## Summary
- remove the automatic `cc:request` labeling step from the
`dyad:pr-push` skill
- keep the rest of the push and PR workflow unchanged

## Test plan
- npm run fmt
- npm run lint:fix
- npm run ts
- npm test

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3025"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- filter PostHog telemetry exceptions for  instances emitted by 
- keep existing telemetry filtering behavior for other exception types
unchanged
- add unit coverage for filtered 429 and non-filtered non-429 rate limit
errors

## Test plan
- npm run fmt
- npm run lint:fix
- npm run ts
- npm test

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3024"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- route main-process `$exception` telemetry through
`posthog.captureException()` in the renderer
- normalize exception fields in IPC telemetry payloads and strip them
from extra context before capture
- add focused unit coverage for exception reconstruction and context
extraction

## Test plan
- npm run fmt && npm run lint:fix && npm run ts
- npm test

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/3022"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

#skip-bb

## Summary
- Use `dispatchEvent("click")` instead of `force: true` click to bypass
telemetry consent overlay issues in the setup flow e2e test
- Add `toPass` retry logic to handle accordion auto-collapse state
transitions after Node.js is detected as installed
- Dismiss telemetry consent "Later" button if visible before proceeding
with test steps

## Test plan
- Run the setup flow e2e test (`setup_flow.spec.ts`) and verify it
passes reliably without flaking on the Node.js installation detection
step
- Verify the test correctly handles the accordion collapsing after
Node.js is detected

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2996"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude <noreply@anthropic.com>

#skip-bb

## Summary
- During AI streaming, the full messages array (potentially 500KB+ with
many messages) was serialized and sent through IPC on every text-delta
chunk, causing UI sluggishness
- Changed to send only the streaming message ID and updated content for
high-frequency streaming updates
- Full messages are still sent for initial loads and state changes
(compaction, lazy edits) to maintain correctness
- Updated all consumers (`useStreamChat`, `usePlanImplementation`,
`useResolveMergeConflictsWithAI`) to handle both full and incremental
chunk modes

## Test plan
- [x] TypeScript compilation passes
- [x] All 897 unit tests pass (39 files)
- [x] E2E tests pass (234 passed — 20 pre-existing failures unrelated to
this change, confirmed by running on clean main)
- [x] Specifically tested: `new_chat`, `chat_input`,
`local_agent_advanced`, `local_agent_code_search`, `local_agent_grep`,
`local_agent_search_replace`, `local_agent_list_files`,
`local_agent_summarize`, `local_agent_connection_retry`,
`local_agent_read_logs`, `local_agent_consent`,
`local_agent_persistent_todos`, `local_agent_todo_followup`,
`concurrent_chat`, `chat_history`

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2988"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

### Motivation
- Prevent the UI from becoming sluggish while the assistant streams
large or rapidly-updated messages by deferring expensive
markdown/custom-tag parsing during active streaming.

### Description
- Use React's `useDeferredValue` in `DyadMarkdownParser` and switch the
parser to consume a `contentToParse` value that is the deferred
`content` only while `isStreaming` is true, and update the `useMemo`
dependency to `contentToParse` so final rendering uses the full, current
content.

### Testing
- Ran `npm run fmt`, `npm run lint`, and `npm run ts` in this
environment, and all three failed due to the npm registry returning `403
Forbidden` for required tooling (formatter/linter/typechecker) rather
than code errors in the change.

------
[Codex
Task](https://chatgpt.com/codex/tasks/task_e_69b10fad1e74832782eea5db1ccb0196)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2987"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Add `image_utils.ts` for extracting MIME type and extension from image
data (base64 or binary)
- Add `image_dimension_utils.ts` for reading dimensions from
PNG/JPEG/GIF/WebP images
- Update `web_crawl` to use `maxTokens` (9000) from
`GEMINI_CRAWL_LONG_CONTEXT` config
- Update `prepare_step_utils` to handle `GEMINI_CRAWL_LONG_CONTEXT`
model config
- Add comprehensive tests for all new utilities

## Test plan
- [x] All existing tests pass
- [x] New tests added for image utilities covering:
- Image type detection from various formats (PNG, JPEG, GIF, WebP, BMP,
TIFF)
  - Base64 and binary data handling
  - Invalid/corrupted data handling
  - Dimension extraction from PNG, JPEG, GIF, WebP

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2892"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

## Summary
- fetch the builtin language model catalog from api.dyad.sh with local
fallback data and alias resolution
- migrate theme generation, auto mode, and help bot to use dynamic
catalog aliases
- add E2E coverage for both remote-catalog and fallback behavior

## Test plan
- npm run fmt
- npm run lint:fix
- npm run ts
- npm test
- PLAYWRIGHT_HTML_OPEN=never npm run e2e --
e2e-tests/dynamic_models.spec.ts (run outside sandbox)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2914"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Fixes a bug where the response processor would attempt `git commit`
even when there were no staged changes, causing "nothing to commit"
errors
- Adds a `hasStagedChanges` utility function to `git_utils.ts` that
checks whether there are actually staged files before committing
- Updates the commit flow in `response_processor.ts` to check for staged
changes first, skipping the commit when unnecessary

## Test plan
- [x] All 897 existing tests pass
- [x] Lint, formatting, and type checks pass
- Verify that file write/rename/delete operations still commit correctly
when changes are staged
- Verify that no error is thrown when git operations result in no staged
changes

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2991"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Will Chen <willchen90@gmail.com>

## Summary
- Improve error message handling in local agent error responses by using
`getErrorMessage()` helper
- This ensures consistent error message formatting across the
application

## Test plan
- Verify local agent error responses display proper error messages
- Check that the error handling works for various error types

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2983"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

closes #2905 
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2931"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Add `enableSelectAppFromHomeChatInput` experiment setting with toggle
in Settings UI
- Conditionally render the app selector ("No app selected") in
HomeChatInput based on the setting
- Update e2e tests to enable the flag via `setUp()` UI toggle instead of
writing `user-settings.json` directly

## Test plan
- [ ] Verify the app selector is hidden by default on the home chat
input
- [ ] Enable the toggle in Settings > Experiments and verify the app
selector appears
- [ ] Run e2e tests: `npx playwright test home_chat_existing_app`

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2964"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

## Summary
- Add `dyad-assistant` to all trusted author/actor lists across the
codebase
- This includes GitHub Actions workflows (CI, PR review, rebase, triage,
bugbot, label-rebase) and Claude skill definitions (pr-fix-comments,
deflake-e2e-recent-commits)
- Ensures `dyad-assistant` can trigger CI on self-hosted runners, use
the PR review responder, trigger rebases, and be recognized as a trusted
bot for comment processing

## Files changed (9 files)
- `.github/workflows/ci.yml` - privileged author check
- `.github/workflows/pr-review-responder.yml` - allowedActors list and
prAuthor check
- `.github/workflows/claude-pr-review.yml` - author filter and
allowed_non_write_users
- `.github/workflows/claude-rebase.yml` - allowedUsers list
- `.github/workflows/bugbot-trigger.yml` - author filter
- `.github/workflows/label-rebase-prs.yml` - allowedAuthors list
- `.github/workflows/claude-triage.yml` - trusted comment authors for
duplicate surfacing
- `.claude/skills/pr-fix-comments/SKILL.md` - trusted bots list
- `.claude/skills/deflake-e2e-recent-commits/SKILL.md` - PR author scan
list

## Test plan
- [ ] Verify `dyad-assistant` PRs trigger CI on self-hosted runners
- [ ] Verify `dyad-assistant` PRs get automated code review
- [ ] Verify `dyad-assistant` can use the PR review responder workflow

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2963"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Enable `display_report: true` on trusted `claude-code-action`
workflows so Claude's work summary appears in GitHub Actions step
summaries
- Leave `display_report` as default (false) for `closed-issue-comment`
which processes untrusted input
- Replace the "Push any unpushed changes" step in `pr-review-responder`
with a deterministic `git push` instead of spawning a full
`claude-code-action` invocation

## Test plan
- Verify workflow YAML syntax is valid
- Trigger a workflow run and confirm the step summary now appears
- Confirm the deterministic push step works when there are/aren't
unpushed commits

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2959"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Set top-level `permissions: {}` on 7 workflows to restrict default
token permissions, moving grants to job level with least-privilege
scoping
- Pinned CLA Assistant action to commit SHA (`ca4a40a7d...`) instead of
mutable tag for supply-chain safety
- Mitigated prompt injection in the issue triage workflow by passing
issue data via environment variables instead of direct template
interpolation, with an explicit security notice

## Test plan
- [ ] Verify CLA workflow still posts status comments on PRs
(permissions moved to job level)
- [ ] Verify issue triage workflow still labels and comments on new
issues (env var approach)
- [ ] Verify PR review, rebase, bugbot, and closed-issue-comment
workflows still trigger correctly with restricted top-level permissions
- [ ] Confirm no permission errors in workflow runs

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2928"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude <noreply@anthropic.com>

closes #2809 
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2920"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- When a user enters a pro key via deep link, the budget query was not
invalidated, leaving stale budget data until the 5-minute cache expired
- Added `queryClient.invalidateQueries` for the user budget query in the
deep link handler in `TitleBar.tsx`, matching the behavior already
present in the manual key entry path

## Test plan
- [ ] Enter a Dyad Pro key via deep link
(`dyad://dyad-pro-return?key=...`) and verify the budget display updates
immediately
- [ ] Enter a Dyad Pro key manually in settings and verify budget still
refreshes (regression check)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2956"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

closes #2916 
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2918"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2901"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Bump version to v0.39.0
- Add promote-beta-to-stable skill for automating future releases

## Test plan
- CI passes
- Version number is correct in package.json

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2955"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2954"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Removes the `merge-pr.yml` GitHub Actions workflow that auto-merged
PRs from allowed authors when CI passed

## Test plan
- Verify no other workflows depend on `merge-pr.yml`
- Confirm CI still runs normally without this workflow

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2930"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude <noreply@anthropic.com>

## Summary
- switch the listed Claude automation workflows from PAT/default token
auth to GitHub App installation tokens
- use fork-scoped app tokens for PR responder and rebase push paths,
plus base-repo app tokens for labels/comments/API calls
- rename the Actions variable and secret references to
DYAD_GITHUB_APP_ID and DYAD_GITHUB_APP_PRIVATE_KEY

## Test plan
- npm run fmt
- npm run lint:fix
- npm run ts

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2936"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- disable `actions/setup-node` package manager caching in release
workflow jobs
- keep release builds on fresh `npm ci` installs to avoid cache-related
release breakage
- #skip-bugbot

## Test plan
- `npm run fmt`
- `npm run lint:fix`
- `npm run ts`
- `npm test`

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2929"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Will Chen <willchen90@gmail.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2842"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

closes #2634 
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2717"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Mohamed Aziz Mejri <mohamedazizmejri@Mohameds-Mac-mini.local>

## Summary
- Allow multiple Dyad apps to run simultaneously instead of stopping the
previous app when switching
- Add garbage collection that stops apps idle for 10+ minutes (unless
currently selected)
- Track `lastViewedAt` timestamp on running apps to determine
eligibility for GC
- Clean up all running apps when the Dyad application quits

## Test plan
1. Create two test apps in Dyad
2. Run the first app and verify it starts
3. Switch to the second app - verify the first app keeps running (check
processes)
4. Wait 10+ minutes without viewing the first app - verify it gets
garbage collected
5. Close Dyad completely - verify all running app processes are stopped

Closes #2819

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2825"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

## Summary
- Check if branch exists locally before attempting to delete it
- If branch only exists on remote, inform user to delete on GitHub
- If branch doesn't exist anywhere, treat as success (already deleted)

## Test plan
- Try deleting a branch that exists locally - should work as before
- Try deleting a branch that only exists on remote - should get helpful
error message
- Try deleting a branch that doesn't exist anywhere - should succeed
silently

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2910"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2887"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Added `sendTelemetryException()` utility that sends `$exception`
events to PostHog via the main→renderer telemetry bridge, including
error type, message, and stack trace
- Wired error capture into all three IPC handler factories
(`createTypedHandler`, `createLoggedTypedHandler`,
`createLoggedHandler`) so every `ipcMain.handle` error is automatically
reported with the IPC channel name as context
- Errors are still re-thrown after capture so existing behavior is
unchanged

## Test plan
- All 844 existing tests pass
- Verify in dev that IPC handler errors appear as `$exception` events in
PostHog with `ipc_channel` property
- Confirm telemetry opt-out still prevents exception events from being
sent (via existing `before_send` filter)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2886"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Add a new setting to configure the maximum number of tool call steps
for local agent interactions
- Users can choose from Low (25), Default (50), High (100), Very High
(250) options
- The setting is integrated into the settings page with search index
support

## Test plan
- [ ] Verify the setting appears in Settings > Agent Settings
- [ ] Change the value and confirm it persists after app restart
- [ ] Verify the agent respects the configured limit during tool calls
- [ ] Run the new e2e tests to confirm UI interactions work correctly

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2900"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

## Summary
- trigger the Claude rebase workflow on PR close events
- add a per-PR concurrency group so a close/merge event cancels any
in-progress rebase run
- restrict the rebase job itself to labeled events so closed PRs only
trigger cancellation

## Test plan
- npm run fmt
- npm run lint:fix
- npm run ts
- npm test

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2915"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

## Summary
- Add `hasCheckedReleaseNotes` ref to track whether release notes have
already been checked in the current session
- Prevent the useEffect from running multiple times due to
settings/appVersion dependency changes
- Refactor conditional logic to use early-return pattern for improved
readability

## Test plan
- Open the app and navigate to Home page
- Verify release notes dialog only shows once per session when there are
new release notes
- Confirm no duplicate API calls to `doesReleaseNoteExist`

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2912"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

should fix #2879.

## Summary
- Add defensive sanitization ensuring tool-call `input` fields are
always valid objects (at minimum `{}`) before messages reach the
Anthropic API
- Prevents LiteLLM from sending empty strings as `tool_use.input` when
converting OpenAI→Anthropic format, which causes `400
invalid_request_error: Input should be a valid dictionary`
- Adds sanitization in two locations: `cleanMessageForOpenAI` (stored
messages) and `maybeCaptureRetryReplayEvent` (stream replay events)

## Context
This is a known LiteLLM bug pattern (issues
[#5063](https://github.com/BerriAI/litellm/issues/5063),
[#15322](https://github.com/BerriAI/litellm/issues/15322),
[#19061](https://github.com/BerriAI/litellm/issues/19061)). When
`function.arguments` is empty or malformed, LiteLLM's `json.loads()`
fails and falls back to passing the raw string as `input`, which
Anthropic rejects.

## Test plan
- [x] Added 3 new unit tests for `cleanMessageForOpenAI` covering empty
string, null, and valid inputs
- [x] All 847 existing tests pass
- [x] Lint, format, and type checks pass

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2890"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

closes #1804
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2344">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Introduces voice input across chat inputs with transcription via Dyad
Engine and Pro gating.
> 
> - Replaces send row with `LexicalVoiceInputRow` in `ChatInput` and
`HomeChatInput`, adding mic control, waveform (`VoiceWaveform`), and
send/cancel integration
> - New `VoiceInputButton` handles Pro-only disabled state,
recording/transcribing states, and tooltips
> - New hooks `useAudioRecorder` and `useVoiceInput` to record via
`MediaRecorder`, visualize with `AnalyserNode`, and call
`ipc.misc.transcribeAudio`
> - IPC: adds `misc.transcribeAudio` contract, registers
`transcription_handlers` that validate input, support E2E mock, and call
`transcribeWithDyadEngine`
> - Dyad Engine util: adds `transcribeWithDyadEngine` with request-id
attempt tracking and multipart upload to `/audio/transcriptions`
> - E2E tests for voice flow and Pro gating; mocks `getUserMedia` and
asserts transcription append
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
7dc1944bf0149a9f88b63a3fdfe0df83e7aa4f9f. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds voice input with waveform visualization and transcription for chat,
gated to Dyad Pro users. Improves reliability with fixes for recording
setup leaks, analyser state, and proper audio MIME typing so IPC-backed
Dyad Engine transcription consistently appends text; addresses #1804.

- **New Features**
- Integrated VoiceInputButton and VoiceWaveform via LexicalVoiceInputRow
in ChatInput and HomeChatInput; appends transcribed text to the input.
- Added useAudioRecorder/useVoiceInput hooks to record via
MediaRecorder, visualize with AnalyserNode, and invoke IPC channel
chat:transcribe.
- Pro gating with tooltip and disabled state for non-Pro users;
recording can always be stopped.
- IPC handler validates payloads and calls Dyad Engine via multipart
upload; includes E2E mock support.
- E2E tests mock getUserMedia and verify transcription append and
Pro-only disabled state.

- **Migration**
- Provide a Dyad Pro API key (settings or DYAD_PRO_API_KEY) and enable
Dyad Pro.
  - Ensure microphone permissions are granted.
- Optionally set DYAD_ENGINE_URL; defaults to https://engine.dyad.sh/v1.

<sup>Written for commit fa71433ae270a7276e5466c6c8df359eab1eb03d.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------
Co-authored-by: Will Chen <willchen90@gmail.com>

## Summary
- Updated stale aria snapshot for `partial_response.spec.ts` that was
consistently failing
- Button text content now renders actual text (e.g., `file1.txt
file1.txt`, `Edit`, `Undo`, `Retry`) instead of empty strings
- Removed `wrote 1 file(s)` text entries that no longer appear in the UI

## Context
Scanned 5 recent CI runs on main and 13 open PRs by
wwwillchen/wwwillchen-bot/dyadbot. Found flaky tests across 16+ spec
files. Most flakiness is CI-specific (timing/load dependent) and cannot
be reproduced locally with 10x repeats. The `partial_response.spec.ts`
snapshot was the only consistently broken test.

## Test plan
- [x] `partial_response.spec.ts` passes 10/10 times locally with updated
snapshot
- [x] Full E2E suite passes (236/243, with only transient flaky failures
unrelated to this change)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2907"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

## Summary
- Added dyadbot wherever wwwillchen-bot was allowlisted in CI workflows
and automation policy docs.
- Updated trusted author/bot references in PR workflow selectors and
skill docs to include dyadbot.

## Test plan
- Ran 
> dyad@0.39.0-beta.1 fmt
> npx oxfmt
- Ran 
> dyad@0.39.0-beta.1 lint:fix
> npx oxlint --fix --fix-suggestions --fix-dangerously

Found 0 warnings and 0 errors.
Finished in 18ms on 817 files with 88 rules using 10 threads.
- Ran 
> dyad@0.39.0-beta.1 ts
> npm run ts:main && npm run ts:workers


> dyad@0.39.0-beta.1 ts:main
> npx tsgo -p tsconfig.app.json --noEmit --incremental


> dyad@0.39.0-beta.1 ts:workers
> npx tsc -p workers/tsc/tsconfig.json --noEmit --incremental
- Verified remaining allowlist references for consistency

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2899"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2832"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->

---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>