See #1692
<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Adds multi-select with a "Fix X Issues" bulk action to Security Review
(severity-sorted, with animated header button), clears selections on
refresh, and improves streaming error logs; includes e2e coverage.
>
> - **Security Review UI
(`src/components/preview_panel/SecurityPanel.tsx`)**:
> - **Multi-select & Bulk Fix**:
> - Add per-row checkboxes and a "Select all" checkbox in
`FindingsTable`; sort by severity; ARIA labels.
> - Track `selectedFindings`; clear on new data; header shows animated
"Fix X Issues" button (`Wrench` icon) that creates one chat with a
combined prompt for selected issues.
> - **Fix Single Issue**: Preserve existing per-row "Fix Issue" flow
with loading states.
> - **Tests**:
> - Add e2e test `security review - multi-select and fix issues` and
snapshots for selection table and combined prompt.
> - **IPC (`src/ipc/ipc_client.ts`)**:
> - Enhance error logging (`console.error`) in `streamMessage` paths;
simplify `cancelChatStream` (remove stale cleanup).
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
08b9f92814e2a676d0a8de1badf7dc79cd82a14a. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add multi-select to the Security Review so you can select issues and fix
them in one go. Improves error handling in chat streaming and adds an
e2e test for the new flow.
- New Features
- Checkboxes per finding and a “Select all” checkbox, with
severity-sorted rows.
- Header shows an animated “Fix X Issues” button when items are
selected; creates one chat with a combined prompt; clears selection
after.
- New e2e test: multi-select and bulk fix.
- Bug Fixes
- Clear selections when new review results load.
- Better error logging in IpcClient for streaming failures; simplify
cancelChatStream to avoid false errors.
<sup>Written for commit 08b9f92814e2a676d0a8de1badf7dc79cd82a14a.
Summary will update automatically on new commits.</sup>
<!-- End of auto-generated description by cubic. -->
Example:
open
"dyad://add-prompt?data=eyJ0aXRsZSI6IlRlc3QgUHJvbXB0IiwiZGVzY3JpcHRpb24iOiJBIHRlc3QgcHJvbXB0IGZyb20gZGVlcCBsaW5rIiwiY29udGVudCI6IlRoaXMgaXMgdGhlIGNvbnRlbnQgb2YgdGhlIHByb21wdC4ifQ%3D%3D"
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Adds dyad://add-prompt deep link that navigates to Library and opens a
prefilled Create Prompt dialog from base64 JSON.
>
> - **Deep Link Handling**
> - Parse `dyad://add-prompt?data=<base64-json>` in `src/main.ts`;
validate with `AddPromptDataSchema` and send `deep-link-received` with
payload.
> - Extend `DeepLinkContext` to navigate to `/library` on `add-prompt`.
> - **Library/Dialogs**
> - Add controlled open state and `prefillData` support to
`CreateOrEditPromptDialog` and `CreatePromptDialog`
(`src/components/CreatePromptDialog.tsx`).
> - In `src/pages/library.tsx`, listen for `add-prompt` deep link,
prefill form, open dialog, and clear deep-link state.
> - **Schemas**
> - Define `AddPromptDataSchema`, `AddPromptPayload`, and
`AddPromptDeepLinkData` in `src/ipc/deep_link_data.ts` and include in
`DeepLinkData` union.
> - **E2E Tests**
> - Add Playwright test `e2e-tests/add_prompt_deep_link.spec.ts` and
ARIA snapshot to verify deep link opens prefilled dialog and saves
prompt.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
1ddb12306cfca195682c8a1b719f60093b858d54. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
I implemented file referencing feature mentioned in issue #1591
<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds support for referencing app files in chat using @file:<path>. The
input now autocompletes files, and the backend validates and surfaces
referenced files in the chat context as read-only.
- **New Features**
- Chat input autocompletes @ mentions for apps, prompts, and files.
- Recognizes @file:<path> and converts it to a structured mention on
submit.
- Backend parses @file mentions, checks file existence, and adds a
“Referenced Files” section to the system message.
- New get-app-files IPC handler and useAppFiles hook to load file paths
for the selected app (appFilesAtom added).
- e2e test for mentioning a file and capturing server dump.
<!-- End of auto-generated description by cubic. -->
Fixes#672
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Add selectable problem rows with Select all/Clear all and Fix N
selected, and update tests to cover selection behavior.
>
> - **UI (Problems panel)**:
> - Add checkbox selection for each problem row (`ProblemItem`) with row
click-to-toggle, `data-testid="problem-row"`, and accessibility
attributes.
> - Introduce selection state in `_Problems` with auto-select-all on
report load; provide Select all / Clear all controls.
> - Change Fix button to operate on selected problems only, showing
dynamic label `Fix N problem(s)` and disabled when none selected.
> - Wire `RecheckButton` to clear selection before rechecking; minor
hover style tweaks; add `Checkbox` component.
> - **E2E Tests**:
> - New test: selecting specific problems and fixing only selected; add
snapshots for prompt content.
> - Update manual edit tests (React/Vite, Next.js) to assert Fix button
enabled/disabled and counts; remove old ARIA snapshots.
> - Minor import addition for `Timeout` and related expectations.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
8324e26f9d2d265e7e0d1f1b7538e2a8db40f674. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Adds Supabase database branch selection per app, with a new schema field
and UI to choose a branch after connecting a project. Resets branch when
changing or disconnecting the project to keep state consistent.
- **New Features**
- Added apps.supabase_branch_id column.
- Branch dropdown in SupabaseConnector shown after a project is
connected; selection persists and triggers app refresh.
- New state and hooks: supabaseBranchesAtom, loadBranches(projectId),
setAppBranch(branchId).
- IPC endpoints: supabase:list-branches and supabase:set-app-branch;
setting/unsetting project also clears the branch.
- **Migration**
- Apply drizzle migration 0013_supabase_branch.sql to add the
supabase_branch_id column (defaults to null).
<!-- End of auto-generated description by cubic. -->
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Adds Supabase database branch selection per app, including parent
project tracking, new IPC endpoints, UI dropdown, and an accompanying DB
migration with e2e tests.
>
> - **Database**:
> - Add `apps.supabase_parent_project_id` via migration
`drizzle/0015_complete_old_lace.sql`; snapshot and journal updated.
> - **IPC/Main**:
> - New `supabase:list-branches` handler and management client
`listSupabaseBranches` (real API + test stubs).
> - Update `supabase:set-app-project` to accept `{ projectId,
parentProjectId?, appId }`; unset clears both IDs.
> - `get-app` resolves `supabaseProjectName` using
`supabase_parent_project_id` when present.
> - **Types & Client**:
> - Add `SupabaseBranch`, `SetSupabaseAppProjectParams`, and
`App.supabaseParentProjectId`; expose `listSupabaseBranches` and updated
`setSupabaseAppProject` in `ipc_client` and preload whitelist.
> - **UI/Hooks**:
> - Supabase UI: branch dropdown in `SupabaseConnector` with
`loadBranches`, selection persists via updated `setAppProject`.
> - State: add `supabaseBranchesAtom`; `useSupabase` gets `branches`,
`loadBranches`, new param shape for `setAppProject`.
> - TokenBar/ChatInput: add `data-testid` for token bar and toggle.
> - **Supabase Context (tests)**:
> - Test build returns large context for `test-branch-project-id` to
validate branch selection.
> - **E2E Tests**:
> - Add `supabase_branch.spec.ts` and snapshot verifying branch
selection affects token usage.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
33054278db8396b4371ed6e8224105cb5684b7ac. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
## Summary
Adds the ability to import GitHub repositories directly into Dyad from
the home screen, complementing the existing local folder import feature.
- GitHub Import Modal: New modal accessible from home screen via "Import
from Github" button with two Import methods
- Select project from GitHub repositories list
- Clone from any GitHub URL
- Advanced Options: Optional custom install/start commands (defaults to
project's package.json scripts)
- Auto AI_RULES Generation: Automatically generates AI_RULES.md if not
present in imported repo
closes#1424
<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds a GitHub import flow from the home screen so users can clone repos
via their list or any URL, with optional install/start commands and
automatic AI_RULES.md generation. Addresses Linear #1424 by enabling
seamless project setup from GitHub.
- **New Features**
- Import modal with two tabs: Your Repositories and From URL.
- Advanced options for install/start commands with validation; defaults
used when both are empty.
- After cloning, navigate to chat and auto-generate AI_RULES.md if
missing.
- New IPC handler github:clone-repo-from-url with token auth support,
plus IpcClient method and preload channel.
- E2E tests cover modal open, auth, import via URL/repo list, and
advanced options.
- **Dependencies**
- Added @radix-ui/react-tabs for the modal tab UI.
<!-- End of auto-generated description by cubic. -->
<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Send mentioned apps (names + files) to the engine through
dyad_options, omit inline other-apps prefix when engine is enabled, and
adjust e2e to snapshot request payload.
>
> - **Engine/Backend**:
> - Pass mentioned apps to engine via
`providerOptions['dyad-engine'].dyadMentionedApps` and forward as
`dyad_options.mentioned_apps` in `llm_engine_provider`.
> - Gate inline other-apps context: only include `otherCodebasePrefix`
when `isEngineEnabled` is false.
> - Enhance `extractMentionedAppsCodebases` to return `files` alongside
`codebaseInfo`.
> - **Tests**:
> - e2e: change `mention app (with pro)` snapshot to
`snapshotServerDump("request")` and update snapshot to assert request
payload contents.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
7ddddf6c16c53cd36b4c7e4ec6a57da0616d1bb0. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Fixes#1405
<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Adds GPT-5 Codex (OpenAI and Azure) and Claude 4.5 Sonnet to the model
options to enable newer coding models and larger contexts. Also
increases Claude 4 Sonnet max output tokens to 32k.
<!-- End of auto-generated description by cubic. -->
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Adds GPT‑5 Codex (OpenAI/Azure) and Claude 4.5 Sonnet, and increases
Claude 4 Sonnet max output tokens to 32k across providers and tests.
>
> - **Models**:
> - **OpenAI**: add `gpt-5-codex` (400k context, default temp 1).
> - **Anthropic**:
> - add `claude-sonnet-4-5-20250929` (1M context, `maxOutputTokens:
32_000`).
> - update `claude-sonnet-4-20250514` `maxOutputTokens` from `16_000` to
`32_000`.
> - **Azure**: add `gpt-5-codex` (400k context, `maxOutputTokens:
128_000`).
> - **Bedrock**:
> - add `us.anthropic.claude-sonnet-4-5-20250929-v1:0` (1M context,
`maxOutputTokens: 32_000`).
> - update `us.anthropic.claude-sonnet-4-20250514-v1:0`
`maxOutputTokens` to `32_000`.
> - **E2E tests**:
> - Update snapshots to reflect `max_tokens` increased to `32000` for
`anthropic/claude-sonnet-4-20250514` in engine and gateway tests.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
73298d2da0c833468f957bb436f1e33400307483. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Fixes MCP handoff by detecting an edit-code tool call and stopping
generation. Simplifies the title bar credit tooltip; also blocks dyad-*
tags in the system prompt and updates tests.
- **Bug Fixes**
- Stop generation on edit-code via hasToolCall; add a no-op edit-code
tool to signal handoff.
- Combine tool-call stop with existing step limit for reliability.
- Forbid <dyad-*> tags in the system prompt to prevent misuse.
- Remove credit usage/reset details from the title bar tooltip; keep the
delay note.
- Update e2e snapshot to reflect the new prompt rule.
<!-- End of auto-generated description by cubic. -->
## 🚀 Feature: Inline Code Editor
This PR adds a comprehensive inline code editing experience to the
DyadWrite component.
### ✨ What's New
- **Inline Monaco Editor**: Edit code directly within the component
using Monaco Editor
- **Cancel/Revert**: Cancel changes and revert to original code state
- **Language Detection**: Automatic syntax highlighting based on file
extensions
- **Theme Support**: Proper dark/light mode theming integration
https://github.com/user-attachments/assets/c44ab622-6b86-403c-904d-3f327f9719e8
<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Adds an inline Monaco-based code editor to DyadWrite so users can edit
code blocks in place, then save or cancel changes. Saves stream edits
back to the chat as a dyad-edit block.
- **New Features**
- Inline editor with Edit, Save, and Cancel; preserves original code and
auto-expands when editing.
- Language detection from file extension and dark/light theme support.
- Save streams edits via useStreamChat as <dyad-edit
path="...">...</dyad-edit> tied to the selected chat.
- Non-edit view still uses CodeHighlight; visibility toggle and
in-progress state respected.
- **Refactors**
- ChatMessage now uses DyadMarkdownParser instead of
VanillaMarkdownParser.
<!-- End of auto-generated description by cubic. -->
<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Set “balanced” as the default smart context mode. Users now get balanced
when Smart Files Context is enabled and no mode is set; “conservative”
must be explicitly selected.
- **Refactors**
- Default fallback to balanced in UI and engine (proSmartContextOption
undefined -> "balanced").
- ProModeSelector saves "conservative" explicitly; selector reads
undefined as balanced.
- Updated schema and types to allow "balanced" | "conservative".
- Engine payload now includes smart_context_mode with "balanced" by
default; e2e tests and snapshots updated.
- **Migration**
- No action needed. Existing users without an explicit mode will use
balanced by default; selecting conservative persists.
<!-- End of auto-generated description by cubic. -->
1. Show less common AI providers (secondary) in submenu
2. Show $ signs for rough cost guide
3. Show "Pro" for supported AI providers with Pro is enabled
<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Improves the Model Picker UX by grouping less-used providers under an
“Other AI providers” submenu and adding clear cost and Pro indicators.
This makes picking models faster and more informative.
- **New Features**
- Grouped secondary providers under “Other AI providers” using a new
provider.secondary flag (Azure marked secondary).
- Added rough cost hints: models can set dollarSigns and the UI shows a
“$” badge accordingly.
- Shows a “Pro” badge on supported cloud providers when Pro is enabled;
added a “Custom” badge for custom providers.
- Extended types: LanguageModelProvider.secondary and
LanguageModel.dollarSigns; populated values across OpenAI, Anthropic,
Google, and OpenRouter.
<!-- End of auto-generated description by cubic. -->
This allows almost all the iframe sandbox tokens
https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/iframe#sandbox
except notably for allow-top-navigation*
Note: allow-same-origin should be OK because the main window is under
the `file://` origin while the iframe window is served on
`localhost:####`
<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Enable sandboxing on the preview iframe to isolate preview content while
preserving needed capabilities (allow-same-origin, scripts, forms,
popups, modals, orientation/pointer lock, presentation, downloads).
Top-level navigation remains disallowed; allow-same-origin is safe
because the app is file:// and the iframe runs on localhost.
<!-- End of auto-generated description by cubic. -->
Fixes#710
This PR implements comprehensive Azure OpenAI integration for Dyad,
enabling users to leverage Azure
OpenAI models through proper environment variable configuration. The
implementation adds Azure as a
supported provider with full integration into the existing language
model architecture, including support
for GPT-5 models. Key features include environment-based
configuration using `AZURE_API_KEY` and `AZURE_RESOURCE_NAME`,
specialized UI components that provide clear
setup instructions and status indicators, and seamless integration with
Dyad's existing provider system.
The Azure provider leverages the @ai-sdk/azure package (v1.3.25) for
compatibility with the current
TypeScript language model interfaces.
The implementation includes robust error handling for missing
configuration, comprehensive test coverage
with 9 new unit tests covering critical functionality like model client
creation and error scenarios, and
an E2E test for the Azure-specific settings UI.
<img width="1510" height="908" alt="Screenshot 2025-08-18 at 9 14 32 PM"
src="https://github.com/user-attachments/assets/04aa99e1-1590-4bb0-86c9-a67b97bc7500"
/>
---------
Co-authored-by: graphite-app[bot] <96075541+graphite-app[bot]@users.noreply.github.com>
Co-authored-by: Will Chen <willchen90@gmail.com>
Fixes#1037
<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Enable JSON file support in codebase scanning so common configs and data
(e.g., package.json, vercel.json, translations) are included. Adds .json
to the allowed extensions and removes special-casing for
package.json/vercel.json.
<!-- End of auto-generated description by cubic. -->
Fixes#554#1049
<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Stop mutating package.json when reading files. readFileWithCache now
returns raw content so all fields are preserved (e.g., packageManager).
Fixes#554 and #1049.
- **Bug Fixes**
- Removed package.json "cleaning" logic and the cleanContent helper.
- Return and cache unmodified file content from both fs and
virtualFileSystem.
<!-- End of auto-generated description by cubic. -->
<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Parameterized the system prompt and tokenized it in e2e dumps to make
snapshots smaller and stable. No runtime behavior changes; future prompt
edits won’t churn tests.
- **Refactors**
- Exported BUILD_SYSTEM_PREFIX and BUILD_SYSTEM_POSTFIX from
system_prompt.ts.
- Updated test_helper to replace the full prompt with
${BUILD_SYSTEM_PREFIX}/${BUILD_SYSTEM_POSTFIX} tokens in message dumps.
- Regenerated e2e snapshots to use tokens, reducing ~270 lines per
snapshot.
<!-- End of auto-generated description by cubic. -->
<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
Adds Smart Context v3 with selectable modes (Off, Conservative,
Balanced) and surfaces token savings in chat. Also improves token
estimation by counting per-file tokens when Smart Context is enabled.
- **New Features**
- Smart Context selector in Pro settings with three options.
Conservative is the default when enabled without an explicit choice.
- New setting: proSmartContextOption ("balanced"); undefined implies
Conservative.
- Engine now receives enable_smart_files_context and smart_context_mode.
- Chat shows a DyadTokenSavings card when the message contains
token-savings?original-tokens=...&smart-context-tokens=..., with percent
saved and a tooltip for exact tokens.
- Token estimation uses extracted file contents for accuracy when Pro +
Smart Context is on; otherwise falls back to formatted codebase output.
<!-- End of auto-generated description by cubic. -->
- [x] Update chat_stream_handlers
- [x] Update token handlers
- [x] Update HomeChatInput
- [x] update lexical chat input: do not allow referencing same app
(current app, or other already selected apps)
- [x] I don't think smart context will work on this...
- [x] Enter doesn't clear...
Test cases:
- [x] create-ts-errors
- [x] with auto-fix
- [x] without auto-fix
- [x] create-unfixable-ts-errors
- [x] manually edit file & click recheck
- [x] fix all
- [x] delete and rename case
THINGS
- [x] error handling for checkProblems isn't working as expected
- [x] make sure it works for both default templates (add tests)
- [x] fix bad animation
- [x] change file context (prompt/files)
IF everything passes in Windows AND defensive try catch... then enable
by default
- [x] enable auto-fix by default
