## Summary
- Add `PLAYWRIGHT_HTML_OPEN=never` environment variable to all e2e test
commands in AGENTS.md and Claude command files
- Prevents the Playwright HTML reporter from opening a browser and
blocking the terminal after tests complete

## Test plan
- Run `npm run e2e` with and without the env var to verify behavior
- Agents running e2e tests should no longer hang waiting for user input

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Stop the Playwright HTML reporter from auto-opening and blocking the
terminal by setting PLAYWRIGHT_HTML_OPEN=never on all e2e commands.
Updated AGENTS.md and Claude command files so local runs and agent
workflows no longer hang after tests.

<sup>Written for commit 2ee4139f8a43a5bc20ae1933b6c629d19c96937b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Fix PermissionRequest hook to use correct hookSpecificOutput JSON
wrapper format
- Previously the hook output {behavior: allow} but Claude Code expects
{hookSpecificOutput: {hookEventName: PermissionRequest, decision:
{behavior: allow}}}
- Clean up code: remove debug logging, organize imports

## Test plan
- Run a command that triggers permission request (e.g., rm -rf somedir)
- Verify the hook auto-approves GREEN operations without showing the
permission dialog
- Test with DEBUG_PERMISSION_HOOK=1 to see hook execution logs

Generated with Claude Code


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Uses Claude Sonnet to analyze permission requests and fixes the
PermissionRequest hook output format so decisions are applied correctly.
GREEN auto-approves, YELLOW passes through, RED auto-denies without
showing the dialog.

- **Bug Fixes**
- Use the correct wrapper: {hookSpecificOutput: {hookEventName:
"PermissionRequest", decision: {behavior: "allow"|"deny"}}}.
  - Improve JSON extraction; remove debug logs and tidy imports.

- **New Features**
- Add permission-request-hook.py to analyze requests with Claude CLI
(sonnet) and auto-approve/deny using permission-policy.md.
  - Add tests for hook behavior, response schema, and policy coverage.
  - Enable the hook in .claude/settings.json for all tools.

<sup>Written for commit bcdcd4eeda5e28d4cde37247fae8c150c1e9ba1b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->




<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Introduces an AI-driven PermissionRequest hook that evaluates tool
actions against a new security policy and auto-approves/denies
accordingly, plus tests and settings wiring.
> 
> - **Add** `permission-request-hook.py` to call Claude (model `sonnet`)
with `permission-policy.md`, parse JSON robustly, and emit
`hookSpecificOutput` for `allow`/`deny` (GREEN auto-approve, RED
auto-deny, YELLOW passthrough)
> - **Add** comprehensive `permission-policy.md` covering Bash, GitHub,
and file operations with GREEN/YELLOW/RED criteria
> - **Add** tests in `tests/test_permission_request_hook.py` for hook
passthrough behavior, response format, CLI absence, and policy coverage
> - **Configure** `.claude/settings.json` to register the new
PermissionRequest hook for all tools with a 30s timeout
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
bcdcd4eeda5e28d4cde37247fae8c150c1e9ba1b. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- Add step to check current branch and create feature branch if on
main/master
- Add task tracking requirement using TaskCreate/TaskUpdate tools
- Renumber steps and update summary to report new branch creation

#skip-bb

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Updates the pr-push skill to block pushes to main/master and auto-create
a PR, and adds required task tracking across pr-push and pr-fix so work
happens on feature branches with clear progress and a ready review link.

- **New Features**
- Check current branch; if on main/master, create and switch to a
descriptive feature branch and report its name.
- Require TaskCreate/TaskUpdate across pr-push and pr-fix to track each
step (create tasks, mark in_progress/completed).
- Auto-create a PR if none exists (no manual URL prompts), avoid
duplicates, and include the PR URL in the final summary; steps
renumbered to reflect the new flow.

<sup>Written for commit 81f38c98e48bf915a553dac23d1ec41474c27d0b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bb

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add a Python permission hook that restricts python/python3 to scripts
inside the .claude directory. Blocks unsafe modes and command injection
to reduce risk.

- **New Features**
- Enforces: allow scripts under .claude; deny scripts outside; deny -m,
-c, and interactive; passthrough for non-python and --version/--help.
- Robust parsing of env-var prefixes, flags, quoted/unquoted paths,
relative/absolute paths, and symlinks; supports CLAUDE_PROJECT_DIR.
- Registered the hook in PreToolUse and expanded allowed tools in
settings (Bash(chmod:*), Bash(python3:*)). Added tests for allowed,
blocked, passthrough, and security-bypass commands.

<sup>Written for commit 798d1abf04cdedc5395603ce4e32b2b943be8941.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

- Add hardcoded list of trusted humans (wwwillchen, princeaden1,
azizmejri1)
- Add trusted bots (gemini-code-assist, greptile-apps, cubic-dev-ai,
cursor, github-actions)
- Skip reading contents of comments from untrusted authors for security
- Report untrusted commenters in summary without exposing their comment
contents

#skip-bb

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Only process unresolved PR review threads from trusted authors. Skip
reading comment bodies from untrusted users and report their usernames
safely.

- **New Features**
  - Added trusted humans: wwwillchen, princeaden1, azizmejri1
- Added trusted bots: gemini-code-assist, greptile-apps, cubic-dev-ai,
cursor, github-actions, chatgpt-codex-connector
  - Filter threads where the first comment’s author is trusted
- Report untrusted commenters by username only; do not read their
comment contents

<sup>Written for commit a696d73c3b32d8fecd63e9dd0e67815a08e99033.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Swap prettier for oxfmt in devDependencies for faster formatting
- Rename scripts: prettier -> fmt, prettier:check -> fmt:check
- Update lint-staged to use oxfmt
- Update CLAUDE.md and skill docs to reference npm run fmt

## Test plan
- [x] Run npm run fmt to verify formatting works
- [x] Run npm run fmt:check to verify check mode works
- [x] Verify lint-staged runs oxfmt on commit

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Replaced Prettier with oxfmt for faster formatting. Updated to oxfmt
0.26.0, added a project config, renamed scripts to fmt and fmt:check,
and refreshed docs; oxfmt’s new rules applied compact formatting across
many files.

- **Migration**
  - Use npm run fmt and npm run fmt:check in local workflows and CI.
  - lint-staged now formats with oxfmt on commit.
  - Requires Node 20.19+ or 22.12+.

<sup>Written for commit a9e3812b02849f8d6357913113fca68ca8b4fcbc.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bb

## Summary
This PR adds a new GitHub Actions workflow that automatically cancels
in-progress and queued CI workflow runs when a pull request is merged.
This helps reduce unnecessary CI resource consumption and prevents stale
workflow runs from completing after their changes have already been
integrated.

## Changes
- Added `.github/workflows/cancel-ci-after-merge.yml` workflow that:
  - Triggers when a pull request is closed (merged)
  - Finds the CI workflow in the repository
- Queries for all in-progress and queued CI runs on the merged PR's
branch
  - Cancels each identified workflow run with error handling and logging
  - Includes comprehensive console logging for debugging and monitoring

## Implementation Details
- The workflow uses `actions/github-script@v7` to interact with the
GitHub Actions API
- It specifically targets the "CI" workflow by name
- Handles both "in_progress" and "queued" statuses to catch all active
runs
- Includes try-catch error handling to gracefully handle cancellation
failures
- Requires `actions: write` permission to cancel workflow runs
- Only executes when `github.event.pull_request.merged == true` to avoid
running on rejected PRs


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Automatically cancel active CI runs for the merged PR’s head commit.
Frees up runners and prevents stale builds from finishing.

- **New Features**
- Adds .github/workflows/cancel-ci-after-merge.yml triggered on PR
closed, gated to merged PRs.
- Targets the CI workflow via file path ci.yml and lists runs for the PR
head SHA.
- Cancels active runs (in_progress, queued, pending, waiting) with
try/catch error handling and de-duplicates by run ID.
- Supports fork and non-fork PRs; uses actions/github-script@v7 with
actions: write permissions and clear console logs.

<sup>Written for commit 4d631b3ccb9d127c4781b185b9d6eac90d2fd710.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

Creates a GitHub Action that triggers when CI completes for PRs with the
cc:request label. It runs /dyad:pr-fix to address failing checks and
review comments, then updates labels (removes cc:help, adds
cc:responded)

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a GitHub Action that auto-responds to PRs after CI completes. It
runs /dyad:pr-fix on PRs labeled cc:request from wwwillchen and updates
labels based on status.

- **New Features**
  - Triggers on CI workflow_run completion.
  - Checks out the PR’s head repo/branch and runs /dyad:pr-fix.
  - Restricts usage to PRs authored by wwwillchen.
- Updates labels: cc:request → cc:pending; then cc:done on success or
cc:failed on failure.
  - Uses write permissions for contents and pull-requests.

<sup>Written for commit 21cef82a88b2e3d591f4c3955b679dd28aad0477.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Introduce a type-safe, centralized query key system following TanStack
Query best practices:

- Add src/lib/queryKeys.ts with hierarchical factory functions
- Use `as const` assertions for full type inference
- Group keys by feature (apps, chats, versions, etc.)
- Support prefix-based invalidation via parent keys

Update all 30+ hooks and components to use the new queryKeys:
- Replace inline string arrays with factory calls
- Replace scattered exports (CHATS_QUERY_KEY, TOKEN_COUNT_QUERY_KEY,
etc.)
- Consistent pattern: queryKeys.<feature>.<operation>(params)

Benefits:
- Single source of truth for all query keys
- Full autocomplete/IntelliSense support
- Type-safe invalidation (catches typos at compile time)
- Easier refactoring and key discovery

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Centralized React Query keys behind a typed queryKeys factory and
updated 30+ hooks/components to use it. This improves type-safety,
enables autocomplete, and makes invalidation and refactors simpler.

- **Refactors**
- Added src/lib/queryKeys.ts with hierarchical factory functions (as
const) grouped by feature.
- Replaced inline arrays and scattered constants (e.g., CHATS_QUERY_KEY,
TOKEN_COUNT_QUERY_KEY, APP_THEME_QUERY_KEY, SUPABASE_QUERY_KEYS).
- Standardized invalidate/remove calls to use parent keys (e.g.,
queryKeys.chats.all, queryKeys.versions.list({ appId })).
- Structured MCP keys (mcp.toolsByServer.all and
mcp.toolsByServer.list({ serverIds })) and updated Supabase branches to
include organizationSlug.
- No behavior changes; safer invalidation and consistent keys across the
app.

- **Migration**
- Use queryKeys.<feature>.<operation>(params object) for all queryKey
definitions.
- Invalidate broadly via parent keys when needed (e.g.,
queryKeys.chats.all).
- Update Supabase branches calls to pass organizationSlug:
queryKeys.supabase.branches({ projectId, organizationSlug }).
  - Do not add or export per-hook key constants; rely on queryKeys.

<sup>Written for commit 2b80e408f077b8ea3141369ca21f62e514852cfd.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Introduces a centralized, typed React Query key factory and applies it
across the app for consistency and safer invalidation.
> 
> - Adds `src/lib/queryKeys.ts` with hierarchical, `as const` key
factories (e.g., `queryKeys.apps.detail`, `queryKeys.versions.list`)
> - Refactors 30+ hooks/components to use factory keys in
`useQuery`/`useMutation` and `invalidateQueries`/`removeQueries`
> - Replaces scattered constants (e.g., `CHATS_QUERY_KEY`,
`TOKEN_COUNT_QUERY_KEY`, `APP_THEME_QUERY_KEY`, Supabase/MCP keys) with
`queryKeys`
> - Updates IPC-driven UI pieces (`AppUpgrades`, `CapacitorControls`,
`ModelPicker`, `ChatInput`, preview panels, Neon, MCP, Supabase, Vercel,
etc.) to the new keys
> - Documentation: `AGENTS.md` adds an Architecture section with usage
guidelines and changes format script to `npm run fmt`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
2b80e408f077b8ea3141369ca21f62e514852cfd. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

## Summary
- Fixes false positive in gh permission hook when PR bodies contain
markdown code spans like `concurrency`
- Adds `MARKDOWN_CODE_SPAN_PATTERN` to neutralize backtick pairs with
identifier-like content before checking for shell injection
- Security preserved: actual command substitution patterns with
spaces/special chars still blocked

## Test plan
- [x] Tested commands with markdown code spans now pass
- [x] Tested commands with actual command substitution patterns are
still blocked
- [x] Tested command chaining attempts are still blocked

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Allows safe markdown code spans inside double-quoted PR/issue bodies by
neutralizing backtick-wrapped identifiers; command substitution and
unsafe chaining remain blocked.

- **Bug Fixes**
- Neutralize identifier-like code spans only inside double quotes using
MARKDOWN_CODE_SPAN_PATTERN; requires a dot, hyphen, or underscore and
excludes plain words; still blocks backticks with spaces, args, or
pipes.

<sup>Written for commit 9d81ffe0bf0c58dd7862ffc16b49318698c8fb5d.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Adds `claude` to the CLA Assistant allowlist to fix CLA check failures
on PRs authored with Claude Code

## Problem
PRs authored with Claude Code (like #2268) have commits with the
`claude` GitHub user (email: `noreply@anthropic.com`) as an author via
the `Co-Authored-By` trailer. The CLA Assistant requires all commit
authors to sign the CLA, but Claude (the AI) cannot sign a CLA, causing
the check to always fail.

## Solution
The CLA Assistant action supports an `allowlist` parameter to exclude
specific users from the CLA requirement. This PR adds `claude` to that
allowlist.

## Test plan
- [x] Verify this PR's CLA check passes (it should, since this is the
fix)
- [ ] Verify subsequent Claude Code PRs pass the CLA check

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds "claude" to the CLA Assistant allowlist to prevent false CLA
failures on PRs with commits co-authored by the "claude" GitHub user.
This ensures CLA checks pass for Claude Code-authored PRs without
requiring a signature from that user.

<sup>Written for commit 7ce3f5d2734b06305a425d61000550022151d933.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- The pr-push skill was consistently stopping after running lint checks
instead of continuing to push
- Root cause: calling /dyad:lint as a nested skill created a stopping
point when the sub-skill completed
- Fix: inline lint commands directly and add explicit continuation
reminders after steps 2 and 3

## Test plan
- [ ] Run /dyad:pr-push and verify it completes all steps through to
pushing

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes pr-push stopping after lint by inlining lint commands and adding
clear “keep going” reminders, so the flow completes and pushes the
branch.

- **Bug Fixes**
- Inline lint commands: npm run prettier && npm run lint:fix && npm run
ts
- Add explicit continuation notes after steps 2 and 3 to prevent
stopping mid-flow
  - Clarify amend step when lint modifies files

<sup>Written for commit 75b8c57147f9ff5d0d7aed9d8e3457baf169cea1.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Adds concurrency block to the claude-pr-review workflow
- When a new push is made to a PR, any in-progress review workflow for
that PR is automatically cancelled
- Avoids wasting resources reviewing outdated code

## Test plan
- [ ] Push multiple commits in quick succession to a PR and verify only
the latest run completes

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add GitHub Actions concurrency to the claude-pr-review workflow so only
the latest run per PR executes. New pushes automatically cancel any
in-progress review, avoiding outdated reviews and saving CI resources.

<sup>Written for commit 8a0a3d25f25657ed9fc34580b7cb51feb43a2c9c.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Switch from inline review prompt to the `/multi-pr-review` skill
- Rely on `.claude/settings.json` for permissions instead of duplicating
allowed tools in the workflow

#skip-bugbot


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Switches the GitHub PR review workflow to use /multi-pr-review and
centralizes tool permissions in .claude/settings.json. This simplifies
config and keeps reviews consistent.

- **Refactors**
- Call `/multi-pr-review ${{ github.event.pull_request.number }}`
instead of an inline prompt.
- Rely on .claude/settings.json for allowed tools; keep only
`mcp__github_inline_comment__create_inline_comment` in the workflow.
  - Reduced workflow size by ~60 lines.

<sup>Written for commit 258c61670e2830621ec167653db5c07208b066b5.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bb

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a multi-agent PR review skill that runs three independent reviewers
with randomized file order, aggregates issues by consensus, and posts a
summary plus inline PR comments for medium+ issues flagged by 2+ agents.
Improves correctness coverage and reduces ordering bias.

- **New Features**
- Orchestrator parses PR diffs, shuffles file order per agent, runs
reviews in parallel (optional extended thinking), and writes consensus
results and formatted comments.
- Aggregation script performs consensus voting across agent outputs with
severity filtering.
- Comment poster posts the consensus summary and inline comments via
GitHub CLI or API; supports --dry-run and --summary-only.
  - Prompt and JSON schema references for structured issue output.
  - Skill docs covering workflow, configuration, and usage.

- **Bug Fixes**
- Align prompt schema fields (line_start, severity) with orchestrator
expectations.
- Make line tolerance symmetric and clamp to positive line numbers in
issue matching.
  - Warn when diff filename parsing fails.

<sup>Written for commit e32332eb80083ea4f61617811d345f92453cdf3e.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Move Claude commands to `dyad/` namespace (e2e-rebase, pr-fix)
- Add new commands: fix-issue, gh-push, gh-rebase, lint, session-debug
- Add `gh-permission-hook.py` to block destructive gh commands (except
PRs)
- Expand allowed bash commands in settings.json
- Update AGENTS.md to reference `/dyad:lint` skill and fix typo

## Test plan
- [ ] Verify commands work with `/dyad:<command>` syntax
- [ ] Test that gh-permission-hook blocks issue modifications but allows
PR operations

🤖 Generated with [Claude Code](https://claude.com/claude-code)


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Reorganized Claude commands under the /dyad namespace and added a GitHub
CLI permission hook that auto-approves read-only commands plus PR and
issue updates while blocking destructive actions. Added new skills
(including deflaking E2E and split PR fix steps), hardened the hook, and
added tests.

- **New Features**
- Moved e2e-rebase and pr-fix to dyad/; added fix-issue, pr-push,
gh-rebase, lint, session-debug, deflake-e2e; split pr-fix into
pr-fix:comments and pr-fix:actions.
  - Updated AGENTS.md to reference /dyad:lint and fixed a typo.

- **Permissions**
- Added gh-permission-hook.py (PreToolUse) for Bash gh commands;
auto-approves read-only ops, PR modification commands, issue
create/edit/close/reopen/comment, PR review thread ops, and PR/issue
comment replies and updates; blocks destructive actions across issues,
releases, gists, labels, secrets, repos, workflows, config, and auth.
- Hardened checks: require gh as the executed command (handles
env/sudo/command wrappers); detect shell injection (;, &&/||, &,
newlines, ANSI-C $'…', process substitution); allow safe pipes to jq and
common text filters (head/tail/grep/wc/sort/uniq/cut/tr) and stderr
redirects; parse --method/-X (incl. equals syntax); allow GraphQL
queries plus specific PR review thread/comment mutations; added unit
tests with good/bad fixtures.
- Updated settings.json to narrow read-only gh allowlist, expand safe
Bash commands, and register the PreToolUse hook.

<sup>Written for commit 3237d344cdc2850a97a9a4856bff54bd25be102b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->




<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Streamlines Claude command suite and hardens GitHub CLI usage in the
workspace.
> 
> - Reorganizes commands under `/.claude/commands/dyad/` and adds new
skills: `deflake-e2e`, `fix-issue`, `gh-rebase`, `lint`, `pr-push`,
`session-debug`; splits `pr-fix` into `pr-fix:comments` and
`pr-fix:actions`
> - Adds `/.claude/hooks/gh-permission-hook.py` to auto-approve
read-only/PR operations and block destructive `gh` commands; supports
GraphQL query/limited mutations and safe piping
> - Introduces unit tests (`.claude/hooks/tests/*`) with good/bad
command fixtures and a test runner
> - Updates `.claude/settings.json` to expand safe Bash allowlist and
register `PreToolUse` hook; tweaks `.gitignore` and `AGENTS.md`
(references `/dyad:lint`)
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
3237d344cdc2850a97a9a4856bff54bd25be102b. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Allow build jobs to continue independently even if one platform fails
- The verify-assets job will still only run if all builds succeed

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Set fail-fast: false in the release workflow build matrix so other
platform builds continue even if one fails. Add retry to the publish
step (3 attempts, 30m timeout) to reduce flakiness; verify-assets still
only runs if all builds succeed.

<sup>Written for commit 2f09fc1f6ae1d524f6e626f4acc91bb7adfa4aab.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Fixes Windows-specific bug where `path.relative()` generates backslash
paths (e.g., `src\components\Button.tsx`) that break TSC workers and git
operations
- Normalizes paths to use forward slashes in both component tagger
plugins (nextjs-webpack and react-vite)
- Adds defensive normalization in `visual_editing_handlers.ts` and
`PreviewIframe.tsx`

Fixes #2271

## Test plan
- [ ] Test on Windows: use Annotator / Edit with Select to refactor or
move files
- [ ] Verify no TSC worker errors occur after using the visual editing
tools
- [ ] Verify git operations don't fail due to invalid paths

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Bug fix: Windows path normalization**
> 
> - Update `safeJoin` to normalize backslashes via `normalizePath`, then
validate/block absolute, home, and UNC paths before joining; join uses
normalized segments
> - Normalize `gitAdd` filepaths for both native Git and isomorphic-git;
adjust error messages accordingly
> - Visual editing handler now stages modified files with `gitAdd`
(replacing direct isomorphic-git add) while continuing to use `safeJoin`
> - Tests updated to assert forward-slash normalization for
Windows-style inputs
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5e1cf28e5632a37c564c71b52cc702b7c57e49fc. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Normalize Windows backslash paths to forward slashes across component
taggers, visual editing, and git staging so TSC workers and git
operations don’t break on Windows. Centralizes normalization in gitAdd
and safeJoin for consistent component IDs and file paths.

- **Bug Fixes**
- Next.js webpack and Vite taggers: replace backslashes from
path.relative() with forward slashes.
- Git utils: gitAdd normalizes filepath before staging (native Git and
isomorphic-git).
- Path utils: safeJoin normalizes segments before joining and blocks
unsafe absolute paths.
- Visual editing and preview: normalize component IDs and paths; use
gitAdd and safeJoin for file staging.

<sup>Written for commit 674f783cdd844fb98cd746cd8d7dc9234d419d80.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Updates the Vercel deployment URL when refreshing deployments to show
the most recent READY production deployment
- Previously, the Live URL was only set once during project creation or
connection and never updated
- Now when users click "Refresh Deployments", the Live URL will update
to reflect the latest production deployment

Fixes #2208

## Test plan
- [ ] Connect an app to a Vercel project
- [ ] Verify the Live URL is shown correctly
- [ ] Push a new deployment to Vercel
- [ ] Click "Refresh Deployments" in Dyad
- [ ] Verify the Live URL updates to reflect the new deployment

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Ensures the app’s Vercel Live URL stays current after refreshing
deployments.
> 
> - In `vercel_handlers.ts`, when fetching deployments, finds the most
recent `READY` production deployment and updates
`apps.vercelDeploymentUrl` if it changed (with logging)
> - In `VercelConnector.tsx`, after `getDeployments()` completes, calls
`refreshApp()` so the updated Live URL is shown in the UI
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
2f2cccc87b91a3653b70d008b7f208a9aebd7af6. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Ensures the Vercel Live URL updates to the latest READY production
deployment when users refresh deployments, fixing the stale URL issue.
Fixes #2208.

- **Bug Fixes**
- Call refreshApp() after getDeployments in VercelConnector to refresh
the Live URL.
- In IPC handler, detect the most recent READY production deployment and
update vercelDeploymentUrl in the DB only when it changes.

<sup>Written for commit 2f2cccc87b91a3653b70d008b7f208a9aebd7af6.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Fixed chat summarization failing in local-agent mode with "no
technical discussion" error
- Added `messageOverride` parameter to `handleLocalAgentStream` to pass
transformed messages
- When summarize intent is detected, the formatted chat content is now
correctly passed to the local agent handler instead of relying on
database messages

Fixes #2292

## Test plan
- [ ] In local-agent mode, trigger "Summarize to new chat" from a chat
with technical content
- [ ] Verify the summarization completes successfully instead of showing
"no technical discussion" error
- [ ] Verify normal chat functionality in local-agent mode is not
affected

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes "Summarize to new chat" failing in local-agent mode by passing the
formatted chat content to the local agent instead of reading DB history,
addressing #2292. Prevents the "no technical discussion" error while
keeping normal chat behavior unchanged.

- **Bug Fixes**
- Added messageOverride to handleLocalAgentStream to use transformed
messages.
- chat_stream_handlers passes chatMessages on summarize intent;
otherwise uses DB-derived history.
- Added Playwright E2E test to verify summarize-to-new-chat works in
local-agent mode.

<sup>Written for commit c88a646b22127a655b8e96f77956e3cbd01f4a45.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Fix local-agent summarization**
> 
> - Detects summarize intent and passes formatted `chatMessages` via
`messageOverride` to `handleLocalAgentStream`; handler now prefers
overrides over DB-derived history
> - Uses read-only system prompt in ask-mode local-agent path and wires
both ask/local-agent paths to support overrides
> - Adds E2E test `local_agent_summarize.spec.ts` with snapshot to
verify summarize-to-new-chat works
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
c88a646b22127a655b8e96f77956e3cbd01f4a45. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Fixes the merge-reports workflow failure on fork PRs (like #2276)
- Wraps GitHub API calls in try-catch to handle 403 permission errors
gracefully
- Test results are still written to the job summary even when PR comment
fails

## Test plan
- [x] Verify the fix by checking the merge-reports job on this PR
(should pass)

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Prevents merge-reports from failing on fork PRs by gracefully handling
403 permission errors when posting Playwright results. Test results
still appear in the job summary even if the PR comment can’t be created
or updated.

- **Bug Fixes**
- Wrap PR comment API calls in try/catch; on 403, log a clear message
and continue without failing the workflow.
- Keep update/create logic for the bot comment when permissions allow;
skip safely when no PR is detected.

<sup>Written for commit befdb30e68a21ddb992e0d175d91352dfe8e04e0.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Prototype custom theme generator that lets users create themes manually
or generate prompts from images, manage them from a new Themes page, and
apply them in chat. Themes are global and used in streaming and token
counting.

- **New Features**
  - Added custom_themes table.
- Implemented IPC and hooks to list/create/update/delete themes with
query cache invalidation.
- New CustomThemeDialog with manual prompt entry and prompt generation
from uploaded images and optional keywords; uses the selected model via
Dyad Pro and requires Dyad Pro enabled.
  - New Themes page with CRUD, EditThemeDialog, and a sidebar link.
- Updated chat Themes menu to show built-in plus recent custom themes,
with “New Theme” and a “More themes” dialog; newly created themes
auto-select and selection persists per app.

- **Refactors**
- Replaced getThemePrompt with async getThemePromptById to support
custom theme IDs (custom:<id>); integrated in chat_stream and
token_count handlers.
  - Whitelisted new IPC channels in preload.

<sup>Written for commit 37d9e5f0c477e2bb0847df506450b45a25ab4874.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->










<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Adds end-to-end custom theme support, including storage, IPC, UI, and
chat/system-prompt integration.
> 
> - New `custom_themes` table (+ migration `0022_loving_wendigo`) and
Drizzle schema `customThemes`
> - IPC: moved/expanded theme handlers to
`pro/main/ipc/handlers/themes_handlers.ts` with endpoints for
`get/set-app-theme`, `get/create/update/delete` custom themes, image
save/cleanup, and `generate-theme-prompt`; whitelisted channels in
`preload`
> - Hooks and client: `useCustomThemes` CRUD/generation hooks;
`IpcClient` methods for custom themes, image handling, and generation
> - UI: new `ThemesPage` with cards, `CustomThemeDialog` (AI + manual),
`AIGeneratorTab` (image upload, model/mode, Pro-gated),
`EditThemeDialog`, improved `DeleteConfirmationDialog`; added
`LibraryList` and updated `app-sidebar` default Library route
> - Chat: `AuxiliaryActionsMenu` shows built-in and recent custom
themes, "New Theme" and "More themes"; auto-select newly created theme
> - Prompt resolution: replaced `getThemePrompt` with async
`getThemePromptById` (supports `custom:<id>`) in chat stream and token
count handlers
> - Routing: added `/themes` route; e2e tests for themes CRUD, AI
generator flow/limits, and prompt library navigation
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
37d9e5f0c477e2bb0847df506450b45a25ab4874. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

This avoids distracting the user during active chat responses.

https://claude.ai/code/session_018bxH7uX9t4TH4wxh9VE7Ka

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Hide the uncommitted files banner while chat is streaming to reduce
distraction. Adds an isStreaming check in ChatHeader so the banner only
appears when not streaming.

<sup>Written for commit 4bd7b9fe48f94414e83ae9e4600b4cf898535c1b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude <noreply@anthropic.com>

## Summary
- Set `isPro` as a person property in PostHog when settings are loaded
and updated
- Enables segmenting analytics by pro user status
- Reuses existing `hasDyadProKey` helper for consistency

## Test plan
- [x] Lint passes
- [x] TypeScript type check passes
- [ ] Manual verification that PostHog receives the person property

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Set an isPro person property in PostHog when settings load and whenever
they update, enabling analytics segmentation by Pro status. Reuses
hasDyadProKey and aligns the app:initial-load event’s isPro with the
same logic.

<sup>Written for commit 376d4ab5ca9102c25edd43b83e1ea4d8622aa171.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bb

Added pre-commit checks section with formatting, linting, and type-check
commands.

#skip-bb

#skip-bugbot

## Summary
- Add instructions for enabling Playwright debug logs with
`DEBUG=pw:browser`
- Add Git workflow section documenting PR push conventions
- Add skip-bugbot guidance for trivial PRs

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Update AGENTS.md to help debug E2E tests and clarify our PR push
conventions. Adds DEBUG=pw:browser npm run e2e instructions and guidance
to skip bugbot for trivial changes.

<sup>Written for commit b4a62ab10eb37373580923133a7f0af6881585ed.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Add `.claude/settings.json` to allow `Bash(npm:*)` permission for
Claude Code workflows

This is a smaller PR split out from the IPC contracts branch.

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add project-wide .claude/settings.json with an expanded allowlist for
Bash commands (npm run/install, git, gh, and read-only file/list/search
tools), and remove settings.local.json. This enables npm scripts and
common read-only shell commands to run without prompts, reducing
friction in dev workflows.

<sup>Written for commit 84d601708a5d36d1b248189e4aa1ab1a8222f6f9.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

When serializing dyad-tags, special characters (& < > ") are escaped.
When deserializing/parsing, these need to be unescaped to get the
original values. This fixes issues where escaped characters like &lt;
would appear literally in the UI or processed values.

Changes:
- Add shared/xmlEscape.ts with escape/unescape utilities
- Update DyadMarkdownParser.tsx to unescape attributes and content
- Update dyad_tag_parser.ts to unescape all parsed values
- Consolidate duplicate escape functions to use shared utilities
- Add comprehensive tests for the escape/unescape roundtrip

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Fixes incorrect literal XML entities by unescaping dyad-tag attributes
and inner content during parse, and centralizes escape helpers.
> 
> - **Shared utils**: Add `shared/xmlEscape.ts` with
`escapeXmlAttr|Content` and `unescapeXmlAttr|Content`; remove duplicate
implementations and re-export in local agent tools
> - **Parsing/rendering**: Update `DyadMarkdownParser` and
`dyad_tag_parser` to unescape attributes/content for all relevant tags
(write/rename/delete/search-replace/execute-sql/chat-summary/command)
> - **Problem reports**: Generate `<dyad-problem-report>` using
`escapeXmlAttr` for attributes and `escapeXmlContent` for messages
> - **Local agent**: Use shared escaping in `xml_tool_translator` and
related tooling
> - **Tests/E2E**: Add comprehensive `xmlEscape` unit tests; update grep
snapshots to expect raw JSX/HTML characters
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
0e1be9ad5d5cf0300cc1cf5bd361b1fd44f61ad7. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes XML escaping for dyad-tags by unescaping attributes and content
during parsing so original values render and process correctly. Prevents
literal entities like &lt; showing in the UI and tools.

- **Bug Fixes**
- Unescape tag attributes and inner content in DyadMarkdownParser and
dyad_tag_parser.
- Correct attribute and content escaping in dyad-problem-report
generation.
  - Add roundtrip tests for attribute and content escape/unescape.
- Update local agent grep E2E snapshots to expect raw JSX/HTML
characters.

- **Refactors**
- Introduce shared/xmlEscape with escape/unescape helpers for attributes
and content.
- Remove duplicate implementations and update IPC/local agent callers to
use shared utilities.

<sup>Written for commit 0e1be9ad5d5cf0300cc1cf5bd361b1fd44f61ad7.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

#skip-bb

- Upgrade oxlint from v1.8.0 to v1.41.0
- Enable correctness, suspicious, and perf categories for better code
quality checks
- Disable overly pedantic style rules (sort-keys, sort-imports,
no-ternary, etc.)
- Add JSON schema reference for IDE support

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Upgrade oxlint to v1.41.0 and enable only the correctness rule category
to catch real issues while keeping suspicious and perf off. Added a JSON
schema reference in .oxlintrc for IDE support.

- **Dependencies**
  - Bump oxlint to ^1.41.0.
  - oxlint now requires Node ^20.19.0 or >=22.12.0.

- **Migration**
  - Update CI and local Node to meet the new requirement.
  - Run lint; expect new warnings from correctness rules.

<sup>Written for commit f182e37e55dfa51ab2b97225f899a7cf1a4d6f46.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

## Summary
- Update local Claude permissions with common allow patterns
- Add #skip-bugbot guidance to AGENTS.md for trivial PRs

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Expanded local Claude permissions to include Edit/Write and common npm,
git, and gh commands to support standard local workflows. Updated
AGENTS.md with guidance to add #skip-bugbot for trivial, non-user-facing
changes to avoid noisy automated reviews.

<sup>Written for commit 4f9a6fa93a292e3e680bca38aee16ada71876ea0.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Add support for using #skip-bb in PR descriptions to skip BugBot
reviews, in addition to the existing #skip-bugbot tag.
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds two Claude commands to speed up PR fixes: E2E Snapshot Rebase to
auto-update Playwright snapshots from PR comments and verify, and PR Fix
to address review feedback and failing checks end-to-end. Also documents
the Git push workflow (push to the branch’s tracking remote if a PR
exists; otherwise push to origin/fork; if pushing to the fork fails,
push to upstream) to keep PRs green with less manual work.

- **New Features**
  - New .claude/commands/e2e-rebase.md command to:
- Read the PR number and parse failed Playwright test files from PR
comments.
- Run pre:e2e, update snapshots per failed spec, then re-run tests to
verify.
    - Stop and report if verification fails to catch flaky updates.
- Show snapshot diffs, then commit and push when changes look correct.
  - New .claude/commands/pr-fix.md command to:
    - Determine the PR, fetch review comments and CI checks.
- Identify actionable feedback, make code changes, and fix failing
tests.
    - Use /e2e-rebase when failures are snapshot-related.
- Verify with lint/typecheck/tests, then commit, push, and summarize
fixes.

<sup>Written for commit b58c0290c2d389b7fc91de541deb66d8bec4d335.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bugbot

For pro users, ask mode now uses the local agent handler in read-only
mode, giving them access to code reading tools (read_file, list_files,
grep, code_search, etc.) while preventing any state modifications.

Changes:
- Add `modifiesState` property to ToolDefinition interface
- Mark state-modifying tools (write_file, edit_file, delete_file,
rename_file, add_dependency, execute_sql, add_integration)
- Add `readOnly` option to buildAgentToolSet to filter out
state-modifying tools
- Add `readOnly` option to handleLocalAgentStream to skip commits/
deploys and exclude MCP tools in read-only mode
- Create LOCAL_AGENT_ASK_SYSTEM_PROMPT for read-only agent mode
- Route pro ask mode users to local agent with readOnly: true

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Enables read-only local-agent behavior for Pro users in `ask` mode,
providing code-inspection tools without allowing modifications.
> 
> - Route `ask` → local-agent with `readOnly: true` (when Pro and no
mentioned apps); persist `aiMessagesJson` for these modes
> - Add `modifiesState` to `ToolDefinition`; mark state-changing tools
and filter them in `buildAgentToolSet({ readOnly })`; exclude MCP tools
in read-only
> - Update `handleLocalAgentStream` to support `readOnly`: skip
commits/deploys and return `updatedFiles: false`
> - Introduce `LOCAL_AGENT_ASK_SYSTEM_PROMPT` and plumb `readOnly`
through `constructSystemPrompt`/`constructLocalAgentPrompt`
> - E2E: new ask-mode tests/fixtures and snapshot updates; add
deterministic normalization of tool_call IDs in test helper
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
a67cbc1ccad35bf1fad9277bfce14a8999e763ca. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Pro ask mode now uses the local agent in read-only mode, letting users
read and search code without changing anything. Commits, deploys, and
state-modifying tools are disabled.

- **New Features**
- Route Pro ask mode to the local agent with readOnly: true when no
other apps/codebases are mentioned.
- Tools declare modifiesState;
write/edit/delete/rename/add_dependency/execute_sql/add_integration are
marked and excluded in read-only mode.
- buildAgentToolSet and handleLocalAgentStream support readOnly to
filter tools, skip MCP tools, and avoid commits/deploys (updatedFiles:
false).
- Added LOCAL_AGENT_ASK_SYSTEM_PROMPT and prompt wiring to support
read-only behavior.

<sup>Written for commit a67cbc1ccad35bf1fad9277bfce14a8999e763ca.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

#skip-bugbot
- Upgrade Electron from 38.2.2 to 40.0.0 (latest stable)
- Upgrade Electron Forge packages from 7.10.2 to 7.11.1 (latest)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Upgraded Electron to 40.0.0 and Electron Forge to 7.11.1 to stay current
with security fixes and build tooling. This improves build stability and
keeps us aligned with the latest platform changes.

- **Dependencies**
  - electron: 38.2.2 → 40.0.0
- All @electron-forge packages: 7.10.2 → 7.11.1 (cli, makers, plugins,
publisher)

- **Migration**
  - Run package install to update lockfile, then rebuild.
  - Repackage with Forge and smoke test app startup.
  - Verify signing and installers on Windows, macOS, and Linux.

<sup>Written for commit c629f322f9f3eb58b4ac90aae43be8180ac68286.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

- Add IPC handlers for getting uncommitted files with status and
committing changes
- Create useUncommittedFiles and useCommitChanges hooks
- Add UncommittedFilesBanner component that shows when there are
uncommitted changes
- Display file status (added, modified, deleted, renamed) in the review
dialog
- Auto-generate sensible commit messages based on changes
- Add E2E tests for the uncommitted files banner feature

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds an uncommitted files banner with a review & commit dialog in
ChatHeader to make it easy to see changes and commit from the app.
Improves visibility on main and streamlines committing with sensible
default messages.

- **New Features**
- Show banner on main when there are uncommitted changes; includes count
and “Review & commit”.
- Dialog lists changed files with status
(Added/Modified/Deleted/Renamed) and generates an editable default
commit message.
- Hooks and IPC: useUncommittedFiles (polls every 5s) and
useCommitChanges; git:get-uncommitted-files and git:commit-changes.
- Commit stages all changes, blocks during merge/rebase, and invalidates
queries so the banner disappears and versions refresh.
- E2E tests cover banner visibility, review/commit flow, success toast,
and multiple file statuses.

<sup>Written for commit d28ab8364e2344cfd4d9c9b548eeedaff3187f6a.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Introduces an inline workflow to spot and commit local changes from
the chat header when on `main`.
> 
> - **UI**: Adds `UncommittedFilesBanner` in `ChatHeader` with “Review &
commit” dialog showing changed files (status:
Added/Modified/Deleted/Renamed) and a generated default commit message
> - **Hooks**: New `useUncommittedFiles` (polls every 5s) and
`useCommitChanges` (toast + query invalidation for `uncommittedFiles`
and `versions`)
> - **IPC & Types**: Adds `git:get-uncommitted-files` and
`git:commit-changes`; updates `ipc_client.ts`, `ipc_types.ts`, and
`preload.ts`
> - **Git utils**: Implements `getGitUncommittedFilesWithStatus`,
`gitAddAll`, and `gitCommit` with merge/rebase state checks and
native/isomorphic support
> - **Tests**: E2E (`uncommitted_files_banner.spec.ts`) validates banner
visibility, dialog content, committing (including native Git path), and
resulting commit
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
d28ab8364e2344cfd4d9c9b548eeedaff3187f6a. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>

Add babel-plugin-react-compiler to the build pipeline to enable
automatic memoization and optimization of React components.

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Enable React Compiler in the renderer Vite build to automatically
memoize and optimize React components. This should reduce unnecessary
re-renders and improve UI responsiveness.

- **Dependencies**
- Added babel-plugin-react-compiler and wired it into
@vitejs/plugin-react via Babel (default config).

- **Migration**
- No code changes required; build-time only. Verify key UI flows for any
unexpected behavior.

<sup>Written for commit 64fdea33436212d3ba36aa60e5ca014eaf2ab3e5.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude <noreply@anthropic.com>