@cursorpool-dev/cli 0.5.6

package/node_modules/@cursor-pool/patcher/test/restoreCursorAgentExec.test.ts

@@ -0,0 +1,139 @@
+import assert from 'node:assert/strict';
+import { mkdir, mkdtemp, readFile, rm, writeFile } from 'node:fs/promises';
+import { tmpdir } from 'node:os';
+import { dirname, join } from 'node:path';
+import test from 'node:test';
+import { sha256File } from '../src/hash';
+import {
+  buildCursorAgentExecPatchSnippet,
+  CURSOR_POOL_AGENT_EXEC_PROVIDER_REGISTER_ANCHOR,
+  CURSOR_POOL_PATCH_MARKER,
+  hasCursorPoolMarker,
+} from '../src/marker';
+import {
+  backupPathForCursorAgentExec,
+  patchCursorAgentExec,
+} from '../src/patchCursorAgentExec';
+import { restoreCursorAgentExec } from '../src/restoreCursorAgentExec';
+
+const targetRelativePath =
+  'Contents/Resources/app/extensions/cursor-agent-exec/dist/main.js';
+
+async function createFixture(
+  content = `const agent = "cursor-agent-exec";\n${CURSOR_POOL_AGENT_EXEC_PROVIDER_REGISTER_ANCHOR}\nexport { agent };\n`,
+) {
+  const base = await mkdtemp(join(tmpdir(), 'cursor-pool-restore-'));
+  const appPath = join(base, `Fixture-${Date.now()}-${Math.random()}.app`);
+  await mkdir(join(appPath, 'Contents/Resources/app/extensions/cursor-agent-exec/dist'), {
+    recursive: true,
+  });
+  await writeFile(join(appPath, targetRelativePath), content, 'utf8');
+
+  return {
+    appPath,
+    targetPath: join(appPath, targetRelativePath),
+  };
+}
+
+test('restore returns the patched target hash to its original value and removes marker', async () => {
+  const tempDir = join(tmpdir(), `cursor-pool-restore-backups-${Date.now()}-${Math.random()}`);
+  const fixture = await createFixture();
+
+  try {
+    const beforeHash = await sha256File(fixture.targetPath);
+    const patch = await patchCursorAgentExec(fixture.appPath, { backupDir: tempDir });
+    assert.equal(await hasCursorPoolMarker(fixture.targetPath), true);
+
+    const restore = await restoreCursorAgentExec(fixture.appPath, { backupDir: tempDir });
+
+    const afterRestoreHash = await sha256File(fixture.targetPath);
+    const markerPresent = await hasCursorPoolMarker(fixture.targetPath);
+
+    assert.equal(patch.beforeHash, beforeHash);
+    assert.equal(restore.beforeHash, patch.afterHash);
+    assert.equal(afterRestoreHash, beforeHash);
+    assert.equal(restore.afterHash, beforeHash);
+    assert.equal(markerPresent, false);
+  } finally {
+    await rm(fixture.appPath, { recursive: true, force: true });
+    await rm(tempDir, { recursive: true, force: true });
+  }
+});
+
+test('restore supports a custom Linux Cursor agent exec relative path', async () => {
+  const tempDir = join(tmpdir(), `cursor-pool-restore-linux-path-${Date.now()}-${Math.random()}`);
+  const appPath = join(tempDir, 'squashfs-root');
+  const customTargetRelativePath =
+    'usr/share/cursor/resources/app/extensions/cursor-agent-exec/dist/main.js';
+  const targetPath = join(appPath, customTargetRelativePath);
+  const originalContent = `const agent = "cursor-agent-exec";\n${CURSOR_POOL_AGENT_EXEC_PROVIDER_REGISTER_ANCHOR}\nexport { agent };\n`;
+
+  try {
+    await mkdir(dirname(targetPath), { recursive: true });
+    await writeFile(targetPath, originalContent, 'utf8');
+
+    await patchCursorAgentExec(appPath, {
+      backupDir: tempDir,
+      targetRelativePath: customTargetRelativePath,
+    });
+    const restore = await restoreCursorAgentExec(appPath, {
+      backupDir: tempDir,
+      targetRelativePath: customTargetRelativePath,
+    });
+
+    assert.equal(restore.targetPath, targetPath);
+    assert.equal(await readFile(targetPath, 'utf8'), originalContent);
+  } finally {
+    await rm(tempDir, { recursive: true, force: true });
+  }
+});
+
+test('restore refuses a backup that contains a valid patch marker and leaves target unchanged', async () => {
+  const tempDir = join(tmpdir(), `cursor-pool-restore-tampered-backups-${Date.now()}-${Math.random()}`);
+  const fixture = await createFixture();
+
+  try {
+    await patchCursorAgentExec(fixture.appPath, { backupDir: tempDir });
+    const patchedHash = await sha256File(fixture.targetPath);
+    const backupPath = await backupPathForCursorAgentExec(fixture.appPath, fixture.targetPath, tempDir);
+    await writeFile(backupPath, `${await readFile(fixture.targetPath, 'utf8')}`, 'utf8');
+
+    await assert.rejects(
+      restoreCursorAgentExec(fixture.appPath, { backupDir: tempDir }),
+      /backup.*patch marker/i,
+    );
+
+    assert.equal(await sha256File(fixture.targetPath), patchedHash);
+    assert.equal(await hasCursorPoolMarker(fixture.targetPath), true);
+  } finally {
+    await rm(fixture.appPath, { recursive: true, force: true });
+    await rm(tempDir, { recursive: true, force: true });
+  }
+});
+
+test('restore refuses a backup that would leave marker text behind', async () => {
+  const tempDir = join(tmpdir(), `cursor-pool-restore-partial-marker-${Date.now()}-${Math.random()}`);
+  const fixture = await createFixture();
+
+  try {
+    await patchCursorAgentExec(fixture.appPath, { backupDir: tempDir });
+    const patchedHash = await sha256File(fixture.targetPath);
+    const backupPath = await backupPathForCursorAgentExec(fixture.appPath, fixture.targetPath, tempDir);
+    await writeFile(
+      backupPath,
+      `${await readFile(fixture.targetPath, 'utf8')}\n/* stray ${CURSOR_POOL_PATCH_MARKER}: begin */\n`,
+      'utf8',
+    );
+
+    await assert.rejects(
+      restoreCursorAgentExec(fixture.appPath, { backupDir: tempDir }),
+      /restore.*marker/i,
+    );
+
+    assert.equal(await sha256File(fixture.targetPath), patchedHash);
+    assert.equal(await hasCursorPoolMarker(fixture.targetPath), true);
+  } finally {
+    await rm(fixture.appPath, { recursive: true, force: true });
+    await rm(tempDir, { recursive: true, force: true });
+  }
+});

package/node_modules/@cursor-pool/service/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "@cursor-pool/service",
+  "version": "0.5.6",
+  "type": "module",
+  "main": "./src/index.ts",
+  "exports": {
+    ".": "./src/index.ts",
+    "./entry": "./src/entry.ts",
+    "./platformSession": "./src/platformSession.ts"
+  },
+  "dependencies": {
+    "@cursor-pool/shared": "0.5.6"
+  },
+  "scripts": {
+    "test": "tsx --test test/*.test.ts"
+  }
+}

package/node_modules/@cursor-pool/service/src/canary.ts

@@ -0,0 +1,61 @@
+import { randomUUID } from 'node:crypto';
+import type { RequestGateDecision } from './requestGate';
+
+export type AgentCanary = {
+  requestId: string;
+  requestType: 'agent';
+  source: 'cursor-agent-exec';
+  model: string;
+  receivedAt: string;
+  runtimeId: string;
+  gate: RequestGateDecision;
+};
+
+type SanitizeAgentCanaryOptions = {
+  runtimeId: string;
+  gate: RequestGateDecision;
+  now?: () => string;
+  requestId?: () => string;
+};
+
+type CanaryInput = {
+  requestId?: unknown;
+  model?: unknown;
+};
+
+const isValidRequestId = (value: unknown): value is string =>
+  typeof value === 'string' && value.length > 0 && value.length <= 128;
+
+export function sanitizeAgentCanary(
+  input: CanaryInput,
+  options: SanitizeAgentCanaryOptions,
+): AgentCanary {
+  const requestId = isValidRequestId(input.requestId)
+    ? input.requestId
+    : (options.requestId ?? randomUUID)();
+  const model = typeof input.model === 'string' && input.model.length > 0 ? input.model : 'unknown';
+
+  return {
+    requestId,
+    requestType: 'agent',
+    source: 'cursor-agent-exec',
+    model,
+    receivedAt: (options.now ?? (() => new Date().toISOString()))(),
+    runtimeId: options.runtimeId,
+    gate: options.gate,
+  };
+}
+
+export function createCanaryStore() {
+  let latestCanary: AgentCanary | null = null;
+
+  return {
+    record(canary: AgentCanary): AgentCanary {
+      latestCanary = canary;
+      return canary;
+    },
+    latest(): AgentCanary | null {
+      return latestCanary;
+    },
+  };
+}

package/node_modules/@cursor-pool/service/src/diagnostics.ts

@@ -0,0 +1,385 @@
+import { mkdir, readFile, writeFile } from 'node:fs/promises';
+import { dirname, join } from 'node:path';
+import { homedir } from 'node:os';
+import { DEFAULT_DIAGNOSTICS_FILE } from '@cursor-pool/shared/runtime';
+import type { AgentCanary } from './canary';
+import type { AgentRequestCheck } from './requestCheck';
+import { sanitizeGatewayForward } from './requestGateway';
+import type { AgentGateway, AgentGatewayDecision, SafeGatewayForwardState } from './requestGateway';
+import type { RequestGateDecision } from './requestGate';
+import type { SafeRouteState } from './platformSession';
+
+const DEFAULT_MAX_DIAGNOSTICS = 20;
+
+type DiagnosticOptions = {
+  diagnosticsFile?: string;
+  maxEntries?: number;
+};
+
+type AgentCanaryDiagnostic = {
+  requestId: string;
+  requestType: 'agent';
+  source: 'cursor-agent-exec';
+  model: string;
+  receivedAt: string;
+  runtimeId: string;
+  gate: RequestGateDecision;
+};
+
+type AgentRequestCheckDiagnostic = {
+  kind: 'agent-request-check';
+  requestId: string;
+  requestType: 'agent';
+  source: 'cursor-agent-exec' | 'manual-check';
+  model: string;
+  receivedAt: string;
+  runtimeId: string;
+  decision: RequestGateDecision;
+  route: SafeRouteState;
+};
+
+type AgentGatewayDiagnostic = {
+  kind: 'agent-request-gateway';
+  requestId: string;
+  requestType: 'agent';
+  source: 'cursor-agent-exec' | 'manual-check' | 'unknown';
+  model: string;
+  receivedAt: string;
+  runtimeId: string;
+  decision: AgentGatewayDecision;
+  forward: SafeGatewayForwardState;
+};
+
+type DiagnosticEntry = AgentCanaryDiagnostic | AgentRequestCheckDiagnostic | AgentGatewayDiagnostic;
+
+const BLOCKED_GATE_REASONS = new Set<RequestGateDecision['reason']>([
+  'logged-out',
+  'mode-inactive',
+  'mode-released',
+  'device-inactive',
+  'invalid-session',
+]);
+const RELEASE_REASONS = new Set<NonNullable<Extract<RequestGateDecision, { state: 'blocked' }>['releaseReason']>>([
+  'product-missing',
+  'product-unavailable',
+  'insufficient-credits',
+  'invalid-token',
+  'device-inactive',
+]);
+
+function resolveDiagnosticsFile(diagnosticsFile = DEFAULT_DIAGNOSTICS_FILE) {
+  if (diagnosticsFile.startsWith('~/')) {
+    return join(homedir(), diagnosticsFile.slice(2));
+  }
+  return diagnosticsFile;
+}
+
+function sanitizeCanaryForDiagnostics(input: AgentCanary): AgentCanaryDiagnostic {
+  return {
+    requestId: input.requestId,
+    requestType: 'agent',
+    source: 'cursor-agent-exec',
+    model: input.model,
+    receivedAt: input.receivedAt,
+    runtimeId: input.runtimeId,
+    gate: sanitizeGateForDiagnostics(input.gate),
+  };
+}
+
+function sanitizeRequestCheckForDiagnostics(input: AgentRequestCheck): AgentRequestCheckDiagnostic {
+  return {
+    kind: 'agent-request-check',
+    requestId: input.requestId,
+    requestType: 'agent',
+    source: input.source === 'cursor-agent-exec' ? 'cursor-agent-exec' : 'manual-check',
+    model: input.model,
+    receivedAt: input.receivedAt,
+    runtimeId: input.runtimeId,
+    decision: sanitizeGateForDiagnostics(input.decision),
+    route: sanitizeRouteForDiagnostics(input.route),
+  };
+}
+
+function sanitizeGatewayForDiagnostics(input: AgentGateway): AgentGatewayDiagnostic {
+  return {
+    kind: 'agent-request-gateway',
+    requestId: input.requestId,
+    requestType: 'agent',
+    source: input.source,
+    model: input.model,
+    receivedAt: input.receivedAt,
+    runtimeId: input.runtimeId,
+    decision: sanitizeGatewayDecisionForDiagnostics(input.decision),
+    forward: sanitizeGatewayForward(input.forward),
+  };
+}
+
+function sanitizeGatewayDecisionForDiagnostics(decision: AgentGatewayDecision): AgentGatewayDecision {
+  return sanitizeHistoricalGatewayDecision(decision);
+}
+
+function sanitizeDiagnosticEntry(input: unknown): DiagnosticEntry | null {
+  if (!isRecord(input)) {
+    return null;
+  }
+
+  if (input.kind === 'agent-request-gateway') {
+    const decision = sanitizeHistoricalGatewayDecision(input.decision);
+    const forward = sanitizeGatewayForward(input.forward);
+    if (
+      typeof input.requestId !== 'string' ||
+      input.requestType !== 'agent' ||
+      (input.source !== 'cursor-agent-exec' && input.source !== 'manual-check' && input.source !== 'unknown') ||
+      typeof input.model !== 'string' ||
+      typeof input.receivedAt !== 'string' ||
+      typeof input.runtimeId !== 'string'
+    ) {
+      return null;
+    }
+
+    return {
+      kind: 'agent-request-gateway',
+      requestId: input.requestId,
+      requestType: 'agent',
+      source: input.source,
+      model: input.model,
+      receivedAt: input.receivedAt,
+      runtimeId: input.runtimeId,
+      decision,
+      forward,
+    };
+  }
+
+  if (input.kind === 'agent-request-check') {
+    const decision = sanitizeHistoricalGate(input.decision);
+    const route = sanitizeHistoricalRoute(input.route);
+    if (
+      typeof input.requestId !== 'string' ||
+      input.requestType !== 'agent' ||
+      (input.source !== 'cursor-agent-exec' && input.source !== 'manual-check') ||
+      typeof input.model !== 'string' ||
+      typeof input.receivedAt !== 'string' ||
+      typeof input.runtimeId !== 'string' ||
+      decision === null
+    ) {
+      return null;
+    }
+
+    return {
+      kind: 'agent-request-check',
+      requestId: input.requestId,
+      requestType: 'agent',
+      source: input.source,
+      model: input.model,
+      receivedAt: input.receivedAt,
+      runtimeId: input.runtimeId,
+      decision,
+      route,
+    };
+  }
+
+  const gate = sanitizeHistoricalGate(input.gate);
+  if (
+    typeof input.requestId !== 'string' ||
+    input.requestType !== 'agent' ||
+    input.source !== 'cursor-agent-exec' ||
+    typeof input.model !== 'string' ||
+    typeof input.receivedAt !== 'string' ||
+    typeof input.runtimeId !== 'string' ||
+    gate === null
+  ) {
+    return null;
+  }
+
+  return {
+    requestId: input.requestId,
+    requestType: 'agent',
+    source: 'cursor-agent-exec',
+    model: input.model,
+    receivedAt: input.receivedAt,
+    runtimeId: input.runtimeId,
+    gate,
+  };
+}
+
+function sanitizeGateForDiagnostics(gate: RequestGateDecision): RequestGateDecision {
+  if (gate.state === 'allowed') {
+    return {
+      state: 'allowed',
+      productId: gate.productId,
+      modeStartedAt: gate.modeStartedAt,
+    };
+  }
+
+  return {
+    state: 'blocked',
+    reason: gate.reason,
+    ...(gate.releaseReason !== undefined ? { releaseReason: gate.releaseReason } : {}),
+    ...(gate.releasedAt !== undefined ? { releasedAt: gate.releasedAt } : {}),
+  };
+}
+
+function sanitizeRouteForDiagnostics(route: SafeRouteState): SafeRouteState {
+  if (route.state === 'ready' || route.state === 'expired') {
+    return { state: route.state, expiresAt: route.expiresAt };
+  }
+  return { state: 'missing' };
+}
+
+function sanitizeHistoricalRoute(input: unknown): SafeRouteState {
+  if (!isRecord(input)) {
+    return { state: 'missing' };
+  }
+  if ((input.state === 'ready' || input.state === 'expired') && typeof input.expiresAt === 'string') {
+    return { state: input.state, expiresAt: input.expiresAt };
+  }
+  return { state: 'missing' };
+}
+
+function sanitizeHistoricalGate(input: unknown): RequestGateDecision | null {
+  if (!isRecord(input)) {
+    return null;
+  }
+
+  if (input.state === 'allowed') {
+    if (typeof input.productId !== 'string' || typeof input.modeStartedAt !== 'string') {
+      return null;
+    }
+
+    return {
+      state: 'allowed',
+      productId: input.productId,
+      modeStartedAt: input.modeStartedAt,
+    };
+  }
+
+  if (input.state === 'blocked') {
+    if (typeof input.reason !== 'string' || !BLOCKED_GATE_REASONS.has(input.reason)) {
+      return null;
+    }
+
+    return {
+      state: 'blocked',
+      reason: input.reason,
+      ...(typeof input.releaseReason === 'string' && RELEASE_REASONS.has(input.releaseReason)
+        ? { releaseReason: input.releaseReason }
+        : {}),
+      ...(typeof input.releasedAt === 'string' ? { releasedAt: input.releasedAt } : {}),
+    };
+  }
+
+  return null;
+}
+
+function sanitizeHistoricalGatewayDecision(input: unknown): AgentGatewayDecision {
+  if (!isRecord(input)) {
+    return { state: 'unknown' };
+  }
+
+  if (input.state === 'accepted') {
+    const route = sanitizeHistoricalRoute(input.route);
+    if (typeof input.productId === 'string' && typeof input.modeStartedAt === 'string' && route.state === 'ready') {
+      return { state: 'accepted', productId: input.productId, modeStartedAt: input.modeStartedAt, route };
+    }
+    return { state: 'unknown' };
+  }
+
+  if (input.state === 'route-missing') {
+    if (typeof input.productId === 'string' && typeof input.modeStartedAt === 'string') {
+      return {
+        state: 'route-missing',
+        productId: input.productId,
+        modeStartedAt: input.modeStartedAt,
+        route: { state: 'missing' },
+      };
+    }
+    return { state: 'unknown' };
+  }
+
+  if (input.state === 'route-expired') {
+    const route = sanitizeHistoricalRoute(input.route);
+    if (typeof input.productId === 'string' && typeof input.modeStartedAt === 'string' && route.state === 'expired') {
+      return { state: 'route-expired', productId: input.productId, modeStartedAt: input.modeStartedAt, route };
+    }
+    return { state: 'unknown' };
+  }
+
+  if (input.state === 'blocked') {
+    const gate = sanitizeHistoricalGate(input);
+    if (gate?.state === 'blocked') {
+      return { ...gate, route: { state: 'missing' } };
+    }
+    return { state: 'unknown' };
+  }
+
+  return { state: 'unknown' };
+}
+
+function isRecord(input: unknown): input is Record<string, unknown> {
+  return typeof input === 'object' && input !== null && !Array.isArray(input);
+}
+
+async function readDiagnosticEntries(diagnosticsFile: string): Promise<DiagnosticEntry[]> {
+  try {
+    const content = await readFile(diagnosticsFile, 'utf8');
+    return content
+      .split('\n')
+      .map((line) => line.trim())
+      .filter(Boolean)
+      .flatMap((line) => {
+        try {
+          const entry = sanitizeDiagnosticEntry(JSON.parse(line) as unknown);
+          return entry === null ? [] : [entry];
+        } catch {
+          return [];
+        }
+      });
+  } catch (error) {
+    if ((error as NodeJS.ErrnoException).code === 'ENOENT') {
+      return [];
+    }
+    throw error;
+  }
+}
+
+export async function appendAgentCanaryDiagnostic(
+  canary: AgentCanary,
+  options: DiagnosticOptions = {},
+) {
+  const diagnosticsFile = resolveDiagnosticsFile(options.diagnosticsFile);
+  const maxEntries = Math.max(1, options.maxEntries ?? DEFAULT_MAX_DIAGNOSTICS);
+  const entries = await readDiagnosticEntries(diagnosticsFile);
+  const nextEntries = [...entries, sanitizeCanaryForDiagnostics(canary)].slice(-maxEntries);
+  const content = `${nextEntries.map((entry) => JSON.stringify(entry)).join('\n')}\n`;
+
+  await mkdir(dirname(diagnosticsFile), { recursive: true });
+  await writeFile(diagnosticsFile, content, 'utf8');
+}
+
+export async function appendAgentRequestCheckDiagnostic(
+  check: AgentRequestCheck,
+  options: DiagnosticOptions = {},
+) {
+  const diagnosticsFile = resolveDiagnosticsFile(options.diagnosticsFile);
+  const maxEntries = Math.max(1, options.maxEntries ?? DEFAULT_MAX_DIAGNOSTICS);
+  const entries = await readDiagnosticEntries(diagnosticsFile);
+  const nextEntries = [...entries, sanitizeRequestCheckForDiagnostics(check)].slice(-maxEntries);
+  const content = `${nextEntries.map((entry) => JSON.stringify(entry)).join('\n')}\n`;
+
+  await mkdir(dirname(diagnosticsFile), { recursive: true });
+  await writeFile(diagnosticsFile, content, 'utf8');
+}
+
+export async function appendAgentGatewayDiagnostic(
+  gateway: AgentGateway,
+  options: DiagnosticOptions = {},
+) {
+  const diagnosticsFile = resolveDiagnosticsFile(options.diagnosticsFile);
+  const maxEntries = Math.max(1, options.maxEntries ?? DEFAULT_MAX_DIAGNOSTICS);
+  const entries = await readDiagnosticEntries(diagnosticsFile);
+  const nextEntries = [...entries, sanitizeGatewayForDiagnostics(gateway)].slice(-maxEntries);
+  const content = `${nextEntries.map((entry) => JSON.stringify(entry)).join('\n')}\n`;
+
+  await mkdir(dirname(diagnosticsFile), { recursive: true });
+  await writeFile(diagnosticsFile, content, 'utf8');
+}