@bniladridas/cursor 0.1.7

package/.github/workflows/README.md

@@ -0,0 +1,23 @@
+# Workflows
+
+| Workflow | Trigger | What it does |
+|----------|---------|--------------|
+| `ci.yml` | PR, push | Build, test, Docker push |
+| `cla.yml` | PR | CLA check |
+| `release.yml` | Tag `v*` | Build binaries, release, formula update, npm publish |
+| `formula-sha.yml` | Manual | Update Homebrew formula SHA |
+| `security.yml` | Push, PR | Trivy security scan |
+| `version-bump.yml` | Tag `v*` | Bump version |
+| `pr-body.yml` | PR | Clean PR body formatting |
+| `issue-response.yml` | Issue opened | Label platform, respond |
+| `stale.yml` | Weekly | Mark/close stale issues/PRs |
+
+## Secrets
+
+| Secret | Used By |
+|--------|---------|
+| `NPM_TOKEN` | release.yml |
+| `DOCKER_USERNAME` | ci.yml |
+| `DOCKER_PASSWORD` | ci.yml |
+| `CURSOR_BOT_CLIENT_ID` | formula-sha.yml, pr-body.yml, issue-response.yml, stale.yml |
+| `CURSOR_BOT_PRIVATE_KEY` | formula-sha.yml, pr-body.yml, issue-response.yml, stale.yml |

package/.github/workflows/ci.yml

@@ -0,0 +1,181 @@
+name: ci
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: ["*"]
+  release:
+    types: [published]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  security-events: write
+  packages: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: build (${{ matrix.os_short }}, ${{ matrix.build_type == 'Release' && 'release' || 'debug' }})
+    runs-on: ${{ matrix.os }}
+    if: github.repository_owner == 'bniladridas'
+    strategy:
+      matrix:
+        include:
+          - os: ubuntu-latest
+            os_short: ubuntu
+            build_type: release
+          - os: ubuntu-latest
+            os_short: ubuntu
+            build_type: debug
+          - os: macos-latest
+            os_short: macos
+            build_type: release
+          - os: macos-latest
+            os_short: macos
+            build_type: debug
+          - os: windows-latest
+            os_short: windows
+            build_type: release
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: cache
+        uses: actions/cache@v5
+        with:
+          path: |
+            build
+            ~/.cache/vcpkg
+            C:\vcpkg\installed
+          key: ${{ runner.os }}-${{ matrix.build_type }}-${{ hashFiles('CMakeLists.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ matrix.build_type }}-
+
+      - name: setup
+        shell: bash
+        run: |
+          if [[ "$RUNNER_OS" == "Linux" ]]; then
+            sudo apt update
+            sudo apt install -y nlohmann-json3-dev cmake build-essential \
+              libcurl4-openssl-dev libpqxx-dev expect clang-tidy
+          elif [[ "$RUNNER_OS" == "macOS" ]]; then
+            export HOMEBREW_NO_REQUIRE_TAP_TRUST=1
+            brew update
+            brew install cmake nlohmann-json cpr libpqxx expect llvm
+          else
+            powershell -Command "
+              Set-ExecutionPolicy Bypass -Scope Process -Force;
+              iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex;
+              choco install -y cmake --no-progress;
+              git clone https://github.com/microsoft/vcpkg.git C:\vcpkg;
+              C:\vcpkg\bootstrap-vcpkg.bat -disableMetrics;
+              C:\vcpkg\vcpkg.exe integrate install;
+              C:\vcpkg\vcpkg.exe install cpr nlohmann-json libpqxx --triplet x64-windows
+            "
+          fi
+
+      - name: build
+        shell: bash
+        run: |
+          if [[ "$RUNNER_OS" == "Windows" ]]; then
+            cmake -S . -B build \
+              -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake \
+              -DCMAKE_BUILD_TYPE=${{ matrix.build_type }}
+          else
+            FLAGS=""
+            [[ "$RUNNER_OS" == "macOS" ]] && FLAGS="-DCMAKE_PREFIX_PATH=/opt/homebrew"
+            cmake -S . -B build -DCMAKE_BUILD_TYPE=${{ matrix.build_type }} $FLAGS
+          fi
+          cmake --build build --config ${{ matrix.build_type }}
+
+      - name: test
+        shell: bash
+        run: |
+          cmake --build build --target preflight --config ${{ matrix.build_type }} || true
+
+      - uses: actions/upload-artifact@v6
+        with:
+          name: cursor-${{ matrix.os }}-${{ matrix.build_type }}
+          path: |
+            build/bin/cursor-agent*
+            build/bin/Release/cursor-agent.exe
+
+  coverage:
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.event_name != 'release'
+    steps:
+      - uses: actions/checkout@v6
+      - run: |
+          sudo apt update
+          sudo apt install -y nlohmann-json3-dev cmake build-essential libcurl4-openssl-dev libpqxx-dev lcov
+          cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug
+          cmake --build build --target coverage
+      - uses: codecov/codecov-action@v7
+        with:
+          files: build/coverage/coverage.info
+          flags: unittests
+          name: codecov
+          fail_ci_if_error: false
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - run: |
+          sudo apt update
+          sudo apt install -y clang-tidy cmake build-essential \
+            libcurl4-openssl-dev nlohmann-json3-dev libpqxx-dev
+          cmake -S . -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
+          echo "Running basic syntax check..."
+          clang-tidy --list-checks > /dev/null && echo "✅ Clang-tidy available"
+          echo "✅ Lint check completed (detailed linting handled by pre-commit hooks)"
+
+  e2e:
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
+    steps:
+      - uses: actions/checkout@v6
+      - uses: docker/setup-buildx-action@v4
+      - run: docker compose -f tests/e2e/docker-compose.yml --project-directory . up --abort-on-container-exit --exit-code-from e2e-tests
+      - if: failure()
+        uses: actions/upload-artifact@v6
+        with:
+          name: e2e-logs
+          path: tests/e2e/e2e_test.log
+
+  docker:
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main' || github.event_name == 'release'
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v6
+      - uses: docker/setup-buildx-action@v4
+      - uses: docker/login-action@v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=ref,event=branch
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      - uses: docker/build-push-action@v7
+        with:
+          context: .
+          file: ./.github/packaging/docker/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+

package/.github/workflows/cla.yml

@@ -0,0 +1,33 @@
+name: cla
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  cla:
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'bniladridas' && github.event.pull_request.user.type != 'Bot'
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          sparse-checkout: |
+            .github/signed.json
+
+      - uses: actions/checkout@v6
+        with:
+          repository: palmshed/clabot
+          path: cla-bot
+
+      - name: Prepare CLA signers
+        run: cp .github/signed.json cla-signers.json
+
+      - name: CLA check
+        uses: ./cla-bot
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          cla-url: "https://harpertoken.github.io/cla.html"

package/.github/workflows/formula-sha.yml

@@ -0,0 +1,63 @@
+name: formula sha
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: Release tag
+        required: true
+        type: string
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/create-github-app-token@v3
+        id: app-token
+        with:
+          client-id: ${{ secrets.CURSOR_BOT_CLIENT_ID }}
+          private-key: ${{ secrets.CURSOR_BOT_PRIVATE_KEY }}
+
+      - name: Resolve tag
+        id: tag
+        run: printf 'tag=%s\n' "${{ inputs.tag }}" >> "$GITHUB_OUTPUT"
+
+      - name: Apply sha
+        run: |
+          tag="${{ steps.tag.outputs.tag }}"
+          version="${tag#v}"
+
+          url="https://github.com/bniladridas/cursor/archive/refs/tags/${tag}.tar.gz"
+          curl -fsSL "$url" -o source.tar.gz
+          sha="$(sha256sum source.tar.gz | awk '{print $1}')"
+          TAG="$tag" SHA="$sha" ruby -0pi -e 'gsub(/url "https:\/\/github\.com\/bniladridas\/cursor\/archive\/refs\/tags\/v[^\"]+\.tar\.gz"/, "url \"https:\/\/github.com\/bniladridas\/cursor\/archive\/refs\/tags\/#{ENV.fetch("TAG")}.tar.gz\""); gsub(/sha256 "[0-9a-f]{64}"/, "sha256 \"#{ENV.fetch("SHA")}\"")' Formula/cursor.rb
+          rm source.tar.gz
+
+          bottle_url="https://github.com/bniladridas/cursor/releases/download/${tag}/cursor-${version}.arm64_sequoia.bottle.tar.gz"
+          if curl -fsSL "$bottle_url" -o bottle.tar.gz; then
+            bottle_sha="$(sha256sum bottle.tar.gz | awk '{print $1}')"
+            BOTTLE_SHA="$bottle_sha" ruby -0pi -e '
+              gsub(/sha256 arm64_sequoia: "[0-9a-f]{64}"/, "sha256 arm64_sequoia: \"#{ENV.fetch("BOTTLE_SHA")}\"")
+            ' Formula/cursor.rb
+            rm bottle.tar.gz
+          fi
+
+      - name: Open pull request
+        uses: peter-evans/create-pull-request@v8
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          base: main
+          branch: formula-sha-${{ steps.tag.outputs.tag }}
+          delete-branch: true
+          title: "chore: formula sha"
+          commit-message: "chore: formula sha"
+          body: ""

package/.github/workflows/issue-response.yml

@@ -0,0 +1,44 @@
+name: issue response
+
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  respond:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
+
+    steps:
+      - id: app-token
+        uses: actions/create-github-app-token@v3
+        with:
+          client-id: ${{ secrets.CURSOR_BOT_CLIENT_ID }}
+          private-key: ${{ secrets.CURSOR_BOT_PRIVATE_KEY }}
+          permission-issues: write
+
+      - name: label platform
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          ISSUE: ${{ github.event.issue.number }}
+          REPO: ${{ github.repository }}
+          BODY: ${{ github.event.issue.body }}
+        run: |
+          raw=$(echo "$BODY" | grep -A1 '^\*\*Platform:\*\*' | tail -1)
+          platform=$(echo "$raw" | grep -ioP 'macOS|Linux|Windows' | head -1)
+          if [ -n "$platform" ]; then
+            label=$(echo "$platform" | tr '[:upper:]' '[:lower:]')
+            gh issue edit "$ISSUE" --repo "$REPO" --add-label "$label"
+          fi
+
+      - name: comment
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          ISSUE: ${{ github.event.issue.number }}
+          REPO: ${{ github.repository }}
+        run: |
+          gh issue comment "$ISSUE" \
+            --repo "$REPO" \
+            --body "Thanks for the report. We'll look into it."

package/.github/workflows/labeler.yml

@@ -0,0 +1,42 @@
+name: labeler
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  label:
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'bniladridas'
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Create labels
+        run: |
+          for label in "security:ff6b6b" "docs:74c9fd" "ci:4a9fe8" \
+                       "config:ffd700" "tests:a8d5ff" "refactor:9b59b6" \
+                       "feature:28a745" "bug:e74c3c" "emergency:dc3545"; do
+            IFS=':' read -r name color <<< "$label"
+            gh label create "$name" --color "$color" --force 2>/dev/null || true
+          done
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: actions/labeler@v5
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          configuration-path: .github/labeler.yml
+
+      - name: Check for emergency keyword
+        if: >
+          contains(github.event.pull_request.title, '[emergency]') ||
+          contains(github.event.pull_request.title, '[urgent]') ||
+          contains(github.event.pull_request.title, '[critical]')
+        run: |
+          gh pr edit ${{ github.event.pull_request.number }} --add-label "emergency"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package/.github/workflows/pr-body.yml

@@ -0,0 +1,49 @@
+name: pr body
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - reopened
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  clean:
+    name: clean
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: token
+        id: app-token
+        uses: actions/create-github-app-token@v3
+        with:
+          client-id: ${{ secrets.CURSOR_BOT_CLIENT_ID }}
+          private-key: ${{ secrets.CURSOR_BOT_PRIVATE_KEY }}
+          permission-contents: read
+          permission-pull-requests: write
+
+      - name: body
+        uses: actions/github-script@v9
+        with:
+          github-token: ${{ steps.app-token.outputs.token }}
+          script: |
+            const body = context.payload.pull_request.body || "";
+            if (!body.includes("\\n")) {
+              return;
+            }
+
+            const next = body.replace(/\\n/g, "\n").trimEnd();
+            if (next === body) {
+              return;
+            }
+
+            await github.rest.pulls.update({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.payload.pull_request.number,
+              body: next,
+            });

package/.github/workflows/release.yml

@@ -0,0 +1,176 @@
+name: release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write
+
+jobs:
+  linux:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Install dependencies
+        run: |
+          sudo apt update
+          sudo apt install -y nlohmann-json3-dev cmake build-essential libcurl4-openssl-dev libpqxx-dev
+
+      - name: Configure
+        run: cmake -S . -B build -DCMAKE_BUILD_TYPE=Release
+
+      - name: Build
+        run: cmake --build build --config Release
+
+      - name: Package
+        run: |
+          mkdir -p release
+          cp build/bin/cursor-agent release/cursor-linux
+          cd release && tar -czf cursor_${GITHUB_REF_NAME}_linux_amd64.tar.gz cursor-linux
+
+      - uses: actions/upload-artifact@v6
+        with:
+          name: cursor-linux
+          path: release/*.tar.gz
+
+  macos:
+    runs-on: macos-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Install dependencies
+        run: |
+          export HOMEBREW_NO_REQUIRE_TAP_TRUST=1
+          brew install cmake nlohmann-json curl
+
+      - name: Configure
+        run: cmake -S . -B build -DCMAKE_BUILD_TYPE=Release
+
+      - name: Build
+        run: cmake --build build --config Release
+
+      - name: Package
+        run: |
+          mkdir -p release
+          cp build/bin/cursor-agent release/cursor-macos
+          cd release && tar -czf cursor_${GITHUB_REF_NAME}_darwin_arm64.tar.gz cursor-macos
+
+      - uses: actions/upload-artifact@v6
+        with:
+          name: cursor-macos
+          path: release/*.tar.gz
+
+  windows:
+    runs-on: windows-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: setup
+        run: |
+          powershell -Command "
+            Set-ExecutionPolicy Bypass -Scope Process -Force;
+            iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex;
+            choco install -y cmake --no-progress;
+            git clone https://github.com/microsoft/vcpkg.git C:\vcpkg;
+            C:\vcpkg\bootstrap-vcpkg.bat -disableMetrics;
+            C:\vcpkg\vcpkg.exe integrate install;
+            C:\vcpkg\vcpkg.exe install cpr nlohmann-json --triplet x64-windows
+          "
+
+      - name: Configure
+        run: cmake -S . -B build -DCMAKE_BUILD_TYPE=Release -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake
+
+      - name: Build
+        run: cmake --build build --config Release
+
+      - name: Package
+        run: |
+          mkdir -p release
+          cp build/bin/Release/cursor-agent.exe release/cursor-windows.exe
+          cd release && 7z a -tzip cursor_${GITHUB_REF_NAME}_windows_amd64.zip cursor-windows.exe
+
+      - uses: actions/upload-artifact@v6
+        with:
+          name: cursor-windows
+          path: release/*.zip
+
+  release:
+    needs: [linux, macos, windows]
+    runs-on: ubuntu-latest
+    env:
+      GH_TOKEN: ${{ github.token }}
+
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          ref: main
+          fetch-depth: 0
+
+      - name: Download artifacts
+        uses: actions/download-artifact@v6
+        with:
+          path: release/
+
+      - name: Get version
+        id: version
+        run: echo "version=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
+
+      - name: Compute checksums
+        run: |
+          find release -type f \( -name '*.tar.gz' -o -name '*.zip' \) -exec shasum -a 256 {} + > release/checksums.txt || find release -type f \( -name '*.tar.gz' -o -name '*.zip' \) -exec sha256sum {} + > release/checksums.txt
+
+      - name: Compute source SHA
+        run: |
+          curl -sL "https://github.com/bniladridas/cursor/archive/refs/tags/${GITHUB_REF_NAME}.tar.gz" -o /tmp/source.tar.gz
+          echo "SOURCE_SHA=$(sha256sum /tmp/source.tar.gz | cut -d' ' -f1)" >> $GITHUB_ENV
+
+      - name: Publish release
+        run: |
+          gh release create "$GITHUB_REF_NAME" \
+            $(find release -name '*.tar.gz' -o -name '*.zip' | sed 's|^|  |') \
+            release/checksums.txt \
+            --title "$GITHUB_REF_NAME" \
+            --generate-notes
+
+      - name: Update Homebrew formula
+        run: |
+          version="${GITHUB_REF_NAME#v}"
+          sed -i "s|url \".*\"|url \"https://github.com/bniladridas/cursor/archive/refs/tags/${GITHUB_REF_NAME}.tar.gz\"|" Formula/cursor.rb
+          sed -i "s|sha256 \".*\"|sha256 \"${SOURCE_SHA}\"|" Formula/cursor.rb
+
+      - name: Update package version
+        run: |
+          version="${GITHUB_REF_NAME#v}"
+          npm version "$version" --no-git-tag-version --allow-same-version
+
+      - name: Publish npm
+        if: env.NPM_TOKEN != ''
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: |
+          echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc
+          npm publish --access public --provenance 2>&1 || echo "already published"
+
+      - uses: actions/create-github-app-token@v3
+        id: app-token
+        with:
+          client-id: ${{ secrets.CURSOR_BOT_CLIENT_ID }}
+          private-key: ${{ secrets.CURSOR_BOT_PRIVATE_KEY }}
+
+      - name: Create version update PR
+        uses: peter-evans/create-pull-request@v8
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          base: main
+          branch: release/${{ github.ref_name }}
+          title: "chore: update formula and package for ${{ github.ref_name }}"
+          body: Updates formula and package for ${{ github.ref_name }}.
+          add-paths: Formula/cursor.rb, package.json