep "configure app commands"`

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2538"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Removes per-app locking from `updateAppCommands`, which could allow
concurrent updates to race and overwrite command values. Other changes
are test and dependency/lockfile adjustments with limited production
impact.
> 
> **Overview**
> Improves the app-commands E2E coverage by consolidating previously
separate tests into a single `configure app commands` flow that now
exercises **required-field validation**, **cancel**, **save/edit**, and
**clear-to-default** behavior end-to-end.
> 
> Updates the Playwright helper `waitForToastWithText` to use the shared
`Timeout.MEDIUM` default (instead of a fixed 5s) to reduce CI flakiness.
> 
> In `app_handlers.ts`, removes `withLock` usage from the
`updateAppCommands` IPC handler while keeping the same trimming +
“both-or-neither” validation before persisting commands. Also bumps the
app version to `0.36.0` and refreshes `package-lock.json` accordingly.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
4dfd2931629fee1d89af85a227c97981788fa0a9. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Resolved merge conflicts and finalized the app commands flow. Simplified
the updateAppCommands handler and consolidated E2E coverage to reduce
flakiness.

- **Refactors**
- updateAppCommands no longer uses withLock; validates paired commands
and updates the DB directly.
- Merged app commands E2E into a single test covering validation,
cancel, and configure/edit/clear flows.
- Standardized toast waiting to Timeout.MEDIUM in test_helper to reduce
flakes.
  - Updated package-lock.json to 0.36.0.

<sup>Written for commit 4dfd2931629fee1d89af85a227c97981788fa0a9.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Add the ability to configure install and start commands in the Configure
panel after an app has been created. Previously these were only
configurable when first importing an app.

Changes:
- Add updateAppCommands IPC contract and handler
- Add AppCommandsSection component in ConfigurePanel
- Allow users to view, edit, and clear custom commands
- Include validation requiring both commands when customizing
- Add E2E tests for the new feature

https://claude.ai/code/session_01RHmPUNG7Bdw9MC1DKQJX8g
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2433">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Moderate risk because it introduces a new IPC write path that persists
user-provided command strings and affects how apps will run, though
guarded by client/server validation and locking.
> 
> **Overview**
> Adds an **App Commands** card to `ConfigurePanel` that lets users view
default vs custom install/start commands, edit them with client-side
validation (both required), cancel edits, and clear back to defaults.
> 
> Introduces a new IPC contract `updateAppCommands` plus a main-process
handler that trims inputs, enforces *both-or-neither* semantics, updates
the `apps` record under `withLock`, and triggers UI refresh/toasts.
> 
> Adds Playwright E2E coverage for configure/edit/clear flows,
validation behavior, and canceling edits.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
3f0abe3b8f9ed2483ed27d537dd874e4caa66fcf. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Let users configure custom install and start commands from the Configure
panel after an app is created. Defaults to “pnpm install && pnpm dev”
when unset, and both fields are required when customizing.

- **New Features**
- Configure, edit, or clear custom install/start commands in
ConfigurePanel.
- Added updateAppCommands IPC contract and handler to persist commands.
- E2E tests cover happy path, validation (both required), cancel, and
clear flows.

- **Bug Fixes**
- Prevent overwriting edits on refetch; fix custom commands check (AND),
and update default-state message.
- Enforce server-side validation (both commands set together or both
cleared) and remove sensitive command content from logs.

<sup>Written for commit 3f0abe3b8f9ed2483ed27d537dd874e4caa66fcf.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

## Summary
- Update pr-push skill to default to staging files when in doubt, rather
than being overly cautious
- Narrow the exclusion list to only true secrets/artifacts (`.env`,
keys, `node_modules`, etc.)
- Remove vague exclusion language about "temporary files" and "personal
configuration"

#skip-bugbot

## Test plan
- Run `/dyad:pr-push` and verify the updated behavior stages files more
aggressively

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2530"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Make /dyad:pr-push stage and commit files more aggressively with a tight
exclude list, while improving safety and reliability of the push flow.
Blocks pushes to main, runs checks/tests, tracks tasks, and detects the
right remote.

- **New Features**
- Stage most changes by default; only exclude true secrets/artifacts
(.env, keys, .DS_Store, node_modules, *.log).
  - Remove vague exclusions for “temporary files” or personal configs.
- Prevent pushing on main/master; auto-create and switch to a feature
branch when needed.
- Inline checks: run fmt, lint --fix, type-check, and npm test; amend if
tools change files.
- Use TaskCreate/TaskUpdate to track progress and provide a clear
summary.
- Capture session learnings before lint; commit AGENTS.md updates when
present.
- Auto-detect the correct remote (handles forks), set upstream; push
with --force-with-lease; never pull/rebase from a fork—only from
upstream.
- If no PR exists, create one and add cc:request for non-trivial
changes.

<sup>Written for commit fc6933aeb2e26e743805e65b4e0e92462d8eb7c2.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Add `include_hidden` parameter to the `list_files` tool schema that
allows including .dyad files (normally git-ignored) in results
- Update UI components (`DyadListFiles`, `DyadMarkdownParser`) to
display "(include hidden)" indicator when the option is used
- Add E2E test to verify the new functionality works correctly

## Test plan
- [x] E2E test for `list_files` with `include_hidden=true` added
- [x] All existing tests pass
- [x] Lint and type checks pass

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2526"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds an include_hidden option to the list_files tool so the agent can
include .dyad files in results when needed. Updates the UI label and
consent preview, and adds an e2e test to cover the behavior.

- **New Features**
- Tool: include_hidden boolean (default false). When true, includes
.dyad files from the app root (regardless of directory filter), expands
the ignore list, dedupes/sorts results, and updates consent preview and
counts.
- UI: DyadListFiles shows “(include hidden)” when used; Markdown parser
passes the attribute through.
- Tests: Adds minimal-with-dyad fixture and e2e to verify .dyad files
appear in the list and snapshot.

<sup>Written for commit a60579274594888e75fd9cb9d4d6ce5437255b16.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

#skip-bb

## Summary
- Handle 403 Forbidden errors gracefully when listing Supabase branches
- Return empty array instead of throwing error for free tier users
without branch access
- Allows free tier users to continue using other Supabase features
without error toasts

Fixes #2525

## Test plan
- Verified all 784 unit tests pass
- Existing E2E test (`supabase_branch.spec.ts`) continues to work for
paid tier (test mode returns mock data)
- Free tier users should now see no branches available instead of an
error toast

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2527"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Show a clear inline message when Supabase branch listing returns 403 for
free‑tier projects, and suppress error toasts so users can keep using
other Supabase features (addresses #2525).

- **Bug Fixes**
- Detect 403 from branches API and show “Branches are only supported for
Supabase paid customers” in the UI; no toast.
- Removed toast meta from the branches query and added getErrorMessage
to clean up IPC-wrapped errors.
  - Other statuses keep existing handling; paid tier behavior unchanged.

<sup>Written for commit eb414f84c5c4ff44a4f6f152aae5c395903430b3.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Add `claude_args: --model claude-opus-4-6` to the pr-review-responder
workflow so it uses Opus 4.6

#skip-bugbot

## Test plan
- Verify the workflow YAML is valid
- Confirm both CI workflows specify `claude-opus-4-6` via `claude_args`

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2531"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Set the pr-review-responder GitHub Actions workflow to use Claude Opus
4.6 by adding claude_args: --model claude-opus-4-6, so PR review runs on
the intended model.

<sup>Written for commit f7bb9047549c88d41888e49dd98cf6ae865966ea.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Updated the code health reviewer role to explicitly check for **dead
infrastructure**: DB migrations creating unused tables, API endpoints
with no callers, config entries nothing references
- Added cross-referencing guidance to the teammate prompt template so
all reviewers verify schema/infra changes against actual code usage

## Context
During review of PR #2370, the swarm review missed that a `plans` DB
table migration was created but the implementation used file-based
storage instead. This update ensures future reviews catch such
mismatches.

## Test plan
- [x] No code changes, only `.claude/skills/` markdown files updated
- [x] Lint, type checks, and all 784 tests pass

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2529"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Improves the swarm PR review to catch dead infrastructure by adding
explicit checks and cross-referencing of schema/API/config changes
against actual usage. Prevents misses like unused DB tables by updating
reviewer roles, prompts, and enabling agent teams.

- **New Features**
- Added dead infrastructure checks to the code health reviewer (DB
migrations, endpoints, configs) with severity guidance.
- Added a standardized swarm review skill (SKILL.md + role refs) and
updated prompts to enforce cross-referencing against code usage.
- Enabled agent teams via settings
(CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1); no runtime code changes.

<sup>Written for commit 78e829037cc0bc66382502b25092184f5d8f05ae.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2528"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes the PR review responder so pushes go to the PR’s fork instead of
the base repo on forked PRs. Exposes the head repository and sets
origin’s pushurl to ensure correct push behavior.

- **Bug Fixes**
- Exposes head_repo from workflow_run (run.head_repository.full_name)
for later steps.
- Adds a step to set origin’s pushurl to the PR’s head repo using
GITHUB_TOKEN, preventing accidental pushes to the base repo after
claude-code-action rewrites origin.

<sup>Written for commit 9ca429753073a667b554987f3ab3e6f03a14355b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Will Chen <willchen90@gmail.com>

…builds

https://github.com/dyad-sh/dyad/actions/runs/21731969067/job/62688473027

#skip-bb

logs:

```
   > Name: Developer ID Application: William Chen (***) 
   > Hash: 90560E040ED522CFE1B4FA8068B4FFDECD6E193F
  2026-02-05T23:16:18.906Z electron-osx-sign Found 1 identity.
  2026-02-05T23:16:18.906Z electron-osx-sign Pre-sign operation enabled for provisioning profile: 
   * Disable by setting `pre-embed-provisioning-profile` to `false`.
  2026-02-05T23:16:18.907Z electron-osx-sign No `provisioning-profile` passed in arguments, will find in current working directory and in user library...
  ✖ Finalizing package [FAILED: ENOENT: no such file or directory, stat '/Users/runner/work/dyad/dyad/CLAUDE.md']
  ✖ Packaging for x64 on darwin [FAILED: ENOENT: no such file or directory, stat '/Users/runner/work/dyad/dyad/CLAUDE.md']
  ✖ Packaging application [FAILED: ENOENT: no such file or directory, stat '/Users/runner/work/dyad/dyad/CLAUDE.md']
  ✖ Running package command [FAILED: ENOENT: no such file or directory, stat '/Users/runner/work/dyad/dyad/CLAUDE.md']
  ✖ Running make command [FAILED: ENOENT: no such file or directory, stat '/Users/runner/work/dyad/dyad/CLAUDE.md']
  25h
  An unhandled rejection has occurred inside Forge:
  Error: ENOENT: no such file or directory, stat '/Users/runner/work/dyad/dyad/CLAUDE.md'
  2026-02-05T23:16:18.910Z electron-forge:plugin:vite handling process exit with: { cleanup: true }
  2026-02-05T23:16:18.910Z electron-forge:plugin:vite handling process exit with: { cleanup: true }
  2026-02-05T23:16:18.910Z electron-forge:plugin:vite handling process exit with: { cleanup: true }
```
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2522"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2521"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2520"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Increase chat list panel width from 240px to 272px and app item width
from 190px to 206px for better readability
- Adjust overall sidebar width from 18rem to 19rem and icon column from
5rem to 4.5rem

## Test plan
- Open the app and verify sidebar renders at the new width
- Verify chat list items and app items display correctly without
truncation
- Verify icon column alignment looks correct

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2519"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Widened the chat list panel (240px→272px) and app item width
(190px→206px), and adjusted the sidebar (18rem→19rem) and icon column
(5rem→4.5rem) to improve readability and alignment.

<sup>Written for commit 5b43043809979d2b09e7b86cfdae9c2b2f757241.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Purely presentational layout tweaks (Tailwind widths/CSS vars) with no
changes to data flow, auth, or persistence logic.
> 
> **Overview**
> Increases the right-hand panel width in `app-sidebar.tsx`
(chat/apps/settings/library lists) and the per-row width in `AppItem` to
reduce truncation.
> 
> Updates global sidebar sizing constants in `ui/sidebar.tsx`, widening
the expanded sidebar while slightly narrowing the collapsed icon rail to
rebalance spacing.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5b43043809979d2b09e7b86cfdae9c2b2f757241. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Trims whitespace from API keys and secrets during both encryption and
decryption in `src/main/settings.ts`
- Prevents issues caused by accidental leading/trailing whitespace or
newlines in API keys (e.g., from copy-paste)
- Adds comprehensive tests for the `encrypt`, `decrypt`, and
`readSettings` whitespace trimming behavior

## Test plan
- [x] Unit tests added for `encrypt()` trimming whitespace before
encrypting
- [x] Unit tests added for `decrypt()` trimming whitespace from both
plaintext and electron-safe-storage secrets
- [x] Unit tests added for `readSettings()` trimming whitespace from
decrypted API keys
- [x] All 784 existing tests pass

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2518"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
d24002f59f18428d78ce55d11e82d4800425d3eb. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Trim whitespace from API keys and secrets during encryption, decryption,
and settings reads to prevent auth failures from copy‑pasted spaces or
newlines. Ensures consistent storage and use of secrets across
providers.

- **Bug Fixes**
  - encrypt(): trims input before encrypting or storing plaintext
- decrypt(): trims decrypted strings for both electron-safe-storage and
plaintext
- readSettings(): trims whitespace from decrypted and plaintext secrets
- Added unit tests for encrypt, decrypt, and readSettings trimming
behavior

<sup>Written for commit d24002f59f18428d78ce55d11e82d4800425d3eb.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Automatically compact long conversations when approaching context window
limits (80% of model context or 180k tokens, whichever is first).

Changes:
- Add enableContextCompaction setting (default: enabled) in Settings >
AI
- Add database fields to track compaction state and backup paths
- Create compaction handler that generates structured summaries via LLM
- Store original messages in app data directory before compaction
- Show visual indicator using dyad-status tag when compaction occurs
- Integrate compaction checks into local_agent_handler
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2515"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches core `local-agent` chat streaming and adds new
persistence/migration paths plus LLM-driven summarization, so
regressions could affect message ordering/history sent to models. Scoped
behind a setting (default on) with added unit/E2E tests, reducing risk.
> 
> **Overview**
> Adds **automatic context compaction** for `local-agent` chats: when
token usage crosses a threshold, the chat is marked for compaction and
the next turn generates an LLM summary, stores an XML transcript backup
under `.dyad/chats/<id>/compaction-*.md`, and inserts a
`is_compaction_summary` assistant message with a new `<dyad-compaction>`
indicator.
> 
> Introduces a user-facing toggle `enableContextCompaction` (default on)
wired into settings schema/defaults/search and Settings UI, plus new DB
fields on `chats` (`pending_compaction`, `compacted_at`,
`compaction_backup_path`) and `messages` (`is_compaction_summary`).
Updates local-agent streaming to (a) run pending compaction before
processing, (b) send only post-compaction history to the LLM, and (c)
update the correct placeholder message by ID to avoid overwriting the
compaction summary; includes new unit/E2E coverage and test-fixture
support for streaming usage data/snapshot scrubbing.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
df1cdaacbe3e9f3fb47473a3e6965e302a75fe7a. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds automatic context compaction for local-agent mode to summarize long
conversations when token usage reaches 80% of the model’s context window
or 180k tokens. Original messages are preserved and backed up, a
structured summary is inserted, and a dyad-compaction indicator is
shown.

- **New Features**
- New toggle in Settings > AI: enableContextCompaction (default on) with
UI switch and searchable setting.
- DB fields to track compaction and backups (chats: compacted_at,
compaction_backup_path, pending_compaction; messages:
is_compaction_summary).
- Compaction handler backs up LLM-visible messages to
.dyad/chats/<chatId>/compaction-*.md, generates structured summaries
with a system prompt, inserts a summary message, and emits
chat:compaction:complete.
- Local-agent flow: pending compaction runs at the start of the next
turn; LLM history includes only post-compaction messages; streaming
updates target the placeholder message by ID to avoid overwriting the
summary.
- Token threshold checks integrated into local_agent_handler (min(80% of
context window, 180k)).

<sup>Written for commit df1cdaacbe3e9f3fb47473a3e6965e302a75fe7a.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Add `start_line_one_indexed` and `end_line_one_indexed_inclusive`
optional parameters to the `read_file` agent tool, allowing the agent to
read specific line ranges from files
- Update consent preview to display line range (e.g., "Read src/App.tsx
(lines 10-50)") and XML builder to include `start_line`/`end_line`
attributes
- Add comprehensive unit tests (36 tests) with minimal mocking, using
real temp files on disk

## Test plan
- [x] All 36 new unit tests pass covering: schema validation, full file
reads, start-only, end-only, both params, edge cases (out-of-bounds
clamping, start > end, empty files, single-line files), consent preview,
and XML builder
- [x] All 747 existing tests pass (no regressions)
- [x] Lint, formatting, and type checks pass

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2516"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds optional line range parameters to the read_file tool so the agent
can read specific lines and reflect the range in consent preview and
XML. Improves safety with clamping, schema validation, and clear errors,
backed by comprehensive tests.

- **New Features**
- Support start_line_one_indexed and end_line_one_indexed_inclusive to
read a specific line range.
- Consent preview shows ranges; XML builder adds start_line/end_line
attributes.

- **Bug Fixes**
- Escape start_line/end_line in XML and update parser to accept
dyad-read tags with attributes.
- Validate start <= end and fix trailing newline handling to match
full-file reads.

<sup>Written for commit 4c96f70ff20ba37bee46955b739a693acd0afc0c.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Expands an agent file-access primitive and changes how `<dyad-read>`
tags are parsed, which could affect context gathering and partial reads;
behavior is well-covered by new unit tests but still touches
security-adjacent tooling.
> 
> **Overview**
> Adds optional `start_line_one_indexed` /
`end_line_one_indexed_inclusive` parameters to the local agent
`read_file` tool so it can return a specific line range (with bounds
clamping and trailing-newline preservation).
> 
> Updates consent previews and `<dyad-read>` XML generation to
surface/encode the requested range, and loosens
`parseFilesFromMessage`’s `<dyad-read>` regex to tolerate extra
attributes. Includes a comprehensive new `read_file` unit test suite
covering schema validation, range behavior, and XML/preview formatting.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
4c96f70ff20ba37bee46955b739a693acd0afc0c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2512"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Only updates the configured Claude model IDs for PR review and issue
triage automation; behavior changes are limited to upstream model
differences.
> 
> **Overview**
> Updates the automated PR review orchestrator and GitHub Actions
workflows to use `claude-opus-4-6` instead of the prior Opus 4.5 model
identifiers.
> 
> This aligns model selection across the multi-agent review script
(`REVIEW_MODEL`) and the `claude-pr-review`/`claude-triage` workflows
(`--model`/`model`).
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5a870393caea2f5a942dbed21c67f1f302694e98. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Switch PR review and triage to use claude-opus-4-6 for improved results
and consistent model usage across jobs.
Updated orchestrate_review.py, claude-pr-review.yml, and
claude-triage.yml to replace 4-5/4-5-20251101 with 4-6.

<sup>Written for commit 5a870393caea2f5a942dbed21c67f1f302694e98.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2514"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Removed the unused plans table migration (0025_romantic_mantis) and its
Drizzle snapshot/journal to clean up the schema history. Updated
lint-staged to exclude JSON files from oxfmt formatting.

<sup>Written for commit 2e57ccf8f43df3dd03b5a0fadd18db6bddf5c097.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

## Summary
- Add a configurable `limit` parameter to the grep tool (default: 100,
max: 500) to prevent context window overflow
- Truncate individual line text to 500 characters to handle very long
lines
- Add clear truncation notice telling the AI to narrow its search when
results are truncated
- Add `total` and `truncated` attributes to XML output for visibility

## Test plan
- [x] Build passes (`npm run build`)
- [x] Lint passes (`npm run lint`)
- [x] All 669 unit tests pass (`npm test`)
- Manual testing: grep with a broad query like "import" should now
return limited results with a truncation notice instead of overflowing
the context window

Fixes #2509

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2510"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Limits grep results and line lengths to prevent context window overflows
and context_length_exceeded errors. Addresses Linear #2509 with a
configurable cap, consistent sorting, clearer UI output, and ignoring
include_pattern "*" when it matches all files.

- **Bug Fixes**
  - Added limit parameter (default 100, max 250) to cap matches.
  - Truncated each matched line to 500 chars.
- Sorted results by path and line number, and ignored include_pattern
"*" with a note to avoid broad searches.
  - Added truncation notice and "X of Y matches" in UI.
  - Exposed total and truncated flags in XML output for visibility.

<sup>Written for commit ad5979b9352ffc754019e13ead9c6be2e7b24ce9.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

fixes https://github.com/dyad-sh/dyad/issues/2500

## Summary
- Adds `filterOrphanedReasoningParts()` function to filter out OpenAI
reasoning items that aren't followed by output items
- Fixes error: "Item of type 'reasoning' was provided without its
required following item"
- This error occurs with OpenAI reasoning models (o1, o3, o4-mini) when
conversation history contains orphaned reasoning items

## Test plan
- Added 4 unit tests covering:
  - Reasoning with following output is preserved
  - Orphaned reasoning (alone in message) is filtered out
  - Reasoning followed by tool-call is preserved
  - Trailing reasoning after text output is filtered
- All 672 tests pass

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2508"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches message-history shaping sent to OpenAI (including multi-step
local-agent flows); incorrect filtering could drop reasoning parts or
change message arrays, potentially impacting model behavior, but changes
are scoped and covered by new unit tests.
> 
> **Overview**
> Prevents OpenAI Responses API errors by **cleaning conversation
history** before reuse: message parts now have stale
`providerOptions/providerMetadata.{openai,azure}.itemId` removed and
**orphaned `reasoning` parts (not followed by any non-reasoning
output)** filtered out via `cleanMessageForOpenAI()`.
> 
> This cleaning is applied both when parsing persisted `aiMessagesJson`
(`parseAiMessagesJson`) and during local-agent multi-step
`prepareStepMessages`, with expanded unit tests covering preservation vs
filtering cases; `thinking_utils` also disables OpenAI `store` for
`local-agent` mode and `AGENTS.md` documents the failure mode and fix.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5b0c70c2817345598e2eb88dcefbb0f859d6bb88. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Filters orphaned reasoning parts in conversation history to prevent
OpenAI Responses API errors when a reasoning item isn’t followed by
output. Applies filtering when parsing stored messages and during
multi-step prepare step.

- **Bug Fixes**
- Replaced stripItemIds with cleanMessageForOpenAI in
parseAiMessagesJson and prepareStepMessages to strip provider itemId and
filter orphaned reasoning parts.
- Preserves reasoning when followed by text or tool-call, preventing
“reasoning without required following item” errors on o1/o3/o4-mini;
sets store: false to avoid expired item references.
- Expanded tests for parsing and multi-step flows; documented behavior
and fix in AGENTS.md.

<sup>Written for commit 5b0c70c2817345598e2eb88dcefbb0f859d6bb88.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Fix plan_mode questionnaire test to use `getByText` for Base UI Radio
components (hidden inputs can't be clicked with
`getByRole`/`getByLabel`)
- Update chat_history tests for chronological order (oldest first)
- Add `clearChatInput()` and `openChatHistoryMenu()` helpers with
`toPass()` retry logic for reliable Lexical editor interactions
- Add `Timeout.SHORT` constant for quick retries
- Update AGENTS.md with Lexical editor and Base UI Radio testing tips

## Test plan
- [x] `npm run e2e e2e-tests/plan_mode.spec.ts` passes
- [x] `npm run e2e e2e-tests/chat_history.spec.ts` passes
- [x] `npm test` passes

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2507"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Changes are confined to E2E tests, developer docs, and pre-commit
tooling; product/runtime logic is untouched, with minimal risk beyond
potential CI formatting or test expectation drift.
> 
> **Overview**
> Stabilizes Playwright E2E coverage around plan mode and chat history
by switching Base UI Radio selection to clicking visible label text and
by adding Lexical-safe input helpers (`clearChatInput`,
`openChatHistoryMenu`) with short `toPass()` retries.
> 
> Updates chat history assertions to match **chronological ordering**
(oldest-first) and refreshes related snapshots/docs. Also tightens
pre-commit formatting via `lint-staged` (limits `oxfmt` to a narrower
glob) and simplifies the Husky `pre-commit` hook to only run
`lint-staged`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
11c4809a66819c53a19042450b5da93ef3f1b29c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes flaky E2E tests for plan mode and chat history by using reliable
selectors and Lexical-safe helpers. Radios can be selected via visible
labels, and chat history tests now match chronological order.

- **Bug Fixes**
- Plan mode: select Base UI Radio by clicking label text with getByText.
- Chat history: update tests for oldest-first order and default
selection behavior.
- Helpers and docs: add clearChatInput/openChatHistoryMenu with toPass
retries and Timeout.SHORT; update AGENTS.md with Lexical and Base UI
tips.
  - Pre-commit: remove YAML from oxfmt to fix hook failures.

<sup>Written for commit b03d72d2605d98201e7d68231ac381ffb7d64f63.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

## Summary
- Fix chat_history.spec.ts to expect newest messages at top (reversed
display order)
- Update plan_mode.spec.ts to use role selector for Base UI Radio
component
- Skip planning-specific tools when NOT in plan mode
- Simplify chatCompletionHandler.ts user message text extraction
- Add AGENTS.md learning about Base UI Radio component selection in
Playwright

## Test plan
- [x] All lint checks pass (`npm run fmt && npm run lint:fix && npm run
ts`)
- [x] All 669 unit tests pass (`npm test`)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2506">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes E2E tests to match newest-first chat history and corrects
plan-mode radio selection. Also filters planning-only tools outside plan
mode and simplifies user message parsing in the fake LLM handler for
reliable fixture routing.

- **Bug Fixes**
- Align chat history E2E with newest-first order and correct selection
behavior.
- Use role-based selector for Base UI Radio in plan mode E2E; documented
in AGENTS.md.
  - Skip planning-specific tools when not in plan mode.

- **Refactors**
- Simplify user message extraction in fake LLM chatCompletionHandler and
use it for upload-image detection and “exit-plan” routing.

<sup>Written for commit 0682b674e189898876f53cb3bbc9fc22a678a5f7.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a new Plan chat mode for guided requirements gathering and
implementation planning, with a preview panel to review and accept
plans, and an automatic handoff to Agent v2 when accepted. Plans can be
saved as markdown when the user opts to persist and are retrievable per
chat/app.

- **New Features**
- Plan chat mode with a focused system prompt and plan-only agent tools
(planning_questionnaire, write_plan, exit_plan).
- Persistent questionnaire UI above the chat input (text, radio,
checkbox) and a Plan panel to view and accept the drafted plan.
- IPC events (plan:update, plan:questionnaire, plan:exit) to stream plan
updates, show questionnaires, and switch to implementation in a new chat
on acceptance.
- Optional persist toggle with file-based storage in .dyad/plans and
CRUD IPC (create/get/update/delete, per app/chat).
- Shortcut to implement a saved plan: /implement-plan=<plan-id>, with
plan ID validation for safety.

- **Migration**
  - Install dependency: @base-ui/react/radio-group.
- Adds a Drizzle migration creating a plans table
(0025_romantic_mantis.sql).
  - .dyad/ is automatically added to .gitignore.

<sup>Written for commit f464e9ad242bf731068ce7b86efb48ae734ea8c4.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->








<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2370">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Add workflow step to configure `upstream` remote pointing to base repo
for cross-repo PRs
- Fetch `upstream/main` before Claude runs so rebase target is available
- Update pr-rebase skill to explicitly use `upstream/main` for
cross-repo PRs (falling back to `origin/main` for same-repo PRs)

The claude-rebase workflow was failing because only `origin` (pointing
to the fork) was configured. Claude would rebase onto `origin/main`
which may be stale instead of the base repo's current main.

## Test plan
- Trigger the cc:rebase label on a cross-repo PR and verify it rebases
onto the correct upstream/main

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2505">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes cross-repo PR rebasing by adding an upstream remote to the base
repo and rebasing onto upstream/main instead of a stale origin/main.
This makes the claude-rebase workflow reliable for forks.

- **Bug Fixes**
  - Add upstream remote in workflow and fetch upstream/main.
- Update pr-rebase command to prefer upstream/main, fallback to
origin/main for same-repo PRs.
  - Document cross-repo remote setup and permissions in AGENTS.md.

<sup>Written for commit 52ea2741fa0397ee9e783c9a19b0d18cc54e388c.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Replace native HTML `title` attributes on button elements across 25
files with proper `<Tooltip>` / `<TooltipTrigger>` / `<TooltipContent>`
components from the existing UI library
- Native browser tooltips are delayed and unstyled; the shadcn tooltips
provide a consistent, polished tooltip experience with animations and
proper positioning
- Only button/interactive elements were converted; `title` on
non-interactive elements like `<span>` (text overflow), `<iframe>`, and
component props were intentionally left as-is

## Test plan
- [x] TypeScript type check passes (`npm run ts`)
- [x] Lint passes (`npm run lint`)
- [x] Formatting passes (`npm run fmt`)
- [x] All 661 unit tests pass (`npm test`)
- [ ] Manual: hover over icon buttons throughout the app (chat input,
preview toolbar, annotator, settings) to verify styled tooltips appear
instead of browser-native ones

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2470">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Primarily UI/UX refactoring of hover tooltips with minimal behavioral
impact; main risk is small layout/accessibility regressions from the
updated tooltip styling/positioning.
> 
> **Overview**
> Replaces native `title` tooltips on many interactive controls (chat,
preview/annotator toolbars, settings/connectors, branch manager, etc.)
with the app’s `Tooltip` components, using `TooltipTrigger`’s `render`
prop to avoid invalid nested `<button>` markup.
> 
> Updates the tooltip implementation (`src/components/ui/tooltip.tsx`)
to remove the implicit provider wrapper, tweak default positioning
(`sideOffset`), and restyle tooltip/arrow classes; adjusts E2E aria
snapshots accordingly and documents the `TooltipTrigger render` pitfall
in `AGENTS.md`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
8055379edcec73b53ca54ee82b9f4fb4a2f92c63. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Replaced native title tooltips on interactive buttons with shadcn
Tooltip for consistent, styled, and responsive tooltips across the app.
Improves usability and visual polish without changing button behavior.

- **Refactors**
- Converted titles to Tooltip/TooltipTrigger/TooltipContent across ~25
files, using TooltipTrigger’s render prop to avoid nested button HTML.
- Kept native title for drag handles and resize rails, and left titles
on non-interactive elements (e.g., span, iframe, component props).
- Updated tooltip defaults (sideOffset 4) and removed the implicit
provider; added aria-labels to icon-only buttons; fixed ToggleGroupItem
corner styles and preserved ref forwarding where needed.

<sup>Written for commit 8055379edcec73b53ca54ee82b9f4fb4a2f92c63.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Strip OpenAI itemId from persisted AI messages to prevent stale reference errors but keep encrypted reasoning content (#2468)

## Summary
- Strip `providerOptions.openai.itemId` (and `azure.itemId`) from
persisted AI messages when parsing from DB
- Prevents "Item with id not found" errors when OpenAI expires
server-side stored items and the AI SDK sends `item_reference` payloads
instead of full content
- Adds comprehensive unit tests covering text parts, tool-call parts,
reasoning parts (preserving `reasoningEncryptedContent`), legacy
formats, and mixed provider options

## Test plan
- [x] Unit tests added in `ai_messages_utils.test.ts` covering all
stripping scenarios
- [ ] Verify existing conversations with OpenAI models continue to work
correctly
- [ ] Verify that long conversations no longer produce "Item with id not
found" errors

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2468">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Prevents "Item with id not found" errors by stripping openai/azure
itemId from persisted message parts during parse, so the SDK always
sends full content. Keeps long conversations stable without losing
content.

- **Bug Fixes**
- Remove itemId under providerOptions/providerMetadata for openai and
azure across text, tool-call, and reasoning parts, including legacy
formats.
- Preserve reasoningEncryptedContent and request encrypted reasoning via
provider options; leave non-openai provider data and string-only
messages unchanged.
- Add unit tests covering stripping, legacy formats, mixed providers,
and no-op cases.

<sup>Written for commit a4c02d52ea9f25139d4b77bf1a2bdb9f663065f7.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Ask mode now always uses the local agent handler with read-only tools,
regardless of Dyad Pro status
- This gives all users access to code reading tools while in ask mode
- Ask mode does not consume free agent quota

## Test plan
- Test ask mode in a non-Pro account and verify it can use local agent
tools (file reading, searching)
- Verify ask mode still operates in read-only mode (no editing
capabilities)
- Confirm ask mode doesn't consume free agent quota

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2434">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Ask mode now always uses the local agent handler in read-only mode. It’s
available to all users and doesn’t consume free agent quota.

- **New Features**
  - Routes all Ask mode chats to the local agent.
  - Removes the Pro check; available to all users.
  - Read-only tools only; no edits.
- Engine-dependent tools (code search, web search, web crawl) require
Dyad Pro.

- **Bug Fixes**
- Skips file upload instructions in Ask mode since write tools aren’t
available.

<sup>Written for commit 9732679491a53e7be7fa40dae6f18db4b2d43701.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Adds a GitHub workflow that triggers when the `cc:rebase` label is
added to a PR
- Runs Claude Code with `/dyad:pr-rebase` to automatically rebase the PR
branch
- Only allows trusted maintainers (wwwillchen, wwwillchen-bot,
azizmejri1, princeaden1)
- Swaps `cc:rebase` → `cc:rebasing` while running, removes on success or
adds `cc:rebase-failed` on failure

## Test plan
- [ ] Add `cc:rebase` label to a PR and verify the workflow triggers
- [ ] Verify the workflow correctly runs `/dyad:pr-rebase`
- [ ] Verify label transitions work correctly

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2504">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a label-triggered workflow to auto-rebase PRs and show status via
labels. Only trusted maintainers can trigger it.

- **New Features**
- Triggers on cc:rebase and runs /dyad:pr-rebase via
anthropics/claude-code-action@v1.
- Limits use to these authors: wwwillchen, wwwillchen-bot, azizmejri1,
princeaden1.
- Label flow: cc:rebase → cc:rebasing; removes on success; adds
cc:rebase-failed on failure.

<sup>Written for commit 24d7909963a41752f0e9dd68bf13c8820a59d8b9.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
Enhanced the PR review responder workflow to support multiple retry
iterations (up to 3) for Claude Code review requests. The workflow now
tracks retry attempts using numbered labels (`cc:request:N`) and
automatically re-requests reviews when new commits are pushed, while
escalating to human review after max retries are exhausted.

## Key Changes
- **Retry tracking**: Replaced simple `cc:request` label detection with
support for `cc:request` (initial) and `cc:request:N` (re-request
iterations) labels
- **Max retry guard**: Added logic to prevent infinite loops by capping
retries at 3 attempts; PRs reaching this limit are labeled with
`cc:needs-human-review` for manual intervention
- **Dynamic label management**: Updated label removal/addition to use
the current label dynamically instead of hardcoding `cc:request`
- **Conditional re-triggering**: Split the final label update into two
paths:
- If commits were pushed: increment the request count and apply
`cc:request:N` to auto-re-request review
  - If no commits were pushed: apply `cc:done` label to mark completion
- **Output tracking**: Added `commits_pushed` output to the retrigger
step to enable conditional downstream steps
- **Label creation**: Ensured next iteration labels are created before
being applied to PRs

## Implementation Details
- Request count is parsed from label names using regex matching
(`/^cc:request:(\d+)$/`)
- The workflow maintains state through GitHub labels, allowing it to
resume correctly even if interrupted
- Label creation attempts are wrapped in try-catch to gracefully handle
existing labels
- The retry loop is bounded at 3 iterations to prevent runaway
automation

https://claude.ai/code/session_01KNj2M6wfeQKjTPmkgGP5dt
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2493">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes a privileged GitHub Actions workflow’s control flow and label
automation, which could cause unexpected re-trigger loops or incorrect
PR state if misconfigured. Risk is bounded by the new max-retry guard
and explicit `commits_pushed` gating.
> 
> **Overview**
> Adds **bounded auto-retry support** to `pr-review-responder.yml` by
recognizing `cc:request` *and* numbered `cc:request:N` labels, tracking
the current iteration via step outputs.
> 
> When Claude pushes new commits, the workflow now emits a
`commits_pushed` output, creates the next `cc:request:N` label if
needed, and swaps `cc:pending` to the incremented request label to auto
re-request review; if no commits were pushed it continues to mark the PR
`cc:done`.
> 
> Introduces a **max retry guard (>=3)** that removes the current
request label and escalates the PR to `cc:needs-human-review` (creating
the label if missing) to prevent infinite automation loops.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
d68ddd159d6160b221c03e862dedf5f2585c6573. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds an automatic re-request loop to the PR review responder so Claude
reviews are re-requested on new commits. Iterations are tracked with
cc:request:N labels (max 3), escalating to cc:needs-human-review at the
limit or cc:done if no new commits.

- **New Features**
- Detect and parse cc:request / cc:request:N; pick highest count; expose
request_count and current_label outputs.
- Use dynamic label management: remove current_label, add cc:pending
while processing.
- On new commits: create next cc:request:N, apply it, retrigger via
workflow_dispatch; set commits_pushed output.
  - On no commits: remove cc:pending and add cc:done.
- After 3 retries: remove current_label and cc:pending, add
cc:needs-human-review.

<sup>Written for commit 1beb4f648e64628aaa8f59c5b0e1d6b315604212.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2499">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: changes are limited to CI configuration and Playwright
reporting, with the main risk being CI failures or leaking the new
secret into logs if misused.
> 
> **Overview**
> Adds Flakiness.io reporting to Playwright CI runs by installing
`@flakiness/playwright`, registering it as an additional CI reporter in
`playwright.config.ts`, and wiring `FLAKINESS_ACCESS_TOKEN` into the
GitHub Actions E2E test step.
> 
> Updates the lockfile to include the new Flakiness dependencies (and
bumps `debug` patch version via dependency resolution).
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
24ebc059e73409321eb0908a425a3d2b1ad47452. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Integrates Flakiness with Playwright E2E tests to track flaky tests and
upload reports to flakiness.io. Reporter is enabled in CI and
authenticated via a secret access token.

- **New Features**
- Added the @flakiness/playwright reporter to Playwright (endpoint:
https://flakiness.io) for CI runs.
- Passed FLAKINESS_ACCESS_TOKEN from GitHub Actions to enable
authenticated report uploads.

- **Dependencies**
- Added @flakiness/playwright to package.json and updated the lockfile.

<sup>Written for commit ddc0557b691bc533e33764bd7c93d9fab5b70fae.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->