<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
76800249a715fd264b17db61ca0813ba892cb1d6. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
42d84531e99ac84b5576f6c490a36813706d8c25. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Adds a debug job to the Claude PR review workflow for easier CI
troubleshooting.
> 
> - New `debug-author` job prints `user.login`, `author_association`,
`event_name`, and `action` on `pull_request_target` events
> - No app code changes; only CI workflow updates
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
34e5e4b30a370701a608281e2368ce5428ba6897. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Added a debug job to the Claude PR review workflow to print PR author,
author_association, and event details for easier CI troubleshooting.
Updated the chat input e2e test to expect the send button remains
disabled after approving a proposal.

<sup>Written for commit 34e5e4b30a370701a608281e2368ce5428ba6897.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Workflows**
> 
> - Updates `playwright-comment.yml` to reliably find the associated PR,
including forks: extracts `head_branch`/`head_repository`, logs context,
and falls back to `pulls.list` with `head: "owner:branch"` when commit
association lookup returns no PR.
> - Revises `claude-pr-review.yml` to use `pull_request_target`,
restricts execution via `author_association` (`OWNER`/`MEMBER`), and
checks out the PR head repo/ref explicitly for fork safety.
> - Configures the Claude action with `github_token` (OIDC bypass),
`allowed_non_write_users`, and disables `track_progress`;
trims/clarifies review prompt guidelines.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
8267093820bd968db57167a37b2d2570e94fe010. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes the Playwright comment workflow so it reliably finds the
associated PR, including PRs from forks. Updates the Claude PR Review
workflow to run safely on forked PRs and only for org members.

- **Bug Fixes**
- Playwright: add fallback search by head owner:branch; better logging
(SHA, branch, owner) to post to the right PR.
- Claude PR Review: switch to pull_request_target with OWNER/MEMBER
filter; checkout fork head; disable progress; drop id-token.

<sup>Written for commit 8267093820bd968db57167a37b2d2570e94fe010.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->



<!-- greptile_comment -->

<h3>Greptile Summary</h3>


This PR restores the fallback mechanism for finding PR numbers from
forked repositories. The previous commit (41a46a9b) inadvertently removed
the fork PR detection logic, breaking Playwright comment posting for
external contributors. This fix re-introduces a two-method approach:

- **Method 1**: Uses `listPullRequestsAssociatedWithCommit` (works for
same-repo PRs)
- **Method 2**: Falls back to `pulls.list` with `head: "owner:branch"`
when Method 1 fails (handles fork PRs)

The change extracts additional context (`head_branch`,
`head_repository.owner.login`) from the workflow run payload and adds
improved logging for debugging PR lookups.

<h3>Confidence Score: 5/5</h3>


- This PR is safe to merge with no risk
- The change restores critical functionality that was accidentally
removed in the previous commit. The implementation is correct,
well-commented, and follows GitHub Actions best practices. No logic
errors, security issues, or breaking changes detected.
- No files require special attention

<h3>Important Files Changed</h3>




| Filename | Overview |
|----------|----------|
| .github/workflows/playwright-comment.yml | Added fallback logic for
fork PRs by searching head branch when commit lookup fails |

</details>



<h3>Sequence Diagram</h3>

```mermaid
sequenceDiagram
    participant CI as CI Workflow
    participant WR as Workflow Run Event
    participant GH as GitHub API
    participant Script as PR Lookup Script
    
    CI->>WR: Completes (triggers workflow_run)
    WR->>Script: Provides head_sha, head_branch, head_repository
    Script->>Script: Extract sha, headBranch, headRepoOwner
    
    Script->>GH: listPullRequestsAssociatedWithCommit(sha)
    alt Commit found (same-repo PRs)
        GH-->>Script: Returns PR data
        Script->>Script: Set PR number output
    else No PR found
        Script->>Script: Check if headRepoOwner & headBranch exist
        alt Fork PR fallback
            Script->>GH: pulls.list(head: "owner:branch")
            GH-->>Script: Returns PR from fork
            Script->>Script: Set PR number output
        else Still no PR
            Script->>Script: Set empty output (skip commenting)
        end
    end
    
    Script->>WR: Output PR number or empty
    
    alt PR found
        WR->>Script: Download artifacts & generate comment
        Script->>GH: Post/update PR comment
    else No PR
        WR->>WR: Skip remaining steps
    end
```

<!-- greptile_other_comments_section -->

<!-- /greptile_comment -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Improves reliability of the Playwright comment workflow by deriving
the PR from the `workflow_run` commit and gating execution accordingly.
> 
> - Add `actions/github-script` step to look up PR via
`listPullRequestsAssociatedWithCommit` and expose
`steps.pr.outputs.number`
> - Conditionally skip all subsequent steps when no PR is found; remove
job-level `if`
> - Checkout base branch using `workflow_run.base_ref`; update
`PR_NUMBER` to use the step output
> - Use `types: [completed]` for `workflow_run` and remove
`if-no-artifact-found` options on artifact downloads
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
581369150b84ba4bc6a680f309f78afd399d93ca. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Fixes the Playwright report comment workflow so it reliably posts to the
correct PR, including from forks. Skips cleanly when the CI run isn’t
tied to a PR.

- **Bug Fixes**
- Resolve PR by commit SHA via listPullRequestsAssociatedWithCommit;
works when workflow_run.pull_requests is empty (e.g., forks).
- Add early exit and guard all steps behind a PR check to avoid running
on push/scheduled builds.
- Checkout base_ref and pass the resolved PR number to the summary
comment step.

<sup>Written for commit 581369150b84ba4bc6a680f309f78afd399d93ca.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Moves Windows code signing to a Forge `postMake` hook and removes the
previous MakerSquirrel hook.
> 
> - Adds `postMake` to iterate `makeResults` and sign Windows `.exe`
artifacts via `signtool` using `SM_CODE_SIGNING_CERT_SHA1_HASH`
> - Introduces `signWindowsExecutable` and `SIGNTOOL_PATH` in
`forge.config.ts`; logs and skips when env var is absent
> - Simplifies `MakerSquirrel` config (removes `windowsSign`) and
deletes `scripts/windows-sign-hook.js`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
50432058855cce4a688a4be81fb692e705c6db71. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Moved Windows code signing to Electron Forge’s postMake hook and now
sign all .exe artifacts (installer and Setup.exe) on win32 builds. This
ensures consistent signing across architectures and removes the custom
MakerSquirrel hook.

- **Refactors**
- Sign Windows artifacts in postMake using DigiCert’s signtool bundled
with electron-winstaller.
- Removed MakerSquirrel windowsSign config and
scripts/windows-sign-hook.js.
- Signing runs only when SM_CODE_SIGNING_CERT_SHA1_HASH is set;
otherwise it logs and skips.

<sup>Written for commit 50432058855cce4a688a4be81fb692e705c6db71.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- greptile_comment -->

<h3>Greptile Summary</h3>


Refactored Windows code signing from MakerSquirrel's `hookModulePath`
approach to Electron Forge's `postMake` hook, consolidating signing
logic directly in `forge.config.ts`.

**Key Changes:**
- Moved signing logic from `scripts/windows-sign-hook.js` to `postMake`
hook in `forge.config.ts`
- Changed signing scope from only `dyad.exe` to all `.exe` files
(Squirrel installer and Setup.exe)
- Removed cert hash redaction from logging that was present in the
previous implementation
- Simplified to use TypeScript instead of CommonJS module

**Behavioral Changes:**
- The PR reverses commit 9107ec7c which specifically restricted signing
to only `dyad.exe` to "avoid signing other files and prevent CI signing
errors"
- Comment on line 138 indicates signing all `.exe` files is intentional,
but this should be verified against the reasoning in the earlier commit

<h3>Confidence Score: 3/5</h3>


- This PR refactors code signing with a significant behavioral change
that needs verification
- The refactoring itself is clean and consolidates signing logic
appropriately, but it introduces two concerns: (1) expands signing from
just `dyad.exe` to all `.exe` files, reversing a previous intentional
restriction, and (2) removes cert hash redaction from logs. The
intentionality of signing all executables should be confirmed.
- Verify `forge.config.ts` line 139 behavior matches intent - signing
all .exe files vs only dyad.exe

<h3>Important Files Changed</h3>




| Filename | Overview |
|----------|----------|
| forge.config.ts | Moved Windows signing from MakerSquirrel hook to
postMake hook, now signs all .exe files instead of just dyad.exe,
removed cert hash redaction from logs |
| scripts/windows-sign-hook.js | Deleted file - signing logic moved to
forge.config.ts postMake hook |

</details>



<h3>Sequence Diagram</h3>

```mermaid
sequenceDiagram
    participant Forge as Electron Forge
    participant PM as postMake Hook
    participant Sign as signWindowsExecutable()
    participant ST as signtool.exe
    participant DC as DigiCert Timestamp

    Forge->>Forge: Run makers (MakerSquirrel, etc)
    Forge->>PM: Call postMake with makeResults
    
    loop For each result in makeResults
        PM->>PM: Check if platform === "win32"
        alt Windows platform
            PM->>PM: Log "Processing Windows artifacts"
            loop For each artifact
                PM->>PM: Check if filename ends with .exe
                alt Is .exe file
                    PM->>Sign: signWindowsExecutable(artifact)
                    Sign->>Sign: Check SM_CODE_SIGNING_CERT_SHA1_HASH env var
                    alt Cert hash not set
                        Sign->>PM: Return (skip signing)
                    else Cert hash set
                        Sign->>Sign: Build signtool command with cert hash
                        Sign->>ST: execSync signtool.exe sign /sha1 [hash] [params] [file]
                        ST->>DC: Request timestamp from timestamp.digicert.com
                        DC->>ST: Return timestamp
                        alt Signing successful
                            ST->>Sign: Success
                            Sign->>PM: Log "Signing successful"
                        else Signing failed
                            ST->>Sign: Error
                            Sign->>PM: Throw error
                        end
                    end
                end
            end
        end
    end
    
    PM->>Forge: Return makeResults
```

<!-- greptile_other_comments_section -->

<!-- /greptile_comment -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Improves release workflow logging and visibility during publishing.
> 
> - Run `electron-forge publish` directly instead of `npm run publish`
to surface full logs
> - Expand `DEBUG` to
`"@electron/*,electron-forge:*,electron-windows-installer:main"` for
granular Electron Forge and Windows installer output in `release.yml`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
498d93aff656dc635bc60880a3887d3d67ddf291. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Expose detailed Electron Forge logs in the release workflow by running
electron-forge publish directly (instead of npm) and setting DEBUG to
"@electron/*,electron-forge:*,electron-windows-installer:main". This
improves visibility and makes publish failures easier to debug.

<sup>Written for commit 498d93aff656dc635bc60880a3887d3d67ddf291.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->



<!-- greptile_comment -->

<h3>Greptile Summary</h3>


This PR improves debugging capabilities for the release workflow by
enhancing electron-forge logging. It adds more granular DEBUG flags
(`electron-forge:*` and `electron-windows-installer:main`) and switches
from `npm run publish` to direct `electron-forge publish` execution to
prevent npm from suppressing logs, following electron-forge's official
support documentation.

- Added more comprehensive DEBUG environment variables for better
visibility into the build process
- Changed to direct `electron-forge publish` command to ensure logs are
properly captured
- Removed implicit `npm run clean` step (redundant in CI environment
with fresh checkout)

<h3>Confidence Score: 5/5</h3>


- This PR is safe to merge with no risk
- The changes are minimal and focused on improving debugging visibility.
Switching from `npm run publish` to `electron-forge publish` only
removes the redundant clean step, which is unnecessary in CI
environments that start from fresh checkouts. The additional DEBUG flags
provide better logging without changing any build logic.
- No files require special attention

<h3>Important Files Changed</h3>




| Filename | Overview |
|----------|----------|
| .github/workflows/release.yml | Enhanced debug logging and switched to
direct `electron-forge publish` for better log visibility |

</details>



<h3>Sequence Diagram</h3>

```mermaid
sequenceDiagram
    participant GHA as GitHub Actions
    participant WF as Release Workflow
    participant NPM as npm
    participant EF as electron-forge
    participant Logger as Debug Logger

    Note over GHA,Logger: Previous Flow (npm run publish)
    GHA->>WF: Trigger release workflow
    WF->>NPM: npm run publish
    NPM->>NPM: Execute clean script
    NPM->>EF: electron-forge publish
    EF->>Logger: Log output (suppressed by npm)
    Logger-->>NPM: Limited logs
    NPM-->>WF: Exit code only

    Note over GHA,Logger: New Flow (direct electron-forge)
    GHA->>WF: Trigger release workflow
    WF->>EF: electron-forge publish (direct)
    activate Logger
    Note over Logger: DEBUG=@electron/*,<br/>electron-forge:*,<br/>electron-windows-installer:main
    EF->>Logger: Full debug logs
    Logger-->>WF: Complete logs visible
    deactivate Logger
    EF-->>WF: Exit code + logs
```

<!-- greptile_other_comments_section -->

<!-- /greptile_comment -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Improves observability of Windows signing during releases.
> 
> - Enable Electron Forge debug output in the workflow by setting
`DEBUG="@electron/*"` during `Publish app`
> - Turn on `windowsSign.debug` in `forge.config.ts`
> - Add detailed, redacted logging and error handling to
`scripts/windows-sign-hook.js` (logs inputs, command, success/failure;
still only signs `dyad.exe`)
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
bfdbc12a7a0e5a5eb0810a3303e732c6ad0a4eef. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Enable verbose debugging for Windows code signing to make CI signing
issues easier to diagnose. Adds detailed logs in the signing hook and
enables Electron Forge debug output during release.

- **New Features**
- Set DEBUG="@electron/*" in the release workflow to capture
Forge/Squirrel logs.
  - Enable windowsSign.debug in forge.config.
- Add verbose logging and error handling in windows-sign-hook (inputs,
command, success/failure).

<sup>Written for commit bfdbc12a7a0e5a5eb0810a3303e732c6ad0a4eef.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
9f54920421cc7c47882465f0dd0ca371a5620454. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Upgrade Electron Forge toolchain**
> 
> - Bumps `@electron-forge/*` (CLI, makers, plugins, publisher) from
7.8.x to `7.10.2`
> - Refreshes `package-lock.json` with many transitive updates (e.g.,
`@inquirer/*`, `webpack`/`terser`, newer `browserslist` data), and
replaces `sudo-prompt` with `@vscode/sudo-prompt`
> - Aligns lockfile app version to `0.32.0-beta.1`
> 
> No application code changes; build/publish tooling only.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
6b7302ee89c5c56654c9c22e2a5d4f0fc2f1049e. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Switches Windows packaging to a custom signing hook that signs only
`dyad.exe` using `signtool.exe` bundled with `electron-winstaller`.
> 
> - Replaces `signWithParams` with `windowsSign.hookFunction` in
`forge.config.ts` to run `signtool` via `execSync`
> - Adds `SIGNTOOL_PATH` resolution and imports for `child_process` and
`path`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5fa37cca92fecb9bac678b0a1f0f143d4ee7cecb. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Only sign dyad.exe during the Windows build to avoid signing other files
and prevent CI signing errors. Replaced MakerSquirrel signWithParams
with a windowsSign hook that runs the bundled signtool.exe using the
same cert and timestamp settings.

<sup>Written for commit 5fa37cca92fecb9bac678b0a1f0f143d4ee7cecb.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

close #1994 








<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Show the model used for each assistant message in chat and persist it in
the database for transparency. Addresses #1994.

- **New Features**
  - Add model field to messages schema and Message type.
  - Set the model on assistant messages when streaming.
- Display the model with a Bot icon next to approval status in
ChatMessage.

<sup>Written for commit 181b7f919a9c29c0627b3dc74f49cf5989b7243d.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->









<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Adds transparent model tracking for assistant messages.
> 
> - Schema: add `model` to `messages` (migration + Drizzle schema) and
`Message` type
> - Streaming: set `model` on placeholder assistant messages in
`chat_stream_handlers.ts`
> - UI: show `message.model` with a Bot icon next to approval status in
`ChatMessage`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
6411d57704648f3d92263b72681cd3fa08583152. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Addresses stale UI by ensuring key data refreshes immediately after
user actions and upgrades.
> 
> - **Token usage refresh**: `ChatInput` toggling the token bar now
invalidates `TOKEN_COUNT_QUERY_KEY` to recompute percentages
> - **Versions refresh after upgrades**: `AppUpgrades` invalidates
`['versions', appId]` on successful upgrade
> - **Templates loading**: `useTemplates` uses `placeholderData`
(replacing `initialData`) to avoid sticky outdated results
> - **Null safety**: `hub.tsx` guards template lookup with optional
chaining when passing to `CreateAppDialog`
> - **E2E**: `supabase_branch.spec.ts` re-opens the token bar before
assertions to validate refreshed counts
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
06c5b8796906ae1dfdf8afda36caa62870781564. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->







<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes stale UI by refreshing queries when toggling the token bar and
after app upgrades, and by using placeholder data for templates. Users
now see up-to-date token counts, versions, and templates.

- **Bug Fixes**
- Token bar toggle now invalidates the token count query to refresh
percentages after branch changes.
- App upgrades invalidate the versions query so the latest status shows
immediately.
- Templates query uses placeholderData instead of initialData to avoid
sticky, outdated results.
- E2E test updated to reopen the token bar and assert refreshed token
counts.
- Create app dialog guards against undefined templates to prevent a null
error.

<sup>Written for commit 06c5b8796906ae1dfdf8afda36caa62870781564.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Ensures model lists refresh reliably by standardizing React Query
invalidations.
> 
> - Use `useQueryClient` and `invalidateQueries` in `ModelsSection.tsx`
after create/edit/delete instead of local `refetch`
> - Update `useDeleteCustomModel` to invalidate `['language-models',
providerId]` and `['language-models-by-providers']` (replacing
`['languageModels']`)
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
e2184c3150a264360519994290e1677993120cd2. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Fixes stale model lists by properly invalidating React Query caches
after create, edit, and delete actions. The UI now updates immediately
without manual refetches.

- **Bug Fixes**
- Added invalidateModels in ModelsSection to invalidate
["language-models", providerId] and ["language-models-by-providers"].
- Replaced manual refetches with cache invalidation on success for
create/edit/delete.
- Updated useDeleteCustomModel to invalidate
["language-models-by-providers"] instead of the incorrect
"languageModels" key.

<sup>Written for commit e2184c3150a264360519994290e1677993120cd2.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Introduces automated AI code reviews via Claude for selected
contributors.
> 
> - Adds `.github/workflows/claude-pr-review.yml` triggered on
`pull_request` events (`opened`, `synchronize`, `ready_for_review`,
`reopened`)
> - Uses `anthropics/claude-code-action@v1` with `track_progress: true`,
a detailed custom `prompt`, and `claude_args` specifying model and
allowed tools
> - Filters execution to specific PR authors (`wwwillchen`,
`azizmejri1`, `princeaden1`) to control cost
> - Configures required permissions and a shallow `actions/checkout@v5`
step
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
9ec53fd108626e1be4b7c385acead8a2de526c13. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Adds a GitHub Actions workflow to run automated PR reviews with progress
tracking and inline comments. Triggered on PR events and limited to
specific contributors to manage cost.

- **Migration**
  - Add repository secret: ANTHROPIC_API_KEY.
  - Adjust allowed author list or review prompt if needed.

<sup>Written for commit 9ec53fd108626e1be4b7c385acead8a2de526c13.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Prepares the next beta release with a version bump.
> 
> - Updates `package.json` `version` to `0.32.0-beta.1`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
bd03023b3697a5918a9c80eedd33cd46bdf0c27c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Bumps the app version to 0.32.0-beta.1 to prepare the v0.32 beta
release.

<sup>Written for commit bd03023b3697a5918a9c80eedd33cd46bdf0c27c.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Modernizes chat data flow and caching.
> 
> - Replaces Jotai chat list state and `getAllChats` with `useChats`
using React Query (`CHATS_QUERY_KEY`), exposing `chats`, `loading`, and
`invalidateChats`
> - Updates `ChatList`, `ChatHeader`, `useStreamChat`, and
`ChatActivity` to consume `useChats` and call `invalidateChats` after
create/delete/stream events
> - Simplifies `ChatActivityList` to build recent rows from
`recentStreamChatIds` and `useChats(null)`
> - Sets global `queries.staleTime=60_000` in `renderer.tsx`; removes
per-hook `staleTime` in `useCheckName`
> - Switches `useVersions` to `placeholderData`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
8532c5919b25f77f3f38899a53bae80eb7e99c27. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Refactored chat fetching to use React Query and set a global 60s stale
time for consistent caching. Simplifies chat state management and
updates ChatActivity to use the new hook.

- **Refactors**
- Rewrote useChats using @tanstack/react-query with query key
[CHATS_QUERY_KEY, appId]; exposes chats and loading, adds
invalidateChats, and removes refreshChats.
- Updated ChatList, ChatHeader, and useStreamChat to call
invalidateChats after mutations.
- Removed chatsAtom and chatsLoadingAtom; deleted getAllChats from
lib/chat.
- Updated ChatActivityList to use useChats and derive recent rows from
recentStreamChatIds.
- Set global queries.staleTime to 60_000 in queryClient; removed
per-hook staleTime in useCheckName.
  - useVersions now uses placeholderData instead of initialData.

<sup>Written for commit 8532c5919b25f77f3f38899a53bae80eb7e99c27.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Updates OpenRouter model catalog and defaults.
> 
> - Add `mistralai/devstral-2512:free` (Devstral 2) with `contextWindow`
200k
> - Upgrade `z-ai/glm-4.6` to `z-ai/glm-4.7` and set `temperature` to
0.7
> - Remove deprecated DeepSeek free entries; retain paid
`deepseek/deepseek-chat-v3.1`
> - No other providers or TURBO models changed;
`FREE_OPENROUTER_MODEL_NAMES` updates automatically from the list
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
fb8546eab6dd595e5a27c5024499c3c042b63f36. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Updated model catalog: added GLM 4.7 and Devstral 2 (free), and removed
obsolete DeepSeek free models to keep options current and improve coding
performance.

- **New Features**
  - Added z-ai/glm-4.7 with temperature 0.7 and 200k context.
  - Added mistralai/devstral-2512:free (“Devstral 2”) with 200k context.

- **Migration**
- Removed deepseek/deepseek-chat-v3.1:free and
deepseek/deepseek-chat-v3-0324:free. Update any references to
mistralai/devstral-2512:free or another supported model.

<sup>Written for commit fb8546eab6dd595e5a27c5024499c3c042b63f36.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Refactor: proposal fetching via react-query**
> 
> - Replaces Jotai state/effects with `useQuery` in `useProposal`
(`queryKey: ["proposal", chatId]`, `enabled` gating, `refetch` exposed,
error typed as `Error`)
> - Deletes `src/atoms/proposalAtoms.ts`; `proposalResultAtom` removed
> - In `useStreamChat`, stop using `useProposal`; on stream end, call
`queryClient.invalidateQueries({ queryKey: ["proposal", chatId] })`
> - In `ChatInput`, display `proposalError.message` and keep using
`refreshProposal()` from the hook
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
9739b1befe76a7cb491594815d3d92977ad6a1c6. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->





<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Refactored proposal fetching to use React Query’s useQuery, removing
Jotai state and simplifying refresh and error handling. Improves
reliability and makes the hook easier to use.

- **Refactors**
- Replaced custom state/effects with useQuery (key: ["proposal",
chatId], enabled only when chatId).
- Removed proposalAtoms and Jotai; hook now returns proposalResult,
isLoading, error, refreshProposal.
- Updated useStreamChat to invalidate the proposal query via QueryClient
(invalidateQueries(["proposal", chatId])).
  - ChatInput now displays proposalError.message for clearer errors.
  - Added meta: { showErrorToast: true } to surface fetch errors.

<sup>Written for commit 9739b1befe76a7cb491594815d3d92977ad6a1c6.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Moves Supabase data fetching/mutations to React Query and aligns UI
with new query states for clearer loading/errors and cache-driven
updates.
> 
> - Removed most Supabase atoms; kept `lastLogTimestampAtom` only
> - New `useSupabase` exposes React Query queries (`organizations`,
`projects`, `branches`) and mutations (delete org, set/unset app
project, edge logs) with invalidate/refetch helpers
> - `SupabaseConnector` and `SupabaseIntegration` now use `refetch*`,
granular `isLoading*/error` flags, and updated handlers; branch select
disabled via `isLoadingBranches`/`isSettingAppProject`
> - `PreviewPanel` switches `loadEdgeLogs` to accept `{ projectId,
organizationSlug }` and continues polling
> - OAuth return flow now calls `refetchOrganizations`/`refetchProjects`
instead of manual load functions
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
573df5298f323854d4a8aa1ce5903b99e4caba62. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->









<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Refactored Supabase integration to use TanStack React Query for data
fetching and mutations. This makes loading/error handling clearer,
improves cache invalidation, and smooths the UI.

- **Refactors**
- Replaced Jotai state with React Query for organizations, projects, and
branches; removed related atoms.
- Added mutations for delete organization, set/unset app project, and
edge logs; invalidates org/project queries on deletion.
- Exposed granular states for organizations, projects, and branches;
removed selected project state.
- Updated SupabaseConnector/SupabaseIntegration to use refetch* methods
and new flags; PreviewPanel now calls loadEdgeLogs with params; disables
branch select while loading or setting.

<sup>Written for commit 573df5298f323854d4a8aa1ce5903b99e4caba62.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>

Closes #1947

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixed the Show Token Usage button so it toggles on a single click.
Switched to a functional state updater to prevent stale state and double
toggles.

- **Bug Fixes**
- Replace setShowTokenBar(!showTokenBar) with a memoized toggle using
setShowTokenBar(prev => !prev) to ensure reliable toggle and immediate
active styling.

<sup>Written for commit e1351b9044a447515d4dc817cdff83fff50a57f4.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Strengthens undo to work even when an assistant message produced no
code.
> 
> - Use the last assistant message’s `sourceCommitHash` for
`revertVersion` and pass `currentChatMessageId` to prune messages
at/after the triggering user message; refresh chat state
> - Backend `revert-version` now conditionally commits only if there are
staged changes and supports message deletion via `gte` with
`currentChatMessageId`, falling back to commit-hash-based pruning
> - Extend IPC types: add `Message.sourceCommitHash` and
`RevertVersionParams.currentChatMessageId`
> - Add e2e test and fixture for undo after a no-code assistant response
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
a97e153d3cb703461b66bb7eaec28b4c7ae32cc4. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->







<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Make undo reliable by reverting to the message’s source commit instead
of relying on a previous assistant message or the chat’s initial state.
This fixes undo when an assistant reply contains no code.

- **Bug Fixes**
- Use current message’s sourceCommitHash for revertVersion and pass
currentChatMessageId to prune messages at/after the triggering user
message; then refresh chat.
- Extend Message type with sourceCommitHash and show a warning if it’s
missing.
- Add e2e test for undo after a no-code assistant response with a new
fixture.

<sup>Written for commit a97e153d3cb703461b66bb7eaec28b4c7ae32cc4.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

Fixes #527 

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Enables org-scoped Supabase connectivity across the app with
per-organization tokens and org-aware project/branch/logs/function
operations.
> 
> - DB: migration `0019` adds `apps.supabase_organization_slug`; drizzle
schema updated
> - Settings/schema: introduce
`supabase.organizations{slug->{tokens,...}}`; helper
`isSupabaseConnected`; encrypt/decrypt per-org tokens
> - OAuth: `handleSupabaseOAuthReturn` now stores credentials under the
detected organization
> - IPC: new channels `supabase:list-organizations`,
`supabase:delete-organization`, `supabase:list-all-projects`; existing
branches/logs/set/unset handlers accept `organizationSlug`; preload
allowlist and ipc_client updated
> - Supabase management: clients selectable per organization; all calls
(projects, branches, logs, SQL, deploy/delete/bulk-update functions,
context/client code) accept `organizationSlug`
> - UI/hooks: `SupabaseConnector` and `SupabaseIntegration` list/manage
organizations, group projects by org, persist org on selection, and
handle org-scoped branch switching; `useSupabase` adds org state and
org-aware loaders; preview panel loads edge logs with org
> - Misc: AGENTS.md adds database/migrations guidance; minor test
fixture tweak
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
402bb2cd357dfd9c5d4de28ee68cb4719ca75a51. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



















<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds multi-organization Supabase support so you can connect multiple
orgs, pick projects by org, and manage tokens per org. Updates UI,
settings, IPC, and the app schema to store organization context with
each connected project.

- **New Features**
- Connect multiple Supabase organizations; list, add, and delete
organizations.
- Project picker groups projects by organization; selection persists
organizationSlug on the app.
- Branch switching keeps the selected organization context; “Disconnect
Project” still works.
- Per-organization token storage and refresh; new IPC:
supabase:list-organizations, supabase:delete-organization,
supabase:list-all-projects.
- Settings shows connected organizations and “Disconnect All”; legacy
single-account flows continue to work.

- **Migration**
- Apply SQL migration 0019 to add supabase_organization_slug to the apps
table.

<sup>Written for commit 402bb2cd357dfd9c5d4de28ee68cb4719ca75a51.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Adds end-to-end telemetry for Turbo Edits search & replace and wiring
to PostHog.
> 
> - Track `search_replace:fix` on initial dry run and each retry with
`attemptNumber`, `success`, `issueCount`, and per-file `errors` (emitted
from `chat_stream_handlers.ts`)
> - New main helper `sendTelemetryEvent` and IPC channel
`telemetry:event` (whitelisted in `preload.ts`); renderer subscribes via
`IpcClient.onTelemetryEvent` and forwards with `posthog.capture`
> - Improves diagnostics: warns with original and diff when
`applySearchReplace` fails in `response_processor.ts`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
56bc3a352a2ab3b1e0100923cb395759229ee645. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->







<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Added telemetry for Turbo Edits search & replace, forwarding events from
main to renderer and capturing them in PostHog. Tracks success/failure
and errors for each fix attempt.

- **New Features**
- Emit "search_replace:fix" with attemptNumber, success, issueCount, and
per-file errors on initial attempt and retries.
- Add a sendTelemetryEvent helper in main and a "telemetry:event" IPC
channel (whitelisted in preload).
- Expose IpcClient.onTelemetryEvent; renderer forwards to PostHog via
posthog.capture.

<sup>Written for commit 56bc3a352a2ab3b1e0100923cb395759229ee645.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

Context:
- https://github.com/orgs/supabase/discussions/33720
- https://supabase.com/docs/reference/api/v1-deploy-a-function

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Introduces a two-step deploy flow for edge functions: parallel
bundling followed by bulk activation, plus API shape updates.
> 
> - Adds `DeployedFunctionResponse` and updates `deploySupabaseFunction`
to support `bundleOnly`, return the deployed function payload, and use
`import_map_path`
> - Implements `bulkUpdateFunctions` (PUT `/projects/{id}/functions`) to
activate multiple functions at once
> - In `deployAllSupabaseFunctions`, filters to functions with
`index.ts`, bundles them in parallel (`bundleOnly=true`), aggregates
successes/errors, then bulk-activates successful bundles
> - Cleans up import map generation (`imports: {}`) and switches deploy
URL construction to include `bundleOnly` query param
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
7b1d63ee73a56dc24b3465d812838bc5bf5bd0e5. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

Closes #1971













<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Virtualized the chat message list with react-virtuoso for smoother
scrolling and lower memory use in long chats, with non-virtualized
rendering in E2E builds for stable tests. Memoized ChatMessage to reduce
unnecessary re-renders.

- **New Features**
- Switched MessagesList to Virtuoso with itemContent, overscan, smooth
follow, and initial focus on the latest message.
- Moved context limit and Undo/Retry controls into a footer; preserved
empty/setup states.

- **Dependencies**
  - Added react-virtuoso ^4.17.0.

<sup>Written for commit f82a976c70bebf40d5c7af7de514e0afde604c64.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->













<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Virtualizes the chat message list with react-virtuoso, adds a
non-virtualized path for E2E via E2E_TEST_BUILD, and refactors
footer/actions with memoized ChatMessage.
> 
> - **Frontend (chat)**:
> - Switch `src/components/chat/MessagesList.tsx` to `react-virtuoso`
with `itemContent`, `components.Footer`, overscan, and smooth follow;
extract `FooterComponent` for context limit + Undo/Retry controls.
> - Add E2E test mode using `envVars.E2E_TEST_BUILD` to render
non-virtualized list; improve empty/setup handling; memoize
`ChatMessage`.
> - **Electron/IPC**:
> - Include `E2E_TEST_BUILD` in `get-env-vars` so renderer can access
test-mode flag.
> - **Dependencies**:
>   - Add `react-virtuoso`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
1c71fe7555a6a32ff29ef1034b889822527484ba. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Aggregates logs from client console, network requests, and Supabase Edge
Functions into one console with filters and virtualization for faster
debugging. Improves the preview console UX with better filtering,
auto-scroll, and “send to chat”.

- **New Features**
- Unified log stream: new appConsoleEntriesAtom and combined,
time-sorted entries (client console, network requests, edge-function,
build-time).
- Client capture: injects console interceptor and a Service Worker to
track fetch requests/responses/errors; forwarded via postMessage.
- Supabase Edge Function logs: new IPC handler and admin client query;
incremental polling via last timestamp; function name extracted for
source filtering.
- Console UI: level/type/source filters, log count, virtualized list
with react-virtuoso, auto-scroll when near bottom, clear filters, and
“send to chat” per entry.
- Preview iframe: forwards console logs, network events, and
build/runtime errors into unified logs with proper levels.

- **Dependencies**
  - Added react-virtuoso.

<sup>Written for commit c8390c5ef9ab2def1135052f04156368b2b9d5d0.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->



























<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Brings a unified, performant logs console and multi-source aggregation
for easier debugging.
> 
> - Introduces `appConsoleEntriesAtom` and removes `appOutputAtom`;
resets logs on app switch
> - Captures client logs via injected `worker/dyad_logs.js` and forwards
to parent; displays in `Console` with `ConsoleEntry` UI
> - Intercepts network requests/responses/errors via Service Worker
(`worker/dyad-sw.js`, registered by `dyad-sw-register.js`); proxy serves
SW and injects scripts
> - Adds Supabase Edge Function logs: IPC handler
`supabase:get-edge-logs`, admin query `getSupabaseProjectLogs`, polling
via `useSupabase.loadEdgeLogs`, and `lastLogTimestampAtom`; function
name extracted for source tags
> - Updates `PreviewIframe` to forward console/network events and
runtime errors into unified log stream
> - New console UI (`Console.tsx`, `ConsoleFilters.tsx`,
`ConsoleEntry.tsx`) with level/type/source filters, auto-scroll, and
list virtualization via `react-virtuoso` (disabled in E2E via
`E2E_TEST_BUILD`)
> - Adds "Send to chat" action per log and "Clear" filter control;
increases CI timeout; adds e2e tests for logs, network, chat export, and
filter clearing
> - Exposes `E2E_TEST_BUILD` via `get-env-vars`; adds dependency
`react-virtuoso`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
0c10230f707c2e6f1968bad428b16fe1f56c039f. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Update README contributing section to reference license details below
instead of stating Apache 2.0 explicitly.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
e1c66fde9c8c12a6c020d5e60123299bbe84e8d6. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Clarified the README license text to point to the License section
instead of naming the license directly. Keeps docs consistent with the
LICENSE file and avoids outdated info.

<sup>Written for commit e1c66fde9c8c12a6c020d5e60123299bbe84e8d6.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Introduce Agent v2 local tool‑calling mode with parallel tools,
consent workflow, UI, and AI message persistence (incl. MCP integration
and Supabase-aware ops).
> 
> - **Agent v2 (Local Agent) • Tool-calling mode**:
> - Add new chat mode (`local-agent`) with parallel tool calls and MCP
tool support; dedicated system prompt and streaming handler.
> - Built-in tools: `read_file`, `list_files`, `write_file`,
`rename_file`, `delete_file`, `search_replace`, `add_dependency`,
`add_integration`, `execute_sql`, `get_database_schema`,
`set_chat_summary`.
> - Consent workflow: per-tool “ask/always” defaults, inline consent
banner, and settings page to manage consents.
> - **UI**:
> - Render new custom tags in `DyadMarkdownParser` (e.g.,
`dyad-list-files`, `dyad-database-schema`, MCP call/result), plus
`AgentConsentBanner`.
> - `ChatModeSelector` exposes “Agent v2 (experimental)”; settings add
“Agent Permissions”.
> - **Backend/IPC**:
> - New local-agent handler, tool definitions, shared file ops
(Git/Supabase deploy), provider/options refactor, MCP consent bridge;
register agent tool IPC handlers.
> - Persist AI SDK messages/tool calls via `messages.ai_messages_json`
with size guard and startup cleanup.
> - **DB**:
> - Migration `0018_*` adds `ai_messages_json` column; snapshot/journal
updated.
> - **Testing**:
> - E2E fixtures and specs for local-agent (parallel tools, consent,
MCP); fake LLM server support; unit tests for utils/handler.
> - **Docs**:
>   - Add `docs/agent_architecture.md` and link from `CONTRIBUTING.md`.
> - **Deps**:
>   - Add `jsonrepair`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
27a18e8ec6ec4e41edd0abcddffc42ee3a9fda3a. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->







































<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Introduce Local Agent v2 with parallel tool calls and user consent, plus
UI to manage and visualize tool activity. Adds DB persistence for AI
tool-call messages and smarter Supabase auto-deploys.

- **New Features**
- New “Agent v2” chat mode with tool calls (read/list files, DB schema,
write/rename/delete, search/replace, add dependency, add integration,
execute SQL, set chat summary), parallel execution, and MCP tool
support.
- Consent system with defaults, “accept once/always/decline,” inline
banner prompts, and a settings panel to manage consents.
- UI rendering for tool activity: list files, database schema, and tool
call/result/error blocks.
- Streaming handler, XML tool translator, and a dedicated system prompt
for Agent v2.
- Database: messages.ai_messages_json to store AI SDK messages/tool
calls with size limits and startup cleanup.

- **Refactors**
- Supabase: support functions/_shared modules, detect edits, and deploy
all affected functions; centralized file operations for shared tooling.

<sup>Written for commit 27a18e8ec6ec4e41edd0abcddffc42ee3a9fda3a.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Bumps app version to 0.31.0-beta.1 in package.json.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
4ee3fcee216041f734d39323489514021b90b042. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Bumps the app version from 0.30.0-beta.1 to 0.31.0-beta.1 to prepare the
next beta release.

<sup>Written for commit 4ee3fcee216041f734d39323489514021b90b042.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
c8f494513ae9b2fedda833aeda41ed660b584f16. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
015da81bdee067873de66007016e46b15d3b4ff0. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

## Summary
- update the Playwright summary script to support workflow_run events
and optional comment skipping
- stop the CI workflow from posting Playwright comments directly and
only generate the summary
- add a workflow_run-based commenter workflow that downloads artifacts
and posts results for PRs, including forks

## Testing
- not run (workflow changes only)


------
[Codex
Task](https://chatgpt.com/codex/tasks/task_e_694340b2da6083278e42db076ea89eba)

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Moves Playwright commenting to a workflow_run job that downloads
artifacts and posts/updates the summary; CI now only uploads the report,
and the summary script improves PR/run detection and OS bucketing.
> 
> - **Workflows**:
> - **CI (`.github/workflows/ci.yml`)**: Remove in-job PR comment step;
keep merging reports and uploading `playwright-report` artifact.
> - **New (`.github/workflows/playwright-comment.yml`)**: `workflow_run`
on CI to download artifacts (`html-report--attempt-*`, `blob-report-*`)
and run `scripts/generate-playwright-summary.js` to comment on the PR
(supports forks).
> - **Script (`scripts/generate-playwright-summary.js`)**:
> - Add PR detection for `workflow_run` and `PR_NUMBER`; use
`PLAYWRIGHT_RUN_ID` for report link.
> - Improve OS detection/bucketing (auto-detect from attachments/stacks,
sensible defaults, lazy bucket creation).
> - Safer fallbacks when no artifacts; always write job summary; skip PR
comment when no PR is detected.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
8428f7ad6eb0671571cb4ae0e473434ffb1cf8d1. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes Playwright report comments on forked PRs by moving comment posting
to a workflow_run job. CI now only uploads the reports; a separate
workflow posts or updates the PR comment using artifacts.

- **Bug Fixes**
- Added Playwright Report Comment workflow (workflow_run on CI) to
download artifacts and comment on PRs from forks.
  - Removed PR comment step from CI; CI only uploads Playwright reports.
- Updated summary script to support workflow_run, auto-detect the PR
number, use PLAYWRIGHT_RUN_ID for links, and improve OS
detection/bucketing.

<sup>Written for commit 8428f7ad6eb0671571cb4ae0e473434ffb1cf8d1.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Fixes scrollbar flickering in annotator mode by constraining draggable
inputs within the container and suppressing scroll during drag for
smoother movement.

- **Bug Fixes**
- Added containerRef to DraggableTextInput and elementRef to calculate
bounds.
- Constrained drag coordinates to container size and accounted for
scale.
- Prevented default and stopped propagation on mousemove to avoid scroll
jitter.
  - Passed containerRef from Annotator to DraggableTextInput.

<sup>Written for commit 959605ddaa5faf23252ee797bf206c6dff46a069.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

Fixes #1949 

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
46ac310c762fd4044c35bc59264122234ed19bbf. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Make app ports dynamic instead of hardcoded 32100 to prevent conflicts
and keep local runs, Docker, and env URLs in sync. Ports now derive from
appId using a base of 32100.

- **Bug Fixes**
  - Added getAppPort(appId) = 32100 + (appId % 10_000).
- Used the dynamic port in NEXT_PUBLIC_SERVER_URL, start commands,
Docker -p mapping, and cleanUpPort.
- Updated getCommand to accept appId and generate a per-app default
start command.

<sup>Written for commit 46ac310c762fd4044c35bc59264122234ed19bbf.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Posts a per-OS Playwright test summary as a PR comment by adding a
JSON reporter and a CI step to generate and publish the results.
> 
> - **CI / Reporting**
> - Add permissions and a GitHub Script step in
`.github/workflows/ci.yml` to generate and post/update a Playwright test
summary comment after merging shard reports.
>   - Upload merged HTML report artifact and link to full run.
> - **Playwright config**
> - Update `merge.config.ts` to add JSON reporter output to
`playwright-report/results.json` alongside HTML.
> - **New Script**
> - Add `scripts/generate-playwright-summary.js` to parse Playwright
JSON, compute per-OS (macOS/Windows) pass/fail/flaky/skipped counts,
list top failures/flaky tests, and write both PR comment and job
summary.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
d5ca6987f65e9a7063533960382516af89e67391. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->





<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Posts Playwright test results as a PR comment with a per-OS summary,
flaky test counts, and top failures, improving CI visibility across
macOS and Windows. Adds a JSON reporter and a GitHub Script step that
links to the full report.

- **New Features**
  - Adds JSON reporter output to playwright-report/results.json.
- Adds a script to parse results, include flaky tests, post/update the
PR comment, and write the job summary.
- Updates CI workflow permissions and runs the summary script after
report merge.

<sup>Written for commit d5ca6987f65e9a7063533960382516af89e67391.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->