<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Introduces contributor licensing and automated CLA enforcement.
> 
> - Adds `CLA.md` (individual agreement) and documents FSL licensing for
`src/pro` (`CONTRIBUTING.md`, `src/pro/CONTRIBUTING.md`)
> - New GitHub Actions workflow `/.github/workflows/cla.yml` using
`contributor-assistant/github-action@v2.6.1` on `pull_request_target`
and `issue_comment`
> - Stores signatures at `signatures/version1/cla.json` on branch `cla`
and updates PR status; supports signing via comment or `recheck`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5706a5ace13aabd8e8e83fdd071d65f7fc40500f. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add a Contributor License Agreement and a GitHub Action that blocks PRs
until all authors sign the CLA. Also clarifies that contributions in
src/pro are licensed under FSL.

- **New Features**
  - Added CLA.md for individual contributors.
- Enabled CLA Assistant on pull_request_target and issue_comment events.
- Stores signatures at signatures/version1/cla.json on the cla branch
and updates PR status.
  - Supports “recheck” and signing via comment.
  - Documented FSL licensing for src/pro contributions.

- **Migration**
- Ensure the cla branch is not protected, or change the action’s target
branch.
  - Optionally configure an allowlist to fit your org.
- If storing signatures remotely, add the PERSONAL_ACCESS_TOKEN secret.
- Contributors sign by commenting: “I have read the CLA Document and I
hereby sign the CLA”.

<sup>Written for commit 5706a5ace13aabd8e8e83fdd071d65f7fc40500f.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Updates the turbo GLM entry to the newer version and tweaks its
generation settings.
> 
> - Replace `glm-4.6:turbo` with `glm-4.7:turbo` in `TURBO_MODELS` and
update `displayName`
> - Increase `temperature` for GLM turbo from `0` to `0.7`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
c6aabf935bebf642548d4583d1842f89a6214601. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Replace GLM 4.6 turbo with GLM 4.7 turbo and raise the default
temperature to 0.7. Token limits and context window are unchanged.

<sup>Written for commit c6aabf935bebf642548d4583d1842f89a6214601.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Modernizes AI integration across the app.
> 
> - Upgrade `ai` to v6 and all `@ai-sdk/*` providers to v3/v4; add
`@ai-sdk/mcp`, remove `@openrouter/ai-sdk-provider`
> - Migrate from `LanguageModelV2` to `LanguageModel`/`LanguageModelV3`;
refactor fallback model to v3 streaming API
> - Switch OpenRouter to `createOpenAICompatible`
(`https://openrouter.ai/api/v1`)
> - Replace experimental MCP with `@ai-sdk/mcp` (`createMCPClient`);
update tool execution to `ToolExecutionOptions` and sanitize tool keys
> - Update AI message envelope to `ai@v6` and types
(`AiMessagesJsonV6`); adjust DB schema and parsing utilities
> - Update chat/local-agent handlers to v6 stream parts (reasoning/tool
parts), persist `aiMessagesJson`, and wire MCP tools into `ToolSet`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
fc966595cbd9c6ff7d261497f00bfe79d0fff9e3. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Upgrade the app to AI SDK v6 to modernize model integrations, MCP
tooling, and streaming. This improves stability, unifies types on v3,
and removes the OpenRouter provider in favor of an OpenAI-compatible
setup.

- **Dependencies**
  - Upgraded ai to 6.0.14 and all @ai-sdk providers to v3/v4.
  - Added @ai-sdk/mcp; removed @openrouter/ai-sdk-provider.
  - Pinned @ai-sdk/provider to 3.0.2.
- Updated transitive deps (e.g., google-auth-library, gaxios) for Node
>=18.

- **Refactors**
- Moved from LanguageModelV2 to v3 and standardized on ai’s
LanguageModel.
  - Rebuilt fallback model to v3 spec with safer stream retries.
- Switched MCP client to createMCPClient and updated tool execution to
ToolExecutionOptions.
- Replaced OpenRouter integration with createOpenAICompatible (baseURL
https://openrouter.ai/api/v1).
- Updated AI messages envelope to "ai@v6"; older "ai@v5" envelopes are
ignored.

<sup>Written for commit fc966595cbd9c6ff7d261497f00bfe79d0fff9e3.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Improves e2e stability by pruning/deferring brittle cases.
> 
> - Skips flaky `copy button tooltip states` in
`e2e-tests/copy_chat.spec.ts` using `test.skip`
> - Removes `dyadwrite edit and cancel` flow from
`e2e-tests/chat_mode.spec.ts`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
fb6816c8d603e429a337db277c681e6d2bd0cf1e. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Stabilizes the E2E test suite and updates snapshots to reflect current
behavior, reducing flakiness and improving CI reliability.

- **Bug Fixes**
  - Removed the chat_mode “edit and cancel” flow test.
  - Skipped the flaky “copy button tooltip states” test.
- Regenerated snapshots for engine, smart context, thinking budget, and
turbo edits specs.

<sup>Written for commit fb6816c8d603e429a337db277c681e6d2bd0cf1e.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Stabilizes e2e behavior and snapshots; adds fixtures and minor UI test
hook.
> 
> - **Snapshot determinism**: Normalize `dyad_options.versioned_files`
fileIds to `[[FILE_ID_*]]` in `test_helper.ts` and apply during request
dumps; refresh related snapshots
> - **Token bar reliability**: Add `data-testid="token-bar-toggle"` in
`AuxiliaryActionsMenu` and new `po.toggleTokenBar()` helper; update
Supabase branch test
> - **Version integrity tests**: Add fixture app (`version-integrity`)
and new/updated tests + snapshots validating add/edit/delete/move and
restore flow with explicit wait
> - **Misc**: Update local agent snapshot to include `web_search` tool;
bump `package-lock.json` to `0.33.0-beta.1`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
1415ef1379a71bf6efe61da5079ff65dead84ba4. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Stabilizes e2e tests by making snapshot data deterministic and fixing
races in token bar toggle and restore flows. Updates snapshots
(including web_search) and adds a version-integrity app fixture; also
adds a test id for reliable selectors.

- **Bug Fixes**
- Normalize versioned_files fileIds in dumps to deterministic
placeholders before snapshotting.
- Add data-testid="token-bar-toggle" and PageObject.toggleTokenBar() to
avoid flakiness; update Supabase branch test to use it.
- Refresh snapshots to reflect deterministic IDs and the web_search
tool.
- Add version-integrity import app fixture and snapshot coverage; wait
for restore completion in version_integrity.spec to prevent flakiness.

- **Dependencies**
  - Bump package-lock version to 0.33.0-beta.1.

<sup>Written for commit 1415ef1379a71bf6efe61da5079ff65dead84ba4.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Introduces real-time web search in chat with streaming results and a
richer UI.
> 
> - Adds `web_search` tool (`tools/web_search.ts`) with zod schema,
consent prompt, SSE parsing, and streaming via
`onXmlStream`/`onXmlComplete` (requires Dyad Pro API key; respects
`DYAD_ENGINE_URL`)
> - Registers tool in `TOOL_DEFINITIONS`
> - Updates markdown parser to pass `query` and `state` into
`dyad-web-search`
> - Enhances `DyadWebSearch` component: expandable/collapsible card,
loading spinner while `pending`, keyboard/ARIA support, and displays
query preview + results
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
53c9c7b65eb8dee07d8320837b39d72bf5b42b92. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds web search to chat with live streaming results from Dyad Engine.
The Web Search card shows the query, a loading state, and
expand/collapse for details.

- **New Features**
- New web_search tool that streams SSE results and writes partial
updates via onXmlStream, final via onXmlComplete.
  - Registered tool in TOOL_DEFINITIONS with consent and zod schema.
- DyadWebSearch UI: accepts query/state, shows spinner when pending, and
toggles preview/details.
  - Markdown parser now passes query and state to DyadWebSearch.

- **Migration**
- Requires Dyad Pro API key in settings (providerSettings.auto.apiKey).
- Optional: set DYAD_ENGINE_URL; defaults to https://engine.dyad.sh/v1.

<sup>Written for commit 53c9c7b65eb8dee07d8320837b39d72bf5b42b92.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Implements targeted file editing via an external API and updates the
local agent/tooling to use it by default.
> 
> - Adds `edit_file` tool
(`src/pro/main/ipc/handlers/local_agent/tools/edit_file.ts`) calling
`POST /tools/turbo-file-edit` with original and edit snippets; writes
returned content; optionally deploys Supabase functions; default consent
"always"
> - Registers `edit_file` in `TOOL_DEFINITIONS`; disables
`search_replace` in `tool_definitions.ts`
> - Simplifies error handling in tool execution wrapper to output only
the message (no stack)
> - Requires Dyad Pro API key from `providerSettings.auto.apiKey`;
`DYAD_ENGINE_URL` env var overrides default
> - Updates e2e fixtures and snapshots to use `edit_file` and reflect
"Turbo Edit" flow; adds fake server endpoint `POST
/engine/v1/tools/turbo-file-edit` returning a canned result
> - Snapshot changes show edited content placeholder (`TURBO EDITED
filePath`) replacing previous search/replace output
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
eec1753aa4805a5633a31f4457ee882b04cafd3b. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a new edit_file tool that uses the Dyad Turbo File Edit API to
apply targeted edits to existing files and write the result. Also
disables the search_replace tool and simplifies error output to only
show the message.

- **Dependencies**
- Requires Dyad Pro API key in settings (providerSettings.auto.apiKey).
- DYAD_ENGINE_URL env var can override the default
https://engine.dyad.sh/v1.

<sup>Written for commit eec1753aa4805a5633a31f4457ee882b04cafd3b.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
a2045f4029fc01b7555548f691fddc40959d485d. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Enable native git by default**
> 
> - Sets `enableNativeGit: true` in `DEFAULT_SETTINGS` within
`src/main/settings.ts` so new users have native git enabled by default.
> - Updates `package.json` version to `0.33.0-beta.1`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
0f8b0c3a47fc48b6efe5ba844176b6844dc31eb5. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Enabled native Git by default and bumped the app version to
0.33.0-beta.1. Default settings now set enableNativeGit to true so new
installs use the system Git out of the box.

<sup>Written for commit 0f8b0c3a47fc48b6efe5ba844176b6844dc31eb5.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Refactored e2e settings snapshots to record and snapshot only deltas,
with redaction for volatile fields. This makes snapshots smaller,
deterministic, and easier to read.

- **Refactors**
- Replaced snapshotSettings with recordSettings and
snapshotSettingsDelta (git diff-style output).
  - Renamed captureSettings to recordSettings.
- Redacted telemetryUserId and lastShownReleaseNotesVersion for stable
snapshots.
  - Updated tests to capture pre-change settings and assert the delta.
- Removed full JSON snapshots; added minimal diff snapshots for changed
values.

- **Migration**
- In tests, call po.recordSettings() before a settings change, then
po.snapshotSettingsDelta(beforeSettings).
  - Remove any remaining uses of snapshotSettings.

<sup>Written for commit 5837d759687cd72ed635137a6fe19049bebe18bc.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Replaces full `user-settings.json` snapshots with concise,
deterministic diffs in e2e tests.
> 
> - Adds `recordSettings()` and `snapshotSettingsDelta()` in
`test_helper.ts` to compare before/after settings and output git-style
diffs
> - Redacts volatile keys (e.g., `telemetryUserId`,
`lastShownReleaseNotesVersion`) for stable snapshots
> - Refactors settings-related tests (`telemetry`, `auto_update`,
`release_channel`, `smart_context_options`, `turbo_edits_options`,
`thinking_budget`, `context_window`, `template-*`) to use the new APIs
> - Updates snapshot files to contain only the changed keys/values
(adds/removes/changes)
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5837d759687cd72ed635137a6fe19049bebe18bc. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Ensures native Git commits correctly set both author and committer
identities.
> 
> - Add `withGitAuthor` to prepend `-c user.name=...` and `-c
user.email=...` to git args using settings-derived author
> - Update `gitCommit` (native path) to replace `--author` with
`withGitAuthor([..."commit", "-m", message])`, preserving `--amend`
handling and commit hash retrieval
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
67b33e2c2165ae9ebd84549abf8129d9bd9c6bef. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Fixes incorrect Git committer identity when creating commits with native
Git. We now set user.name and user.email via -c flags so both author and
committer match app settings.

- **Bug Fixes**
- Added withGitAuthor to prepend -c user.name and -c user.email to git
args.
- Updated gitCommit to use withGitAuthor instead of --author (works with
--amend).

<sup>Written for commit 67b33e2c2165ae9ebd84549abf8129d9bd9c6bef.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Ensures GitHub disconnect fully removes credentials and verifies via
targeted e2e coverage.
> 
> - Clear both `githubAccessToken` and `githubUser` in
`GitHubIntegration` when disconnecting
> - New Playwright test `github clear integration settings` verifies the
disconnect button disappears and snapshots only the settings delta
> - Test helpers: add `captureSettings()` and `snapshotSettingsDelta()`
to diff `user-settings.json` for concise snapshots
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
0c47bee06d145737e10c58c8133da35c0c9553bb. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Disconnecting from GitHub now clears both the access token and user info
to prevent stale credentials. Added an e2e test to verify the settings
file is cleaned and the UI updates correctly.

- **Bug Fixes**
  - Clear githubUser alongside githubAccessToken on disconnect.
- Added Playwright e2e to ensure both fields are removed and the
disconnect button disappears.

<sup>Written for commit 0c47bee06d145737e10c58c8133da35c0c9553bb.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: William Chen <will@mac.lan>

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Unified secondary chat input actions into a single “+” dropdown to
declutter the UI and make codebase context, file attachments, and token
usage easier to access.

- **Refactors**
- Added AuxiliaryActionsMenu with “Codebase context”, “Attach files”,
and “Show/Hide token usage”.
- Moved token usage toggle into the menu; removed the inline toggle
button from ChatInput.
- Updated FileAttachmentDropdown to render as menu items and support
both chat-context and upload-to-codebase flows.
- Converted ContextFilesPicker to a modal dialog and moved its trigger
into the menu; removed the standalone context button from
ChatInputControls.

<sup>Written for commit 5cdb2737170edfc9aef97a52d3397295552ad2ab.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- greptile_comment -->

<h3>Greptile Summary</h3>


This PR consolidates secondary chat input actions into a unified "+"
dropdown menu, improving UI organization and discoverability. The
refactoring moves codebase context, file attachments, and token usage
toggle from separate buttons into a single menu with proper nesting
(file attachments as a submenu).

**Key changes:**
- Created `AuxiliaryActionsMenu` component that consolidates three
previously separate UI controls
- Refactored `FileAttachmentDropdown` to support dual rendering modes
(standalone or as menu items)
- Converted `ContextFilesPicker` trigger from button to menu item
- Updated `ChatInput` to use new menu and pass
`showContextFilesPicker={false}` to `ChatInputControls`
- Updated e2e tests and helpers to navigate the new nested menu
structure

**Code quality:**
- Clean component composition with proper prop drilling
- Maintained backward compatibility where needed (`renderAsMenuItems`
prop)
- E2E tests properly updated with menu navigation and cleanup
- Consistent styling and accessibility preserved

<h3>Confidence Score: 5/5</h3>


- This PR is safe to merge with minimal risk
- Well-structured UI refactoring with comprehensive test coverage
updates, no logic changes to core functionality, and proper component
reusability patterns
- No files require special attention

<h3>Important Files Changed</h3>




| Filename | Overview |
|----------|----------|
| src/components/chat/AuxiliaryActionsMenu.tsx | Introduced new
component to consolidate secondary actions (codebase context, file
attachments, token usage) into a single "+" dropdown menu |
| src/components/chat/FileAttachmentDropdown.tsx | Refactored to support
rendering as both standalone dropdown and as menu items within parent
dropdown via `renderAsMenuItems` prop |
| src/components/ContextFilesPicker.tsx | Converted trigger from
standalone button with tooltip to menu item for integration into parent
dropdown menu |
| src/components/chat/ChatInput.tsx | Replaced individual action buttons
with `AuxiliaryActionsMenu` component, passing
`showContextFilesPicker={false}` to `ChatInputControls` |

</details>



<h3>Sequence Diagram</h3>

```mermaid
sequenceDiagram
    participant User
    participant AuxiliaryActionsMenu
    participant DropdownMenu
    participant ContextFilesPicker
    participant FileAttachmentDropdown
    participant ChatInput

    User->>AuxiliaryActionsMenu: Click "+" button
    AuxiliaryActionsMenu->>DropdownMenu: Open menu
    
    alt Codebase Context
        User->>ContextFilesPicker: Click "Codebase context"
        ContextFilesPicker->>ContextFilesPicker: Open popover with context settings
        User->>ContextFilesPicker: Configure paths/excludes
        ContextFilesPicker->>ChatInput: Update context configuration
    end
    
    alt Attach Files
        User->>DropdownMenu: Hover "Attach files"
        DropdownMenu->>FileAttachmentDropdown: Show submenu
        User->>FileAttachmentDropdown: Click attachment option
        FileAttachmentDropdown->>FileAttachmentDropdown: Trigger hidden file input
        User->>FileAttachmentDropdown: Select file(s)
        FileAttachmentDropdown->>ChatInput: onFileSelect(files, type)
        ChatInput->>ChatInput: Handle file attachment
    end
    
    alt Toggle Token Usage
        User->>AuxiliaryActionsMenu: Click "Show/Hide token usage"
        AuxiliaryActionsMenu->>ChatInput: toggleShowTokenBar()
        ChatInput->>ChatInput: Update showTokenBar state
        ChatInput->>ChatInput: Render/hide TokenBar
    end
```

<!-- greptile_other_comments_section -->

<!-- /greptile_comment -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Streamlines chat input by consolidating secondary actions into a
single menu and updating related components and tests.
> 
> - Adds `AuxiliaryActionsMenu` with `Codebase context`, `Attach files`
submenu, and token usage toggle
> - Updates `ChatInput` to use the new menu; removes inline token
toggle; sets `ChatInputControls` `showContextFilesPicker=false`
> - Refactors `ContextFilesPicker` to a menu-item trigger
(`codebase-context-trigger`) within its `Popover`
> - Enhances `FileAttachmentDropdown` to optionally `renderAsMenuItems`,
retaining hidden inputs for `chat-context` and `upload-to-codebase`
> - Adjusts E2E tests and helpers to open the new menu, hover "Attach
files", use new triggers, and close via Escape; verifies
upload-to-codebase write
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
425a26e3f2a471f5b6850148eb8ddc3737db38b0. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

To do list:
Clean up and try to reuse the existing fnc to avoid altering many files.

Closes #1991 


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Let users pick where each app is stored and move apps safely. Adds a
simple “Change location” flow, supports absolute paths, and shows each
app’s resolved path.

- **New Features**
- Paths: getDyadAppPath accepts absolute paths; apps include
resolvedPath; removed global appBasePath from list-apps and state.
- UI: App Details shows full path with “Show in folder” and a “Change
location” dialog. We stop the app, copy without node_modules, check
conflicts, and update DB to an absolute path.
- IPC: Added select-app-location and change-app-location. Rename blocks
absolute paths; copy/rename exclude node_modules; conflict checks use
resolved paths.
  - Tests: Added e2e test for moving an app to a custom folder.

<sup>Written for commit 8a417fb2b5a28efebed2778d8e5715180dfd6bc7.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->




<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Introduces per-app folder relocation with safety checks and exposes
each app’s resolved path for clarity.
> 
> - **IPC/Backend**: Adds `select-app-location` and
`change-app-location` to move app folders (stop app, validate absolute
destination, conflict checks via `getDyadAppPath`, copy without
`node_modules`, cleanup/rollback, store absolute `path`).
`list-apps`/`get-app` now include `resolvedPath`. `getDyadAppPath`
accepts absolute paths. `rename-app` forbids absolute targets, preserves
dir for existing absolute paths, adds robust conflict checks and
cleanup; copy/rename exclude `node_modules`.
> - **UI**: App Details shows `resolvedPath`, adds "Move folder" dialog
and "Show in folder" action; removes reliance on `appBasePath`.
> - **Client/Preload**: `IpcClient` methods for new handlers; preload
whitelists new channels.
> - **Tests**: New e2e covers moving an app and verifying path update.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
8a417fb2b5a28efebed2778d8e5715180dfd6bc7. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Updates contributor and agent docs for testing, DB migrations, and
reviews.
> 
> - Expands `AGENTS.md` with a pointer to `CONTRIBUTING.md` and a new
**Testing** section outlining when to use unit vs E2E tests
> - In `CONTRIBUTING.md`, clarifies **DB migration** flow: use `npm run
db:generate` (remove `db:push`) and how to reset by deleting
`userData/sqlite.db`
> - Adds a **Code reviews** section noting AI reviewers and local review
tooling (`codex`, `claude`)
> - Minor cleanup/edits for setup and guidance; no code changes
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
517c8f7a0a4a56487707e8711bfe1b1a4bd95431. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Updated AGENTS.md and CONTRIBUTING.md to clarify testing approach (unit
vs E2E), update database migration steps, and document the code review
process and local review tools. This helps agents and contributors
follow a consistent workflow.

<sup>Written for commit 517c8f7a0a4a56487707e8711bfe1b1a4bd95431.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
86bbb9df559c6a6a1197585d96e9847ce4fa7e71. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Promoted v0.32 from beta to stable by updating the version to 0.32.0 in
package.json. This finalizes the v0.32 release for builds and
distribution.

<sup>Written for commit 86bbb9df559c6a6a1197585d96e9847ce4fa7e71.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

closes #2038 #2055 








<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes chat panel scrolling (issue #2038). Auto-scroll only runs while
streaming and when you’re near the bottom, and a “scroll to bottom”
button appears when you scroll away.

- **Bug Fixes**
- Use Virtuoso scrollerRef and a conditional followOutput to control
auto-scroll based on streaming state and distance from bottom.
- Track distance and user scrolling to show/hide the button; clean up
listeners on unmount.
- Add overflow-y-auto to the messages list and a test-mode fallback that
uses the container’s scroll events.

<sup>Written for commit 2307453c7f1ad721d6eca9cfc5a9a24224f5da26.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->









<!-- greptile_comment -->

<h3>Greptile Summary</h3>


Replaced custom scroll tracking logic with Virtuoso's native scroll
state management to fix the issue where users couldn't scroll up during
streaming.

**Key Changes:**
- Removed manual scroll event listeners, timeout refs, and distance
calculations from `ChatPanel.tsx`
- Delegated scroll state to Virtuoso's `atBottomStateChange` callback
which detects when user is within 150px of bottom
- Converted `followOutput` from always `"smooth"` to a function that
returns `"smooth"` only when `isStreaming && isAtBottom`, otherwise
returns `false` to prevent forced scrolling
- This allows users to scroll up and read earlier messages while the AI
generates a response, restoring the behavior that existed before PR
#1993

<h3>Confidence Score: 5/5</h3>


- This PR is safe to merge with minimal risk
- The changes are well-architected and leverage Virtuoso's built-in
functionality instead of reinventing scroll tracking logic. The fix
directly addresses the reported issue by making `followOutput`
conditional on user position, which is the correct approach for this
library.
- No files require special attention

<h3>Important Files Changed</h3>




| Filename | Overview |
|----------|----------|
| src/components/ChatPanel.tsx | Refactored scroll handling to delegate
to Virtuoso's native `atBottomStateChange`, removed custom scroll
tracking logic and manual scroll event listeners |
| src/components/chat/MessagesList.tsx | Added `atBottomStateChange` and
conditional `followOutput` to Virtuoso, allowing users to scroll up
while streaming without forced auto-scroll |

</details>



<h3>Sequence Diagram</h3>

```mermaid
sequenceDiagram
    participant User
    participant ChatPanel
    participant MessagesList
    participant Virtuoso
    
    Note over User,Virtuoso: Streaming Scenario
    User->>MessagesList: Scrolls to read earlier messages
    Virtuoso->>Virtuoso: Detects scroll position > 150px from bottom
    Virtuoso->>MessagesList: atBottomStateChange(false)
    MessagesList->>ChatPanel: onScrollStateChange(false)
    ChatPanel->>ChatPanel: setShowScrollButton(true)
    
    Note over Virtuoso: New message chunk arrives
    Virtuoso->>Virtuoso: followOutput((isAtBottom) => isAtBottom && isStreaming ? "smooth" : false)
    Virtuoso->>Virtuoso: Returns false (user scrolled away)
    Virtuoso->>Virtuoso: Does NOT auto-scroll
    
    Note over User,Virtuoso: User Returns to Bottom
    User->>ChatPanel: Clicks scroll-to-bottom button
    ChatPanel->>MessagesList: scrollToBottom("smooth")
    MessagesList->>Virtuoso: scrollIntoView on messagesEndRef
    Virtuoso->>Virtuoso: Scrolls to bottom
    Virtuoso->>MessagesList: atBottomStateChange(true)
    MessagesList->>ChatPanel: onScrollStateChange(true)
    ChatPanel->>ChatPanel: setShowScrollButton(false)
    
    Note over Virtuoso: Subsequent message chunks
    Virtuoso->>Virtuoso: followOutput returns "smooth" (isAtBottom = true)
    Virtuoso->>Virtuoso: Auto-scrolls smoothly
```

<!-- greptile_other_comments_section -->

<!-- /greptile_comment -->


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Improves chat scrolling reliability across production (Virtuoso) and
test modes.
> 
> - Integrates `MessagesList` with Virtuoso `scrollerRef` and
conditional `followOutput` (auto-scroll only when `isStreaming` and
within ~280px of bottom), with proper listener cleanup
> - Centralizes scroll tracking in `ChatPanel` using
`distanceFromBottomRef` and a timeout to debounce user scrolling;
toggles a "scroll to bottom" button when scrolled away
> - Adds test-mode behavior: non-virtualized rendering, container scroll
listeners, and manual auto-scroll near bottom
> - Ensures smooth scroll-to-bottom after streaming completes; applies
`overflow-y-auto` and passes new props (`onScrollerRef`,
`distanceFromBottomRef`, `isUserScrolling`) between components
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
2307453c7f1ad721d6eca9cfc5a9a24224f5da26. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
76800249a715fd264b17db61ca0813ba892cb1d6. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
42d84531e99ac84b5576f6c490a36813706d8c25. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Adds a debug job to the Claude PR review workflow for easier CI
troubleshooting.
> 
> - New `debug-author` job prints `user.login`, `author_association`,
`event_name`, and `action` on `pull_request_target` events
> - No app code changes; only CI workflow updates
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
34e5e4b30a370701a608281e2368ce5428ba6897. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Added a debug job to the Claude PR review workflow to print PR author,
author_association, and event details for easier CI troubleshooting.
Updated the chat input e2e test to expect the send button remains
disabled after approving a proposal.

<sup>Written for commit 34e5e4b30a370701a608281e2368ce5428ba6897.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Workflows**
> 
> - Updates `playwright-comment.yml` to reliably find the associated PR,
including forks: extracts `head_branch`/`head_repository`, logs context,
and falls back to `pulls.list` with `head: "owner:branch"` when commit
association lookup returns no PR.
> - Revises `claude-pr-review.yml` to use `pull_request_target`,
restricts execution via `author_association` (`OWNER`/`MEMBER`), and
checks out the PR head repo/ref explicitly for fork safety.
> - Configures the Claude action with `github_token` (OIDC bypass),
`allowed_non_write_users`, and disables `track_progress`;
trims/clarifies review prompt guidelines.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
8267093820bd968db57167a37b2d2570e94fe010. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes the Playwright comment workflow so it reliably finds the
associated PR, including PRs from forks. Updates the Claude PR Review
workflow to run safely on forked PRs and only for org members.

- **Bug Fixes**
- Playwright: add fallback search by head owner:branch; better logging
(SHA, branch, owner) to post to the right PR.
- Claude PR Review: switch to pull_request_target with OWNER/MEMBER
filter; checkout fork head; disable progress; drop id-token.

<sup>Written for commit 8267093820bd968db57167a37b2d2570e94fe010.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->



<!-- greptile_comment -->

<h3>Greptile Summary</h3>


This PR restores the fallback mechanism for finding PR numbers from
forked repositories. The previous commit (41a46a9b) inadvertently removed
the fork PR detection logic, breaking Playwright comment posting for
external contributors. This fix re-introduces a two-method approach:

- **Method 1**: Uses `listPullRequestsAssociatedWithCommit` (works for
same-repo PRs)
- **Method 2**: Falls back to `pulls.list` with `head: "owner:branch"`
when Method 1 fails (handles fork PRs)

The change extracts additional context (`head_branch`,
`head_repository.owner.login`) from the workflow run payload and adds
improved logging for debugging PR lookups.

<h3>Confidence Score: 5/5</h3>


- This PR is safe to merge with no risk
- The change restores critical functionality that was accidentally
removed in the previous commit. The implementation is correct,
well-commented, and follows GitHub Actions best practices. No logic
errors, security issues, or breaking changes detected.
- No files require special attention

<h3>Important Files Changed</h3>




| Filename | Overview |
|----------|----------|
| .github/workflows/playwright-comment.yml | Added fallback logic for
fork PRs by searching head branch when commit lookup fails |

</details>



<h3>Sequence Diagram</h3>

```mermaid
sequenceDiagram
    participant CI as CI Workflow
    participant WR as Workflow Run Event
    participant GH as GitHub API
    participant Script as PR Lookup Script
    
    CI->>WR: Completes (triggers workflow_run)
    WR->>Script: Provides head_sha, head_branch, head_repository
    Script->>Script: Extract sha, headBranch, headRepoOwner
    
    Script->>GH: listPullRequestsAssociatedWithCommit(sha)
    alt Commit found (same-repo PRs)
        GH-->>Script: Returns PR data
        Script->>Script: Set PR number output
    else No PR found
        Script->>Script: Check if headRepoOwner & headBranch exist
        alt Fork PR fallback
            Script->>GH: pulls.list(head: "owner:branch")
            GH-->>Script: Returns PR from fork
            Script->>Script: Set PR number output
        else Still no PR
            Script->>Script: Set empty output (skip commenting)
        end
    end
    
    Script->>WR: Output PR number or empty
    
    alt PR found
        WR->>Script: Download artifacts & generate comment
        Script->>GH: Post/update PR comment
    else No PR
        WR->>WR: Skip remaining steps
    end
```

<!-- greptile_other_comments_section -->

<!-- /greptile_comment -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Improves reliability of the Playwright comment workflow by deriving
the PR from the `workflow_run` commit and gating execution accordingly.
> 
> - Add `actions/github-script` step to look up PR via
`listPullRequestsAssociatedWithCommit` and expose
`steps.pr.outputs.number`
> - Conditionally skip all subsequent steps when no PR is found; remove
job-level `if`
> - Checkout base branch using `workflow_run.base_ref`; update
`PR_NUMBER` to use the step output
> - Use `types: [completed]` for `workflow_run` and remove
`if-no-artifact-found` options on artifact downloads
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
581369150b84ba4bc6a680f309f78afd399d93ca. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Fixes the Playwright report comment workflow so it reliably posts to the
correct PR, including from forks. Skips cleanly when the CI run isn’t
tied to a PR.

- **Bug Fixes**
- Resolve PR by commit SHA via listPullRequestsAssociatedWithCommit;
works when workflow_run.pull_requests is empty (e.g., forks).
- Add early exit and guard all steps behind a PR check to avoid running
on push/scheduled builds.
- Checkout base_ref and pass the resolved PR number to the summary
comment step.

<sup>Written for commit 581369150b84ba4bc6a680f309f78afd399d93ca.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Moves Windows code signing to a Forge `postMake` hook and removes the
previous MakerSquirrel hook.
> 
> - Adds `postMake` to iterate `makeResults` and sign Windows `.exe`
artifacts via `signtool` using `SM_CODE_SIGNING_CERT_SHA1_HASH`
> - Introduces `signWindowsExecutable` and `SIGNTOOL_PATH` in
`forge.config.ts`; logs and skips when env var is absent
> - Simplifies `MakerSquirrel` config (removes `windowsSign`) and
deletes `scripts/windows-sign-hook.js`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
50432058855cce4a688a4be81fb692e705c6db71. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Moved Windows code signing to Electron Forge’s postMake hook and now
sign all .exe artifacts (installer and Setup.exe) on win32 builds. This
ensures consistent signing across architectures and removes the custom
MakerSquirrel hook.

- **Refactors**
- Sign Windows artifacts in postMake using DigiCert’s signtool bundled
with electron-winstaller.
- Removed MakerSquirrel windowsSign config and
scripts/windows-sign-hook.js.
- Signing runs only when SM_CODE_SIGNING_CERT_SHA1_HASH is set;
otherwise it logs and skips.

<sup>Written for commit 50432058855cce4a688a4be81fb692e705c6db71.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- greptile_comment -->

<h3>Greptile Summary</h3>


Refactored Windows code signing from MakerSquirrel's `hookModulePath`
approach to Electron Forge's `postMake` hook, consolidating signing
logic directly in `forge.config.ts`.

**Key Changes:**
- Moved signing logic from `scripts/windows-sign-hook.js` to `postMake`
hook in `forge.config.ts`
- Changed signing scope from only `dyad.exe` to all `.exe` files
(Squirrel installer and Setup.exe)
- Removed cert hash redaction from logging that was present in the
previous implementation
- Simplified to use TypeScript instead of CommonJS module

**Behavioral Changes:**
- The PR reverses commit 9107ec7c which specifically restricted signing
to only `dyad.exe` to "avoid signing other files and prevent CI signing
errors"
- Comment on line 138 indicates signing all `.exe` files is intentional,
but this should be verified against the reasoning in the earlier commit

<h3>Confidence Score: 3/5</h3>


- This PR refactors code signing with a significant behavioral change
that needs verification
- The refactoring itself is clean and consolidates signing logic
appropriately, but it introduces two concerns: (1) expands signing from
just `dyad.exe` to all `.exe` files, reversing a previous intentional
restriction, and (2) removes cert hash redaction from logs. The
intentionality of signing all executables should be confirmed.
- Verify `forge.config.ts` line 139 behavior matches intent - signing
all .exe files vs only dyad.exe

<h3>Important Files Changed</h3>




| Filename | Overview |
|----------|----------|
| forge.config.ts | Moved Windows signing from MakerSquirrel hook to
postMake hook, now signs all .exe files instead of just dyad.exe,
removed cert hash redaction from logs |
| scripts/windows-sign-hook.js | Deleted file - signing logic moved to
forge.config.ts postMake hook |

</details>



<h3>Sequence Diagram</h3>

```mermaid
sequenceDiagram
    participant Forge as Electron Forge
    participant PM as postMake Hook
    participant Sign as signWindowsExecutable()
    participant ST as signtool.exe
    participant DC as DigiCert Timestamp

    Forge->>Forge: Run makers (MakerSquirrel, etc)
    Forge->>PM: Call postMake with makeResults
    
    loop For each result in makeResults
        PM->>PM: Check if platform === "win32"
        alt Windows platform
            PM->>PM: Log "Processing Windows artifacts"
            loop For each artifact
                PM->>PM: Check if filename ends with .exe
                alt Is .exe file
                    PM->>Sign: signWindowsExecutable(artifact)
                    Sign->>Sign: Check SM_CODE_SIGNING_CERT_SHA1_HASH env var
                    alt Cert hash not set
                        Sign->>PM: Return (skip signing)
                    else Cert hash set
                        Sign->>Sign: Build signtool command with cert hash
                        Sign->>ST: execSync signtool.exe sign /sha1 [hash] [params] [file]
                        ST->>DC: Request timestamp from timestamp.digicert.com
                        DC->>ST: Return timestamp
                        alt Signing successful
                            ST->>Sign: Success
                            Sign->>PM: Log "Signing successful"
                        else Signing failed
                            ST->>Sign: Error
                            Sign->>PM: Throw error
                        end
                    end
                end
            end
        end
    end
    
    PM->>Forge: Return makeResults
```

<!-- greptile_other_comments_section -->

<!-- /greptile_comment -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Improves release workflow logging and visibility during publishing.
> 
> - Run `electron-forge publish` directly instead of `npm run publish`
to surface full logs
> - Expand `DEBUG` to
`"@electron/*,electron-forge:*,electron-windows-installer:main"` for
granular Electron Forge and Windows installer output in `release.yml`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
498d93aff656dc635bc60880a3887d3d67ddf291. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Expose detailed Electron Forge logs in the release workflow by running
electron-forge publish directly (instead of npm) and setting DEBUG to
"@electron/*,electron-forge:*,electron-windows-installer:main". This
improves visibility and makes publish failures easier to debug.

<sup>Written for commit 498d93aff656dc635bc60880a3887d3d67ddf291.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->



<!-- greptile_comment -->

<h3>Greptile Summary</h3>


This PR improves debugging capabilities for the release workflow by
enhancing electron-forge logging. It adds more granular DEBUG flags
(`electron-forge:*` and `electron-windows-installer:main`) and switches
from `npm run publish` to direct `electron-forge publish` execution to
prevent npm from suppressing logs, following electron-forge's official
support documentation.

- Added more comprehensive DEBUG environment variables for better
visibility into the build process
- Changed to direct `electron-forge publish` command to ensure logs are
properly captured
- Removed implicit `npm run clean` step (redundant in CI environment
with fresh checkout)

<h3>Confidence Score: 5/5</h3>


- This PR is safe to merge with no risk
- The changes are minimal and focused on improving debugging visibility.
Switching from `npm run publish` to `electron-forge publish` only
removes the redundant clean step, which is unnecessary in CI
environments that start from fresh checkouts. The additional DEBUG flags
provide better logging without changing any build logic.
- No files require special attention

<h3>Important Files Changed</h3>




| Filename | Overview |
|----------|----------|
| .github/workflows/release.yml | Enhanced debug logging and switched to
direct `electron-forge publish` for better log visibility |

</details>



<h3>Sequence Diagram</h3>

```mermaid
sequenceDiagram
    participant GHA as GitHub Actions
    participant WF as Release Workflow
    participant NPM as npm
    participant EF as electron-forge
    participant Logger as Debug Logger

    Note over GHA,Logger: Previous Flow (npm run publish)
    GHA->>WF: Trigger release workflow
    WF->>NPM: npm run publish
    NPM->>NPM: Execute clean script
    NPM->>EF: electron-forge publish
    EF->>Logger: Log output (suppressed by npm)
    Logger-->>NPM: Limited logs
    NPM-->>WF: Exit code only

    Note over GHA,Logger: New Flow (direct electron-forge)
    GHA->>WF: Trigger release workflow
    WF->>EF: electron-forge publish (direct)
    activate Logger
    Note over Logger: DEBUG=@electron/*,<br/>electron-forge:*,<br/>electron-windows-installer:main
    EF->>Logger: Full debug logs
    Logger-->>WF: Complete logs visible
    deactivate Logger
    EF-->>WF: Exit code + logs
```

<!-- greptile_other_comments_section -->

<!-- /greptile_comment -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Improves observability of Windows signing during releases.
> 
> - Enable Electron Forge debug output in the workflow by setting
`DEBUG="@electron/*"` during `Publish app`
> - Turn on `windowsSign.debug` in `forge.config.ts`
> - Add detailed, redacted logging and error handling to
`scripts/windows-sign-hook.js` (logs inputs, command, success/failure;
still only signs `dyad.exe`)
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
bfdbc12a7a0e5a5eb0810a3303e732c6ad0a4eef. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Enable verbose debugging for Windows code signing to make CI signing
issues easier to diagnose. Adds detailed logs in the signing hook and
enables Electron Forge debug output during release.

- **New Features**
- Set DEBUG="@electron/*" in the release workflow to capture
Forge/Squirrel logs.
  - Enable windowsSign.debug in forge.config.
- Add verbose logging and error handling in windows-sign-hook (inputs,
command, success/failure).

<sup>Written for commit bfdbc12a7a0e5a5eb0810a3303e732c6ad0a4eef.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is
generating a summary for commit
9f54920421cc7c47882465f0dd0ca371a5620454. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Upgrade Electron Forge toolchain**
> 
> - Bumps `@electron-forge/*` (CLI, makers, plugins, publisher) from
7.8.x to `7.10.2`
> - Refreshes `package-lock.json` with many transitive updates (e.g.,
`@inquirer/*`, `webpack`/`terser`, newer `browserslist` data), and
replaces `sudo-prompt` with `@vscode/sudo-prompt`
> - Aligns lockfile app version to `0.32.0-beta.1`
> 
> No application code changes; build/publish tooling only.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
6b7302ee89c5c56654c9c22e2a5d4f0fc2f1049e. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Switches Windows packaging to a custom signing hook that signs only
`dyad.exe` using `signtool.exe` bundled with `electron-winstaller`.
> 
> - Replaces `signWithParams` with `windowsSign.hookFunction` in
`forge.config.ts` to run `signtool` via `execSync`
> - Adds `SIGNTOOL_PATH` resolution and imports for `child_process` and
`path`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5fa37cca92fecb9bac678b0a1f0f143d4ee7cecb. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Only sign dyad.exe during the Windows build to avoid signing other files
and prevent CI signing errors. Replaced MakerSquirrel signWithParams
with a windowsSign hook that runs the bundled signtool.exe using the
same cert and timestamp settings.

<sup>Written for commit 5fa37cca92fecb9bac678b0a1f0f143d4ee7cecb.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

close #1994 








<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Show the model used for each assistant message in chat and persist it in
the database for transparency. Addresses #1994.

- **New Features**
  - Add model field to messages schema and Message type.
  - Set the model on assistant messages when streaming.
- Display the model with a Bot icon next to approval status in
ChatMessage.

<sup>Written for commit 181b7f919a9c29c0627b3dc74f49cf5989b7243d.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->









<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Adds transparent model tracking for assistant messages.
> 
> - Schema: add `model` to `messages` (migration + Drizzle schema) and
`Message` type
> - Streaming: set `model` on placeholder assistant messages in
`chat_stream_handlers.ts`
> - UI: show `message.model` with a Bot icon next to approval status in
`ChatMessage`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
6411d57704648f3d92263b72681cd3fa08583152. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Addresses stale UI by ensuring key data refreshes immediately after
user actions and upgrades.
> 
> - **Token usage refresh**: `ChatInput` toggling the token bar now
invalidates `TOKEN_COUNT_QUERY_KEY` to recompute percentages
> - **Versions refresh after upgrades**: `AppUpgrades` invalidates
`['versions', appId]` on successful upgrade
> - **Templates loading**: `useTemplates` uses `placeholderData`
(replacing `initialData`) to avoid sticky outdated results
> - **Null safety**: `hub.tsx` guards template lookup with optional
chaining when passing to `CreateAppDialog`
> - **E2E**: `supabase_branch.spec.ts` re-opens the token bar before
assertions to validate refreshed counts
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
06c5b8796906ae1dfdf8afda36caa62870781564. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->







<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes stale UI by refreshing queries when toggling the token bar and
after app upgrades, and by using placeholder data for templates. Users
now see up-to-date token counts, versions, and templates.

- **Bug Fixes**
- Token bar toggle now invalidates the token count query to refresh
percentages after branch changes.
- App upgrades invalidate the versions query so the latest status shows
immediately.
- Templates query uses placeholderData instead of initialData to avoid
sticky, outdated results.
- E2E test updated to reopen the token bar and assert refreshed token
counts.
- Create app dialog guards against undefined templates to prevent a null
error.

<sup>Written for commit 06c5b8796906ae1dfdf8afda36caa62870781564.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Ensures model lists refresh reliably by standardizing React Query
invalidations.
> 
> - Use `useQueryClient` and `invalidateQueries` in `ModelsSection.tsx`
after create/edit/delete instead of local `refetch`
> - Update `useDeleteCustomModel` to invalidate `['language-models',
providerId]` and `['language-models-by-providers']` (replacing
`['languageModels']`)
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
e2184c3150a264360519994290e1677993120cd2. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Fixes stale model lists by properly invalidating React Query caches
after create, edit, and delete actions. The UI now updates immediately
without manual refetches.

- **Bug Fixes**
- Added invalidateModels in ModelsSection to invalidate
["language-models", providerId] and ["language-models-by-providers"].
- Replaced manual refetches with cache invalidation on success for
create/edit/delete.
- Updated useDeleteCustomModel to invalidate
["language-models-by-providers"] instead of the incorrect
"languageModels" key.

<sup>Written for commit e2184c3150a264360519994290e1677993120cd2.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Introduces automated AI code reviews via Claude for selected
contributors.
> 
> - Adds `.github/workflows/claude-pr-review.yml` triggered on
`pull_request` events (`opened`, `synchronize`, `ready_for_review`,
`reopened`)
> - Uses `anthropics/claude-code-action@v1` with `track_progress: true`,
a detailed custom `prompt`, and `claude_args` specifying model and
allowed tools
> - Filters execution to specific PR authors (`wwwillchen`,
`azizmejri1`, `princeaden1`) to control cost
> - Configures required permissions and a shallow `actions/checkout@v5`
step
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
9ec53fd108626e1be4b7c385acead8a2de526c13. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Adds a GitHub Actions workflow to run automated PR reviews with progress
tracking and inline comments. Triggered on PR events and limited to
specific contributors to manage cost.

- **Migration**
  - Add repository secret: ANTHROPIC_API_KEY.
  - Adjust allowed author list or review prompt if needed.

<sup>Written for commit 9ec53fd108626e1be4b7c385acead8a2de526c13.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Prepares the next beta release with a version bump.
> 
> - Updates `package.json` `version` to `0.32.0-beta.1`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
bd03023b3697a5918a9c80eedd33cd46bdf0c27c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Bumps the app version to 0.32.0-beta.1 to prepare the v0.32 beta
release.

<sup>Written for commit bd03023b3697a5918a9c80eedd33cd46bdf0c27c.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Modernizes chat data flow and caching.
> 
> - Replaces Jotai chat list state and `getAllChats` with `useChats`
using React Query (`CHATS_QUERY_KEY`), exposing `chats`, `loading`, and
`invalidateChats`
> - Updates `ChatList`, `ChatHeader`, `useStreamChat`, and
`ChatActivity` to consume `useChats` and call `invalidateChats` after
create/delete/stream events
> - Simplifies `ChatActivityList` to build recent rows from
`recentStreamChatIds` and `useChats(null)`
> - Sets global `queries.staleTime=60_000` in `renderer.tsx`; removes
per-hook `staleTime` in `useCheckName`
> - Switches `useVersions` to `placeholderData`
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
8532c5919b25f77f3f38899a53bae80eb7e99c27. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Refactored chat fetching to use React Query and set a global 60s stale
time for consistent caching. Simplifies chat state management and
updates ChatActivity to use the new hook.

- **Refactors**
- Rewrote useChats using @tanstack/react-query with query key
[CHATS_QUERY_KEY, appId]; exposes chats and loading, adds
invalidateChats, and removes refreshChats.
- Updated ChatList, ChatHeader, and useStreamChat to call
invalidateChats after mutations.
- Removed chatsAtom and chatsLoadingAtom; deleted getAllChats from
lib/chat.
- Updated ChatActivityList to use useChats and derive recent rows from
recentStreamChatIds.
- Set global queries.staleTime to 60_000 in queryClient; removed
per-hook staleTime in useCheckName.
  - useVersions now uses placeholderData instead of initialData.

<sup>Written for commit 8532c5919b25f77f3f38899a53bae80eb7e99c27.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Updates OpenRouter model catalog and defaults.
> 
> - Add `mistralai/devstral-2512:free` (Devstral 2) with `contextWindow`
200k
> - Upgrade `z-ai/glm-4.6` to `z-ai/glm-4.7` and set `temperature` to
0.7
> - Remove deprecated DeepSeek free entries; retain paid
`deepseek/deepseek-chat-v3.1`
> - No other providers or TURBO models changed;
`FREE_OPENROUTER_MODEL_NAMES` updates automatically from the list
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
fb8546eab6dd595e5a27c5024499c3c042b63f36. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Updated model catalog: added GLM 4.7 and Devstral 2 (free), and removed
obsolete DeepSeek free models to keep options current and improve coding
performance.

- **New Features**
  - Added z-ai/glm-4.7 with temperature 0.7 and 200k context.
  - Added mistralai/devstral-2512:free (“Devstral 2”) with 200k context.

- **Migration**
- Removed deepseek/deepseek-chat-v3.1:free and
deepseek/deepseek-chat-v3-0324:free. Update any references to
mistralai/devstral-2512:free or another supported model.

<sup>Written for commit fb8546eab6dd595e5a27c5024499c3c042b63f36.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Refactor: proposal fetching via react-query**
> 
> - Replaces Jotai state/effects with `useQuery` in `useProposal`
(`queryKey: ["proposal", chatId]`, `enabled` gating, `refetch` exposed,
error typed as `Error`)
> - Deletes `src/atoms/proposalAtoms.ts`; `proposalResultAtom` removed
> - In `useStreamChat`, stop using `useProposal`; on stream end, call
`queryClient.invalidateQueries({ queryKey: ["proposal", chatId] })`
> - In `ChatInput`, display `proposalError.message` and keep using
`refreshProposal()` from the hook
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
9739b1befe76a7cb491594815d3d92977ad6a1c6. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->





<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Refactored proposal fetching to use React Query’s useQuery, removing
Jotai state and simplifying refresh and error handling. Improves
reliability and makes the hook easier to use.

- **Refactors**
- Replaced custom state/effects with useQuery (key: ["proposal",
chatId], enabled only when chatId).
- Removed proposalAtoms and Jotai; hook now returns proposalResult,
isLoading, error, refreshProposal.
- Updated useStreamChat to invalidate the proposal query via QueryClient
(invalidateQueries(["proposal", chatId])).
  - ChatInput now displays proposalError.message for clearer errors.
  - Added meta: { showErrorToast: true } to surface fetch errors.

<sup>Written for commit 9739b1befe76a7cb491594815d3d92977ad6a1c6.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Moves Supabase data fetching/mutations to React Query and aligns UI
with new query states for clearer loading/errors and cache-driven
updates.
> 
> - Removed most Supabase atoms; kept `lastLogTimestampAtom` only
> - New `useSupabase` exposes React Query queries (`organizations`,
`projects`, `branches`) and mutations (delete org, set/unset app
project, edge logs) with invalidate/refetch helpers
> - `SupabaseConnector` and `SupabaseIntegration` now use `refetch*`,
granular `isLoading*/error` flags, and updated handlers; branch select
disabled via `isLoadingBranches`/`isSettingAppProject`
> - `PreviewPanel` switches `loadEdgeLogs` to accept `{ projectId,
organizationSlug }` and continues polling
> - OAuth return flow now calls `refetchOrganizations`/`refetchProjects`
instead of manual load functions
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
573df5298f323854d4a8aa1ce5903b99e4caba62. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->









<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Refactored Supabase integration to use TanStack React Query for data
fetching and mutations. This makes loading/error handling clearer,
improves cache invalidation, and smooths the UI.

- **Refactors**
- Replaced Jotai state with React Query for organizations, projects, and
branches; removed related atoms.
- Added mutations for delete organization, set/unset app project, and
edge logs; invalidates org/project queries on deletion.
- Exposed granular states for organizations, projects, and branches;
removed selected project state.
- Updated SupabaseConnector/SupabaseIntegration to use refetch* methods
and new flags; PreviewPanel now calls loadEdgeLogs with params; disables
branch select while loading or setting.

<sup>Written for commit 573df5298f323854d4a8aa1ce5903b99e4caba62.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>