## Summary
- Create new `StreamingLoadingAnimation` component with two variants for
chat streaming states
- **Initial variant**: Flowing wave animation with 5 glowing orbs,
staggered bounce, and gradient fills
- **Streaming variant**: Pulsing indicator with rotating ring and
animated "generating..." text
- Replace inline animations in ChatMessage with the new component for
cleaner code

## Test plan
- Start the app and send a message to trigger chat streaming
- Verify the initial loading animation shows glowing bouncing orbs when
waiting for first response
- Verify the streaming indicator shows pulsing "generating..." text
while content is being generated
- Check animations work correctly in both light and dark modes

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2425">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> UI-only changes that replace existing loading indicators; main risk is
visual/regression or performance issues from the new animations.
> 
> **Overview**
> Adds a new `StreamingLoadingAnimation` component with two variants
(`initial` and `streaming`) using `framer-motion`, rotating verbs, and a
scrambled text effect.
> 
> Updates `ChatMessage` to replace the previous inline loading/spinner
animations with this shared component for both the pre-response and
in-stream indicators.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
65fac50463768be2e56810c498ca5b4c694754bd. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add a reusable StreamingLoadingAnimation component with “initial” and
“streaming” variants to improve chat loading feedback. Replaces ad‑hoc
animations in ChatMessage for a cleaner, consistent UI.

- **New Features**
  - StreamingLoadingAnimation component:
    - initial: glowing orb wave
    - streaming: organic equalizer bars
  - Rotating verbs with scramble text reveal; theme-aware colors

- **Refactors**
- ChatMessage now uses the new component instead of inline framer-motion
blocks
  - Centralizes animation styles; no changes to streaming logic

<sup>Written for commit 65fac50463768be2e56810c498ca5b4c694754bd.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Closes #585.

Currently, there are at least two places where an Electron logo appears
instead of the Dyad logo:
- In the Windows control panel (see #585).
- On the taskbar (or equivalent) of some Linux desktop environments
while running the app.

The Windows installer (`.Setup.exe`) also shows a generic icon instead
of the Dyad logo when viewed in the file explorer.

This PR aims to fix all of the above. It's a relatively minor detail,
but it's nice to have anyway.

The relevant documentation from Electron Forge is on this page:

https://www.electronforge.io/guides/create-and-add-icons#setting-the-app-icon

I've double-checked that this fixes the icons on Windows 10, XFCE and
Cinnamon (on Linux Mint), and GNOME (on Fedora). I don't have a device
that runs Windows 11.
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2404">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Replace generic/Electron icons with the Dyad logo across Windows and
Linux. Ensures correct branding in the Windows control panel, Linux
taskbar, and the Windows installer.

- **Bug Fixes**
  - Set BrowserWindow icon to assets/icon/logo.png.
  - Configured Electron Forge makers:
- Squirrel: iconUrl and setupIcon set to Dyad .ico for installer and
control panel.
    - Deb/RPM: icon set to Dyad .png for desktop environments.
- Verified on Windows 10, Linux Mint (XFCE, Cinnamon), and Fedora
(GNOME).

<sup>Written for commit 2f29dcc2fd34fdc53fb9bd2126cf02a7bd719920.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

## Summary
- Windows release builds fail during code signing because the Azure
Trusted Signing DLL cannot parse the signing metadata JSON file
- The `signing-metadata.json` is written with a UTF-8 BOM (0xEF 0xBB
0xBF) by Windows PowerShell 5.1's `Out-File -Encoding utf8`, and .NET's
`System.Text.Json` parser rejects the BOM as invalid JSON
- Fix: switch `shell: powershell` to `shell: pwsh` (PowerShell Core)
which writes UTF-8 without BOM by default

## Test plan
- Re-run the release workflow and verify the Windows build completes
signing successfully

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2446">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fix Windows release signing failures by switching the workflow to
PowerShell Core (pwsh) so signing-metadata.json is written as UTF-8
without a BOM. This avoids the .NET System.Text.Json BOM error and lets
Azure Trusted Signing parse the file successfully.

<sup>Written for commit b1967255ec4547681dd5650fe0c2154b7374f0ad.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Auto-discover signtool.exe from Windows SDK instead of relying on
`SIGNTOOL_PATH` repository variable
- Add `/debug` flag to signtool for better diagnostics during signing
failures
- Remove `SIGNTOOL_PATH` env var from the electron-builder step since
it's now set dynamically

#skip-bugbot

## Test plan
- Verify the release workflow runs successfully on Windows runners
- Check that signtool.exe is found from the Windows SDK directory
- Confirm signing output includes debug information

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2445">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Automatically discover the Windows SDK SignTool in the release workflow
and set its path via GITHUB_ENV, removing the need for the SIGNTOOL_PATH
repo variable. Adds /debug to SignTool for clearer diagnostics during
signing.

- **Refactors**
- Auto-find x64 signtool.exe from the Windows SDK and export
SIGNTOOL_PATH dynamically.
  - Add /debug to signWithParams for better logging.
  - Remove SIGNTOOL_PATH from the electron-builder step.

<sup>Written for commit e667e794ac6b4c13bf34ab2943182fd22de26da0.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Adds `@ts-expect-error` comment to suppress a zod v4 type inference
issue in `registerTypedHandlers` (`src/ipc/handlers/base.ts`)
- The generic handler registration produces incorrect types with zod v4,
requiring this suppression until the upstream issue is resolved

## Test plan
- [x] TypeScript type-checking passes (`npm run ts`)
- [x] All 661 unit tests pass
- [x] Lint checks pass

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2444">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Suppress a Zod v4 type inference error in registerTypedHandlers by
adding @ts-expect-error in src/ipc/handlers/base.ts. This unblocks
type-checking with no runtime changes until the upstream issue is fixed.

<sup>Written for commit 4b847c8611331b51afead606c85bdc52d017a1dd.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Removes the invalid `/debug` flag from signtool parameters in
`windowsSign.ts`
- The `/debug` flag is not a supported signtool option and was causing
Windows builds to fail with `SignTool Error: Invalid option: /debug`

## Test plan
- [ ] Verify Windows release build succeeds by running the Release
workflow

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2443">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Removed the invalid /debug flag from signtool params in windowsSign.ts
to fix Windows build failures. This resolves “SignTool Error: Invalid
option: /debug” during signing.

<sup>Written for commit e8d71407fdcf4a3171ee12e9fe9028b4cbc584fe.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: a one-line change to Windows code-signing flags that only
affects signing invocation and should reduce build failures.
> 
> **Overview**
> Removes the unsupported `/debug` option from `windowsSign.ts`
`signWithParams`, leaving only the verbose (`/v`) and Azure signing
library/metadata parameters. This aims to prevent `signtool` from
failing Windows builds due to an invalid flag.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
e8d71407fdcf4a3171ee12e9fe9028b4cbc584fe. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Medium Risk**
> Adds a new IPC entrypoint and changes Node.js status resolution logic
(even though gated to `E2E_TEST_BUILD`), which could affect runtime
behavior if the flag/channel is misused. The rest is E2E-only test
additions/refactors.
> 
> **Overview**
> Adds Playwright E2E coverage for the initial *Setup Dyad* flow,
including Node.js install UX states, provider setup navigation, and
verifying the setup banner disappears after configuring an AI provider.
> 
> Introduces a **test-only IPC** (`test:set-node-mock`) to
deterministically mock Node.js installed/not-installed status in E2E
builds, with a new `PageObject.setNodeMock()` helper and preload
allowlisting. Refactors Node.js status handling to centralize Node
download URL selection via `getNodeDownloadUrl()`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5dd01b9e95375ff4a39d00b9ec9ecb40685d89a0. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds Playwright E2E coverage for the setup flow and a test-only IPC to
mock Node.js install status, making the flow fully testable and
deterministic. Also refactors Node download URL selection for clarity.

- **New Features**
  - Added setup_flow.spec.ts to verify:
    - Banner states when Node is installed.
    - Node install flow with “Continue… I installed Node.js”.
    - AI provider navigation and banner dismissal after configuration.
- Introduced test-only IPC channel test:set-node-mock (allowlisted in
preload) gated by E2E_TEST_BUILD=true; added PageObject.setNodeMock()
helper.
- Refactored node_handlers to use getNodeDownloadUrl() and return mocked
versions when enabled.

- **Migration**
  - Run E2E with E2E_TEST_BUILD=true to enable the mock IPC.

<sup>Written for commit 5dd01b9e95375ff4a39d00b9ec9ecb40685d89a0.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2028">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Add additional search paths for Azure.CodeSigning.Dlib.dll in the
Windows release workflow
- Search in WinGet packages directory and runner user profile where
winget may install tools
- Add logging to show which paths are being searched for easier
debugging

## Test plan
- Trigger the release workflow manually
- Verify the Windows build finds the Azure code signing DLL successfully

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2442">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Ensures the Windows release workflow reliably finds
Azure.CodeSigning.Dlib.dll to prevent signing failures on GitHub Actions
runners.

- **Bug Fixes**
- Search these locations for the DLL: Program Files, %LOCALAPPDATA%,
%LOCALAPPDATA%\Microsoft\WinGet\Packages, and
C:\Users\runneradmin\AppData\Local\Microsoft\WinGet\Packages.
  - Log each path checked for easier debugging.
- Set AZURE_CODE_SIGNING_DLIB when found; exit with a clear error if
not.

<sup>Written for commit a804c86677935ed00094fcf8524aceb1c0943664.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bb

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes Azure code signing on Windows by auto-detecting the
Azure.CodeSigning.Dlib.dll path and exporting it for the build. Adds
better debug output to diagnose signing issues.

- **Bug Fixes**
- Search Program Files and LocalAppData for x64
Azure.CodeSigning.Dlib.dll and set AZURE_CODE_SIGNING_DLIB in the
workflow; fail fast if not found.
  - Extend DEBUG to include electron-windows-sign.
- Log AZURE_CODE_SIGNING_DLIB in forge.config.ts for visibility during
builds.

<sup>Written for commit 04c1f068a03f8741d3a9c904c1b896f80dfe3a37.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->


<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2441">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Add unified `DYAD_DISABLE_CLAUDE_CODE_HOOKS` env var to disable
permission-request and stop hooks
- Update permission policy to explicitly allow GitHub comment/resolve
operations (not destructive)
- Enhance pr-fix:comments skill to always explicitly resolve threads
after addressing
- Add `cc:request` label for non-trivial PRs in pr-push skill

## Test plan
- Set `DYAD_DISABLE_CLAUDE_CODE_HOOKS=1` and verify hooks are bypassed
- Run `/dyad:pr-fix:comments` and verify all addressed threads are
resolved
- Run `/dyad:pr-push` on a non-trivial PR and verify `cc:request` label
is added

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2439">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Unifies hook disabling under DYAD_DISABLE_CLAUDE_CODE_HOOKS, clarifies
non-destructive GitHub actions in the permission policy, and improves PR
skills to resolve threads explicitly and request review on non-trivial
changes.

- **New Features**
- Single env var to disable both permission-request and stop hooks:
DYAD_DISABLE_CLAUDE_CODE_HOOKS.
- Permission policy explicitly allows commenting/replying and resolving
review threads (non-destructive).
- pr-fix:comments explicitly resolves addressed threads and verifies all
trusted threads are handled.
  - pr-push adds the cc:request label for non-trivial PRs.

- **Migration**
- Replace DISABLE_DYAD_STOP_HOOK with DYAD_DISABLE_CLAUDE_CODE_HOOKS
(true/1/yes) to disable both hooks.

<sup>Written for commit a09d0458ef620da8b2358facf7712f5c47362030.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Update winget command to use the correct package ID
`Microsoft.Azure.TrustedSigningClientTools` for Azure Trusted Signing
- Add explicit `--source winget` and `-e --id` flags for more reliable
package resolution

## Test plan
- Verify Windows release build workflow runs successfully with the
updated package installation command

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2440">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Add `isGitHubActions` environment variable check to conditionally
disable Windows code signing
- Disable `windowsSign` in `packagerConfig` when running on GitHub
Actions
- Pass empty config to `MakerSquirrel` instead of signing config on
GitHub Actions

## Test plan
- Verify the build succeeds on GitHub Actions without Windows signing
errors
- Verify local builds with Windows signing still work when not on GitHub
Actions

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2438">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Enable Windows code signing on GitHub Actions and skip it for local
builds. Added an isGitHubActions env check to set
packagerConfig.windowsSign and pass windowsSign to MakerSquirrel only
when running in CI.

<sup>Written for commit 259bc98373fa92668745c503eecc6413528d1172.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary

- Fixes the component selector being permanently disabled when apps have
delayed first render (e.g., async auth/Supabase initialization)
- Uses MutationObserver to retry detecting `[data-dyad-id]` elements for
up to 5 seconds
- Properly cleans up observer and timeout when elements are found to
avoid resource leaks

## Test plan

1. All existing `select component` e2e tests pass (4 tests)
2. Annotator e2e test passes
3. For manual testing:
- Create an app that has delayed initialization (e.g., async auth check
before rendering)
   - Previously: component selector button would be disabled
   - Now: component selector button should enable once components render

Fixes #2231

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2408">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Adds a long-lived `MutationObserver`/timeout loop to initialization,
which could affect iframe performance or leave the selector disabled if
the observer logic misfires, though cleanup and a hard timeout mitigate
this.
> 
> **Overview**
> Makes the component selector initialization resilient to delayed
renders by no longer giving up immediately when no `[data-dyad-id]`
elements exist.
> 
> The client now retries by observing DOM/attribute mutations for newly
tagged elements, posts `dyad-component-selector-initialized` once found,
and cleans up the observer/timeout; it only logs the “no tagged
elements” warning after a 60s timeout.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
56474bce646c9f41c87c869a4310964efcb62a99. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes the component selector staying disabled when apps render late by
retrying initialization until tagged elements appear. Adds a
MutationObserver with a 60s timeout and proper cleanup.

- **Bug Fixes**
- Watch for [data-dyad-id] with a MutationObserver and retry init for up
to 60s.
- Disconnect observer and clear timeout once found; warn only if timeout
expires.
- Addresses Linear issue #2231 by enabling the selector after delayed
renders.

<sup>Written for commit 56474bce646c9f41c87c869a4310964efcb62a99.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Upgraded zod package from ^3.25.76 to ^4.3.6
- Updated z.record() calls to use two arguments (key schema, value
schema) as required by Zod v4
- Changed ZodError.errors to ZodError.issues (API rename in v4)
- Fixed type inference issues with complex generics in
createStreamClient

## Test plan
- [x] TypeScript type-checking passes (`npm run ts`)
- [x] Linting passes (`npm run lint`)
- [x] Unit tests pass (661/661 tests)
- [x] E2E tests pass (195/213 tests - 12 failures are pre-existing flaky
tests unrelated to Zod)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2415">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Medium risk because this upgrades a core validation library and
adjusts IPC schema/handler typings; behavioral changes in Zod
parsing/record typing could surface at runtime if any edge cases differ.
> 
> **Overview**
> Upgrades `zod` from v3 to v4 (and bumps `zod-to-json-schema`),
updating the lockfile and keeping a nested v3 `zod` for
`@modelcontextprotocol/sdk`.
> 
> Updates IPC validation code to match Zod v4: switches
`ZodError.errors` to `ZodError.issues`, updates all `z.record(...)`
usages to the new `z.record(keySchema, valueSchema)` signature, and
applies a few TypeScript workarounds (notably in `createStreamClient`
key handling and `registerTypedHandlers` casting) to avoid inference
breaks under v4.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
2e1becc1b56c343ee969e86de2146e36d255e7ae. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Migrated the codebase to Zod v4. Updated record schemas and error
handling, plus small type fixes in IPC; no runtime changes expected.

- **Dependencies**
  - Upgraded zod to ^4.3.6.
  - Bumped zod-to-json-schema to 3.25.1.

- **Refactors**
  - Replaced z.record(value) with z.record(key, value) across schemas.
  - Switched ZodError.errors to ZodError.issues in handlers.
- Improved createStreamClient key typing (string | number) and used
safer Record<string, unknown> casts.
- Added an explicit type assertion in registerTypedHandlers for handler
registration.

<sup>Written for commit 15413b80916c6816f7c24a59815663f502ac9e3d.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

## Summary
- Adds `@types/node-fetch` as a dev dependency for improved TypeScript
type support

## Test plan
- All existing tests pass
- TypeScript compilation succeeds

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2437">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add @types/node-fetch (^2.6.13) as a dev dependency to provide
TypeScript types for node-fetch. Improves type safety and editor
autocomplete for code using fetch in Node.

<sup>Written for commit 43975a34f2a5b5675c47917721cf9eb8705ef80a.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- **Fixes #2396**: When creating a new chat (including "summarize to new
chat"), the system was hardcoding `ref: "main"` when getting the
`initialCommitHash`, causing issues when users work on feature branches
- Changed to use the default `"HEAD"` ref instead, so the chat correctly
tracks the currently checked-out branch's commit
- This prevents merge conflicts and ensures changes are applied to the
correct branch

## Test plan
1. Create a feature branch from main
2. Create a new chat while on the feature branch
3. Verify the new chat tracks the feature branch's commit, not main's
commit
4. Test "summarize to new chat" functionality while on a feature branch

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2411">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: a small, localized change that only affects which git ref is
used to capture `initialCommitHash` during chat creation.
> 
> **Overview**
> When creating a new chat, the `initialCommitHash` is now resolved from
the repo’s current `HEAD` rather than forcing `ref: "main"`, so chats
created on feature branches track the correct starting commit.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
541b373218a04781d63dfdb05474b4f110d38ab0. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
New chats now use the currently checked-out branch (HEAD) to resolve
initialCommitHash instead of hardcoding main. This ensures chats track
the correct branch and prevents merge conflicts. Fixes #2396.

<sup>Written for commit 541b373218a04781d63dfdb05474b4f110d38ab0.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Update all @ai-sdk/* packages to latest versions
- Update core ai package from ^6.0.14 to ^6.0.68
- Remove unused openai dependency

## Test plan
- [x] Lint checks pass (formatting and linting)
- [x] All 661 unit tests pass
- [ ] Manual testing of AI provider integrations

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2431">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Updated the ai package and all @ai-sdk/* providers to the latest
versions to pick up recent fixes and features. Removed the unused openai
client to reduce install size and avoid overlapping APIs.

- **Dependencies**
  - ai → ^6.0.68
- Updated @ai-sdk packages: amazon-bedrock ^4.0.46, anthropic ^3.0.35,
azure ^3.0.26, google ^3.0.20, google-vertex ^4.0.41, mcp ^1.0.18,
openai ^3.0.25, openai-compatible ^2.0.26, provider-utils ^4.0.13, xai
^3.0.46
  - Removed openai

- **Migration**
  - Run install to update lockfile.
  - No code changes expected; verify provider integrations in staging.

<sup>Written for commit 4959fe16eaff0234e477422d4d8a54f47ef8f23f.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bb

## Summary
- Replace DigiCert SSM-based code signing with Azure Trusted Signing for
Windows builds
- Add new `windowsSign.ts` configuration for Azure signing parameters
- Update release workflow to install Azure Trusted Signing CLI and
create metadata file
- Version bump to 0.36.0-beta.1 for testing the new signing workflow

## Test plan
- [ ] Trigger a release build and verify Windows binaries are signed
correctly
- [ ] Verify the signed executable passes Windows SmartScreen
verification

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2429">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Switches Windows code signing from DigiCert SSM to Azure Trusted Signing
to simplify CI and reduce secret handling. Updates Forge config and
release workflow; bumps version to 0.36.0-beta.1 for testing.

- **Refactors**
- Added windowsSign.ts with Azure sign params (dlib + metadata),
SHA-256, and timestamp server.
  - Wired windowsSign into Electron Forge packager and MakerSquirrel.
- Release workflow installs Azure Trusted Signing via winget and writes
signing-metadata.json; removes DigiCert SSM steps.

- **Migration**
- Add AZURE_CODE_SIGNING_DLIB, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and
AZURE_TENANT_ID as CI secrets. The workflow sets AZURE_METADATA_JSON
automatically.
  - Run a release build and verify the signed EXE passes SmartScreen.

<sup>Written for commit 0d5b4d58940b59300796ea18e8c403bfcc25b30d.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Replace `<dyad-write>` and `<dyad-execute-sql>` custom XML tags with
standard markdown code blocks in the Supabase prompt
- This improves compatibility and readability of the generated code
examples
- No functional changes to behavior

## Test plan
- All 661 unit tests pass
- Lint and type checks pass

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2424">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Replaced custom <dyad-write> and <dyad-execute-sql> tags with standard
fenced code blocks in the Supabase prompt to improve compatibility and
readability. No behavior changes.

- **Refactors**
- Swapped custom XML tags for markdown code blocks with language hints
(tsx, sql, typescript).
- Cleaned up instructions (removed tag-specific guidance; clarified
auto-deploy and file labels).
  - Updated example paths (e.g., supabase/functions/hello/index.ts).

<sup>Written for commit e0aecca9615c9580de231e740fa71f934c8ecb3a.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Fixes #2395 

## Summary
- Use `write_file` tool format instead of `dyad-write` XML tags when
local agent stream mode is active
- The local agent uses tools rather than XML-based commands, so
attachments need compatible upload instructions
- Refactored `willUseLocalAgentStream` check to be computed once and
reused

## Test plan
- Test uploading file attachments while in local agent mode
- Verify the system prompt contains `write_file` tool instructions
instead of `dyad-write` XML tags
- Verify regular (non-local-agent) mode still uses the XML-based
instructions

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2412">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: only adjusts system-prompt attachment upload instructions
and reuses a single `willUseLocalAgentStream` flag; could affect how
models handle uploads in local-agent/Pro ask mode.
> 
> **Overview**
> Fixes attachment-upload prompting when streaming via the local agent
by switching from `dyad-write` XML tag instructions to `write_file`
tool-call instructions for conversations that will use
`handleLocalAgentStream`.
> 
> Also refactors the `willUseLocalAgentStream` condition to be computed
once (based on chat mode/Pro ask mode and absence of mentioned-app
codebases) and reused for both system-prompt construction and
`aiMessagesJson` persistence.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
60dd66e4548c5d10ace43739aea7765958284739. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Fix regression from PR #2336 where `previewCurrentUrlAtom` wasn't
cleared when navigating back to root (`/`)
- Clear preserved URL in `pushState`/`replaceState` handlers when
pathname is "/" or empty
- Clear preserved URL in `restartApp` before restarting to prevent stale
route restoration
- Add E2E test to verify route stays on root after restart

Fixes the issue where HMR/restart would load the wrong URL after
navigating back to root from a sub-route.

## Test plan
- [x] E2E test `restart after navigating back to root should stay on
root` passes
- [x] Existing test `refresh preserves current route` still passes
- [x] Unit tests pass (661 tests)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2422">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Medium risk because it changes preview navigation state persistence
and restart behavior, which could impact route restoration and
back/forward history across apps. Added e2e coverage reduces the chance
of regressions.
> 
> **Overview**
> Fixes a regression where the preview could restore a stale sub-route
after returning to `/` or after an app restart.
> 
> `PreviewIframe` now **clears `previewCurrentUrlAtom`** when
`pushState`/`replaceState` navigates to same-origin root, and
`useRunApp.restartApp` clears the preserved URL for the app before
restarting to avoid remount restoring the wrong route.
> 
> Adds an e2e Playwright test ensuring navigating `/about` → `/` and
then restarting stays on the home route.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
16db90a34c728f311599eab4c029010d89354420. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes a regression where the preview restored a stale sub-route after
returning to “/” or restarting. We now clear the preserved URL so the
app stays on the expected root route.

- **Bug Fixes**
- Clear preserved URL on pushState/replaceState when pathname is “/” in
PreviewIframe.
- Clear preserved URL during restart (useRunApp) to prevent stale route
restoration.
  - Add E2E test to ensure restart after returning to root stays on “/”.

- **New Features**
- Allow disabling the stop hook via DISABLE_DYAD_STOP_HOOK environment
variable.

<sup>Written for commit 16db90a34c728f311599eab4c029010d89354420.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2392">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes failing Next.js e2e tests by selecting the correct chat mode and
restarting after upgrades, and improves the Playwright PR comment with
clearer run/update commands. Also increases local test timeout to reduce
flaky failures.

- **Bug Fixes**
  - Selects “build” chat mode in Next.js tests.
  - Adds restart after upgrade in select component test.
  - Updates snapshot to expect the “next” template ID.
  - Raises local timeout to 75s to reduce flakes.

- **New Features**
- Playwright PR comment now includes copy-paste commands to run and
update snapshots for each failed test.
- Uses -g "pattern" with proper escaping; groups many commands in a
collapsible section.

<sup>Written for commit 5124cf2f3e8aa80e9de63b412ff0b6aeeff81eb5.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

## Summary
- Adds new "Auto-expand preview panel" toggle in Workflow Settings
- When disabled, the preview panel stays collapsed after chat responses
and proposal approvals
- Defaults to enabled to preserve existing behavior

Fixes #2090

## Test plan
1. Go to Settings > Workflow Settings
2. Disable "Auto-expand preview panel"
3. Collapse the preview panel manually
4. Send a chat message that generates code changes
5. Verify the preview panel stays collapsed

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2352">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Introduces a user setting to control automatic preview expansion after
code changes.
> 
> - Adds `autoExpandPreviewPanel` to `UserSettings` with default `true`
and schema support
> - New `AutoExpandPreviewSwitch` and integrates it into Workflow
Settings UI
> - Gates preview opening in `ChatInput` (on approve) and
`useStreamChat` (on stream end) behind the new setting
> - Updates settings defaults and unit tests to include the new field
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
74064a7eb9092556833afd8fcb37527e59de14cc. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds an “Auto-expand preview panel” toggle in Workflow Settings to
control whether the preview opens automatically after chat file updates
or proposal approvals. Defaults to on to preserve current behavior and
addresses Linear issue #2090.

<sup>Written for commit 74064a7eb9092556833afd8fcb37527e59de14cc.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Updates version from `0.35.0-beta.2` to `0.35.0` for stable release

## Test plan
- [x] All 661 unit tests pass
- [x] Lint and type checks pass

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2398">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
8e69b7cac6a9f9d94c62f78891d2701642bb5be0. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Promotes 0.35.0-beta.2 to the 0.35.0 stable release to ship the
finalized build. Updates package.json to publish the stable package.

<sup>Written for commit 8e69b7cac6a9f9d94c62f78891d2701642bb5be0.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

#skip-bb

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Show a setup banner and dialog to promote the Dyad Pro free trial during
onboarding. Improves provider selection with clear logos and refreshed
styles.

- **New Features**
- Added DyadProTrialDialog with feature highlights, Start Free Trial
(opens checkout with trialCode=1PRO30), and Learn more.
- Prominent “Start with Dyad Pro free trial” card in SetupBanner; click
opens the trial dialog; marked as Recommended.
- Added Google and OpenRouter assets and switched provider icons to real
logos, including in OpenRouterSetupBanner.

- **Refactors**
- Updated SetupProviderCard styles and chips (new chipColor per
variant); more neutral Google/OpenRouter variants.
- Minor layout tweaks in SetupBanner and ProBanner for spacing and
readability.

<sup>Written for commit 3e3c2932b1189a52f4d332f6d3e8649afe03bfe1.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk UI-only onboarding changes that add a new modal and update
links/assets; main risk is UX/analytics behavior changes around the Dyad
Pro entry point and external URL targets.
> 
> **Overview**
> Adds a new `DyadProTrialDialog` modal to promote a Dyad Pro free
trial, including feature highlights and CTAs that open external
checkout/learn-more URLs.
> 
> Updates `SetupBanner` to show a prominent “Start with Dyad Pro free
trial” recommended card that opens the modal (instead of immediately
navigating externally), refreshes Google/OpenRouter setup cards to use
real logo assets, and slightly tweaks spacing.
> 
> Refines `SetupProviderCard` styling by introducing per-variant
`chipColor` and making Google/OpenRouter variants more neutral, plus a
small spacing tweak in `ProBanner`’s “Already have Dyad Pro?” button.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
3e3c2932b1189a52f4d332f6d3e8649afe03bfe1. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2390">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Introduces URL-based theme generation alongside image uploads,
enabling prompts derived from live websites.
> 
> - New `Website URL` input source in `AIGeneratorTab` with toggle,
validation, crawl status indicators, and adjusted generate button/empty
states
> - Adds `useGenerateThemeFromUrl` hook and integrates it with existing
generation flow and loading state
> - Extends IPC types with `ThemeInputSource`, `CrawlStatus`, and
`GenerateThemeFromUrlParams`; updates `templateContracts` with
`generate-theme-from-url`
> - Implements `generate-theme-from-url` handler: validates inputs,
calls Dyad Engine `/tools/web-crawl`, selects web-crawl-specific system
prompts (inspired/high-fidelity), streams model output, and returns
prompt with robust error handling
> - Preserves and refines image-based generation; resets state on dialog
close and adds small UI polish (icons, counters, disabled states)
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
b5b1aebb277ce421953a06b148bd342fded2a64f. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add URL-based theme generation with web crawling to the custom theme
generator, alongside image uploads. Users can paste a website URL to
extract a design system and generate a prompt with clear generation
status, with added security and reliability improvements.

- **New Features**
- Source toggle: switch between “Upload Images” and “Website URL,” with
state reset on dialog close.
- URL input flow: validate URL and update button states/text; show
generating state during processing.
- New hook and types: useGenerateThemeFromUrl, ThemeInputSource,
CrawlStatus.
- IPC + contract: generate-theme-from-url with
GenerateThemeFromUrlParams and result typing.
- Backend handler: validates Dyad Pro + API key, URL, keywords; crawls
via Dyad Engine (/tools/web-crawl); uses screenshot + markdown with
truncation; distinct meta prompts for inspired vs high-fidelity; model
mapping (Gemini 3 Pro, Claude Opus 4.5, GPT-5.2); streams prompt;
returns clear errors; test mode stub output.

- **Bug Fixes**
- Security: restrict to HTTP/HTTPS URLs; block internal/private hosts
(SSRF); sanitize crawled markdown and user keywords; Zod-validate crawl
response.
- Reliability: 120s crawl timeout with AbortController; clearer errors;
UUID request IDs.
- UI: add “generating” state; fix effect deps to avoid races; correct
button disabled states.
  - Code health: shared model map at module scope (DRY).

<sup>Written for commit b8aef2d51b1c5b7de5266f5afdfeb3174a64285b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2347">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Will Chen <willchen90@gmail.com>

## Summary
- Adds `normalizeGitHubRepoName` function that converts spaces to
hyphens to match GitHub's automatic normalization behavior
- Applies normalization when creating repos, checking availability, and
storing repo names in the database
- Fixes issue where Dyad stored "my app" but GitHub created "my-app",
causing a mismatch

Fixes #1336

## Test plan
- Unit tests added for `normalizeGitHubRepoName` function covering edge
cases
- E2E test added to verify repo names with spaces are properly
normalized when creating and syncing

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2377">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Normalize GitHub repo names by converting all whitespace to hyphens so
our stored name matches GitHub’s actual repo name. Fixes #1336.

- **Bug Fixes**
  - Add normalizeGitHubRepoName to convert whitespace to hyphens.
- Apply normalization for availability checks, repo creation, remote
URLs, and DB storage.
- Add unit tests for edge cases and an E2E test for create/sync with
spaced names.

<sup>Written for commit 0735ce38a11fced50e670821e58289dcc53fe86f.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches the GitHub create/availability flow and the repo name stored
in the app DB, which could break GitHub linking if normalization is
incorrect. Logic is small and well-covered by new unit and E2E tests,
reducing risk.
> 
> **Overview**
> Fixes repo-name mismatches when users enter names containing
whitespace by introducing `normalizeGitHubRepoName` (trim + collapse
whitespace to `-`).
> 
> Applies normalization to repo availability checks, repo creation
payloads, generated remote URLs, and `updateAppGithubRepo` persistence
so the app consistently uses GitHub’s normalized repo name.
> 
> Adds Vitest unit coverage for normalization edge cases and a
Playwright E2E test that creates/syncs a repo named with spaces and
asserts the hyphenated name is used end-to-end.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
0735ce38a11fced50e670821e58289dcc53fe86f. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2387">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Restricts Dyad Pro trial users to the Auto model and adds an upgrade
call-to-action. Non-trial users see the full set of cloud and local
models as before.

- **New Features**
- Added useTrialModelRestriction hook to detect trial status and
auto-switch to the Auto model.
- Updated ModelPicker to show an upgrade banner and only the Auto model
for trial users; hides cloud and local models.
  - Extended IPC user budget response and schema to include isTrial.
  - Updated TitleBar to show "Pro Trial" when applicable.

<sup>Written for commit 714d2c704f155c004240e563e0e850ace0c9f5f8.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Introduces trial-based gating in the model picker and an effect that
can automatically change a user’s selected model, which could impact UX
if trial detection is wrong or delayed.
> 
> **Overview**
> **Trial enforcement for model selection.** Adds
`useTrialModelRestriction` to derive `isTrial` from `get-user-budget`
and auto-switch trial users to the `auto` model.
> 
> **Model picker gating + upgrade CTA.** Updates `ModelPicker` to show
an upgrade banner (opening the subscription URL via
`ipc.system.openExternalUrl`) and to hide all cloud/local model choices
for trial users, leaving only the `auto` option.
> 
> **IPC/schema update.** Extends user budget IPC types and
`pro_handlers` API parsing to include an `isTrial` flag (defaulting to
`false` when absent).
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
7928275e3b1a7d32ec792609968d9d5786ee8582. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

## Summary
- Add "Basic Agent" mode for non-Pro users with a 5 messages per 24-hour
rolling window quota
- Track quota usage via `usingFreeAgentModeQuota` column in messages
table
- Show quota remaining in mode selector (e.g., "4/5 remaining") and
display warning banner when quota exceeded with upgrade/switch options
- Default to Basic Agent mode if quota available, Build mode if exceeded

## Test plan
- Run `npm run ts` and `npm run lint` to verify code compiles
- Run `PLAYWRIGHT_HTML_OPEN=never npm run e2e -- --grep "free agent
quota"` to run the E2E tests
- Manual testing:
1. Without Dyad Pro, verify "Basic Agent" option appears in mode
selector with quota display
  2. Send 5 messages in Basic Agent mode, verify quota decrements
  3. After 5 messages, verify quota exceeded banner appears
  4. Click "Switch back to Build mode" button, verify mode changes

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2355">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Introduces new quota enforcement and state changes in the chat
streaming path plus a DB schema change; bugs could block non‑Pro agent
usage or miscount/refund quota. Also adds a network call for trusted
time and a test-only IPC channel, which increases surface area but is
scoped and guarded.
> 
> **Overview**
> Adds a **non‑Pro “Basic Agent” mode** (implemented via `local-agent`)
gated by a **5-message/day quota**, including quota-aware defaults and
mode labeling (`Agent v2` for Pro vs `Basic Agent` for free).
> 
> Implements **DB-backed quota tracking** via a new
`messages.using_free_agent_mode_quota` column and new IPC handlers to
compute/reset quota (using server time where possible), enforce limits
before starting a `local-agent` stream, and **refund quota on stream
failure/abort**.
> 
> Updates the UI to display remaining quota, disable Basic Agent when
exceeded, show a dedicated exceeded banner and error messaging, and adds
targeted E2E tests plus a test-only IPC hook to simulate time passing.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
f4d3470477e247e782e8b5005d7fd60e6da98c13. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a Basic Agent mode for non‑Pro users with a 5‑message quota in a
24‑hour window. Quota is enforced server‑side, with clear UI for
remaining messages, a banner showing time until reset, a friendly error
when exceeded, and engine tools disabled in Basic Agent mode.

- **New Features**
- Shows “Basic Agent” for non‑Pro users; defaults to Basic Agent when
quota and a supported provider are available, falls back to Build when
exceeded.
- Tracks usage via messages.using_free_agent_mode_quota and enforces the
limit before local‑agent streams; marks messages before stream and
refunds quota on failure/abort; blocks the 6th message with a clear
error.
- Mode selector displays X/5 remaining and disables Basic Agent when the
quota is exceeded.
- Quota banner shows time until reset and provides “Upgrade to Dyad Pro”
and “Switch back to Build mode” actions; useFreeAgentQuota hook
auto‑refreshes every 30 minutes.
- Disables engine-dependent tools in Basic Agent mode; E2E tests cover
availability, tracking, banner, switching, exceeded-message blocking,
and 24‑hour reset.

- **Migration**
- Apply drizzle migration 0024 to add the using_free_agent_mode_quota
column to messages.

<sup>Written for commit f4d3470477e247e782e8b5005d7fd60e6da98c13.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
Replace the PR close/reopen mechanism for CI re-triggering with GitHub's
`workflow_dispatch` event, which is more reliable and avoids potential
issues with PR state management.

## Key Changes
- **ci.yml**: Added `workflow_dispatch` trigger with optional
`pr_number` input parameter to allow manual CI runs
- **ci.yml**: Updated test check logic to always run tests when
triggered via `workflow_dispatch`
- **ci.yml**: Pass `PR_NUMBER` environment variable to Playwright
summary script for workflow_dispatch triggers
- **pr-review-responder.yml**: Replaced PR close/reopen logic with `gh
workflow run` command to trigger CI via `workflow_dispatch`

## Implementation Details
- The `workflow_dispatch` trigger accepts an optional `pr_number` input
that can be passed by the pr-review-responder workflow
- When CI is triggered via `workflow_dispatch`, tests always run
(skipping the file change check)
- The new approach is more reliable because:
  - Avoids the risk of leaving a PR in a closed state if operations fail
  - Works with `GITHUB_TOKEN` without infinite loop concerns
  - Provides explicit control over when CI re-runs
- Eliminates retry logic and recovery mechanisms needed with
close/reopen approach

https://claude.ai/code/session_014TKdhebC3RqZ7yusKuRSJD
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2382">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Medium risk because it changes GitHub Actions triggering, concurrency
grouping, and checkout behavior (including fork PR handling) for CI and
AI review bots; misconfiguration could lead to running workflows on the
wrong ref or not running at all.
> 
> **Overview**
> Switches CI and AI-bot workflows to support manual `workflow_dispatch`
runs via a required `pr_number`, enabling reliable re-triggers without
PR close/reopen.
> 
> `ci.yml` now derives checkout `repository`/`ref` from the PR head
(fetched via `gh pr view` for dispatch), updates concurrency grouping to
key by PR number, always runs tests for dispatch runs, and passes
`PR_NUMBER` to the Playwright summary script so comments still attach to
the correct PR.
> 
> `pr-review-responder.yml` replaces the close/reopen hack with `gh
workflow run` calls to dispatch `ci.yml`, `bugbot-trigger.yml`, and
`claude-pr-review.yml` when Claude pushes commits. `bugbot-trigger.yml`
and `claude-pr-review.yml` add dispatch support and PR-number fallbacks;
BugBot additionally validates `pr_number` and re-checks skip tags before
commenting.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
357dddba6b3c3c9144b21f6f400fc0b49e55e244. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Switch re-triggers to workflow_dispatch for CI, BugBot, and Claude PR
Review. This replaces the close/reopen hack, works with GITHUB_TOKEN,
and ensures tests and reviews run after automated commits.

- **Refactors**
- Added workflow_dispatch with pr_number input to ci.yml,
bugbot-trigger.yml, and claude-pr-review.yml.
- pr-review-responder now calls gh workflow run for all three when it
pushes commits.
- CI always runs tests on workflow_dispatch, checks out the PR head
(supports forks), passes PR_NUMBER to the Playwright summary, and uses
pr_number in concurrency.
- Claude PR Review fetches PR head info on dispatch; concurrency keys
use pr_number when provided.
- BugBot dispatch uses inputs.pr_number, re-checks skip tags, and
bypasses author gating for dispatch.

<sup>Written for commit 357dddba6b3c3c9144b21f6f400fc0b49e55e244.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

Closes #2354
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2373">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Automatically commits local changes before preparing a GitHub branch,
preventing failures on dirty repos and making branch setup reliable.
Closes #2354.

- **Bug Fixes**
  - Auto-add and commit pending changes in prepareLocalBranch.
  - Block with a clear error if a merge or rebase is in progress.
- Use locking and ensureCleanWorkspace to keep operations atomic and
clean.
  - Export prepareLocalBranch for reuse.

<sup>Written for commit b3af874e41856d47d397343ded7e278336ad0d92.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

- Add ready_for_review and closed event types to pull_request trigger
- Update concurrency group to use PR number for proper cancellation
- Add condition to skip draft PRs and closed events
- When a PR is merged, the closed event triggers cancellation of
in-progress runs

https://claude.ai/code/session_0131m7Y5ac6ztV6iPCiW6zMU

#skip-bb
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2383">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Update CI to cancel in-progress runs when a PR is merged and use per-PR
concurrency for accurate cancellation. Draft PRs now run; only closed
events are skipped.

- **Refactors**
  - Listen to closed in the pull_request trigger.
  - Use PR number in the concurrency group for proper cancellation.
  - Add a job condition to skip closed events only.

<sup>Written for commit fe1d8903f8730bbf6ed93dbdfc8a9f0b804b9912.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude <noreply@anthropic.com>

## Summary
- Removed ANTHROPIC_API_KEY from the required environment variables list
- Added clarification that sub-agents spawned via the Task tool
automatically have access to Anthropic

#skip-bugbot

## Test plan
- Verify the documentation accurately reflects the current behavior of
the multi-pr-review skill

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2386">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Clarified that ANTHROPIC_API_KEY is not required for the multi-pr-review
skill. Updated SKILL.md to note that sub-agents launched via the Task
tool already have Anthropic access, so only GITHUB_TOKEN is needed.

<sup>Written for commit f5735d135face9923420ecfa08ebcbfab60796dd.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Updates the E2E test snapshot for the turbo edits search-replace
fallback test
- The error message format changed to remove the fuzzy match similarity
percentage, simplifying the error output

## Test plan
- [x] E2E snapshot updated to reflect new error message format
- All existing tests pass (654/654)

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2384">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Update the turbo edits E2E snapshot to match the new simplified
search-replace error message. Removes the fuzzy match similarity
percentage from the expected output so tests align with current
behavior.

<sup>Written for commit c256a7205139069cccc23cea31e16b30f50b649f.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Bumps version from 0.34.0-beta.1 to 0.35.0-beta.1

## Test plan
- Verify package.json shows correct version

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2378">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Bumps package.json version from 0.34.0-beta.1 to 0.35.0-beta.1 to
prepare the next beta release. No functional changes.

<sup>Written for commit a9ff86fa30e2d1811fa0e305aaee6668fe9a7861.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Version bump**
> 
> - Updates `package.json` version from `0.34.0-beta.1` to
`0.35.0-beta.1`. No code or dependency changes.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
a9ff86fa30e2d1811fa0e305aaee6668fe9a7861. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Add E2E test for preview navigation forward/back buttons
- Fix back/forward navigation by sending target URL instead of using
`history.back()`/`history.forward()` which don't work reliably in
Electron iframes
- Update dyad-shim.js to handle URL-based navigation with
`location.replace`
- Add popstate event handler to notify parent of navigation changes

## Test plan
- Run `npm run e2e -- --grep "forward and back"` to verify the new test
passes
- Run `npm run e2e -- --grep "refresh"` to verify all refresh-related
tests pass
- Manually test back/forward navigation buttons in the preview panel

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2372">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Ensures preview back/forward navigation works reliably in Electron
iframes and preserves routes across refresh/HMR. Adds targeted E2E
coverage.
> 
> - In `PreviewIframe.tsx`, switch back/forward handling to send the
target URL via `postMessage` and update local `navigationHistory`,
`currentHistoryPosition`, and `preservedUrls`; keep
`currentIframeUrlRef` in sync.
> - In `worker/dyad-shim.js`, add `popstate` handler to notify parent
(`replaceState` message) and handle `navigate` messages by validating
http/https URLs and using `location.replace`, with fallback to
`history.go(±1)`.
> - Add E2E test `refresh.spec.ts` for preview forward/back buttons,
verifying initial disabled state, navigation to About, back to Home,
then forward to About again.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
7f9f790158262b9e3100ead96bf25f8e3ee8cac7. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes preview forward/back navigation and preserves the current route on
refresh and HMR so the preview behaves like a real browser. Adds E2E
tests for both flows.

- **Bug Fixes**
- Make back/forward work in Electron by posting the target URL to the
iframe and navigating with location.replace; notify parent on popstate;
validate http/https URLs to block unsafe protocols.
- Track and restore the current route across refresh and HMR via
previewCurrentUrlAtom and a URL ref; clear preserved URL on root path;
reset on app switch and validate same-origin URLs.

- **E2E Tests**
  - Add a multi-page react-router fixture (Home/About).
- Add tests for route preservation on refresh and for forward/back
buttons, including enabled/disabled states.

<sup>Written for commit 7f9f790158262b9e3100ead96bf25f8e3ee8cac7.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Add `local_agent:search_replace:success` and
`local_agent:search_replace:failure` telemetry events to track
search-replace outcomes in local-agent mode
- Add `local_agent:file_edit_retry` telemetry to detect when multiple
edit tool types (write_file, edit_file, search_replace) are used on the
same file, indicating retry/fallback behavior
- Add `FileEditTracker` to `AgentContext` to track tool usage per file
during an agent session

## Test plan
- [x] TypeScript type checks pass
- [x] Linter passes
- [x] All 654 unit tests pass

🤖 Generated with [Claude Code](https://claude.com/claude-code)

#skip-bugbot
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2371">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds telemetry to local-agent to track search-replace success/failure
and when multiple edit tools touch the same file. Introduces a
FileEditTracker in AgentContext to record write_file, edit_file, and
search_replace usage per file.

- **New Features**
- Emit local_agent:search_replace:success and
local_agent:search_replace:failure (includes filePath and error on
failure).
- Emit local_agent:file_edit_retry when a file uses 2+ different edit
tools; includes per-tool counts.
- Track usage via FileEditTracker on AgentContext with a helper that
records tool calls.

- **Migration**
- Update any AgentContext mocks/constructors to include fileEditTracker:
{}.

<sup>Written for commit f8345128b1d29b555c4c787df7103a6cae98373b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- Add new `search_replace` tool with strict matching requirements:
  - Requires minimum 3 lines of context for unambiguous matching
  - Enforces exact-only matching (no fuzzy/lenient fallback)
  - Rejects ambiguous matches and identical old/new strings
- Extend `applySearchReplace` processor with `SearchReplaceOptions`
interface
- Update system prompt with file editing tool selection guidelines
- Add comprehensive unit tests (43 tests) and E2E test

## Test plan
- Unit tests: `npm run test -- search_replace` (43 tests passing)
- E2E tests: `npm run e2e -- --grep "local-agent"` (19 tests passing)
- Verify lint passes: `npm run fmt && npm run lint && npm run ts`

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2367">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Introduces a precise, single-instance `search_replace` tool for local
agent edits and wires it across stack.
> 
> - New `search_replace` tool: strict schema (`file_path`, `old_string`,
`new_string`), rejects identical/ambiguous matches, streams XML, deploys
Supabase functions when applicable; registered in `tool_definitions`
> - Processor overhaul: replace Levenshtein with cascading matching
(exact → whitespace-tolerant → unicode-normalized), detailed failure
diagnostics, marker escaping helper, async fs usage
> - Update `edit_file` schema/usage from `description` → `instructions`
(tool schema, XML builder, examples)
> - Prompt: add file-editing tool selection guidance and post-edit
verification
> - UI: `DyadSearchReplace` gains `data-testid="dyad-search-replace"`
for E2E visibility
> - Tests: comprehensive unit tests for processor and tool, DSL runner
with pass/fail suites, plus new Playwright E2E and fixtures; snapshots
updated
> - Chore: remove `fastest-levenshtein` dependency from
`package.json`/lockfile
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
dfa9b9e172e89f135fc71cd1f35f7f3c614b9af4. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a strict search_replace tool for precise, single-instance file
edits by the local agent. Enforces exact matches with ≥3 non-empty lines
of context and auto-deploys Supabase functions when server functions are
edited.

- New search_replace tool: exact-only matching, requires ≥3 non-empty
lines of context, rejects ambiguous matches, and disallows identical
old/new strings
- Processor: implement cascading matching passes; add
SearchReplaceOptions (exactMatchOnly, rejectIdentical) and wire into
applySearchReplace
- Prompt: add clear edit-tool selection guidance, post-edit
verification, and write_file fallback
- Tests: comprehensive unit tests plus an E2E covering the new tool;
snapshots updated
- UI: add data-testid to surface search-replace actions and register the
tool in definitions
- Dependencies: remove fastest-levenshtein
- Edit tool: rename description → instructions in the schema and XML;
examples and prompt updated

<sup>Written for commit dfa9b9e172e89f135fc71cd1f35f7f3c614b9af4.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Original PR: https://github.com/dyad-sh/dyad/pull/2328
Authored by @gkrdy - thank you!

---------
Co-authored-by: gkrdy <girishkathirdy@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>