## Summary
- Adds a new GitHub Action (`close-stale-prs.yml`) that runs daily at
midnight UTC
- Automatically closes open PRs that were created more than 2 months ago
- Leaves a friendly comment before closing each stale PR

## Test plan
- Verify the workflow YAML is valid by checking the Actions tab after
merge
- Can be manually triggered via `workflow_dispatch` to test behavior

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2474">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a scheduled GitHub Action to automatically close open PRs older
than 2 months and post a comment, keeping the backlog tidy. Runs daily
at midnight UTC.

- **New Features**
- Adds .github/workflows/close-stale-prs.yml using
actions/github-script@v7
  - Requires pull-requests: write permission
  - Supports manual runs via workflow_dispatch
  - Logs closed PRs to workflow output

<sup>Written for commit 6687ed758e6104e8cde06895a021b121283aea71.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

## Summary
- The `pr-review-responder` workflow uses `gh workflow run` to
re-trigger CI, BugBot, and Claude PR Review after Claude Code pushes
commits
- The `GITHUB_TOKEN` was missing the `actions: write` permission,
causing those workflow dispatch calls to silently fail
- Adds the missing permission to fix workflow re-triggering

## Test plan
- Verify that when `pr-review-responder` runs and Claude pushes commits,
the CI, BugBot, and Claude PR Review workflows are triggered
successfully
- Check the workflow run logs to confirm `gh workflow run` no longer
produces permission errors

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2475">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Added actions:write permission to the pr-review-responder workflow so
GITHUB_TOKEN can dispatch CI, BugBot, and Claude PR Review after Claude
Code pushes commits. Fixes silent failures where gh workflow run lacked
permissions and didn’t re-trigger workflows.

<sup>Written for commit 91cffceae19d8c1eea2138d48fd76e42449963a3.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Migrate from `anthropics/claude-code-base-action@v1` to
`anthropics/claude-code-action@v1`
- Switch from top-level `model`/`allowed_tools` params to `claude_args`
format

## Test plan
- Verify the workflow triggers correctly on comments to closed issues
- Confirm the Claude Code action runs with the correct model and allowed
tools

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2471">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Update the closed-issue-comment GitHub Actions workflow to use
anthropics/claude-code-action and pass config via claude_args. No
behavior change; the workflow still handles comments on closed issues.

- **Refactors**
- Replace anthropics/claude-code-base-action@v1 with
anthropics/claude-code-action@v1.
- Move model/allowed_tools into claude_args: --model sonnet and
allowedTools "Bash(gh issue reopen:*), Bash(gh issue comment:*)".

<sup>Written for commit 67e76b9b098c65902c4d9fe4b5aadb9b06fb8c1f.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Adds a GitHub workflow that uses Claude Code to intelligently handle
comments on closed issues
- If the original issue author comments expressing the issue persists or
has questions, automatically re-opens the issue
- If someone other than the original author comments, directs them to
open a new issue

## Test plan
- Comment on a closed issue as the original author with something like
"This is still happening" - should re-open the issue
- Comment on a closed issue as someone else - should receive a message
to open a new issue
- Comment on a closed issue as the original author with just "Thanks!" -
should not trigger any action

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2409">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Adds a new GitHub Action that runs on untrusted issue comments and can
reopen issues / post replies, so misclassification or prompt/permission
issues could cause unwanted issue churn or spam despite restricted `gh`
commands.
> 
> **Overview**
> Introduces a new `closed-issue-comment.yml` workflow triggered on
`issue_comment` creation for **closed issues only** (excluding PRs),
running in the `ai-bots` environment with `issues: write`.
> 
> The job invokes `anthropics/claude-code-base-action@v1` with a
constrained toolset to either **reopen and acknowledge** when the
commenter is the original issue author and indicates the issue isn’t
resolved, or **reply with guidance to open a new issue** when the
commenter is not the original author; it explicitly treats
`COMMENT_BODY` as untrusted input.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
0fb668683350ab3f205d4e627ba0a548d4caf5a7. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a GitHub workflow to handle comments on closed issues. It reopens
when the original author says the problem persists, and asks non-authors
to open a new issue.

- **New Features**
- Triggers on comments for closed issues only (not PRs), with minimal
permissions and restricted tools; treats comment text as untrusted
input.
- If the original author signals the issue isn’t resolved or has
follow-up questions, reopens and replies; otherwise does nothing.
- If the commenter isn’t the original author, replies asking them to
open a new issue.

<sup>Written for commit 0fb668683350ab3f205d4e627ba0a548d4caf5a7.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Closes #2140
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2345">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Implements a chat panel visibility toggle and syncs it with the
resizable layout.
> 
> - Adds `isChatPanelHiddenAtom` to manage chat panel visibility state
> - Adds a header toggle in `PreviewIframe` (with tooltip, icons, and
`data-testid`) to hide/show the chat panel
> - Makes `chat` page's `Panel` for `#chat-panel` collapsible; wires
refs to expand/collapse and syncs with the atom; preserves preview panel
behavior and resize handle
> - Adds Playwright e2e test `e2e-tests/chat_panel_toggle.spec.ts`
verifying collapse/expand behavior
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
d27fd58182f7012ad2b07fb3d1584a07b584bf45. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a toolbar toggle to hide and show the chat panel, helping users
focus on the preview when needed. The chat panel is now collapsible and
synced with app state and the resize handle, with an e2e test covering
the flow.

- New Features
- Preview toolbar button toggles chat visibility (Maximize2/Minimize2
with tooltip).
- Added isChatPanelHiddenAtom; syncs panel size with hidden state,
restores previous size on re-open, and updates visibility when the
handle is dragged (hidden below ~5% width).
- Playwright test confirms #chat-panel hides/shows via
data-testid="preview-toggle-chat-panel-button".

<sup>Written for commit f41058bfec814dde3d70a53cf20792e9d997f217.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

…sed approach

The previous stick-to-bottom mechanism used a timeout-based
`isUserScrolling` flag that reset after 2 seconds, causing the chat to
snap back to auto-follow even when the user intentionally scrolled away.
It also used manual scroll event listeners that duplicated Virtuoso's
built-in capabilities.

Replace with Virtuoso's native `atBottomStateChange` callback as the
single source of truth for scroll position tracking. This gives:

- Reliable stick-to-bottom: follows streaming output when at bottom
- Clean escape: scrolling up past 80px threshold stops auto-follow
immediately
- No timeout jank: purely position-based, no 2-second reset timer
- Simpler code: removes manual scroll listeners, cleanup refs, and
timeout logic

https://claude.ai/code/session_01PC8tFKJ439W8cVaT5Efyzr
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2448">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes core chat scrolling behavior during streaming by replacing
timeout-based user-scroll detection with position-based at-bottom state,
which could regress auto-follow or scroll-button behavior in edge cases.
Scope is limited to the chat UI and does not touch data/auth logic.
> 
> **Overview**
> Refactors chat auto-scroll to be **purely position-based**: replaces
the timeout-driven `isUserScrolling`/manual scroller listeners with a
single at-bottom source of truth (`atBottomStateChange` in Virtuoso,
plus a simple test-mode scroll handler).
> 
> Auto-follow now resumes only when the user is actually at the bottom,
and the stream-complete “scroll to footer” behavior runs only if the
user stayed at bottom during streaming; the scroll-to-bottom button is
driven directly by the at-bottom state.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
3273c28f3284afcde3fac58e50f243333404b799. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes chat auto-scroll so the view only follows streaming when you’re at
the bottom and stays put when you scroll up. Removes timeout-based
tracking and manual listeners for a smoother, simpler experience.

- **Bug Fixes**
- Stops snap-back: scrolling up past 80px disables auto-follow
immediately.
- Follows streaming output only when at bottom; shows a scroll-to-bottom
button when not.
- After a stream finishes, auto-scrolls only if you were already at
bottom.

- **Refactors**
- Replaced timeout-based isUserScrolling with Virtuoso’s
atBottomStateChange + followOutput.
- Removed manual scroll listeners and cleanup refs; rely on Virtuoso for
position tracking.
- Updated MessagesList to use atBottomThreshold=80 and a simplified
followOutput callback; test mode mirrors behavior with lightweight
scroll tracking.

<sup>Written for commit a7b3fba8b0528f52b11d0a6711cec574be3732d8.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

## Summary
- Relocated the `ContextLimitBanner` from the bottom of `MessagesList`
to above the chat input area in `ChatInput` for better visibility
- Moved the `useCountTokens` hook from `MessagesList` to `ChatInput` and
removed the now-unused `tokenCountResult` from the footer context
- Updated e2e tests to look for the banner inside the
`chat-input-container`

## Test plan
- [ ] Verify the context limit banner appears above the chat input when
token usage is high
- [ ] Verify the context limit banner does not appear when token usage
is within limits
- [ ] Run existing e2e tests: `PLAYWRIGHT_HTML_OPEN=never npm run e2e --
context_limit_banner`

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2461">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Moved the context limit banner to display above the chat input for
better visibility when near the limit or when long contexts would cost
extra. Addresses Linear issue 1770154755693.

- **Refactors**
- Moved useCountTokens to ChatInput and removed tokenCountResult from
MessagesList footer context.
- Updated e2e tests to assert the banner inside chat-input-container;
added a model-picker test id and a custom test model to cover long
context.

<sup>Written for commit 04f5b40d66c9efb8d358ce75afa4d9a24258654e.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Updated the pr-push skill's push step to detect the correct remote
instead of always defaulting to `origin`
- When no upstream is set, the skill now checks the PR's head repository
owner to find the matching local remote
- This handles cases where pushing to another user's fork (e.g. when
fixing someone else's PR)

## Test plan
- Test by running `/dyad:pr-push` on a branch that was checked out from
another user's fork PR
- Verify it pushes to the correct remote (not always `origin`)

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2469">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Update pr-push to auto-detect and push to the correct remote instead of
always using origin. This fixes pushes for branches from forks and PRs
opened from another user’s repo.

- **New Features**
- Use the branch’s upstream if set; otherwise match the PR’s head repo
to a local remote by owner/repo (works for SSH/HTTPS/token URLs).
- If no upstream and no PR/match, push to origin; if origin is denied,
try upstream (per workflow).
- Push with --force-with-lease and set -u when establishing the
upstream; surface gh pr view errors instead of silently falling back.

<sup>Written for commit e24e347cc7ddc3cb68343100d696d775c75cffe6.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Add `/remember-learnings` command that reviews session errors, snags,
and insights, then updates `AGENTS.md` with actionable learnings for
future agent sessions
- Integrate `/remember-learnings` as step 8 in `/dyad:pr-push` so
learnings are automatically captured and included in every PR

## Test plan
- Run `/remember-learnings` manually in a session that encountered
errors — verify it appends a `## Learnings` section to `AGENTS.md`
- Run `/dyad:pr-push` end-to-end — verify step 8 runs the skill and
amends `AGENTS.md` into the commit

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2467">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a /remember-learnings skill to capture session errors and insights
into AGENTS.md, with guardrails to keep entries concise and useful.
Integrates it into /dyad:pr-push before push, amending the commit only
when AGENTS.md changes.

- **New Features**
- New /remember-learnings command: scans for errors/snags/workflow
issues, writes 1–3 line bullets under ## Learnings in AGENTS.md; reads
CLAUDE.md/AGENTS.md to avoid duplication; limits to 5 items,
consolidates duplicates, and prunes obsolete entries.
- /dyad:pr-push integration: added as step 6 (before push);
conditionally amends the latest commit only if AGENTS.md changed; final
summary reports any learnings added.

<sup>Written for commit 43b24b73843a17fa9948408d3ed5fc238a7e2784.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Add a search bar with fuzzy matching (fuse.js) to the settings sidenav
for quickly finding any setting
- Create a searchable index of all ~23 settings with labels,
descriptions, and keywords for forgiving matches
- Clicking a search result scrolls to and briefly highlights the target
setting with an animation

## Test plan
- Navigate to Settings and type partial/approximate terms in the search
bar (e.g. "aprv" for Auto-approve, "dark" for Theme, "zoom" for Zoom
Level)
- Verify results show matching settings grouped by section name
- Click a result and verify it scrolls to and highlights the setting
- Clear search and verify normal section navigation is restored
- Verify "No settings found" appears for non-matching queries

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2449">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Moderate UI/navigation change: expands settings DOM with new anchor
IDs and changes `useScrollAndNavigateTo` signature/behavior, which could
impact other scroll-to call sites if any were missed. Adds a new
dependency (`fuse.js`) and client-side search logic but no security- or
data-sensitive behavior.
> 
> **Overview**
> Adds a fuzzy-search input to the settings sidebar (powered by
`fuse.js`) so users can search across a new `SETTINGS_SEARCH_INDEX` of
settings metadata and jump directly to a specific setting.
> 
> Updates settings navigation to use centralized
`SECTION_IDS`/`SETTING_IDS`, adds per-setting DOM `id`s in
`settings.tsx`, and extends `useScrollAndNavigateTo` with optional
*highlight-on-scroll* behavior (with new `.settings-highlight` CSS
animation) used when clicking search results.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
2734a219ca2d3ebe80571dede1ea88d36cca77cc. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add a fuzzy search bar to the settings sidebar so you can quickly find
any setting. Clicking a result smooth-scrolls to and briefly highlights
the setting.

- **New Features**
- Fuzzy search across ~23 settings using a searchable index (labels,
descriptions, keywords).
- Smooth scroll-to with a highlight animation; added anchor IDs for
precise navigation.
  - Clear button to reset the query and a "No settings found" state.

- **Dependencies**
  - Added fuse.js ^7.1.0.

<sup>Written for commit 2734a219ca2d3ebe80571dede1ea88d36cca77cc.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Grants `wwwillchen-bot` the same permissions as `wwwillchen` across
all GitHub workflow and Claude config allowlists
- Updated 5 files: PR review responder, Claude PR review, BugBot
trigger, issue triage, and PR fix comments

## Test plan
- Verify CI passes (config-only changes, no code logic affected)
- Confirm `wwwillchen-bot` PRs trigger the expected workflows

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2465">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Give wwwillchen-bot the same permissions as wwwillchen across workflows
and Claude configs so its PRs trigger reviews, triage, and BugBot.
Config-only change; no logic updates.

- **New Features**
- Added wwwillchen-bot to allowlists for PR review responder, Claude PR
review, and BugBot trigger.
  - Triage workflow now surfaces helpful comments from wwwillchen-bot.
  - Marked wwwillchen-bot as a trusted author for PR fix comments.

<sup>Written for commit 179db5a83561e18138533c28b01e90b2765930c4.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Migrates shadcn UI from Radix primitives to Base UI across the app and
adds migration docs. Fixes interaction regressions (tooltips, submenu
triggers, switch roles) to stabilize the UI and e2e tests.

- **Migration**
- Rewrote core UI in src/components/ui using Base UI (accordion,
alert-dialog, button, checkbox, command, dialog, dropdown-menu, label,
popover, scroll-area, select, separator, sheet, sidebar, switch, tabs,
toggle, toggle-group, tooltip).
- Updated 40+ components to new APIs (use polymorphic/as or direct
elements instead of asChild, adjust Select onValueChange to handle
undefined, align Accordion/Tabs props, replace data-[state] with
data-open/checked, remove Tooltip wrappers around interactive elements,
set submenu triggers to click/openOnHover=false, add aria-labels to
switches/checkboxes, hide streaming animation text from a11y with
aria-hidden).
- Stabilized e2e tests (use click for submenu items, role-based locators
for switches, waits for dialog close) and added
.claude/run-e2e-update.sh for snapshot updates.
- Added shadcn-migration.md documenting Radix→Base mappings and
patterns.

- **Dependencies**
  - Added @base-ui/react and removed 16 @radix-ui/react-* packages.

<sup>Written for commit c89958b108c41de335aadb9ab9516a5140b8d63b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Medium risk because it replaces core UI primitives and interaction
patterns (dialogs/menus/selects/switches), which can cause subtle
UX/a11y regressions despite primarily being framework-level refactors.
> 
> **Overview**
> **Migrates UI primitives from Radix to Base UI.** Adds
`@base-ui/react` and removes many `@radix-ui/react-*` deps, then updates
shared shadcn wrappers (e.g. `dialog`, `alert-dialog`, `select`,
`switch`, `dropdown-menu`, `tooltip`, `accordion`) and consumers to the
new Base UI prop/events and `data-*` state attributes.
> 
> **Updates app components for new trigger/tooltip patterns and
accessibility.** Replaces many `asChild` trigger patterns with direct
triggers or `buttonVariants` styling, swaps some tooltips for `title`
attributes, guards `Select` `onValueChange` against `undefined`, and
adds `aria-label`s to switches/checkboxes.
> 
> **Stabilizes Playwright E2E tests and snapshots.** Menu submenus now
open via click (not hover) and tests wait for submenu items/dialog
close; branch manager assertions switch to new trigger text; switch
locators move to role/name; multiple aria snapshot fixtures are updated,
and a helper script `.claude/run-e2e-update.sh` is added to regenerate
snapshots.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
c89958b108c41de335aadb9ab9516a5140b8d63b. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Medium Risk**
> Moderate risk because it changes CI execution order and artifact
handling across macOS/Windows, which could cause failures or masking of
build/test issues if artifacts are incomplete or OS-specific metadata
isn’t preserved.
> 
> **Overview**
> Refactors the CI workflow to run a single per-OS `build` job
(including `pre:e2e` and fake server build) and then execute Playwright
`e2e-tests` in 4 shards that **download the built artifacts** instead of
rebuilding per shard.
> 
> Adds OS-specific artifact packaging: macOS bundles are tarred
(`out-macos.tar`) to preserve app metadata, while Windows uploads `out/`
directly; `merge-reports` is updated to depend on `e2e-tests` rather
than the old `test` job.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
2f42db63302827878905a8225fd47fc7b6cf1972. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2026">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Add explicit `WINDOWS_SIGN` env var to the release workflow (set only
for Windows builds)
- `forge.config.ts` now checks `WINDOWS_SIGN=true` to enable Windows
code signing, instead of the generic `isGitHubActions` check
- If `WINDOWS_SIGN` is enabled but `AZURE_CODE_SIGNING_DLIB` is missing,
the build **fails loudly** with a clear error message
- CI builds no longer attempt Windows code signing since they don't set
`WINDOWS_SIGN`

## Test plan
- CI workflow should pass without attempting Windows code signing (no
`WINDOWS_SIGN` env var)
- Release workflow Windows builds will set `WINDOWS_SIGN=true` and sign
correctly
- If Azure signing tools fail to install in the release workflow, the
build will fail explicitly instead of silently skipping signing

#skip-bugbot

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: small build/release configuration change that only affects
Windows signing behavior and adds an explicit fail-fast check when
signing is enabled but tooling is missing.
> 
> **Overview**
> Windows code signing is now explicitly gated by a `WINDOWS_SIGN` env
var instead of implicitly enabling it on all GitHub Actions runs.
> 
> The release workflow sets `WINDOWS_SIGN=true` only for the Windows
matrix job, and `forge.config.ts` enables `windowsSign`/MakerSquirrel
signing only when that flag is set, failing fast with a clear error if
`AZURE_CODE_SIGNING_DLIB` is missing.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
132029c13f0da8afde3f864dc58a1ebdaeddf28e. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Adds a `SessionStart` hook to `.claude/settings.json` that runs `npm
install` automatically when a Claude Code session starts
- Ensures dependencies are always up to date at the beginning of each
session
- Uses a 60-second timeout

## Test plan
- [ ] Start a new Claude Code session and verify `npm install` runs
automatically
- [ ] Verify the hook doesn't block session startup if it completes
within 60s

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2458">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a SessionStart hook to .claude/settings.json to run npm install
when a Claude Code session starts. This keeps dependencies current and
uses a 60s timeout so startup isn’t blocked.

<sup>Written for commit 30bc4980b2cc211c7fd358d0f779bec333480f01.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

## Summary
- Add a native notification that appears when a chat response completes
while the Dyad app window is not focused
- Controlled by a new setting "Show notification when chat completes" in
Workflow Settings
- Enabled by default for a seamless notification experience

## Implementation
- Added `enableChatCompletionNotifications` setting to
UserSettingsSchema (default: true)
- Added `isWindowFocused` IPC contract and handler to check window focus
state from main process
- Added notification logic to `useStreamChat`'s `onEnd` callback using
the Web Notification API
- Created `ChatCompletionNotificationSwitch` component for the settings
toggle
- Added the toggle to the Workflow Settings section in the Settings page

## Test plan
1. Start the app and enable notifications in Workflow Settings (enabled
by default)
2. Start a chat and switch focus to another application
3. Wait for the chat response to complete
4. Verify a native notification appears saying "Chat response completed"
5. When Dyad is focused, verify no notification appears
6. Disable the setting and verify notifications stop appearing

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2413">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Mostly additive UI/renderer changes with an optional IPC payload
field; main risk is runtime differences around `Notification`
permissions/focus detection across platforms.
> 
> **Overview**
> Adds an opt-in Workflow Settings toggle
(`enableChatCompletionNotifications`) that requests Web Notification
permission when enabled.
> 
> When a chat stream ends, the renderer now conditionally fires a native
`Notification` if the setting is enabled, permission is granted, and the
window is not focused, using the app name as the title and a truncated
`chatSummary`/chat title as the body.
> 
> Extends the `ChatResponseEnd` IPC payload with optional `chatSummary`
and populates it from both the standard stream handler and the
local-agent handler so the renderer can display richer completion
notifications.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
02cb0c28d1bd72cf01e48f6923f4d2285df4aaa3. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a native desktop notification when a chat response completes while
Dyad isn’t focused, controlled by a new Workflow Settings toggle enabled
by default. Helps you notice finished replies while multitasking.

- **New Features**
  - New setting: “Show notification when chat completes” (default on).
- Requests notification permission when you enable it; notifications
show only if permission is granted.
- Sends a notification via the Web Notification API when the window
isn’t focused (document.hasFocus), using the app name as the title and
the chat summary (or chat title) as the body.

<sup>Written for commit 02cb0c28d1bd72cf01e48f6923f4d2285df4aaa3.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Create new `StreamingLoadingAnimation` component with two variants for
chat streaming states
- **Initial variant**: Flowing wave animation with 5 glowing orbs,
staggered bounce, and gradient fills
- **Streaming variant**: Pulsing indicator with rotating ring and
animated "generating..." text
- Replace inline animations in ChatMessage with the new component for
cleaner code

## Test plan
- Start the app and send a message to trigger chat streaming
- Verify the initial loading animation shows glowing bouncing orbs when
waiting for first response
- Verify the streaming indicator shows pulsing "generating..." text
while content is being generated
- Check animations work correctly in both light and dark modes

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2425">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> UI-only changes that replace existing loading indicators; main risk is
visual/regression or performance issues from the new animations.
> 
> **Overview**
> Adds a new `StreamingLoadingAnimation` component with two variants
(`initial` and `streaming`) using `framer-motion`, rotating verbs, and a
scrambled text effect.
> 
> Updates `ChatMessage` to replace the previous inline loading/spinner
animations with this shared component for both the pre-response and
in-stream indicators.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
65fac50463768be2e56810c498ca5b4c694754bd. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add a reusable StreamingLoadingAnimation component with “initial” and
“streaming” variants to improve chat loading feedback. Replaces ad‑hoc
animations in ChatMessage for a cleaner, consistent UI.

- **New Features**
  - StreamingLoadingAnimation component:
    - initial: glowing orb wave
    - streaming: organic equalizer bars
  - Rotating verbs with scramble text reveal; theme-aware colors

- **Refactors**
- ChatMessage now uses the new component instead of inline framer-motion
blocks
  - Centralizes animation styles; no changes to streaming logic

<sup>Written for commit 65fac50463768be2e56810c498ca5b4c694754bd.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Closes #585.

Currently, there are at least two places where an Electron logo appears
instead of the Dyad logo:
- In the Windows control panel (see #585).
- On the taskbar (or equivalent) of some Linux desktop environments
while running the app.

The Windows installer (`.Setup.exe`) also shows a generic icon instead
of the Dyad logo when viewed in the file explorer.

This PR aims to fix all of the above. It's a relatively minor detail,
but it's nice to have anyway.

The relevant documentation from Electron Forge is on this page:

https://www.electronforge.io/guides/create-and-add-icons#setting-the-app-icon

I've double-checked that this fixes the icons on Windows 10, XFCE and
Cinnamon (on Linux Mint), and GNOME (on Fedora). I don't have a device
that runs Windows 11.
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2404">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Replace generic/Electron icons with the Dyad logo across Windows and
Linux. Ensures correct branding in the Windows control panel, Linux
taskbar, and the Windows installer.

- **Bug Fixes**
  - Set BrowserWindow icon to assets/icon/logo.png.
  - Configured Electron Forge makers:
- Squirrel: iconUrl and setupIcon set to Dyad .ico for installer and
control panel.
    - Deb/RPM: icon set to Dyad .png for desktop environments.
- Verified on Windows 10, Linux Mint (XFCE, Cinnamon), and Fedora
(GNOME).

<sup>Written for commit 2f29dcc2fd34fdc53fb9bd2126cf02a7bd719920.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

## Summary
- Windows release builds fail during code signing because the Azure
Trusted Signing DLL cannot parse the signing metadata JSON file
- The `signing-metadata.json` is written with a UTF-8 BOM (0xEF 0xBB
0xBF) by Windows PowerShell 5.1's `Out-File -Encoding utf8`, and .NET's
`System.Text.Json` parser rejects the BOM as invalid JSON
- Fix: switch `shell: powershell` to `shell: pwsh` (PowerShell Core)
which writes UTF-8 without BOM by default

## Test plan
- Re-run the release workflow and verify the Windows build completes
signing successfully

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2446">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fix Windows release signing failures by switching the workflow to
PowerShell Core (pwsh) so signing-metadata.json is written as UTF-8
without a BOM. This avoids the .NET System.Text.Json BOM error and lets
Azure Trusted Signing parse the file successfully.

<sup>Written for commit b1967255ec4547681dd5650fe0c2154b7374f0ad.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Auto-discover signtool.exe from Windows SDK instead of relying on
`SIGNTOOL_PATH` repository variable
- Add `/debug` flag to signtool for better diagnostics during signing
failures
- Remove `SIGNTOOL_PATH` env var from the electron-builder step since
it's now set dynamically

#skip-bugbot

## Test plan
- Verify the release workflow runs successfully on Windows runners
- Check that signtool.exe is found from the Windows SDK directory
- Confirm signing output includes debug information

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2445">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Automatically discover the Windows SDK SignTool in the release workflow
and set its path via GITHUB_ENV, removing the need for the SIGNTOOL_PATH
repo variable. Adds /debug to SignTool for clearer diagnostics during
signing.

- **Refactors**
- Auto-find x64 signtool.exe from the Windows SDK and export
SIGNTOOL_PATH dynamically.
  - Add /debug to signWithParams for better logging.
  - Remove SIGNTOOL_PATH from the electron-builder step.

<sup>Written for commit e667e794ac6b4c13bf34ab2943182fd22de26da0.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Adds `@ts-expect-error` comment to suppress a zod v4 type inference
issue in `registerTypedHandlers` (`src/ipc/handlers/base.ts`)
- The generic handler registration produces incorrect types with zod v4,
requiring this suppression until the upstream issue is resolved

## Test plan
- [x] TypeScript type-checking passes (`npm run ts`)
- [x] All 661 unit tests pass
- [x] Lint checks pass

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2444">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Suppress a Zod v4 type inference error in registerTypedHandlers by
adding @ts-expect-error in src/ipc/handlers/base.ts. This unblocks
type-checking with no runtime changes until the upstream issue is fixed.

<sup>Written for commit 4b847c8611331b51afead606c85bdc52d017a1dd.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Removes the invalid `/debug` flag from signtool parameters in
`windowsSign.ts`
- The `/debug` flag is not a supported signtool option and was causing
Windows builds to fail with `SignTool Error: Invalid option: /debug`

## Test plan
- [ ] Verify Windows release build succeeds by running the Release
workflow

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2443">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Removed the invalid /debug flag from signtool params in windowsSign.ts
to fix Windows build failures. This resolves “SignTool Error: Invalid
option: /debug” during signing.

<sup>Written for commit e8d71407fdcf4a3171ee12e9fe9028b4cbc584fe.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: a one-line change to Windows code-signing flags that only
affects signing invocation and should reduce build failures.
> 
> **Overview**
> Removes the unsupported `/debug` option from `windowsSign.ts`
`signWithParams`, leaving only the verbose (`/v`) and Azure signing
library/metadata parameters. This aims to prevent `signtool` from
failing Windows builds due to an invalid flag.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
e8d71407fdcf4a3171ee12e9fe9028b4cbc584fe. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Medium Risk**
> Adds a new IPC entrypoint and changes Node.js status resolution logic
(even though gated to `E2E_TEST_BUILD`), which could affect runtime
behavior if the flag/channel is misused. The rest is E2E-only test
additions/refactors.
> 
> **Overview**
> Adds Playwright E2E coverage for the initial *Setup Dyad* flow,
including Node.js install UX states, provider setup navigation, and
verifying the setup banner disappears after configuring an AI provider.
> 
> Introduces a **test-only IPC** (`test:set-node-mock`) to
deterministically mock Node.js installed/not-installed status in E2E
builds, with a new `PageObject.setNodeMock()` helper and preload
allowlisting. Refactors Node.js status handling to centralize Node
download URL selection via `getNodeDownloadUrl()`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5dd01b9e95375ff4a39d00b9ec9ecb40685d89a0. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds Playwright E2E coverage for the setup flow and a test-only IPC to
mock Node.js install status, making the flow fully testable and
deterministic. Also refactors Node download URL selection for clarity.

- **New Features**
  - Added setup_flow.spec.ts to verify:
    - Banner states when Node is installed.
    - Node install flow with “Continue… I installed Node.js”.
    - AI provider navigation and banner dismissal after configuration.
- Introduced test-only IPC channel test:set-node-mock (allowlisted in
preload) gated by E2E_TEST_BUILD=true; added PageObject.setNodeMock()
helper.
- Refactored node_handlers to use getNodeDownloadUrl() and return mocked
versions when enabled.

- **Migration**
  - Run E2E with E2E_TEST_BUILD=true to enable the mock IPC.

<sup>Written for commit 5dd01b9e95375ff4a39d00b9ec9ecb40685d89a0.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2028">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Add additional search paths for Azure.CodeSigning.Dlib.dll in the
Windows release workflow
- Search in WinGet packages directory and runner user profile where
winget may install tools
- Add logging to show which paths are being searched for easier
debugging

## Test plan
- Trigger the release workflow manually
- Verify the Windows build finds the Azure code signing DLL successfully

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2442">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Ensures the Windows release workflow reliably finds
Azure.CodeSigning.Dlib.dll to prevent signing failures on GitHub Actions
runners.

- **Bug Fixes**
- Search these locations for the DLL: Program Files, %LOCALAPPDATA%,
%LOCALAPPDATA%\Microsoft\WinGet\Packages, and
C:\Users\runneradmin\AppData\Local\Microsoft\WinGet\Packages.
  - Log each path checked for easier debugging.
- Set AZURE_CODE_SIGNING_DLIB when found; exit with a clear error if
not.

<sup>Written for commit a804c86677935ed00094fcf8524aceb1c0943664.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bb

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes Azure code signing on Windows by auto-detecting the
Azure.CodeSigning.Dlib.dll path and exporting it for the build. Adds
better debug output to diagnose signing issues.

- **Bug Fixes**
- Search Program Files and LocalAppData for x64
Azure.CodeSigning.Dlib.dll and set AZURE_CODE_SIGNING_DLIB in the
workflow; fail fast if not found.
  - Extend DEBUG to include electron-windows-sign.
- Log AZURE_CODE_SIGNING_DLIB in forge.config.ts for visibility during
builds.

<sup>Written for commit 04c1f068a03f8741d3a9c904c1b896f80dfe3a37.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->


<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2441">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Add unified `DYAD_DISABLE_CLAUDE_CODE_HOOKS` env var to disable
permission-request and stop hooks
- Update permission policy to explicitly allow GitHub comment/resolve
operations (not destructive)
- Enhance pr-fix:comments skill to always explicitly resolve threads
after addressing
- Add `cc:request` label for non-trivial PRs in pr-push skill

## Test plan
- Set `DYAD_DISABLE_CLAUDE_CODE_HOOKS=1` and verify hooks are bypassed
- Run `/dyad:pr-fix:comments` and verify all addressed threads are
resolved
- Run `/dyad:pr-push` on a non-trivial PR and verify `cc:request` label
is added

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2439">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Unifies hook disabling under DYAD_DISABLE_CLAUDE_CODE_HOOKS, clarifies
non-destructive GitHub actions in the permission policy, and improves PR
skills to resolve threads explicitly and request review on non-trivial
changes.

- **New Features**
- Single env var to disable both permission-request and stop hooks:
DYAD_DISABLE_CLAUDE_CODE_HOOKS.
- Permission policy explicitly allows commenting/replying and resolving
review threads (non-destructive).
- pr-fix:comments explicitly resolves addressed threads and verifies all
trusted threads are handled.
  - pr-push adds the cc:request label for non-trivial PRs.

- **Migration**
- Replace DISABLE_DYAD_STOP_HOOK with DYAD_DISABLE_CLAUDE_CODE_HOOKS
(true/1/yes) to disable both hooks.

<sup>Written for commit a09d0458ef620da8b2358facf7712f5c47362030.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Update winget command to use the correct package ID
`Microsoft.Azure.TrustedSigningClientTools` for Azure Trusted Signing
- Add explicit `--source winget` and `-e --id` flags for more reliable
package resolution

## Test plan
- Verify Windows release build workflow runs successfully with the
updated package installation command

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2440">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Add `isGitHubActions` environment variable check to conditionally
disable Windows code signing
- Disable `windowsSign` in `packagerConfig` when running on GitHub
Actions
- Pass empty config to `MakerSquirrel` instead of signing config on
GitHub Actions

## Test plan
- Verify the build succeeds on GitHub Actions without Windows signing
errors
- Verify local builds with Windows signing still work when not on GitHub
Actions

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2438">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Enable Windows code signing on GitHub Actions and skip it for local
builds. Added an isGitHubActions env check to set
packagerConfig.windowsSign and pass windowsSign to MakerSquirrel only
when running in CI.

<sup>Written for commit 259bc98373fa92668745c503eecc6413528d1172.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary

- Fixes the component selector being permanently disabled when apps have
delayed first render (e.g., async auth/Supabase initialization)
- Uses MutationObserver to retry detecting `[data-dyad-id]` elements for
up to 5 seconds
- Properly cleans up observer and timeout when elements are found to
avoid resource leaks

## Test plan

1. All existing `select component` e2e tests pass (4 tests)
2. Annotator e2e test passes
3. For manual testing:
- Create an app that has delayed initialization (e.g., async auth check
before rendering)
   - Previously: component selector button would be disabled
   - Now: component selector button should enable once components render

Fixes #2231

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2408">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Adds a long-lived `MutationObserver`/timeout loop to initialization,
which could affect iframe performance or leave the selector disabled if
the observer logic misfires, though cleanup and a hard timeout mitigate
this.
> 
> **Overview**
> Makes the component selector initialization resilient to delayed
renders by no longer giving up immediately when no `[data-dyad-id]`
elements exist.
> 
> The client now retries by observing DOM/attribute mutations for newly
tagged elements, posts `dyad-component-selector-initialized` once found,
and cleans up the observer/timeout; it only logs the “no tagged
elements” warning after a 60s timeout.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
56474bce646c9f41c87c869a4310964efcb62a99. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes the component selector staying disabled when apps render late by
retrying initialization until tagged elements appear. Adds a
MutationObserver with a 60s timeout and proper cleanup.

- **Bug Fixes**
- Watch for [data-dyad-id] with a MutationObserver and retry init for up
to 60s.
- Disconnect observer and clear timeout once found; warn only if timeout
expires.
- Addresses Linear issue #2231 by enabling the selector after delayed
renders.

<sup>Written for commit 56474bce646c9f41c87c869a4310964efcb62a99.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Upgraded zod package from ^3.25.76 to ^4.3.6
- Updated z.record() calls to use two arguments (key schema, value
schema) as required by Zod v4
- Changed ZodError.errors to ZodError.issues (API rename in v4)
- Fixed type inference issues with complex generics in
createStreamClient

## Test plan
- [x] TypeScript type-checking passes (`npm run ts`)
- [x] Linting passes (`npm run lint`)
- [x] Unit tests pass (661/661 tests)
- [x] E2E tests pass (195/213 tests - 12 failures are pre-existing flaky
tests unrelated to Zod)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2415">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Medium risk because this upgrades a core validation library and
adjusts IPC schema/handler typings; behavioral changes in Zod
parsing/record typing could surface at runtime if any edge cases differ.
> 
> **Overview**
> Upgrades `zod` from v3 to v4 (and bumps `zod-to-json-schema`),
updating the lockfile and keeping a nested v3 `zod` for
`@modelcontextprotocol/sdk`.
> 
> Updates IPC validation code to match Zod v4: switches
`ZodError.errors` to `ZodError.issues`, updates all `z.record(...)`
usages to the new `z.record(keySchema, valueSchema)` signature, and
applies a few TypeScript workarounds (notably in `createStreamClient`
key handling and `registerTypedHandlers` casting) to avoid inference
breaks under v4.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
2e1becc1b56c343ee969e86de2146e36d255e7ae. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Migrated the codebase to Zod v4. Updated record schemas and error
handling, plus small type fixes in IPC; no runtime changes expected.

- **Dependencies**
  - Upgraded zod to ^4.3.6.
  - Bumped zod-to-json-schema to 3.25.1.

- **Refactors**
  - Replaced z.record(value) with z.record(key, value) across schemas.
  - Switched ZodError.errors to ZodError.issues in handlers.
- Improved createStreamClient key typing (string | number) and used
safer Record<string, unknown> casts.
- Added an explicit type assertion in registerTypedHandlers for handler
registration.

<sup>Written for commit 15413b80916c6816f7c24a59815663f502ac9e3d.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

## Summary
- Adds `@types/node-fetch` as a dev dependency for improved TypeScript
type support

## Test plan
- All existing tests pass
- TypeScript compilation succeeds

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2437">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add @types/node-fetch (^2.6.13) as a dev dependency to provide
TypeScript types for node-fetch. Improves type safety and editor
autocomplete for code using fetch in Node.

<sup>Written for commit 43975a34f2a5b5675c47917721cf9eb8705ef80a.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- **Fixes #2396**: When creating a new chat (including "summarize to new
chat"), the system was hardcoding `ref: "main"` when getting the
`initialCommitHash`, causing issues when users work on feature branches
- Changed to use the default `"HEAD"` ref instead, so the chat correctly
tracks the currently checked-out branch's commit
- This prevents merge conflicts and ensures changes are applied to the
correct branch

## Test plan
1. Create a feature branch from main
2. Create a new chat while on the feature branch
3. Verify the new chat tracks the feature branch's commit, not main's
commit
4. Test "summarize to new chat" functionality while on a feature branch

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2411">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: a small, localized change that only affects which git ref is
used to capture `initialCommitHash` during chat creation.
> 
> **Overview**
> When creating a new chat, the `initialCommitHash` is now resolved from
the repo’s current `HEAD` rather than forcing `ref: "main"`, so chats
created on feature branches track the correct starting commit.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
541b373218a04781d63dfdb05474b4f110d38ab0. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
New chats now use the currently checked-out branch (HEAD) to resolve
initialCommitHash instead of hardcoding main. This ensures chats track
the correct branch and prevents merge conflicts. Fixes #2396.

<sup>Written for commit 541b373218a04781d63dfdb05474b4f110d38ab0.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Update all @ai-sdk/* packages to latest versions
- Update core ai package from ^6.0.14 to ^6.0.68
- Remove unused openai dependency

## Test plan
- [x] Lint checks pass (formatting and linting)
- [x] All 661 unit tests pass
- [ ] Manual testing of AI provider integrations

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2431">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Updated the ai package and all @ai-sdk/* providers to the latest
versions to pick up recent fixes and features. Removed the unused openai
client to reduce install size and avoid overlapping APIs.

- **Dependencies**
  - ai → ^6.0.68
- Updated @ai-sdk packages: amazon-bedrock ^4.0.46, anthropic ^3.0.35,
azure ^3.0.26, google ^3.0.20, google-vertex ^4.0.41, mcp ^1.0.18,
openai ^3.0.25, openai-compatible ^2.0.26, provider-utils ^4.0.13, xai
^3.0.46
  - Removed openai

- **Migration**
  - Run install to update lockfile.
  - No code changes expected; verify provider integrations in staging.

<sup>Written for commit 4959fe16eaff0234e477422d4d8a54f47ef8f23f.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bb

## Summary
- Replace DigiCert SSM-based code signing with Azure Trusted Signing for
Windows builds
- Add new `windowsSign.ts` configuration for Azure signing parameters
- Update release workflow to install Azure Trusted Signing CLI and
create metadata file
- Version bump to 0.36.0-beta.1 for testing the new signing workflow

## Test plan
- [ ] Trigger a release build and verify Windows binaries are signed
correctly
- [ ] Verify the signed executable passes Windows SmartScreen
verification

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2429">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Switches Windows code signing from DigiCert SSM to Azure Trusted Signing
to simplify CI and reduce secret handling. Updates Forge config and
release workflow; bumps version to 0.36.0-beta.1 for testing.

- **Refactors**
- Added windowsSign.ts with Azure sign params (dlib + metadata),
SHA-256, and timestamp server.
  - Wired windowsSign into Electron Forge packager and MakerSquirrel.
- Release workflow installs Azure Trusted Signing via winget and writes
signing-metadata.json; removes DigiCert SSM steps.

- **Migration**
- Add AZURE_CODE_SIGNING_DLIB, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and
AZURE_TENANT_ID as CI secrets. The workflow sets AZURE_METADATA_JSON
automatically.
  - Run a release build and verify the signed EXE passes SmartScreen.

<sup>Written for commit 0d5b4d58940b59300796ea18e8c403bfcc25b30d.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Replace `<dyad-write>` and `<dyad-execute-sql>` custom XML tags with
standard markdown code blocks in the Supabase prompt
- This improves compatibility and readability of the generated code
examples
- No functional changes to behavior

## Test plan
- All 661 unit tests pass
- Lint and type checks pass

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2424">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Replaced custom <dyad-write> and <dyad-execute-sql> tags with standard
fenced code blocks in the Supabase prompt to improve compatibility and
readability. No behavior changes.

- **Refactors**
- Swapped custom XML tags for markdown code blocks with language hints
(tsx, sql, typescript).
- Cleaned up instructions (removed tag-specific guidance; clarified
auto-deploy and file labels).
  - Updated example paths (e.g., supabase/functions/hello/index.ts).

<sup>Written for commit e0aecca9615c9580de231e740fa71f934c8ecb3a.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Fixes #2395 

## Summary
- Use `write_file` tool format instead of `dyad-write` XML tags when
local agent stream mode is active
- The local agent uses tools rather than XML-based commands, so
attachments need compatible upload instructions
- Refactored `willUseLocalAgentStream` check to be computed once and
reused

## Test plan
- Test uploading file attachments while in local agent mode
- Verify the system prompt contains `write_file` tool instructions
instead of `dyad-write` XML tags
- Verify regular (non-local-agent) mode still uses the XML-based
instructions

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2412">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: only adjusts system-prompt attachment upload instructions
and reuses a single `willUseLocalAgentStream` flag; could affect how
models handle uploads in local-agent/Pro ask mode.
> 
> **Overview**
> Fixes attachment-upload prompting when streaming via the local agent
by switching from `dyad-write` XML tag instructions to `write_file`
tool-call instructions for conversations that will use
`handleLocalAgentStream`.
> 
> Also refactors the `willUseLocalAgentStream` condition to be computed
once (based on chat mode/Pro ask mode and absence of mentioned-app
codebases) and reused for both system-prompt construction and
`aiMessagesJson` persistence.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
60dd66e4548c5d10ace43739aea7765958284739. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Fix regression from PR #2336 where `previewCurrentUrlAtom` wasn't
cleared when navigating back to root (`/`)
- Clear preserved URL in `pushState`/`replaceState` handlers when
pathname is "/" or empty
- Clear preserved URL in `restartApp` before restarting to prevent stale
route restoration
- Add E2E test to verify route stays on root after restart

Fixes the issue where HMR/restart would load the wrong URL after
navigating back to root from a sub-route.

## Test plan
- [x] E2E test `restart after navigating back to root should stay on
root` passes
- [x] Existing test `refresh preserves current route` still passes
- [x] Unit tests pass (661 tests)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2422">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Medium risk because it changes preview navigation state persistence
and restart behavior, which could impact route restoration and
back/forward history across apps. Added e2e coverage reduces the chance
of regressions.
> 
> **Overview**
> Fixes a regression where the preview could restore a stale sub-route
after returning to `/` or after an app restart.
> 
> `PreviewIframe` now **clears `previewCurrentUrlAtom`** when
`pushState`/`replaceState` navigates to same-origin root, and
`useRunApp.restartApp` clears the preserved URL for the app before
restarting to avoid remount restoring the wrong route.
> 
> Adds an e2e Playwright test ensuring navigating `/about` → `/` and
then restarting stays on the home route.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
16db90a34c728f311599eab4c029010d89354420. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes a regression where the preview restored a stale sub-route after
returning to “/” or restarting. We now clear the preserved URL so the
app stays on the expected root route.

- **Bug Fixes**
- Clear preserved URL on pushState/replaceState when pathname is “/” in
PreviewIframe.
- Clear preserved URL during restart (useRunApp) to prevent stale route
restoration.
  - Add E2E test to ensure restart after returning to root stays on “/”.

- **New Features**
- Allow disabling the stop hook via DISABLE_DYAD_STOP_HOOK environment
variable.

<sup>Written for commit 16db90a34c728f311599eab4c029010d89354420.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2392">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes failing Next.js e2e tests by selecting the correct chat mode and
restarting after upgrades, and improves the Playwright PR comment with
clearer run/update commands. Also increases local test timeout to reduce
flaky failures.

- **Bug Fixes**
  - Selects “build” chat mode in Next.js tests.
  - Adds restart after upgrade in select component test.
  - Updates snapshot to expect the “next” template ID.
  - Raises local timeout to 75s to reduce flakes.

- **New Features**
- Playwright PR comment now includes copy-paste commands to run and
update snapshots for each failed test.
- Uses -g "pattern" with proper escaping; groups many commands in a
collapsible section.

<sup>Written for commit 5124cf2f3e8aa80e9de63b412ff0b6aeeff81eb5.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

## Summary
- Adds new "Auto-expand preview panel" toggle in Workflow Settings
- When disabled, the preview panel stays collapsed after chat responses
and proposal approvals
- Defaults to enabled to preserve existing behavior

Fixes #2090

## Test plan
1. Go to Settings > Workflow Settings
2. Disable "Auto-expand preview panel"
3. Collapse the preview panel manually
4. Send a chat message that generates code changes
5. Verify the preview panel stays collapsed

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2352">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Introduces a user setting to control automatic preview expansion after
code changes.
> 
> - Adds `autoExpandPreviewPanel` to `UserSettings` with default `true`
and schema support
> - New `AutoExpandPreviewSwitch` and integrates it into Workflow
Settings UI
> - Gates preview opening in `ChatInput` (on approve) and
`useStreamChat` (on stream end) behind the new setting
> - Updates settings defaults and unit tests to include the new field
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
74064a7eb9092556833afd8fcb37527e59de14cc. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds an “Auto-expand preview panel” toggle in Workflow Settings to
control whether the preview opens automatically after chat file updates
or proposal approvals. Defaults to on to preserve current behavior and
addresses Linear issue #2090.

<sup>Written for commit 74064a7eb9092556833afd8fcb37527e59de14cc.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>