## Summary
- Move Claude commands to `dyad/` namespace (e2e-rebase, pr-fix)
- Add new commands: fix-issue, gh-push, gh-rebase, lint, session-debug
- Add `gh-permission-hook.py` to block destructive gh commands (except
PRs)
- Expand allowed bash commands in settings.json
- Update AGENTS.md to reference `/dyad:lint` skill and fix typo

## Test plan
- [ ] Verify commands work with `/dyad:<command>` syntax
- [ ] Test that gh-permission-hook blocks issue modifications but allows
PR operations

🤖 Generated with [Claude Code](https://claude.com/claude-code)


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Reorganized Claude commands under the /dyad namespace and added a GitHub
CLI permission hook that auto-approves read-only commands plus PR and
issue updates while blocking destructive actions. Added new skills
(including deflaking E2E and split PR fix steps), hardened the hook, and
added tests.

- **New Features**
- Moved e2e-rebase and pr-fix to dyad/; added fix-issue, pr-push,
gh-rebase, lint, session-debug, deflake-e2e; split pr-fix into
pr-fix:comments and pr-fix:actions.
  - Updated AGENTS.md to reference /dyad:lint and fixed a typo.

- **Permissions**
- Added gh-permission-hook.py (PreToolUse) for Bash gh commands;
auto-approves read-only ops, PR modification commands, issue
create/edit/close/reopen/comment, PR review thread ops, and PR/issue
comment replies and updates; blocks destructive actions across issues,
releases, gists, labels, secrets, repos, workflows, config, and auth.
- Hardened checks: require gh as the executed command (handles
env/sudo/command wrappers); detect shell injection (;, &&/||, &,
newlines, ANSI-C $'…', process substitution); allow safe pipes to jq and
common text filters (head/tail/grep/wc/sort/uniq/cut/tr) and stderr
redirects; parse --method/-X (incl. equals syntax); allow GraphQL
queries plus specific PR review thread/comment mutations; added unit
tests with good/bad fixtures.
- Updated settings.json to narrow read-only gh allowlist, expand safe
Bash commands, and register the PreToolUse hook.

<sup>Written for commit 3237d344cdc2850a97a9a4856bff54bd25be102b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->




<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Streamlines Claude command suite and hardens GitHub CLI usage in the
workspace.
> 
> - Reorganizes commands under `/.claude/commands/dyad/` and adds new
skills: `deflake-e2e`, `fix-issue`, `gh-rebase`, `lint`, `pr-push`,
`session-debug`; splits `pr-fix` into `pr-fix:comments` and
`pr-fix:actions`
> - Adds `/.claude/hooks/gh-permission-hook.py` to auto-approve
read-only/PR operations and block destructive `gh` commands; supports
GraphQL query/limited mutations and safe piping
> - Introduces unit tests (`.claude/hooks/tests/*`) with good/bad
command fixtures and a test runner
> - Updates `.claude/settings.json` to expand safe Bash allowlist and
register `PreToolUse` hook; tweaks `.gitignore` and `AGENTS.md`
(references `/dyad:lint`)
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
3237d344cdc2850a97a9a4856bff54bd25be102b. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Allow build jobs to continue independently even if one platform fails
- The verify-assets job will still only run if all builds succeed

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Set fail-fast: false in the release workflow build matrix so other
platform builds continue even if one fails. Add retry to the publish
step (3 attempts, 30m timeout) to reduce flakiness; verify-assets still
only runs if all builds succeed.

<sup>Written for commit 2f09fc1f6ae1d524f6e626f4acc91bb7adfa4aab.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Fixes Windows-specific bug where `path.relative()` generates backslash
paths (e.g., `src\components\Button.tsx`) that break TSC workers and git
operations
- Normalizes paths to use forward slashes in both component tagger
plugins (nextjs-webpack and react-vite)
- Adds defensive normalization in `visual_editing_handlers.ts` and
`PreviewIframe.tsx`

Fixes #2271

## Test plan
- [ ] Test on Windows: use Annotator / Edit with Select to refactor or
move files
- [ ] Verify no TSC worker errors occur after using the visual editing
tools
- [ ] Verify git operations don't fail due to invalid paths

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Bug fix: Windows path normalization**
> 
> - Update `safeJoin` to normalize backslashes via `normalizePath`, then
validate/block absolute, home, and UNC paths before joining; join uses
normalized segments
> - Normalize `gitAdd` filepaths for both native Git and isomorphic-git;
adjust error messages accordingly
> - Visual editing handler now stages modified files with `gitAdd`
(replacing direct isomorphic-git add) while continuing to use `safeJoin`
> - Tests updated to assert forward-slash normalization for
Windows-style inputs
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5e1cf28e5632a37c564c71b52cc702b7c57e49fc. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Normalize Windows backslash paths to forward slashes across component
taggers, visual editing, and git staging so TSC workers and git
operations don’t break on Windows. Centralizes normalization in gitAdd
and safeJoin for consistent component IDs and file paths.

- **Bug Fixes**
- Next.js webpack and Vite taggers: replace backslashes from
path.relative() with forward slashes.
- Git utils: gitAdd normalizes filepath before staging (native Git and
isomorphic-git).
- Path utils: safeJoin normalizes segments before joining and blocks
unsafe absolute paths.
- Visual editing and preview: normalize component IDs and paths; use
gitAdd and safeJoin for file staging.

<sup>Written for commit 674f783cdd844fb98cd746cd8d7dc9234d419d80.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Updates the Vercel deployment URL when refreshing deployments to show
the most recent READY production deployment
- Previously, the Live URL was only set once during project creation or
connection and never updated
- Now when users click "Refresh Deployments", the Live URL will update
to reflect the latest production deployment

Fixes #2208

## Test plan
- [ ] Connect an app to a Vercel project
- [ ] Verify the Live URL is shown correctly
- [ ] Push a new deployment to Vercel
- [ ] Click "Refresh Deployments" in Dyad
- [ ] Verify the Live URL updates to reflect the new deployment

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Ensures the app’s Vercel Live URL stays current after refreshing
deployments.
> 
> - In `vercel_handlers.ts`, when fetching deployments, finds the most
recent `READY` production deployment and updates
`apps.vercelDeploymentUrl` if it changed (with logging)
> - In `VercelConnector.tsx`, after `getDeployments()` completes, calls
`refreshApp()` so the updated Live URL is shown in the UI
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
2f2cccc87b91a3653b70d008b7f208a9aebd7af6. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Ensures the Vercel Live URL updates to the latest READY production
deployment when users refresh deployments, fixing the stale URL issue.
Fixes #2208.

- **Bug Fixes**
- Call refreshApp() after getDeployments in VercelConnector to refresh
the Live URL.
- In IPC handler, detect the most recent READY production deployment and
update vercelDeploymentUrl in the DB only when it changes.

<sup>Written for commit 2f2cccc87b91a3653b70d008b7f208a9aebd7af6.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Fixed chat summarization failing in local-agent mode with "no
technical discussion" error
- Added `messageOverride` parameter to `handleLocalAgentStream` to pass
transformed messages
- When summarize intent is detected, the formatted chat content is now
correctly passed to the local agent handler instead of relying on
database messages

Fixes #2292

## Test plan
- [ ] In local-agent mode, trigger "Summarize to new chat" from a chat
with technical content
- [ ] Verify the summarization completes successfully instead of showing
"no technical discussion" error
- [ ] Verify normal chat functionality in local-agent mode is not
affected

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes "Summarize to new chat" failing in local-agent mode by passing the
formatted chat content to the local agent instead of reading DB history,
addressing #2292. Prevents the "no technical discussion" error while
keeping normal chat behavior unchanged.

- **Bug Fixes**
- Added messageOverride to handleLocalAgentStream to use transformed
messages.
- chat_stream_handlers passes chatMessages on summarize intent;
otherwise uses DB-derived history.
- Added Playwright E2E test to verify summarize-to-new-chat works in
local-agent mode.

<sup>Written for commit c88a646b22127a655b8e96f77956e3cbd01f4a45.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Fix local-agent summarization**
> 
> - Detects summarize intent and passes formatted `chatMessages` via
`messageOverride` to `handleLocalAgentStream`; handler now prefers
overrides over DB-derived history
> - Uses read-only system prompt in ask-mode local-agent path and wires
both ask/local-agent paths to support overrides
> - Adds E2E test `local_agent_summarize.spec.ts` with snapshot to
verify summarize-to-new-chat works
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
c88a646b22127a655b8e96f77956e3cbd01f4a45. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Fixes the merge-reports workflow failure on fork PRs (like #2276)
- Wraps GitHub API calls in try-catch to handle 403 permission errors
gracefully
- Test results are still written to the job summary even when PR comment
fails

## Test plan
- [x] Verify the fix by checking the merge-reports job on this PR
(should pass)

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Prevents merge-reports from failing on fork PRs by gracefully handling
403 permission errors when posting Playwright results. Test results
still appear in the job summary even if the PR comment can’t be created
or updated.

- **Bug Fixes**
- Wrap PR comment API calls in try/catch; on 403, log a clear message
and continue without failing the workflow.
- Keep update/create logic for the bot comment when permissions allow;
skip safely when no PR is detected.

<sup>Written for commit befdb30e68a21ddb992e0d175d91352dfe8e04e0.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Prototype custom theme generator that lets users create themes manually
or generate prompts from images, manage them from a new Themes page, and
apply them in chat. Themes are global and used in streaming and token
counting.

- **New Features**
  - Added custom_themes table.
- Implemented IPC and hooks to list/create/update/delete themes with
query cache invalidation.
- New CustomThemeDialog with manual prompt entry and prompt generation
from uploaded images and optional keywords; uses the selected model via
Dyad Pro and requires Dyad Pro enabled.
  - New Themes page with CRUD, EditThemeDialog, and a sidebar link.
- Updated chat Themes menu to show built-in plus recent custom themes,
with “New Theme” and a “More themes” dialog; newly created themes
auto-select and selection persists per app.

- **Refactors**
- Replaced getThemePrompt with async getThemePromptById to support
custom theme IDs (custom:<id>); integrated in chat_stream and
token_count handlers.
  - Whitelisted new IPC channels in preload.

<sup>Written for commit 37d9e5f0c477e2bb0847df506450b45a25ab4874.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->










<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Adds end-to-end custom theme support, including storage, IPC, UI, and
chat/system-prompt integration.
> 
> - New `custom_themes` table (+ migration `0022_loving_wendigo`) and
Drizzle schema `customThemes`
> - IPC: moved/expanded theme handlers to
`pro/main/ipc/handlers/themes_handlers.ts` with endpoints for
`get/set-app-theme`, `get/create/update/delete` custom themes, image
save/cleanup, and `generate-theme-prompt`; whitelisted channels in
`preload`
> - Hooks and client: `useCustomThemes` CRUD/generation hooks;
`IpcClient` methods for custom themes, image handling, and generation
> - UI: new `ThemesPage` with cards, `CustomThemeDialog` (AI + manual),
`AIGeneratorTab` (image upload, model/mode, Pro-gated),
`EditThemeDialog`, improved `DeleteConfirmationDialog`; added
`LibraryList` and updated `app-sidebar` default Library route
> - Chat: `AuxiliaryActionsMenu` shows built-in and recent custom
themes, "New Theme" and "More themes"; auto-select newly created theme
> - Prompt resolution: replaced `getThemePrompt` with async
`getThemePromptById` (supports `custom:<id>`) in chat stream and token
count handlers
> - Routing: added `/themes` route; e2e tests for themes CRUD, AI
generator flow/limits, and prompt library navigation
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
37d9e5f0c477e2bb0847df506450b45a25ab4874. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

This avoids distracting the user during active chat responses.

https://claude.ai/code/session_018bxH7uX9t4TH4wxh9VE7Ka

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Hide the uncommitted files banner while chat is streaming to reduce
distraction. Adds an isStreaming check in ChatHeader so the banner only
appears when not streaming.

<sup>Written for commit 4bd7b9fe48f94414e83ae9e4600b4cf898535c1b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude <noreply@anthropic.com>

## Summary
- Set `isPro` as a person property in PostHog when settings are loaded
and updated
- Enables segmenting analytics by pro user status
- Reuses existing `hasDyadProKey` helper for consistency

## Test plan
- [x] Lint passes
- [x] TypeScript type check passes
- [ ] Manual verification that PostHog receives the person property

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Set an isPro person property in PostHog when settings load and whenever
they update, enabling analytics segmentation by Pro status. Reuses
hasDyadProKey and aligns the app:initial-load event’s isPro with the
same logic.

<sup>Written for commit 376d4ab5ca9102c25edd43b83e1ea4d8622aa171.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bb

Added pre-commit checks section with formatting, linting, and type-check
commands.

#skip-bb

#skip-bugbot

## Summary
- Add instructions for enabling Playwright debug logs with
`DEBUG=pw:browser`
- Add Git workflow section documenting PR push conventions
- Add skip-bugbot guidance for trivial PRs

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Update AGENTS.md to help debug E2E tests and clarify our PR push
conventions. Adds DEBUG=pw:browser npm run e2e instructions and guidance
to skip bugbot for trivial changes.

<sup>Written for commit b4a62ab10eb37373580923133a7f0af6881585ed.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Add `.claude/settings.json` to allow `Bash(npm:*)` permission for
Claude Code workflows

This is a smaller PR split out from the IPC contracts branch.

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add project-wide .claude/settings.json with an expanded allowlist for
Bash commands (npm run/install, git, gh, and read-only file/list/search
tools), and remove settings.local.json. This enables npm scripts and
common read-only shell commands to run without prompts, reducing
friction in dev workflows.

<sup>Written for commit 84d601708a5d36d1b248189e4aa1ab1a8222f6f9.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

When serializing dyad-tags, special characters (& < > ") are escaped.
When deserializing/parsing, these need to be unescaped to get the
original values. This fixes issues where escaped characters like &lt;
would appear literally in the UI or processed values.

Changes:
- Add shared/xmlEscape.ts with escape/unescape utilities
- Update DyadMarkdownParser.tsx to unescape attributes and content
- Update dyad_tag_parser.ts to unescape all parsed values
- Consolidate duplicate escape functions to use shared utilities
- Add comprehensive tests for the escape/unescape roundtrip

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Fixes incorrect literal XML entities by unescaping dyad-tag attributes
and inner content during parse, and centralizes escape helpers.
> 
> - **Shared utils**: Add `shared/xmlEscape.ts` with
`escapeXmlAttr|Content` and `unescapeXmlAttr|Content`; remove duplicate
implementations and re-export in local agent tools
> - **Parsing/rendering**: Update `DyadMarkdownParser` and
`dyad_tag_parser` to unescape attributes/content for all relevant tags
(write/rename/delete/search-replace/execute-sql/chat-summary/command)
> - **Problem reports**: Generate `<dyad-problem-report>` using
`escapeXmlAttr` for attributes and `escapeXmlContent` for messages
> - **Local agent**: Use shared escaping in `xml_tool_translator` and
related tooling
> - **Tests/E2E**: Add comprehensive `xmlEscape` unit tests; update grep
snapshots to expect raw JSX/HTML characters
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
0e1be9ad5d5cf0300cc1cf5bd361b1fd44f61ad7. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes XML escaping for dyad-tags by unescaping attributes and content
during parsing so original values render and process correctly. Prevents
literal entities like &lt; showing in the UI and tools.

- **Bug Fixes**
- Unescape tag attributes and inner content in DyadMarkdownParser and
dyad_tag_parser.
- Correct attribute and content escaping in dyad-problem-report
generation.
  - Add roundtrip tests for attribute and content escape/unescape.
- Update local agent grep E2E snapshots to expect raw JSX/HTML
characters.

- **Refactors**
- Introduce shared/xmlEscape with escape/unescape helpers for attributes
and content.
- Remove duplicate implementations and update IPC/local agent callers to
use shared utilities.

<sup>Written for commit 0e1be9ad5d5cf0300cc1cf5bd361b1fd44f61ad7.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

#skip-bb

- Upgrade oxlint from v1.8.0 to v1.41.0
- Enable correctness, suspicious, and perf categories for better code
quality checks
- Disable overly pedantic style rules (sort-keys, sort-imports,
no-ternary, etc.)
- Add JSON schema reference for IDE support

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Upgrade oxlint to v1.41.0 and enable only the correctness rule category
to catch real issues while keeping suspicious and perf off. Added a JSON
schema reference in .oxlintrc for IDE support.

- **Dependencies**
  - Bump oxlint to ^1.41.0.
  - oxlint now requires Node ^20.19.0 or >=22.12.0.

- **Migration**
  - Update CI and local Node to meet the new requirement.
  - Run lint; expect new warnings from correctness rules.

<sup>Written for commit f182e37e55dfa51ab2b97225f899a7cf1a4d6f46.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

## Summary
- Update local Claude permissions with common allow patterns
- Add #skip-bugbot guidance to AGENTS.md for trivial PRs

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Expanded local Claude permissions to include Edit/Write and common npm,
git, and gh commands to support standard local workflows. Updated
AGENTS.md with guidance to add #skip-bugbot for trivial, non-user-facing
changes to avoid noisy automated reviews.

<sup>Written for commit 4f9a6fa93a292e3e680bca38aee16ada71876ea0.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Add support for using #skip-bb in PR descriptions to skip BugBot
reviews, in addition to the existing #skip-bugbot tag.
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds two Claude commands to speed up PR fixes: E2E Snapshot Rebase to
auto-update Playwright snapshots from PR comments and verify, and PR Fix
to address review feedback and failing checks end-to-end. Also documents
the Git push workflow (push to the branch’s tracking remote if a PR
exists; otherwise push to origin/fork; if pushing to the fork fails,
push to upstream) to keep PRs green with less manual work.

- **New Features**
  - New .claude/commands/e2e-rebase.md command to:
- Read the PR number and parse failed Playwright test files from PR
comments.
- Run pre:e2e, update snapshots per failed spec, then re-run tests to
verify.
    - Stop and report if verification fails to catch flaky updates.
- Show snapshot diffs, then commit and push when changes look correct.
  - New .claude/commands/pr-fix.md command to:
    - Determine the PR, fetch review comments and CI checks.
- Identify actionable feedback, make code changes, and fix failing
tests.
    - Use /e2e-rebase when failures are snapshot-related.
- Verify with lint/typecheck/tests, then commit, push, and summarize
fixes.

<sup>Written for commit b58c0290c2d389b7fc91de541deb66d8bec4d335.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bugbot

For pro users, ask mode now uses the local agent handler in read-only
mode, giving them access to code reading tools (read_file, list_files,
grep, code_search, etc.) while preventing any state modifications.

Changes:
- Add `modifiesState` property to ToolDefinition interface
- Mark state-modifying tools (write_file, edit_file, delete_file,
rename_file, add_dependency, execute_sql, add_integration)
- Add `readOnly` option to buildAgentToolSet to filter out
state-modifying tools
- Add `readOnly` option to handleLocalAgentStream to skip commits/
deploys and exclude MCP tools in read-only mode
- Create LOCAL_AGENT_ASK_SYSTEM_PROMPT for read-only agent mode
- Route pro ask mode users to local agent with readOnly: true

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Enables read-only local-agent behavior for Pro users in `ask` mode,
providing code-inspection tools without allowing modifications.
> 
> - Route `ask` → local-agent with `readOnly: true` (when Pro and no
mentioned apps); persist `aiMessagesJson` for these modes
> - Add `modifiesState` to `ToolDefinition`; mark state-changing tools
and filter them in `buildAgentToolSet({ readOnly })`; exclude MCP tools
in read-only
> - Update `handleLocalAgentStream` to support `readOnly`: skip
commits/deploys and return `updatedFiles: false`
> - Introduce `LOCAL_AGENT_ASK_SYSTEM_PROMPT` and plumb `readOnly`
through `constructSystemPrompt`/`constructLocalAgentPrompt`
> - E2E: new ask-mode tests/fixtures and snapshot updates; add
deterministic normalization of tool_call IDs in test helper
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
a67cbc1ccad35bf1fad9277bfce14a8999e763ca. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Pro ask mode now uses the local agent in read-only mode, letting users
read and search code without changing anything. Commits, deploys, and
state-modifying tools are disabled.

- **New Features**
- Route Pro ask mode to the local agent with readOnly: true when no
other apps/codebases are mentioned.
- Tools declare modifiesState;
write/edit/delete/rename/add_dependency/execute_sql/add_integration are
marked and excluded in read-only mode.
- buildAgentToolSet and handleLocalAgentStream support readOnly to
filter tools, skip MCP tools, and avoid commits/deploys (updatedFiles:
false).
- Added LOCAL_AGENT_ASK_SYSTEM_PROMPT and prompt wiring to support
read-only behavior.

<sup>Written for commit a67cbc1ccad35bf1fad9277bfce14a8999e763ca.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

#skip-bugbot
- Upgrade Electron from 38.2.2 to 40.0.0 (latest stable)
- Upgrade Electron Forge packages from 7.10.2 to 7.11.1 (latest)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Upgraded Electron to 40.0.0 and Electron Forge to 7.11.1 to stay current
with security fixes and build tooling. This improves build stability and
keeps us aligned with the latest platform changes.

- **Dependencies**
  - electron: 38.2.2 → 40.0.0
- All @electron-forge packages: 7.10.2 → 7.11.1 (cli, makers, plugins,
publisher)

- **Migration**
  - Run package install to update lockfile, then rebuild.
  - Repackage with Forge and smoke test app startup.
  - Verify signing and installers on Windows, macOS, and Linux.

<sup>Written for commit c629f322f9f3eb58b4ac90aae43be8180ac68286.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

- Add IPC handlers for getting uncommitted files with status and
committing changes
- Create useUncommittedFiles and useCommitChanges hooks
- Add UncommittedFilesBanner component that shows when there are
uncommitted changes
- Display file status (added, modified, deleted, renamed) in the review
dialog
- Auto-generate sensible commit messages based on changes
- Add E2E tests for the uncommitted files banner feature

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds an uncommitted files banner with a review & commit dialog in
ChatHeader to make it easy to see changes and commit from the app.
Improves visibility on main and streamlines committing with sensible
default messages.

- **New Features**
- Show banner on main when there are uncommitted changes; includes count
and “Review & commit”.
- Dialog lists changed files with status
(Added/Modified/Deleted/Renamed) and generates an editable default
commit message.
- Hooks and IPC: useUncommittedFiles (polls every 5s) and
useCommitChanges; git:get-uncommitted-files and git:commit-changes.
- Commit stages all changes, blocks during merge/rebase, and invalidates
queries so the banner disappears and versions refresh.
- E2E tests cover banner visibility, review/commit flow, success toast,
and multiple file statuses.

<sup>Written for commit d28ab8364e2344cfd4d9c9b548eeedaff3187f6a.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Introduces an inline workflow to spot and commit local changes from
the chat header when on `main`.
> 
> - **UI**: Adds `UncommittedFilesBanner` in `ChatHeader` with “Review &
commit” dialog showing changed files (status:
Added/Modified/Deleted/Renamed) and a generated default commit message
> - **Hooks**: New `useUncommittedFiles` (polls every 5s) and
`useCommitChanges` (toast + query invalidation for `uncommittedFiles`
and `versions`)
> - **IPC & Types**: Adds `git:get-uncommitted-files` and
`git:commit-changes`; updates `ipc_client.ts`, `ipc_types.ts`, and
`preload.ts`
> - **Git utils**: Implements `getGitUncommittedFilesWithStatus`,
`gitAddAll`, and `gitCommit` with merge/rebase state checks and
native/isomorphic support
> - **Tests**: E2E (`uncommitted_files_banner.spec.ts`) validates banner
visibility, dialog content, committing (including native Git path), and
resulting commit
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
d28ab8364e2344cfd4d9c9b548eeedaff3187f6a. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>

Add babel-plugin-react-compiler to the build pipeline to enable
automatic memoization and optimization of React components.

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Enable React Compiler in the renderer Vite build to automatically
memoize and optimize React components. This should reduce unnecessary
re-renders and improve UI responsiveness.

- **Dependencies**
- Added babel-plugin-react-compiler and wired it into
@vitejs/plugin-react via Babel (default config).

- **Migration**
- No code changes required; build-time only. Verify key UI flows for any
unexpected behavior.

<sup>Written for commit 64fdea33436212d3ba36aa60e5ca014eaf2ab3e5.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude <noreply@anthropic.com>

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Automates Playwright result comments in CI to make failures easier to
spot and fix. Adds missing-shard warnings, collapsible failure lists,
and copy-paste snapshot update commands.

- **New Features**
- Adds a GitHub Actions step to run
scripts/generate-playwright-summary.js via github-script (uses
PLAYWRIGHT_RUN_ID).
- Detects missing macOS/Windows shards from blob reports and shows a
warning in the PR comment.
- Collapsible failure sections when there are more than 10 failures per
OS.
- Generates copy-paste npm commands to update snapshots for failed macOS
tests.
- Supports workflow_run and pull_request events; handles push events
without a PR gracefully.

<sup>Written for commit ccafd00835b5390949ca18a8743c6c69a44b21d4.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

- Add `defaultChatMode` field to UserSettings schema
- Create `getEffectiveDefaultChatMode()` helper that returns the
appropriate default based on settings and pro status:
  - If defaultChatMode is explicitly set, use it
  - If not set but user has Dyad Pro enabled, default to "local-agent"
  - Otherwise default to "build"
- Create DefaultChatModeSelector component in Workflow Settings
- When user upgrades to Dyad Pro, automatically set default to
"local-agent"
- Apply default chat mode when navigating to home page

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a default chat mode setting with sane defaults and a selector in
Workflow Settings. It applies the effective default on the home page and
for new chats, and sets it to Agent when a user upgrades to Dyad Pro.

- **New Features**
  - Added defaultChatMode to UserSettings.
- Added getEffectiveDefaultChatMode with rules: explicit > Dyad Pro →
local-agent > build.
- Added DefaultChatModeSelector in Workflow Settings (shows Agent option
when Dyad Pro is enabled).
- Home page and new chats sync selectedChatMode to the effective
default.
- On first Dyad Pro setup, default mode is set to local-agent
automatically.

<sup>Written for commit c265968422be75cc8b44760a684204fec198ccd0.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Adds a user-configurable default chat mode and ensures it’s applied
consistently across the app.
> 
> - **Core/Schema**: Add `defaultChatMode` to `UserSettings` and
`getEffectiveDefaultChatMode()` helper (falls back to `local-agent` for
Pro, otherwise `build`)
> - **Settings UI**: New `DefaultChatModeSelector` in Workflow Settings;
shows `Agent` option only when Pro is enabled
> - **Behavior changes**: Apply effective default on home (`home.tsx`)
and set `selectedChatMode` for new chats (`ChatList.tsx`)
> - **Provider setup**: On first Dyad Pro key save, set
`defaultChatMode` to `local-agent` (`ProviderSettingsPage.tsx`)
> - **E2E/tests**: New and updated tests for defaults and mentions;
stabilize dumps by normalizing `item_reference` IDs; updated chat mode
option mapping
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
00d92922ec6cab870c9ff50fdd3912a58d97f0f1. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Upgrade default template and migrate Calendar**
> 
> - Bumps dependencies in template/package manifests:
`react`/`react-dom` -> `^19.2.3`, `react-day-picker` -> `^9.13.0`, and
`@types/react`/`@types/react-dom` -> `^19.x`
> - Migrates `Calendar` (`src/components/ui/calendar.tsx`) to DayPicker
v9: updates `classNames` keys (e.g., `month_caption`,
`button_previous/next`, `month_grid`, `weekday/week`, `day_button`,
`selected`, `range_end`, `today`, `outside`, `disabled`, `range_middle`,
`hidden`) and replaces `IconLeft/IconRight` with `components.Chevron`
> 
> **Tests and snapshots**
> 
> - Rebaselines e2e snapshots reflecting dependency/UI changes
> - Adds `await this.waitForChatCompletion()` in `snapshotServerDump` to
stabilize chat/server dump snapshots
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
3bc152b48e32e9746bf9e08fe7795505608a1c6d. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Upgrade the default scaffold to React 19 and bump react-day-picker to
v9, updating the Calendar component to the new DayPicker v9 API.
Rebaselined e2e snapshots and added a wait in tests to stabilize chat
output.

- **Dependencies**
- Updated scaffold/package.json: react and react-dom -> ^19.2.3;
react-day-picker -> ^9.13.0; @types/react and @types/react-dom -> ^19.x.
- Updated scaffold/pnpm-lock.yaml; refreshed root/test lockfiles and
peer flags.
- Adjusted e2e snapshots for dependency/version changes and minor UI
text ordering.

- **Migration**
  - Run npm ci and rebuild the template. No app code changes required.

<sup>Written for commit 3bc152b48e32e9746bf9e08fe7795505608a1c6d.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

#skip-bugbot

Use the AI SDK's hasToolCall() function to stop the agent loop when the
add_integration tool is invoked, allowing the user to set up the
integration before the agent continues.

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Stop the local agent loop when the add_integration tool is called,
pausing the run so the user can finish setup. Adds
hasToolCall('add_integration') to stopWhen and keeps the 25-step cap.

<sup>Written for commit b5826e0563b4b0925715733a86e02707f9387e45.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Adds an early stop condition to pause the local agent when integration
setup is triggered.
> 
> - Imports `hasToolCall` and `addIntegrationTool`
> - Updates `stopWhen` to `[stepCountIs(25),
hasToolCall(addIntegrationTool.name)]` to halt on `add_integration` tool
invocation
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
b5826e0563b4b0925715733a86e02707f9387e45. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

Change the continue button variant from 'outline' to 'default' to
improve visibility in dark mode. The outline variant had poor contrast
against the green success background in dark mode.

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Improve dark mode contrast for the Supabase success state by switching
the “Continue” button from outline to default. Also adjust success card
and integrate prompt colors for better readability in dark mode.

<sup>Written for commit f184afad3d02c069b4a33a6b5f9eeb4dca65c3ec.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

Closes #817.

A while back, I had opened #960 for the same issue, and I thought I
would give it a second try. Unlike my previous PR, this time I
implemented the AppImage maker myself.

Given that security concerns came up last time, I feel obligated to
mention the following:
1. This code does run `mksquashfs` (technically a third-party
executable) in the same environment as the signing keys. However, it's
widely used and is present on the GitHub runner by default.
2. My code also fetches the AppImage runtime during build, but this gets
embedded in the AppImage and never runs on the server. As such, it would
not be able to access the signing keys even if it theoretically had a
vulnerability or was infected.

If we're including an AppImage in the releases going forward, I don't
think that either of the above two points are easily avoidable. We
_could_ handle the second point by storing our own static version of the
AppImage runtime, but I don't think that's particularly elegant or
desirable.

Of course, please feel free to let me know if you'd like any changes.
Thanks!

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds an AppImage maker to Electron Forge and includes a Linux x86_64
AppImage in release assets.

- **New Features**
- Implements MakerAppImage that builds the AppDir, generates the
.desktop file, embeds the app icon, sets AppRun, and packs with
mksquashfs.
- Fetches the AppImage runtime at build time, verifies its SHA-256, and
embeds it; it never executes on CI.
- Integrates into forge.config and release asset checks. Output:
dyad_{version}_x86_64.AppImage.

- **Dependencies**
  - Requires mksquashfs on the build host (available on GitHub runners).

<sup>Written for commit 8bdb3840b906cc74a852704be50acb1b4d08fc97.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Introduces Linux AppImage packaging and aligns release checks.
> 
> - Adds `MakerAppImage` that assembles `AppDir`, generates `.desktop`,
embeds icon, creates `AppRun` symlink, packs with `mksquashfs`, and
prepends the fetched AppImage runtime after SHA-256 verification
> - Integrates maker in `forge.config.ts` (outputs
`dyad_{version}_x86_64.AppImage`; linux x64; requires `mksquashfs`)
> - Updates `scripts/verify-release-assets.js` to include the AppImage
in expected assets
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
8bdb3840b906cc74a852704be50acb1b4d08fc97. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

#skip-bugbot

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Added a symlink CLAUDE.md that points to AGENTS.md so existing links to
CLAUDE.md resolve to the agents docs. This avoids duplicate files and
keeps the docs in one place.

<sup>Written for commit 84a220b557d955a221591ba7d21fe3f2568c7862.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude <noreply@anthropic.com>

#skip-bugbot

Changed the Supabase prompt from using $$SUPABASE_CLIENT_CODE$$
placeholder replacement to dynamically constructing the system prompt
with the actual Supabase client code. This is more reliable and removes
the need for post-processing the AI response.

Changes:
- Convert SUPABASE_AVAILABLE_SYSTEM_PROMPT to
getSupabaseAvailableSystemPrompt() function
- Pass supabaseClientCode parameter when constructing system prompt
- Remove response chunk processing that replaced
$$SUPABASE_CLIENT_CODE$$
- Update prompt to instruct AI to write to appropriate file path instead
of hardcoding <dyad-write>
- Update test fixture to contain actual expected Supabase client code

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Refactors Supabase integration to embed real client code directly in
the system prompt, eliminating placeholder replacement and making
generation deterministic.
> 
> - Replace `SUPABASE_AVAILABLE_SYSTEM_PROMPT` with
`getSupabaseAvailableSystemPrompt(supabaseClientCode)` and update
instructions to create `src/integrations/supabase/client.ts` and add
`@supabase/supabase-js`
> - In `chat_stream_handlers.ts` and `token_count_handlers.ts`, fetch
`supabaseClientCode` via `getSupabaseClientCode` and append
`getSupabaseAvailableSystemPrompt(...)` to `systemPrompt`
> - Remove response-time placeholder replacement logic for
`$$SUPABASE_CLIENT_CODE$$` in streaming handler
> - Update e2e fixture `generate-supabase-client.md` to include the
concrete client implementation
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
dfec59bfd59df71af534db92b4d8f1a6f1606047. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Refactors the Supabase prompt to inject the real client code into the
system prompt, replacing the $$SUPABASE_CLIENT_CODE$$ placeholder. This
removes response post-processing and makes client file creation more
reliable.

- **Refactors**
- Replace SUPABASE_AVAILABLE_SYSTEM_PROMPT constant with
getSupabaseAvailableSystemPrompt(supabaseClientCode).
- Build the system prompt with supabaseClientCode in chat and token
count handlers.
  - Remove placeholder replacement from chat stream response handling.
- Update prompt to embed the actual client code, instruct the correct
file path, and add the @supabase/supabase-js dependency.
  - Update e2e fixture to include the expected Supabase client code.

<sup>Written for commit dfec59bfd59df71af534db92b4d8f1a6f1606047.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

- Change badge from "Experimental" to "New" with blue styling
- Move Agent Mode to first position in mode selector

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Highlights a UI tweak to the chat mode menu for Pro users.
> 
> - Replaces `ExperimentalBadge` with `NewBadge` (blue "New") in
`ChatModeSelector`
> - Moves `local-agent` ("Agent v2") item to the top of the selector
when Pro is enabled, ahead of `Build`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
c95c5d4fd107bb99d86f5a7e626aa153fb5e61cc. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Changed the Agent v2 badge from “Experimental” to a blue “New” badge and
moved Agent Mode to the top of the mode selector to improve visibility
and discovery. This makes the new Agent experience easier to find.

<sup>Written for commit c95c5d4fd107bb99d86f5a7e626aa153fb5e61cc.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude <noreply@anthropic.com>

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Tightens CI review automation to only run for specific trusted
contributors.
> 
> - Adds author filter `if:` conditions in `bugbot-trigger.yml` and
`claude-pr-review.yml` to allow only `wwwillchen`, `azizmejri1`, and
`princeaden1`
> - Preserves `#skip-bugbot` opt-out for BugBot; removes previous
unconditional check in favor of combined author + skip filter
> - No functional changes to steps beyond gating; environments and
permissions remain the same
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
0de70045d0c98e4cec45f0a3b90100a223a0be9e. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Restricts automatic PR reviews (BugBot and Claude) to an allowlist of
regular contributors. This controls review costs/limits and reduces risk
from external PRs.

- **New Features**
- BugBot: Only runs for PRs by wwwillchen, azizmejri1, or princeaden1;
can be disabled with #skip-bugbot in the PR body.
  - Claude: Only runs for PRs by wwwillchen, azizmejri1, or princeaden1.

<sup>Written for commit 0de70045d0c98e4cec45f0a3b90100a223a0be9e.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->