dyad: Add version 0.32.0

[zeldrisho]

Closes #16951

scoop bucket add zeldrisho https://github.com/zeldrisho/scoop-bucket
scoop install zeldrisho/dyad

• I have read the Contributing Guide

Summary by CodeRabbit

• Chores
  • Added dyad v0.32.0 package with automatic update support from GitHub releases.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

A new Scoop package manifest for dyad version 0.32.0 has been added. The manifest file defines the application metadata, download location, SHA256 hash, installation settings, and automatic update mechanics via GitHub releases for the free, open-source AI app builder.

Changes

Cohort / File(s)	Summary
New Scoop Manifest bucket/dyad.json	Added manifest for dyad v0.32.0 with download URL, SHA256 verification, installation configuration (extract directory, shortcut mapping), and autoupdate rules pointing to GitHub releases.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

review-needed

Suggested reviewers

• z-Fng

Poem

🐰 A manifest hops into the bucket so fine,
Dyad joins the fold, version thirty-two divine,
GitHub releases watched with careful eye,
Hashes verified—no deception nearby,
Updates flow smooth as a rabbit's ballet! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly identifies the package name and version being added, directly matching the main change in the pull request.
Description check	✅ Passed	The description includes the issue reference (Closes #16951), usage instructions, and confirms the contributor read the Contributing Guide; only the conventional PR title checkbox is not explicitly checked.
Linked Issues check	✅ Passed	The PR successfully addresses #16951 by adding a manifest file for dyad v0.32.0 with correct version, description, license, download URL, SHA256 hash, and autoupdate configuration.
Out of Scope Changes check	✅ Passed	The PR contains only the addition of bucket/dyad.json manifest, which is directly in scope for fulfilling the package request requirements in #16951.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

All changes look good.

Wait for review from human collaborators.

dyad

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @bucket/dyad.json:
- Line 5: The package manifest currently lists only "Apache-2.0"; update the
license declaration to reflect the dual-license arrangement by either replacing
the single "license" value with a "licenses" array that includes both
"Apache-2.0" and "FSL-1.1" (or similar identifier for Functional Source License
1.1), or add a clear "license" string describing the mixed licensing (e.g.,
"Apache-2.0 (src/* except src/pro) + FSL-1.1 (src/pro)"); ensure the change is
made in the manifest's license field so consumers and tooling can detect the
mixed-license model.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c38bee0 and bed425f.

📒 Files selected for processing (1)

• bucket/dyad.json

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16378
File: bucket/compactgui.json:20-22
Timestamp: 2025-10-19T13:58:23.389Z
Learning: In the ScoopInstaller/Extras repository, the CompactGUI manifest removed hash verification from the autoupdate block because the hash verification mechanism (scraping SHA-256 from release page HTML) is no longer available in newer CompactGUI releases. GitHub asset digests exist in beta releases but not in v3.8.0, and Scoop doesn't have built-in support for extracting from GitHub API asset digests.

Learnt from: Lutra-Fs
Repo: ScoopInstaller/Extras PR: 16020
File: bucket/regedix.json:6-8
Timestamp: 2025-09-26T02:55:31.132Z
Learning: For Scoop manifests, prefer using "suggest" over "depends" for .NET runtime dependencies because user machines often have externally managed .NET runtimes already installed, and using "depends" could cause duplicate installations of the same runtime.

Learnt from: mokosiy
Repo: ScoopInstaller/Extras PR: 16428
File: bucket/multidrive.json:8-8
Timestamp: 2025-10-27T13:19:16.982Z
Learning: For MultiDrive manifests in the ScoopInstaller/Extras repository: the direct download URL at dl.atola.com causes 403 errors due to Cloudflare Bot Fight Mode blocking the Scoop bot, so GitHub Releases URLs should be used instead (e.g., https://github.com/atola-technology/multidrive/releases/download/...).

Learnt from: Gitoffthelawn
Repo: ScoopInstaller/Extras PR: 16106
File: bucket/czkawka-gui.json:25-25
Timestamp: 2025-09-05T09:41:52.653Z
Learning: For czkawka-gui manifests in Scoop Extras, the correct upstream filename pattern for Windows GUI builds in recent versions uses "gtk46" (without underscore), not "gtk_46" (with underscore). The autoupdate URL should use "windows_czkawka_gui_gtk46.zip" format. This was confirmed by a working 10.0.0 update with valid hash.

📚 Learning: 2025-10-19T13:58:23.389Z

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16378
File: bucket/compactgui.json:20-22
Timestamp: 2025-10-19T13:58:23.389Z
Learning: In the ScoopInstaller/Extras repository, the CompactGUI manifest removed hash verification from the autoupdate block because the hash verification mechanism (scraping SHA-256 from release page HTML) is no longer available in newer CompactGUI releases. GitHub asset digests exist in beta releases but not in v3.8.0, and Scoop doesn't have built-in support for extracting from GitHub API asset digests.

Applied to files:

• bucket/dyad.json

📚 Learning: 2025-10-16T13:42:43.224Z

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16349
File: bucket/debugviewpp.json:14-21
Timestamp: 2025-10-16T13:42:43.224Z
Learning: In the DebugViewPP project (CobaltFusion/DebugViewPP), the executable name changed from "DebugView++.exe" (in v1.8.0.103 and earlier) to "Debugviewpp.exe" (in v1.9.0.28 and later). The manifest bucket/debugviewpp.json correctly uses "Debugviewpp.exe" for current versions.

Applied to files:

• bucket/dyad.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: WindowsPowerShell
• GitHub Check: PullRequestHandler

🔇 Additional comments (2)

bucket/dyad.json (2)

12-12: Verify the extract directory exists in the package.

The extract_dir assumes the .nupkg contains a lib\net45 directory with the executable. This should be confirmed by the verification script in the previous comment. If the directory structure differs, the extraction will fail.

---

22-28: Add SHA256 hash verification to the autoupdate block.

GitHub provides SHA256 digests for dyad release assets via the Releases API. The autoupdate block should extract and verify the hash to ensure package integrity across updates:

"hash": "sha256:$matchHash"

This follows Scoop best practices and leverages the hash data already available in dyad's releases.

⛔ Skipped due to learnings

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16378
File: bucket/compactgui.json:20-22
Timestamp: 2025-10-19T13:58:23.389Z
Learning: In the ScoopInstaller/Extras repository, the CompactGUI manifest removed hash verification from the autoupdate block because the hash verification mechanism (scraping SHA-256 from release page HTML) is no longer available in newer CompactGUI releases. GitHub asset digests exist in beta releases but not in v3.8.0, and Scoop doesn't have built-in support for extracting from GitHub API asset digests.

Learnt from: Gitoffthelawn
Repo: ScoopInstaller/Extras PR: 16106
File: bucket/czkawka-gui.json:25-25
Timestamp: 2025-09-05T09:41:52.653Z
Learning: For czkawka-gui manifests in Scoop Extras, the correct upstream filename pattern for Windows GUI builds in recent versions uses "gtk46" (without underscore), not "gtk_46" (with underscore). The autoupdate URL should use "windows_czkawka_gui_gtk46.zip" format. This was confirmed by a working 10.0.0 update with valid hash.

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16349
File: bucket/fvim.json:45-49
Timestamp: 2025-10-16T15:59:21.258Z
Learning: In Scoop manifests, the `autoupdate.url` and `autoupdate.architecture.<arch>.url` fields must be valid URIs according to the JSON schema (defined with `"format": "uri"`). Variables like `$matchUrlx64` that contain only path segments must be combined with a base URL (e.g., `https://github.com/.../releases/download/`) to form a complete valid URI.

Learnt from: Gitoffthelawn
Repo: ScoopInstaller/Extras PR: 16106
File: bucket/czkawka-gui.json:25-25
Timestamp: 2025-09-05T09:41:52.653Z
Learning: For czkawka-gui manifests in Scoop Extras, the correct upstream filename pattern for Windows GUI builds uses "gtk46" (without underscore), not "gtk_46" (with underscore). The autoupdate URL should use "windows_czkawka_gui_gtk46.zip" format.

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16328
File: bucket/winutil.json:0-0
Timestamp: 2025-10-13T09:37:06.093Z
Learning: When reviewing code in Scoop manifests, always verify the actual file content if the diff appears incomplete or unusual, as diff context can be truncated or displayed incorrectly. The pattern `[string[]](...).ForEach{...}` is commonly used in post_uninstall scripts across the Extras repository.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check for LICENSE files in the repository
echo "=== Searching for LICENSE files ==="
fd -i "license" -t f | head -20

echo ""
echo "=== Checking repository structure ==="
git ls-files | grep -i license | head -10

echo ""
echo "=== Checking GitHub API for license ==="
curl -s https://api.github.com/repos/dyad-sh/dyad | jq -r '.license.spdx_id // .license'

Repository: ScoopInstaller/Extras

Length of output: 282

---

🏁 Script executed:

cat LICENSE

Repository: ScoopInstaller/Extras

Length of output: 1298

---

🌐 Web query:

dyad project license Apache-2.0 github

💡 Result:

The official dyad repo (dyad-sh/dyad) uses Apache‑2.0 for all code outside src/pro; code in src/pro is under the Functional Source License 1.1 (not Apache). [1][2]

Sources:

• dyad-sh/dyad README/license notes. [1]
• Example fork showing Apache-2.0 labeling. [2]

---

The Apache-2.0 license declaration is incomplete.

The dyad project uses a dual license model: Apache-2.0 for code outside src/pro, and Functional Source License 1.1 for code in src/pro. The manifest should either list both licenses or document the mixed license arrangement.

🤖 Prompt for AI Agents

In @bucket/dyad.json at line 5, The package manifest currently lists only
"Apache-2.0"; update the license declaration to reflect the dual-license
arrangement by either replacing the single "license" value with a "licenses"
array that includes both "Apache-2.0" and "FSL-1.1" (or similar identifier for
Functional Source License 1.1), or add a clear "license" string describing the
mixed licensing (e.g., "Apache-2.0 (src/* except src/pro) + FSL-1.1 (src/pro)");
ensure the change is made in the manifest's license field so consumers and
tooling can detect the mixed-license model.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -e

echo "=== Verifying dyad release artifacts ==="

# Check if .nupkg file exists and verify hash
echo -e "\n1. Downloading and verifying .nupkg file..."
if curl -sL -f "https://github.com/dyad-sh/dyad/releases/download/v0.32.0/dyad-0.32.0-full.nupkg" -o /tmp/dyad.nupkg 2>/dev/null; then
    echo "✓ .nupkg file downloaded successfully"
    actual_hash=$(sha256sum /tmp/dyad.nupkg | awk '{print $1}')
    expected_hash="b200d4a17b67551e029247f37c9082ada05cc9f6a09a07cad7145c9d3e3511a1"
    echo "  Expected: $expected_hash"
    echo "  Actual:   $actual_hash"
    if [ "$actual_hash" = "$expected_hash" ]; then
        echo "  ✓ Hash matches!"
    else
        echo "  ✗ Hash MISMATCH!"
    fi
    
    # Inspect package structure
    echo -e "\n2. Inspecting .nupkg structure (looking for lib/net45 and dyad.exe)..."
    unzip -l /tmp/dyad.nupkg 2>/dev/null | grep -i "lib.*net45\|dyad\.exe" || echo "  No matching files found with those patterns"
    
    echo -e "\n3. Full file listing in .nupkg:"
    unzip -l /tmp/dyad.nupkg 2>/dev/null | head -30
    
    rm /tmp/dyad.nupkg
else
    echo "✗ Failed to download .nupkg file"
fi

# Check if .Setup.exe file exists
echo -e "\n4. Checking if .Setup.exe file exists..."
if curl -sL -I "https://github.com/dyad-sh/dyad/releases/download/v0.32.0/dyad-0.32.0.Setup.exe" 2>/dev/null | head -1 | grep -q "200\|302"; then
    echo "✓ .Setup.exe file exists"
else
    echo "✗ .Setup.exe file not found or not accessible"
fi

Repository: ScoopInstaller/Extras

Length of output: 42409

---

The .nupkg file is valid and accessible; verify the hash externally.

The .nupkg file successfully downloads and contains the correct structure (lib\net45\dyad.exe present). Using a NuGet package instead of the .Setup.exe is a legitimate approach for Scoop portable installation as it avoids running an installer.

However, the hash b200d4a17b67551e029247f37c9082ada05cc9f6a09a07cad7145c9d3e3511a1 could not be verified in this environment due to tool limitations. Please confirm this hash is correct by verifying it locally:

(Get-FileHash "dyad-0.32.0-full.nupkg" -Algorithm SHA256).Hash

If the hash does not match, update the manifest accordingly.