## Summary
- Remove `workflow_dispatch` inputs from CI, BugBot, and Claude PR
Review workflows since pushes made with `PR_CONTENTS_RW_GITHUB_TOKEN` (a
PAT) now naturally trigger downstream workflows via `pull_request
synchronize` events
- Simplify checkout logic across all workflows by removing
fork-resolution steps that were only needed for `workflow_dispatch`
- Remove manual workflow re-triggering in `pr-review-responder.yml`
since PAT-based pushes handle this automatically

#skip-bugbot

## Test plan
- Verify CI workflows trigger correctly on PR push events from fork PRs
- Verify BugBot and Claude PR Review trigger on `pull_request_target`
events
- Verify `pr-review-responder` pushes with PAT correctly trigger
downstream workflows without manual `workflow_dispatch` calls

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2598"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Streamlined GitHub Actions by removing workflow_dispatch paths and
switching to PAT-based pushes so pull_request synchronize events
naturally trigger CI, BugBot, and Claude review. This reduces custom
logic and makes fork PRs behave consistently.

- **Refactors**
- Removed workflow_dispatch and pr_number inputs from CI, BugBot, and
Claude PR Review.
- Checkout now uses pull_request head repo/ref; dropped fork-resolution
logic.
- Rebase and pr-review-responder push with PR_CONTENTS_RW_GITHUB_TOKEN
to emit real synchronize events.
  - BugBot comment now uses WWWILLCHEN_PR_RW_PAT.
- Simplified concurrency groups; removed manual re-triggers in
pr-review-responder.

- **Migration**
- Ensure secrets exist: PR_CONTENTS_RW_GITHUB_TOKEN (contents:
read/write) and WWWILLCHEN_PR_RW_PAT.
- Verify CI, BugBot, and Claude run on pull_request synchronize from
fork PRs; no manual reruns needed.

<sup>Written for commit b8950ec974c1c8b4ae52f1ff200fa0edc4b296d8.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2597"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Labels added by `GITHUB_TOKEN` don't trigger `pull_request_target`
events (GitHub limitation to prevent loops)
- `label-rebase-prs.yml` was adding `cc:rebase` via the default token,
so `claude-rebase.yml` never fired
- Switch to `GITHUB_PR_RW_TOKEN` (fine-grained PAT with PR read/write)
so label events trigger the rebase workflow
- Added `environment: ai-bots` to access the secret
- Documented the `GITHUB_TOKEN` workflow chaining gotcha in
`rules/git-workflow.md`

## Test plan
- Add `GITHUB_PR_RW_TOKEN` as a fine-grained PAT secret in the `ai-bots`
environment (needs `Pull requests: Read and write` permission on
`dyad-sh/dyad`)
- Push to `main` while a conflicting PR exists from an allowed author —
verify `cc:rebase` label is added AND `claude-rebase.yml` triggers

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2596"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Switch label-rebase-prs to use a fine-grained PAT (PR_RW_GITHUB_TOKEN)
so adding cc:rebase triggers the claude-rebase pull_request_target
workflow. Document the GITHUB_TOKEN workflow-chaining limitation and
load the token from the ai-bots environment.

- **Migration**
- Add PR_RW_GITHUB_TOKEN as an environment secret in ai-bots
(fine-grained PAT with Pull requests: Read and write on dyad-sh/dyad).

<sup>Written for commit 2ff7d85a011aa53cff631f6490795ca4148f9f1c.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Remove the `run_attempt` suffix from the `html-report` artifact name
in CI and the downstream Playwright comment workflow
- Use `overwrite: true` so re-runs replace the previous artifact in
place instead of creating a differently-named one that downstream
workflows can't find
- Fixes the issue where re-running failed CI jobs produced
`html-report--attempt-2.zip` but the comment workflow expected
`html-report--attempt-1.zip`

## Test plan
- Re-run a failed CI workflow and verify the Playwright comment workflow
can still find and download the HTML report artifact

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2595"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Use a stable artifact name for the Playwright HTML report and enable
overwrite so re-runs replace the same artifact. This fixes the comment
workflow failing to download the report after CI re-runs.

- **Bug Fixes**
  - CI uploads the report as "html-report" with overwrite: true.
- Comment workflow downloads "html-report" instead of attempt-specific
names.

<sup>Written for commit 96e5dcee43b5f03f602d31111afbe9860964b280.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk workflow-only change that standardizes artifact naming and
enables overwriting on reruns; main risk is misnaming would break the
downstream report download.
> 
> **Overview**
> Makes the Playwright HTML report artifact name stable across CI reruns
by removing the `run_attempt` suffix in `ci.yml` and updating
`playwright-comment.yml` to download the fixed `html-report` artifact.
> 
> Enables `overwrite: true` on the uploaded HTML report so reruns
replace the prior artifact instead of creating a new name that the
comment workflow can’t find.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
96e5dcee43b5f03f602d31111afbe9860964b280. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2562"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds keyboard shortcuts for zooming (Ctrl/Cmd + =, -, 0) and ties zoom
to user settings for consistent behavior across the app. Moves zoom
handling from the Electron menu to a client-side React hook.

- **New Features**
- Added useZoomShortcuts to handle zoom in/out/reset and update
settings.zoomLevel.
- Supports levels 90, 100, 110, 125, 150 (default 100) on Mac (Cmd) and
Windows/Linux (Ctrl).

- **Refactors**
- Centralized ZOOM_LEVELS and DEFAULT_ZOOM_LEVEL in schemas, derived
from ZoomLevelSchema.options.
- Removed Electron zoom roles and initialized the shortcut hook in
RootLayout.
- Prevent shortcuts from firing in inputs, textareas, and
contenteditable elements.

<sup>Written for commit cb368231e86d859a8e7397d237bb86e460ca7023.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Refactored the ProModeSelector component to group build mode settings
(Web Access, Turbo Edits, Smart Context) inside a collapsible accordion
- Improves UI organization by reducing visual clutter in the popover

## Test plan
- Open the Pro Mode selector in the app
- Verify the "Build mode settings" accordion is present
- Expand/collapse the accordion and verify all settings (Web Access,
Turbo Edits, Smart Context) are accessible
- Test toggling each setting within the accordion

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2555"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Grouped Pro build mode settings (Web Access, Turbo Edits, Smart Context)
into a collapsible accordion in ProModeSelector to declutter the
popover. No behavior changes; tests now expand the accordion before
toggling these settings.

- **Refactors**
- Wrapped the three settings under a "Build mode settings" accordion
with smoother height transitions using Base UI’s panel API.
- Updated rules to clarify our Accordion uses Base UI (not Radix/shadcn)
and added E2E guidance for accordion-wrapped settings.

- **Bug Fixes**
- E2E helper now expands the accordion before changing Smart Context or
Turbo Edits.

<sup>Written for commit 025d159d427e8f9c59372f71374da18a6420ff00.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2594"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Added a README in .github/workflows that explains all GitHub Actions:
what they do, when they run, and what labels they set. It includes
simple diagrams for issue/PR flows and a table covering each workflow’s
purpose, triggers, and outputs to make CI/CD and automation easier to
understand.

<sup>Written for commit bb4105a1c27a74c22556ac71811c4e6e691e1f60.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

## Summary
- Adds a new daily GitHub Actions workflow (`draft-stale-prs.yml`) that
automatically converts open PRs to draft state when there has been no
activity for 7 days
- Checks four activity signals: last commit push, issue comments, review
comments, and reopen events
- Leaves a comment explaining why the PR was converted to draft

## Test plan
- [ ] Trigger the workflow manually via `workflow_dispatch` and verify
it runs without errors
- [ ] Verify it skips PRs that are already in draft state
- [ ] Verify it correctly identifies stale PRs with no activity in 7
days

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2586"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> CI/workflow-only change that affects PR state and adds comments; main
risk is unintended drafting due to activity detection edge cases or
API/rate-limit behavior.
> 
> **Overview**
> Adds a new scheduled/manual GitHub Actions workflow
(`draft-stale-prs.yml`) that scans open PRs and converts *non-draft* PRs
to draft when there has been no activity for 7+ days.
> 
> The workflow computes “last activity” from the latest commit, non-bot
issue comments, review comments, review submissions, and
`reopened`/`ready_for_review` timeline events, then posts an explanatory
comment after converting; it also caps processing to 30 PRs and aborts
on rate-limit/permission errors.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
c9fc2ae9527e48f4ab4452ce0f2ecb2c0eb5f2fa. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Add two new `needs-human:*` labels to triage PRs:
`needs-human:review-issue` (PR needs attention) and
`needs-human:final-check` (PR is green and ready for merge)
- Create shared `scripts/pr-status-labeler.js` that determines the
correct label based on CI conclusion + latest Dyadbot code review
comment
- Create new `pr-status-labeler.yml` workflow for PRs not managed by the
cc:request retry loop
- Update `pr-review-responder.yml` to apply needs-human labels at
terminal states (cc:done, cc:failed, retries exhausted)
- Unify review comment headers to "Dyadbot Code Review Summary" across
both multi-agent and swarm review skills for reliable detection

## Test plan
- [ ] Open a test PR with passing CI and clean review → verify
`needs-human:final-check` label is added
- [ ] Open a test PR with failing CI → verify `needs-human:review-issue`
label is added
- [ ] Verify PRs with `cc:request*` labels are skipped by the new
`pr-status-labeler` workflow
- [ ] Verify labels are mutually exclusive (adding one removes the
other)
- [ ] Verify review comments show the new "Dyadbot Code Review Summary"
header

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2589"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Automatically labels PRs as needs-human:review-issue or
needs-human:final-check based on CI and the latest Dyadbot review.
Standardizes the review comment header to “Dyadbot Code Review Summary”
and hardens detection with stale-review checks, pagination, and atomic
label updates.

- New Features
- Added scripts/pr-status-labeler.js to choose labels using CI
conclusion + latest “Dyadbot Code Review Summary”.
- New pr-status-labeler.yml runs on CI completion; skips PRs with
cc:request* or cc:pending; checks out the default branch for trusted
scripts.
- pr-review-responder.yml applies needs-human labels at terminal states
and checks out the base repo so the shared script is always present.

- Bug Fixes
- Hardened review parsing: match only non-zero severities, allow
LOW-only pass, default fail-closed, and verify bot author.
- Paginate comment fetch and detect stale reviews by comparing review
time to the latest commit.
- Make label changes atomic with setLabels; ensureLabel now only
swallows 422 errors.

<sup>Written for commit 2fc253289e509cddbf6ed6202f4bce2435cbc791.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches GitHub Actions automation that edits PR labels based on CI and
bot comments, so misclassification could affect review/merge triage.
Changes are localized to workflows/scripts and are fail-closed when
review format is unrecognized.
> 
> **Overview**
> Adds automated PR status labeling via new `needs-human:review-issue`
and `needs-human:final-check` labels, driven by CI conclusion plus the
latest Dyadbot review summary comment.
> 
> Introduces shared `scripts/pr-status-labeler.js` and a new
`pr-status-labeler.yml` workflow to apply these labels for PRs *not* in
the `cc:request*` retry loop; updates `pr-review-responder.yml` to apply
the same labeling at terminal states and when retries are exhausted
(including a base-repo checkout so the script is available for fork
PRs).
> 
> Standardizes the review summary header/footer text across multi-agent
and swarm review outputs to `Dyadbot Code Review Summary` so the labeler
can reliably detect and evaluate review cleanliness.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
2fc253289e509cddbf6ed6202f4bce2435cbc791. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Adds a new GitHub Actions workflow (`merge-pr.yml`) that automatically
merges PRs when CI passes
- Only merges PRs authored by allowed users (wwwillchen, wwwillchen-bot)
- Requires the "merge-when-ready" label to be present on the PR
- Uses squash merge for a clean commit history

## Test plan
- Verify the workflow file syntax is valid
- Create a test PR with the "merge-when-ready" label and verify it
auto-merges after CI passes
- Verify PRs without the label or from non-allowed authors are not
auto-merged

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2588"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a GitHub Actions workflow that auto-merges PRs via squash after CI
succeeds, gated by the "merge-when-ready" label and an allowed author
list. Improves reliability with targeted PR lookup, pagination for
checks, and explicit guards to avoid ambiguous or incomplete states.

- **New Features**
- Adds .github/workflows/merge-pr.yml triggered on CI workflow_run
completion for pull_request events.
- Finds the PR via workflow_run.pull_requests; refuses merge if multiple
PRs are linked; fallback uses commit lookup with head_branch match and
refuses merge if multiple open PRs; confirms the PR is open.
- Validates all check suites with pagination; skips
neutral/skipped/cancelled, the workflow’s own suite, and
workflow_run-triggered suites; requires at least one successful suite;
uses sha in merge to prevent race conditions; parses allowed authors
from env robustly.

<sup>Written for commit a007deffa6b3c8807833dcee702fa99179f9fe7e.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Add new pr-screencast.md command for creating screencasts from PRs
- Update .claude/settings.json with latest configuration

## Test plan
- Verify the pr-screencast command is available in claude commands
- Test the command functionality with a sample PR

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2591"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a pr-screencast command that records a screenshot-based walkthrough
for user-facing PRs and posts it as a new PR comment. Uses an assets
branch for image hosting and updates Claude settings to allow Playwright
tests and safe cleanup.

- New Features
- Adds .claude/commands/dyad/pr-screencast.md to detect the PR, skip
non-user-facing changes, generate a temporary Playwright script to
capture 2–4 screenshots, upload, post a walkthrough comment, then clean
up (with up to 3 retries on failures).
- Updates .claude/settings.json to allow npx playwright test and cleanup
commands; fixes glob patterns and the test assertion, creates the
screenshot dir inside the test, restricts rm paths, softens permission
prompts, and removes unused GitHub release and ffmpeg permissions.

<sup>Written for commit ed8bfa15f0da25f111fcd065b0d8d057c6e6691e.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

## Summary
- Add new `/dyad:deflake-e2e-recent-prs` command that automatically
gathers flaky E2E tests from recent PR Playwright summary comments,
ranks them by frequency, and deflakes them sequentially
- Add `claude-deflake-e2e.yml` GitHub Actions workflow that runs daily
at 2 AM PST on self-hosted macOS runners (with workflow_dispatch support
for manual triggers)
- Document the new command in `.claude/README.md`

## Test plan
- Trigger the workflow manually via `gh workflow run
claude-deflake-e2e.yml` and verify it correctly scans recent PRs for
flaky tests and attempts to deflake them
- Verify the cron schedule triggers at the expected time

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2590"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Adds a scheduled GitHub Action with write permissions that can open
PRs, so misconfiguration or prompt issues could create noisy/unintended
changes; however it’s limited to CI/automation and test-only guidance.
> 
> **Overview**
> Adds a new Claude slash command, `/dyad:deflake-e2e-recent-prs`, that
scans recent PR comments for Playwright “Flaky Tests”, ranks them by
frequency, and runs deflaking steps per spec (including guidance to
disable retries via `PLAYWRIGHT_RETRIES=0`) before optionally opening a
fix PR.
> 
> Introduces a scheduled/manual GitHub Actions workflow
(`claude-deflake-e2e.yml`) that runs daily on self-hosted macOS ARM64,
installs dependencies/browsers, and invokes the new command via
`anthropics/claude-code-action`. Documentation is updated to list the
new command and the existing `/dyad:deflake-e2e` instructions are
tightened to always disable Playwright retries.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
10b9158363c6b9ae9a3f3ba52ad118149fb9cbd3. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a new /dyad:deflake-e2e-recent-prs command that scans recent PRs
for Playwright flake reports, ranks flaky tests, and deflakes them. Adds
a daily GitHub Action that runs it at 10:00 UTC (2 AM PST / 3 AM PDT) on
self‑hosted macOS ARM64 to keep E2E tests stable.

- **New Features**
- Command scans recent PRs (default 20), parses Playwright summary
comments from github-actions[bot], ranks by frequency, and deflakes
specs sequentially; can push fixes via /dyad:pr-push.
- New claude-deflake-e2e.yml workflow supports manual dispatch with
pr_count, sets up Node/pnpm, installs Chromium, builds the fake LLM
server, and runs the command via anthropics/claude-code-action.

- **Bug Fixes**
- Fixed spec path handling (no double .spec.ts), added gh api
--paginate, switched to generic PR search, clarified {owner}/{repo} vs
<pr_number>, and noted DST in the cron comment.
- Disabled Playwright automatic retries in all deflake steps to prevent
false passes, including debug and snapshot update commands.

<sup>Written for commit 10b9158363c6b9ae9a3f3ba52ad118149fb9cbd3.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Updated PageObject class to expose component page objects
(chatActions, previewPanel, codeEditor, etc.) as public properties
instead of private
- Updated all e2e spec files to use explicit component access pattern
(e.g., `po.chatActions.sendPrompt()` instead of `po.sendPrompt()`)
- Makes the test code more modular and explicit about which component is
being used

## Test plan
- [x] All 784 unit tests pass
- [x] TypeScript type checking passes
- [x] Linting passes
- [ ] E2E tests should be run via CI

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2582"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Refactored the e2e PageObject to expose component objects publicly and
added delegated helpers (sendPrompt, importApp) for shorter calls. Tests
now use explicit component access with shorthand for common actions,
making code clearer and easier to maintain.

- **Refactors**
- Exposed component objects on PageObject (chatActions, previewPanel,
codeEditor, modelPicker, settings, navigation, toastNotifications,
appManagement, securityReview, agentConsent, githubConnector).
- Added PageObject.sendPrompt() and PageObject.importApp() delegates;
updated specs to use them for brevity.
- Removed monolithic wrappers; no functional app changes—test-only
refactor.

- **Migration**
- Use component methods directly (e.g.,
po.previewPanel.selectPreviewMode(), po.settings.recordSettings(),
po.toastNotifications.waitForToastWithText()).
- Prefer po.sendPrompt() and po.importApp() for common actions; replace
old PageObject methods with component or delegate equivalents.

<sup>Written for commit 15cf1998d7f9b06e0fe6e53f8cc36f4f3c42e630.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Adds a new GitHub Actions workflow that runs on every push to `main`
- Checks all open, non-draft PRs by `wwwillchen` and `wwwillchen-bot`
for merge conflicts
- Automatically adds the `cc:rebase` label to conflicting PRs, which
triggers the existing `claude-rebase` workflow to auto-rebase them

## Test plan
- [ ] Push to main and verify the workflow runs
- [ ] Confirm PRs with merge conflicts get the `cc:rebase` label added
- [ ] Confirm PRs that are already mergeable are skipped
- [ ] Confirm PRs with existing `cc:rebase` or `cc:rebasing` labels are
not re-labeled

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2587"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> CI-only change that adds an automated labeling workflow; main risk is
unintended label churn or extra API usage, not production code impact.
> 
> **Overview**
> Adds a new GitHub Actions workflow (`label-rebase-prs.yml`) that runs
on every push to `main` and iterates through open PRs from
`wwwillchen`/`wwwillchen-bot`, skipping drafts.
> 
> For PRs whose `mergeable_state` is `dirty`, it auto-applies the
`cc:rebase` label (with retries when mergeability is initially `null`)
while avoiding PRs already labeled `cc:rebase`, `cc:rebasing`, or
`cc:rebase-failed`, enabling the existing `cc:rebase`-triggered rebase
automation to kick in.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
6bb04a1103190000f1aa4e9d71c4bea7def321c6. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a workflow that runs on every push to main and auto-labels
conflicting PRs with cc:rebase to trigger the existing auto-rebase job.
Reduces manual rebase work and keeps bot/author PRs up to date.

- **New Features**
- Runs on push to main; scans open, non-draft PRs by wwwillchen and
wwwillchen-bot.
- Detects conflicts via mergeable_state: 'dirty' and adds cc:rebase;
skips PRs already labeled cc:rebase, cc:rebasing, or cc:rebase-failed.
- Retries mergeability up to 3 times with exponential backoff; uses a
concurrency group and per-PR try/catch to avoid duplicate runs and job
aborts.

<sup>Written for commit 6bb04a1103190000f1aa4e9d71c4bea7def321c6.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Update the `pr-push` command to never stage `package-lock.json` unless
`package.json` has also been modified
- If `package-lock.json` is dirty but `package.json` is not, the
lockfile changes are discarded via `git checkout`
- Prevents spurious lockfile diffs from polluting commits and PRs

## Test plan
- Run `/dyad:pr-push` with a dirty `package-lock.json` but no changes to
`package.json` — verify the lockfile is not committed
- Run `/dyad:pr-push` with both `package.json` and `package-lock.json`
modified — verify both are committed

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2585"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Update the pr-push command to skip staging package-lock.json unless
package.json also changed. Prevents spurious lockfile diffs from local
npm install and keeps commits and PRs clean.

<sup>Written for commit dce6ac590eb28b9b46857075ece299bc4528a715.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Broadens the CI `check-changes` step to also skip tests when all
changed files are in `rules/` (in addition to `.claude/`)
- PRs that only modify agent rules or Claude config no longer trigger
the full build + E2E test suite

## Test plan
- Open a PR that only changes files in `rules/` — CI should skip tests
- Open a PR that only changes files in `.claude/` — CI should still skip
tests (existing behavior)
- Open a PR that changes both `rules/` and source files — CI should run
tests

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2584"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Update CI to skip tests when all changed files are in .claude/ or
rules/, so config/rule-only PRs don’t run the full build and E2E suite.
Also updates package-lock.json to version 0.36.0.

<sup>Written for commit a29ca0ab88f5293b2c88ee2e96b270902f69623c.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> CI-only change that adjusts when tests run; main risk is accidentally
skipping tests if path filters are too broad or mis-handle edge cases.
> 
> **Overview**
> Broadens the CI change-detection logic so the `build` and `e2e-tests`
jobs are skipped when a PR only touches configuration directories
(`.claude/` *or* `rules/`), and updates logging/variable naming to
reflect the new scope.
> 
> Updates `package-lock.json` to bump the project version from
`0.36.0-beta.2` to `0.36.0`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
a29ca0ab88f5293b2c88ee2e96b270902f69623c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- `claude-code-action` overwrites origin's fetch URL to point to the
base repo (`dyad-sh/dyad`), causing the rebase workflow to push to
upstream instead of the fork
- Added a `Configure push remote for fork PRs` step (matching
`pr-review-responder.yml`) that sets `pushurl` on origin to point to the
fork repo
- Added a learning to `rules/git-workflow.md` documenting this
`claude-code-action` behavior

## Test plan
- Apply `cc:rebase` label to a fork PR and verify the rebase pushes to
the fork, not the base repo

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2583"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Ensure claude-rebase pushes to the contributor’s fork instead of the
base repo by setting a push-only remote for fork PRs. Also documents
this claude-code-action behavior in git workflow rules.

- **Bug Fixes**
- Add a “Configure push remote for fork PRs” step to claude-rebase.yml
that sets origin’s pushurl to the PR head repo using GITHUB_TOKEN, so
pushes go to the fork even if claude-code-action rewrites origin’s fetch
URL; matches pr-review-responder.yml.

<sup>Written for commit dbd6a1082657c8a162b137682e1f3c30df697e94.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Expanded the safe pipe destinations whitelist in the GitHub CLI
permission hook to include common text-processing commands like
`base64`, `cat`, `column`, `fmt`, `fold`, `paste`, `strings`, checksum
utilities, and more
- Previously, commands like `gh api ... | base64 -d` were blocked
because `base64` wasn't in the narrow allowlist

## Test plan
- [x] Verified `gh api
repos/dyad-sh/dyad/contents/.github/workflows/closed-issue-comment.yml
--jq '.content' 2>&1 | base64 -d` no longer blocked
- [x] All 784 unit tests pass
- [x] Lint and type checks pass

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2581"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Expands the set of commands permitted in piped shell invocations,
which could widen the attack surface if the whitelist includes tools
with unexpected side effects; changes are contained to the permission
hook and docs.
> 
> **Overview**
> Broadens the `gh` permission hook’s allowed pipe destinations from a
small set of utilities to a larger whitelist of common text-processing
commands (e.g., `base64`, `cat`, `column`, `strings`, and checksum
tools), so more `gh ... | <tool>` pipelines are auto-approved.
> 
> Updates `rules/git-workflow.md` to document using `gh api
.../issues/{PR_NUMBER}/labels` as a workaround for `gh pr edit
--add-label` failing due to the GraphQL Projects (classic) deprecation
error.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
775a7623ae7bd4b484cf09626f425aaa2912b8f1. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Broadened the GitHub CLI permission hook’s safe pipe whitelist to
include more text-processing commands (e.g., base64, column, strings,
checksum tools), allowing gh ... | base64 -d. Clarified allowed-pipe
wording in the hook and updated git-workflow docs to use the REST API
for adding labels due to GraphQL “Projects (classic)” errors.

<sup>Written for commit 08eb796e50730e1e0ed78f2a55b2c9addb8c38cd.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Split the monolithic `test_helper.ts` (~1700 lines) into focused
modules for better maintainability
- Created `constants.ts` for timeout constants
- Created `fixtures.ts` for Playwright fixtures and test setup
- Created `utils/` directory for utility functions (normalization,
dump-prettifier)
- Created `page-objects/` directory with component and dialog page
objects

## Test plan
- [x] All existing unit tests pass (784 tests)
- [x] Lint and type checks pass
- [ ] E2E tests should work with the refactored helpers (imports are
re-exported from test_helper.ts for backward compatibility)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2556"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Refactored e2e test helpers into modular page objects, fixtures, and
utilities for easier maintenance and more deterministic snapshots. Added
loop guards to prevent hangs in toast dismissal and the Context Files
Picker; existing tests keep working via re-exports.

- **Refactors**
- Split test_helper.ts into constants.ts, fixtures.ts, utils/, and
page-objects/ (components + dialogs); added a main PageObject that
composes component page objects.
- Introduced normalization and dump-prettifier utilities for stable
snapshots.
- Centralized CI-aware timeouts in constants.ts; added optional debug
logging flag.
  - Kept test_helper.ts as a thin re-export for backward compatibility.
- Updated TypeScript strict-mode docs with ES2020 target limitations on
replaceAll.

- **Bug Fixes**
  - Fixed importApp path resolution to use __dirname three levels up.
- Switched git config calls to execFileSync to avoid command injection.
- Corrected toast dismissal loop to click the first toast repeatedly
until none remain; added maxAttempts=20 guard (and in Context Files
Picker) to prevent hangs.
- Derived the app executable name from appInfo instead of hardcoding
dyad.exe.

<sup>Written for commit 26329e6b1866fd31e1cba91e0b641fc04df30e8a.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

## Summary
- The `claude-code-action` requires write permissions on the triggering
actor by default, but the closed issue comment workflow is designed to
respond to **any** user commenting on a closed issue
- Added `allowed_non_write_users: '*'` to bypass this check — safe
because the workflow's permissions are tightly scoped (`issues: write`,
`contents: read`) and Claude is restricted to only `gh issue reopen` and
`gh issue comment`

## Test plan
- Comment on a closed issue from a non-collaborator account and verify
the workflow runs successfully instead of failing with "Actor does not
have write permissions"

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2578"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Allow non-write users to trigger the closed-issue comment workflow by
setting allowed_non_write_users: "*". This removes the write-permission
block so any comment on a closed issue runs the workflow, while staying
safe via scoped permissions and restricted tools (only gh issue
reopen/comment).

<sup>Written for commit 211887fea46b0e48c3f4bf7eeacba6b3a3b74b53.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Add PLAYWRIGHT_RETRIES env var support to allow different retry counts
for different CI environments
- Self-hosted macOS runners now use 1 retry (more reliable hardware)
while GitHub-hosted runners use 2 retries
- Refactors playwright.config.ts to read retries from environment
variable with sensible defaults

## Test plan
- Verify CI workflow sets PLAYWRIGHT_RETRIES appropriately for
self-hosted vs GitHub-hosted runners
- Run `npm test` to ensure all unit tests pass
- E2E tests should respect the new retry configuration

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2558"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Make Playwright retries configurable via the PLAYWRIGHT_RETRIES env var
to tune test stability across environments. Self-hosted macOS runners
use 1 retry; GitHub-hosted runners use 2 (local stays 0 unless set).

- **New Features**
  - Added PLAYWRIGHT_RETRIES with sensible defaults (CI 2, local 0).
- CI sets retries per runner type: 1 for self-hosted macOS, 2 for
GitHub-hosted.

<sup>Written for commit 896a3dbcbb8278d5cedfbd27088466d780d05fd2.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2575"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Add `repository` and `ref` parameters to the checkout step in CI
workflow so it correctly checks out the fork's branch when running on
pull requests from external contributors
- Update package-lock.json with dependency resolution changes

## Test plan
- Verify CI passes on this PR
- Test by opening a PR from a fork and confirming CI checks out the
correct branch

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2560"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fix CI checkout for forked pull requests. The workflow now checks out
the PR’s head repo and branch so jobs run against the contributor’s
code.

- **Bug Fixes**
- Pass repository and ref to actions/checkout, using PR head repo/ref
when available with safe fallbacks.

- **Dependencies**
- Regenerated package-lock.json to reflect updated resolutions; no
version changes.

<sup>Written for commit 37839729e6e42b41dbc2c71a84dddcd50f3103da.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

#skip-bb

## Summary
- Skip the Electron singleton lock for E2E test builds to allow multiple
app instances to run concurrently
- Update Playwright config to use 2 workers for parallel test execution

## Performance Impact
With parallelism of 2, tests should complete approximately **~1.6-1.8x
faster** (not a perfect 2x due to overhead and some sequential test
dependencies). The speedup comes from:
- Two Electron app instances can now run simultaneously during E2E tests
- Previously, the singleton lock (`app.requestSingleInstanceLock()`)
would cause second instances to quit immediately

## Implementation Details
- Modified `src/main.ts` to check `IS_TEST_BUILD` and skip the singleton
lock for e2e test builds
- Changed `playwright.config.ts` from `workers: 1` to `workers: 2`

## Test plan
- [ ] Run `npm run build` to ensure the e2e build compiles correctly
- [ ] Run `npx playwright test` to verify tests pass with parallel
execution
- [ ] Verify no race conditions occur when multiple app instances run
simultaneously

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2547"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Enable parallel Playwright E2E tests by skipping Electron’s
single-instance lock in test builds and reading worker count from
PLAYWRIGHT_PARALLELISM. CI sets 3 workers on self-hosted macOS (1
elsewhere), keeping single-instance behavior in production.

- **Bug Fixes**
- Prevent crash in second-instance handler when no deep link URL;
clarify deep link handling for test builds.

<sup>Written for commit 0f542e189f5b17cc857acc9ad07955c47a0049f1.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Set toast duration to 500ms when in test mode to speed up E2E tests
- This reduces test flakiness and speeds up tests that wait for toasts
to disappear

## Test plan
- Run E2E tests to verify toasts now disappear faster in test mode
- Verify regular app behavior is unchanged (toasts use default duration)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2551"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Shorten toast duration to 500ms when test mode is enabled to speed up
E2E runs and reduce flakiness. Production behavior is unchanged; toasts
use the default duration outside test mode.

<sup>Written for commit 5d38cc2b792a215b89c2c4c3a5f970c44a3fa120.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2546"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Route PRs from wwwillchen* to a self-hosted macOS ARM64 runner (Mac
mini) and dynamically set the CI matrix; all other authors keep
GitHub-hosted macOS/Windows with sharded e2e. Also simplifies formatting
in lint-staged and bumps the package-lock version.

- **New Features**
- Detect privileged authors (wwwillchen, wwwillchen-bot) and run
build/e2e on self-hosted macOS ARM64 with no sharding.
  - For others, run on GitHub-hosted macOS + Windows with 4 e2e shards.
- Expose dynamic matrix outputs (build_os, e2e_os, e2e_shard,
e2e_shard_total) and use fromJSON for runner labels.

- **Refactors**
- e2e now also depends on check-changes; E2E step name reflects dynamic
shard total.
- lint-staged: run oxfmt on all files with
--no-error-on-unmatched-pattern.
  - package-lock updated to 0.36.0-beta.2.

<sup>Written for commit 5d99b98267104283d9dce0dda983c6305ab37599.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

## Summary
- Replaced manual `useState`/`useEffect` data fetching patterns with
React Query's `useQuery` and `useMutation` in `useSettings`,
`useLoadAppFile`, `useLoadApps`, `useAppVersion`, and related hooks
- Added centralized query keys for `system`, `settings`, `appFiles`, and
`github` domains in `queryKeys.ts`
- Added new `useGithubRepos` and `useSystemPlatform` hooks using React
Query
- Simplified `TitleBar` and `ImportAppDialog` to use the updated hook
interfaces

## Test plan
- All 784 unit tests pass
- Verify settings load correctly on app startup
- Verify file loading works in the code viewer
- Verify app list loads and refreshes properly
- Verify title bar shows correct app version

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2536"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches core loading paths (settings, app list, file reads) and
caching/invalidations, so regressions could show up as stale data or
missing refreshes; changes are mostly refactors with minimal behavioral
intent.
> 
> **Overview**
> **Migrates several app/system/settings data flows from local
state/Jotai-driven fetching to React Query.** `useLoadApps`,
`useLoadAppFile`, `useAppVersion`, and `useSettings` now use
`useQuery`/`useMutation` with cache updates and refresh via query
invalidation, and app favorites (`useAddAppToFavorite`) update the React
Query apps cache instead of an `appsListAtom` (which is removed).
> 
> Adds new React Query-powered hooks (`useSystemPlatform`,
`useGithubRepos`) and extends `queryKeys` with `system`, `settings`,
`appFiles`, and `github` domains; UI callers (`TitleBar`,
`ImportAppDialog`, `app-details`) are adjusted to consume the new hooks.
E2E favorite-app tests are hardened by hovering before clicks and using
a longer assertion timeout.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
c82dfca589d0186d25cec33a2453fc5b3f28520b. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Migrated core data fetching to React Query to standardize caching,
loading, and error handling. Cleaned up UI and tests, removed the apps
Jotai atom, and made refresh flows consistent via query invalidation.

- **Refactors**
- Replaced manual state/effect with useQuery/useMutation in useSettings,
useLoadApps, useLoadAppFile, and useAppVersion.
- Centralized query keys for system, settings, appFiles, and github in
queryKeys.ts.
- Removed appsListAtom; apps now read/write via React Query. Kept Jotai
sync for settings and env vars.
- Simplified TitleBar (uses useSystemPlatform), ImportAppDialog (uses
useGithubRepos), and app-details (reads apps from useLoadApps).
  - Updated useAddAppToFavorite to update the React Query cache.
- Reduced flakiness in favorite app e2e tests by hovering before clicks
and using a medium timeout.

- **New Features**
- Added useGithubRepos and useSystemPlatform hooks with session-level
caching.

<sup>Written for commit c82dfca589d0186d25cec33a2453fc5b3f28520b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2543"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

#skip-bb

The migration from Radix to Base UI broke file attachments because
calling e.preventDefault() in the onClick handler does not stop Base UI
menus from closing. Base UI relies on an internal closeOnClick mechanism
instead. As a result, when the menu closed, the portaled hidden <input
type="file"> elements were unmounted from the DOM before the user could
select a file.
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2541"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Fixes the file attachment menu so selecting “Attach chat context” or
“Upload to codebase” no longer closes the dropdown too early. Uses
closeOnClick={false} with direct onClick handlers to keep hidden inputs
mounted and make file selection reliable.

<sup>Written for commit afe8de3b5de300b8c2254418aa9bbd87d818c0bf.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

## Summary
- Extracted topic-specific learnings and guidelines from AGENTS.md into
9 separate files under `rules/` for better discoverability and
maintainability
- AGENTS.md now has a concise rules index table with "read when..."
descriptions so agents know which file to consult
- No content was lost — all learnings are preserved in their respective
rule files

## Test plan
- [x] Verify all rule files exist and contain the expected content
- [x] Verify AGENTS.md rules index links are correct
- [x] Lint, type checks, and tests all pass

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2540"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Modularized guidance from AGENTS.md into nine focused docs under rules/,
and added a concise rules index in AGENTS.md for quick navigation. No
content was removed; it’s now easier to find and maintain.

- **Refactors**
- Extracted topic docs into rules/: electron-ipc, e2e-testing,
git-workflow, base-ui-components, database-drizzle,
typescript-strict-mode, openai-reasoning-models, adding-settings,
chat-message-indicators.
- Updated .claude/commands/remember-learnings.md to write learnings to
rules/ (use AGENTS.md only when needed) and maintain the index when new
files are added.

<sup>Written for commit 7d217b84ce3d1e434f28a31bb6a2329c672d2bcf.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Fixed UI element occlusion bug where the "Copy" utility button was
unusable due to layout overlap with the language identifier label in
code blocks
- Added flexbox properties (gap, items-center, truncate, min-w-0,
flex-shrink-0) to ensure proper spacing and prevent overflow

## Test plan
- Open a chat with code blocks containing language labels (e.g.,
typescript, javascript)
- Verify the language label and copy button no longer overlap
- Test with narrow window widths to ensure the layout remains correct
- Click the copy button to confirm it's clickable and functional

Fixes #2466

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2533"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes an overlap in code blocks where the Copy button covered the
language label, so the button stays visible and clickable at all widths.
Fixes #2466.

- **Bug Fixes**
- Aligned header padding with pre (left/right 0, px-6) and added
gap-2/items-center for spacing.
- Applied truncate and min-w-0 to the language label to prevent
overflow.
  - Set the Copy button to flex-shrink-0 to avoid shrinking.

<sup>Written for commit 246b0df6569b41f813f0843b048125da8efe9830.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

Closes #1272.

Currently, the refactor suggestion button doesn't show the full path of
the file that it's going to refactor. This PR adds the file path in the
tooltip so that the user can see the path if they hover over the button.

I also took the liberty to make the button slightly wider by 20px. This
means that the button will typically show ~2-4 more characters than it
does currently, which I think makes it a bit easier at a glance to infer
which file the AI will refactor without needing to hover. For example,
if the suggestion is to refactor `src/components/big-file.tsx`, this
might make the difference of having the button show "Refactor
components/big-fil..." instead of "Refactor components/big...".
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2511"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Added the full file path to the refactor button tooltip for clarity.
Widened the button from 180px to 200px to show a few more characters in
the label.

<sup>Written for commit c8824c43fa66506ba6ced69b0c6675c4978ecaf9.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

Currently, after confirming the reset, there is no feedback in the
dialog to indicate that the operation has started, which makes it appear
as if the button is not working.
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2537"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Disable the reset confirmation button after confirmation and show
“Resetting…” to give clear feedback and prevent duplicate resets.

- **Bug Fixes**
- ConfirmationDialog: added confirmDisabled prop to control disabled
state and styling.
- Settings: when isResetting is true, disable confirm button and set
text to “Resetting…”.

<sup>Written for commit 02397273dcf8e04ae7b8b39fea2f58b767edc6b6.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

## Summary
This PR introduces a new `DyadCardPrimitives` component library and
refactors all Dyad markdown action cards to use these reusable
primitives. This improves consistency, reduces code duplication, and
makes styling changes easier to maintain across the codebase.

## Key Changes

- **New `DyadCardPrimitives.tsx`**: Created a comprehensive library of
reusable card components including:
- `DyadCard`: Main container with accent color support and state
indicators
  - `DyadCardHeader`: Header row with icon and flexible content area
  - `DyadBadge`: Small pill badges for card type labels
  - `DyadExpandIcon`: Animated chevron for expand/collapse
- `DyadStateIndicator`: Spinner/X/checkmark for pending/aborted/finished
states
  - `DyadCardContent`: Expandable content area with smooth animations
- `DyadFilePath`, `DyadDescription`, `DyadFinishedIcon`: Additional
utility components
- Support for 11 accent colors (blue, purple, violet, red, amber, green,
emerald, teal, sky, indigo, slate)

- **Refactored components** to use new primitives:
- `DyadAddDependency`: Simplified layout, improved package display
styling
- `DyadAddIntegration`: Consistent card styling for both pending and
completed states
  - `DyadCodeSearch`: Cleaner header with state indicator
  - `DyadCodeSearchResult`: Standardized file list display
  - `DyadCodebaseContext`: Unified expand/collapse behavior
  - `DyadDatabaseSchema`: Simplified header structure
  - `DyadDelete`: Consistent red accent styling
  - `DyadEdit`: Improved state indicators and layout
  - `DyadExecuteSql`: Cleaner SQL badge and state handling
  - And 19+ additional components

## Implementation Details

- All components now use semantic color tokens (`foreground`,
`muted-foreground`, `background-lightest`, etc.) for better dark mode
support
- Consistent spacing and sizing across all cards (px-3, py-2 for
headers, px-3 pb-3 for content)
- Smooth transitions for expand/collapse animations using `max-h` and
`opacity`
- Left border accent (3px) appears only when card is in pending or
aborted state
- Removed inline icon imports from individual components; now
centralized in primitives
- Improved accessibility with proper semantic HTML and ARIA attributes

https://claude.ai/code/session_01AAvVLShqeRjs42LhUdeK3e
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2482">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Large UI refactor across many chat card components and accessibility
attributes; primary risk is visual/interaction regressions and
snapshot/test churn rather than data/security impact.
> 
> **Overview**
> **Refactors Dyad chat “action cards” to a shared component library.**
Introduces `DyadCardPrimitives` (e.g., `DyadCard`, `DyadCardHeader`,
`DyadBadge`, `DyadStateIndicator`, `DyadCardContent`) and migrates many
markdown-rendered cards
(edit/write/delete/grep/logs/list-files/code-search, integrations, etc.)
to use these primitives for consistent styling, expand/collapse
behavior, and keyboard/ARIA interaction.
> 
> Updates E2E ARIA snapshots to match the new card structure and
accessibility tree, slightly tweaks chat message typography, bumps
`@playwright/test` to `^1.58.2`, and expands `lint-staged` formatting
(`oxfmt`) to include `*.json`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
e020627fdb8955d948d982cb525c929b0610ee77. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Refactored all Dyad markdown action cards to use new DyadCardPrimitives
for a consistent, accessible card UI with smoother interactions and
easier styling. Adds lazy-mounted content and keyboard-accessible
expand/collapse, reduces duplication, and improves dark mode across 28+
components.

- **New Features**
- Added DyadCardPrimitives: DyadCard, DyadCardHeader, DyadBadge,
DyadExpandIcon, DyadStateIndicator (with finished state),
DyadCardContent, plus helpers (DyadFilePath, DyadDescription,
DyadFinishedIcon).
- 11 accent colors with tinted icon circles and a left accent border
shown for pending/aborted states; showAccent prop for explicit control.
- Smooth expand/collapse using CSS grid with a rotating chevron;
DyadCardContent lazy-mounts heavy children.
  - Semantic color tokens for reliable light/dark theming.
- Improved accessibility: role="button", tabIndex, Enter/Space handlers,
and aria-expanded on interactive cards.

- **Refactors**
- Migrated 28+ markdown action cards (e.g., AddDependency, CodeSearch,
Edit, ExecuteSql, Status, WebSearch, Write) to the primitives; unified
headers, badges, spacing, state indicators, and expand/collapse
behavior.
- Fixed regressions: correct state extraction (Delete/Rename/Output),
restored children rendering (Delete/Read/Rename), passed isExpanded to
all interactive cards, click propagation fix in Grep.
- Removed per-component icon imports and ad‑hoc styles; net reduction of
~480 LOC.

<sup>Written for commit e020627fdb8955d948d982cb525c929b0610ee77.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2539"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Resolve stash merge conflicts in `app_handlers.ts` — use
`updateAppCommands` handler without `withLock`
- Resolve stash merge conflicts in `app_commands.spec.ts` — consolidate
into a single E2E test covering validation, cancel, configure/edit/clear
flows
- Include updated `test_helper.ts` and `package-lock.json`

## Test plan
- [ ] Verify `npm run ts` passes (type checks)
- [ ] Verify `npm test` passes (unit tests)
- [ ] Run app commands E2E test: `PLAYWRIGHT_HTML_OPEN=never npm run e2e
-- --grep "configure app commands"`

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2538"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Removes per-app locking from `updateAppCommands`, which could allow
concurrent updates to race and overwrite command values. Other changes
are test and dependency/lockfile adjustments with limited production
impact.
> 
> **Overview**
> Improves the app-commands E2E coverage by consolidating previously
separate tests into a single `configure app commands` flow that now
exercises **required-field validation**, **cancel**, **save/edit**, and
**clear-to-default** behavior end-to-end.
> 
> Updates the Playwright helper `waitForToastWithText` to use the shared
`Timeout.MEDIUM` default (instead of a fixed 5s) to reduce CI flakiness.
> 
> In `app_handlers.ts`, removes `withLock` usage from the
`updateAppCommands` IPC handler while keeping the same trimming +
“both-or-neither” validation before persisting commands. Also bumps the
app version to `0.36.0` and refreshes `package-lock.json` accordingly.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
4dfd2931629fee1d89af85a227c97981788fa0a9. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Resolved merge conflicts and finalized the app commands flow. Simplified
the updateAppCommands handler and consolidated E2E coverage to reduce
flakiness.

- **Refactors**
- updateAppCommands no longer uses withLock; validates paired commands
and updates the DB directly.
- Merged app commands E2E into a single test covering validation,
cancel, and configure/edit/clear flows.
- Standardized toast waiting to Timeout.MEDIUM in test_helper to reduce
flakes.
  - Updated package-lock.json to 0.36.0.

<sup>Written for commit 4dfd2931629fee1d89af85a227c97981788fa0a9.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Add the ability to configure install and start commands in the Configure
panel after an app has been created. Previously these were only
configurable when first importing an app.

Changes:
- Add updateAppCommands IPC contract and handler
- Add AppCommandsSection component in ConfigurePanel
- Allow users to view, edit, and clear custom commands
- Include validation requiring both commands when customizing
- Add E2E tests for the new feature

https://claude.ai/code/session_01RHmPUNG7Bdw9MC1DKQJX8g
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2433">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Moderate risk because it introduces a new IPC write path that persists
user-provided command strings and affects how apps will run, though
guarded by client/server validation and locking.
> 
> **Overview**
> Adds an **App Commands** card to `ConfigurePanel` that lets users view
default vs custom install/start commands, edit them with client-side
validation (both required), cancel edits, and clear back to defaults.
> 
> Introduces a new IPC contract `updateAppCommands` plus a main-process
handler that trims inputs, enforces *both-or-neither* semantics, updates
the `apps` record under `withLock`, and triggers UI refresh/toasts.
> 
> Adds Playwright E2E coverage for configure/edit/clear flows,
validation behavior, and canceling edits.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
3f0abe3b8f9ed2483ed27d537dd874e4caa66fcf. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Let users configure custom install and start commands from the Configure
panel after an app is created. Defaults to “pnpm install && pnpm dev”
when unset, and both fields are required when customizing.

- **New Features**
- Configure, edit, or clear custom install/start commands in
ConfigurePanel.
- Added updateAppCommands IPC contract and handler to persist commands.
- E2E tests cover happy path, validation (both required), cancel, and
clear flows.

- **Bug Fixes**
- Prevent overwriting edits on refetch; fix custom commands check (AND),
and update default-state message.
- Enforce server-side validation (both commands set together or both
cleared) and remove sensitive command content from logs.

<sup>Written for commit 3f0abe3b8f9ed2483ed27d537dd874e4caa66fcf.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

## Summary
- Update pr-push skill to default to staging files when in doubt, rather
than being overly cautious
- Narrow the exclusion list to only true secrets/artifacts (`.env`,
keys, `node_modules`, etc.)
- Remove vague exclusion language about "temporary files" and "personal
configuration"

#skip-bugbot

## Test plan
- Run `/dyad:pr-push` and verify the updated behavior stages files more
aggressively

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2530"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Make /dyad:pr-push stage and commit files more aggressively with a tight
exclude list, while improving safety and reliability of the push flow.
Blocks pushes to main, runs checks/tests, tracks tasks, and detects the
right remote.

- **New Features**
- Stage most changes by default; only exclude true secrets/artifacts
(.env, keys, .DS_Store, node_modules, *.log).
  - Remove vague exclusions for “temporary files” or personal configs.
- Prevent pushing on main/master; auto-create and switch to a feature
branch when needed.
- Inline checks: run fmt, lint --fix, type-check, and npm test; amend if
tools change files.
- Use TaskCreate/TaskUpdate to track progress and provide a clear
summary.
- Capture session learnings before lint; commit AGENTS.md updates when
present.
- Auto-detect the correct remote (handles forks), set upstream; push
with --force-with-lease; never pull/rebase from a fork—only from
upstream.
- If no PR exists, create one and add cc:request for non-trivial
changes.

<sup>Written for commit fc6933aeb2e26e743805e65b4e0e92462d8eb7c2.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>