@cursorpool-dev/cli 0.5.6

package/node_modules/@cursor-pool/service/src/requestCheck.ts

@@ -0,0 +1,81 @@
+import { randomUUID } from 'node:crypto';
+import type { SafeRouteState } from './platformSession';
+import type { RequestGateDecision } from './requestGate';
+
+export type AgentRequestCheckInput = {
+  requestId?: unknown;
+  requestType?: unknown;
+  source?: unknown;
+  model?: unknown;
+};
+
+export type AgentRequestCheck = {
+  requestId: string;
+  requestType: 'agent';
+  source: 'cursor-agent-exec' | 'manual-check';
+  model: string;
+  receivedAt: string;
+  runtimeId: string;
+  decision: RequestGateDecision;
+  route: SafeRouteState;
+};
+
+type SanitizeAgentRequestCheckOptions = {
+  runtimeId: string;
+  decision: RequestGateDecision;
+  route?: SafeRouteState;
+  now?: () => string;
+  requestId?: () => string;
+};
+
+const SAFE_MODEL_PATTERN = /^[A-Za-z0-9._:-]{1,96}$/;
+const SECRET_PATTERN = /(api[_-]?key|authorization|bearer|cursor[_-]?auth|provider[_-]?secret|secret|token|sk-[A-Za-z0-9])/i;
+
+function isValidRequestId(value: unknown): value is string {
+  return typeof value === 'string' && value.length > 0 && value.length <= 128;
+}
+
+function sanitizeSource(value: unknown): AgentRequestCheck['source'] {
+  return value === 'cursor-agent-exec' || value === 'manual-check' ? value : 'manual-check';
+}
+
+function sanitizeModel(value: unknown): string {
+  if (typeof value !== 'string' || !SAFE_MODEL_PATTERN.test(value) || SECRET_PATTERN.test(value)) {
+    return 'unknown';
+  }
+  return value;
+}
+
+export function sanitizeAgentRequestCheck(
+  input: AgentRequestCheckInput,
+  options: SanitizeAgentRequestCheckOptions,
+): AgentRequestCheck {
+  const requestId = isValidRequestId(input.requestId)
+    ? input.requestId
+    : (options.requestId ?? randomUUID)();
+
+  return {
+    requestId,
+    requestType: 'agent',
+    source: sanitizeSource(input.source),
+    model: sanitizeModel(input.model),
+    receivedAt: (options.now ?? (() => new Date().toISOString()))(),
+    runtimeId: options.runtimeId,
+    decision: options.decision,
+    route: options.route ?? { state: 'missing' },
+  };
+}
+
+export function createRequestCheckStore() {
+  let latestCheck: AgentRequestCheck | null = null;
+
+  return {
+    record(check: AgentRequestCheck): AgentRequestCheck {
+      latestCheck = check;
+      return check;
+    },
+    latest(): AgentRequestCheck | null {
+      return latestCheck;
+    },
+  };
+}

package/node_modules/@cursor-pool/service/src/requestGate.ts

@@ -0,0 +1,100 @@
+import {
+  readPlatformSessionSnapshot,
+  type PlatformModeReleaseReason,
+  type PlatformSessionOptions,
+  type SafeRouteState,
+} from './platformSession';
+
+export type RequestGateDecision =
+  | { state: 'allowed'; productId: string; modeStartedAt: string }
+  | {
+      state: 'blocked';
+      reason: 'logged-out' | 'mode-inactive' | 'mode-released' | 'device-inactive' | 'invalid-session';
+      releaseReason?: PlatformModeReleaseReason;
+      releasedAt?: string;
+    };
+
+export const INVALID_SESSION_GATE: RequestGateDecision = { state: 'blocked', reason: 'invalid-session' };
+
+function invalidSessionGate(): RequestGateDecision {
+  return { ...INVALID_SESSION_GATE };
+}
+
+function hasNonEmptyString(value: unknown): value is string {
+  return typeof value === 'string' && value.length > 0;
+}
+
+export async function evaluateRequestGate(
+  options: PlatformSessionOptions = {},
+): Promise<RequestGateDecision> {
+  const snapshot = await readPlatformSessionSnapshot(options);
+
+  if (snapshot.state === 'missing') {
+    return { state: 'blocked', reason: 'logged-out' };
+  }
+  if (snapshot.state === 'invalid') {
+    return invalidSessionGate();
+  }
+
+  const { session } = snapshot;
+  if (session.device.status !== 'active') {
+    return { state: 'blocked', reason: 'device-inactive' };
+  }
+
+  if (
+    session.platformMode !== 'active' &&
+    session.lastModeReleaseReason &&
+    session.lastModeReleasedAt
+  ) {
+    return {
+      state: 'blocked',
+      reason: 'mode-released',
+      releaseReason: session.lastModeReleaseReason,
+      releasedAt: session.lastModeReleasedAt,
+    };
+  }
+
+  if (
+    session.platformMode !== 'active' ||
+    !hasNonEmptyString(session.activeProductId) ||
+    !hasNonEmptyString(session.platformModeStartedAt)
+  ) {
+    return { state: 'blocked', reason: 'mode-inactive' };
+  }
+
+  return {
+    state: 'allowed',
+    productId: session.activeProductId,
+    modeStartedAt: session.platformModeStartedAt,
+  };
+}
+
+export type RouteStateOptions = PlatformSessionOptions & {
+  now?: () => string;
+};
+
+export async function evaluateRouteState(
+  options: RouteStateOptions = {},
+): Promise<SafeRouteState> {
+  const snapshot = await readPlatformSessionSnapshot(options);
+  if (snapshot.state !== 'valid') {
+    return { state: 'missing' };
+  }
+
+  const { routeToken } = snapshot.session;
+  if (!routeToken) {
+    return { state: 'missing' };
+  }
+
+  const expiresAt = Date.parse(routeToken.expiresAt);
+  const now = Date.parse((options.now ?? (() => new Date().toISOString()))());
+  if (Number.isNaN(expiresAt) || Number.isNaN(now)) {
+    return { state: 'missing' };
+  }
+
+  if (expiresAt <= now) {
+    return { state: 'expired', expiresAt: routeToken.expiresAt };
+  }
+
+  return { state: 'ready', expiresAt: routeToken.expiresAt };
+}

package/node_modules/@cursor-pool/service/src/requestGateway.ts

@@ -0,0 +1,441 @@
+import { randomUUID } from 'node:crypto';
+import type { PlatformModeReleaseReason, SafeRouteState } from './platformSession';
+import type { RequestGateDecision } from './requestGate';
+
+export type AgentGatewayInput = {
+  requestId?: unknown;
+  requestType?: unknown;
+  source?: unknown;
+  model?: unknown;
+};
+
+export type AgentGatewayDecision =
+  | {
+      state: 'accepted';
+      productId: string;
+      modeStartedAt: string;
+      route: Extract<SafeRouteState, { state: 'ready' }>;
+    }
+  | {
+      state: 'route-missing';
+      productId: string;
+      modeStartedAt: string;
+      route: Extract<SafeRouteState, { state: 'missing' }>;
+    }
+  | {
+      state: 'route-expired';
+      productId: string;
+      modeStartedAt: string;
+      route: Extract<SafeRouteState, { state: 'expired' }>;
+    }
+  | {
+      state: 'blocked';
+      reason: 'logged-out' | 'mode-inactive' | 'mode-released' | 'device-inactive' | 'invalid-session';
+      releaseReason?: PlatformModeReleaseReason;
+      releasedAt?: string;
+      route: Extract<SafeRouteState, { state: 'missing' }>;
+    }
+  | { state: 'unknown' };
+
+export type GatewayForwardRejectReason =
+  | 'route-token-invalid'
+  | 'pool-session-expired'
+  | 'product-unavailable'
+  | 'model-banned'
+  | 'provider-unavailable'
+  | 'rate-limited'
+  | 'insufficient-credits'
+  | 'manual-review-required';
+
+export type GatewayForwardResult =
+  | {
+      state: 'forwarded';
+      upstreamRequestId: string;
+      acceptedAt: string;
+      routeExpiresAt: string;
+      usageRequestId?: string;
+      content?: string;
+      openAiResponse?: Record<string, unknown>;
+      openAiStreamEvents?: Record<string, unknown>[];
+    }
+  | {
+      state: 'rejected';
+      reason: GatewayForwardRejectReason;
+      retryAfterMs?: number;
+    }
+  | {
+      state: 'not-configured';
+    }
+  | {
+      state: 'timeout';
+    }
+  | {
+      state: 'network-error';
+    };
+
+export type SafeGatewayForwardState =
+  | {
+      state: 'skipped';
+      reason: 'not-accepted';
+    }
+  | {
+      state: 'forwarded';
+      upstreamRequestId: string;
+      acceptedAt: string;
+      content?: string;
+    }
+  | {
+      state: 'rejected';
+      reason: GatewayForwardRejectReason;
+      retryAfterMs?: number;
+    }
+  | {
+      state: 'not-configured';
+    }
+  | {
+      state: 'timeout';
+    }
+  | {
+      state: 'network-error';
+    }
+  | {
+      state: 'unknown';
+    };
+
+export type AgentGateway = {
+  requestId: string;
+  requestType: 'agent';
+  source: 'cursor-agent-exec' | 'manual-check' | 'unknown';
+  model: string;
+  receivedAt: string;
+  runtimeId: string;
+  decision: AgentGatewayDecision;
+  forward: SafeGatewayForwardState;
+};
+
+export type GatewayForwardRequest = {
+  gateway: AgentGateway;
+  routeToken: string;
+  poolSessionId?: string;
+  productId: string;
+  model: string;
+  requestId: string;
+  settlementMode?: 'provider_forwarded' | 'client_response';
+  openAiRequest?: Record<string, unknown>;
+};
+
+export type GatewayForwarder = (request: GatewayForwardRequest) => Promise<GatewayForwardResult>;
+
+export type GatewayHttpForwarderOptions = {
+  apiBaseUrl?: string;
+  deviceToken?: string;
+};
+
+export type GatewayCompleteOptions = GatewayHttpForwarderOptions & {
+  requestId: string;
+  routeToken: string;
+  poolSessionId: string;
+  productId: string;
+};
+
+export type GatewayCompleteResult =
+  | {
+      state: 'charged' | 'pending_bill' | 'already_settled' | 'failed';
+      usageRequestId: string;
+      chargeStatus: string;
+      chargeCredits: number;
+    }
+  | {
+      state: 'not-configured' | 'network-error';
+    };
+
+type SanitizeAgentGatewayOptions = {
+  runtimeId: string;
+  decision: AgentGatewayDecision;
+  now?: () => string;
+  requestId?: () => string;
+};
+
+const SAFE_MODEL_PATTERN = /^[A-Za-z0-9._:-]{1,96}$/;
+const SAFE_REQUEST_ID_PATTERN = /^[A-Za-z0-9._:-]{1,128}$/;
+const SAFE_FORWARD_TOKEN_PATTERN = /^[A-Za-z0-9._:-]{1,128}$/;
+const SECRET_PATTERN = /(api[_-]?key|authorization|bearer|cursor[_-]?auth|provider[_-]?secret|secret|token|sk-[A-Za-z0-9])/i;
+const MAX_RETRY_AFTER_MS = 86_400_000;
+const MAX_FORWARD_CONTENT_LENGTH = 8000;
+const FORWARD_REJECT_REASONS = new Set<GatewayForwardRejectReason>([
+  'route-token-invalid',
+  'pool-session-expired',
+  'product-unavailable',
+  'model-banned',
+  'provider-unavailable',
+  'rate-limited',
+  'insufficient-credits',
+  'manual-review-required',
+]);
+
+function isValidRequestId(value: unknown): value is string {
+  return typeof value === 'string' && SAFE_REQUEST_ID_PATTERN.test(value) && !SECRET_PATTERN.test(value);
+}
+
+function sanitizeSource(value: unknown): AgentGateway['source'] {
+  return value === 'cursor-agent-exec' || value === 'manual-check' ? value : 'unknown';
+}
+
+function sanitizeModel(value: unknown): string {
+  if (typeof value !== 'string' || !SAFE_MODEL_PATTERN.test(value) || SECRET_PATTERN.test(value)) {
+    return 'unknown';
+  }
+  return value;
+}
+
+function isSafeForwardToken(value: unknown): value is string {
+  return typeof value === 'string' && SAFE_FORWARD_TOKEN_PATTERN.test(value) && !SECRET_PATTERN.test(value);
+}
+
+function isSafeIsoTimestamp(value: unknown): value is string {
+  return isSafeForwardToken(value) && !Number.isNaN(Date.parse(value));
+}
+
+function safeForwardContent(value: unknown): string | undefined {
+  if (typeof value !== 'string') {
+    return undefined;
+  }
+  const content = value.trim();
+  if (!content || SECRET_PATTERN.test(content)) {
+    return undefined;
+  }
+  return content.slice(0, MAX_FORWARD_CONTENT_LENGTH);
+}
+
+export function evaluateGatewayDecision(
+  gate: RequestGateDecision,
+  route: SafeRouteState,
+): AgentGatewayDecision {
+  if (gate.state === 'blocked') {
+    return {
+      ...gate,
+      route: { state: 'missing' },
+    };
+  }
+
+  if (route.state === 'ready') {
+    return {
+      state: 'accepted',
+      productId: gate.productId,
+      modeStartedAt: gate.modeStartedAt,
+      route,
+    };
+  }
+
+  if (route.state === 'expired') {
+    return {
+      state: 'route-expired',
+      productId: gate.productId,
+      modeStartedAt: gate.modeStartedAt,
+      route,
+    };
+  }
+
+  return {
+    state: 'route-missing',
+    productId: gate.productId,
+    modeStartedAt: gate.modeStartedAt,
+    route,
+  };
+}
+
+export function sanitizeAgentGateway(
+  input: AgentGatewayInput,
+  options: SanitizeAgentGatewayOptions,
+): AgentGateway {
+  const requestId = isValidRequestId(input.requestId)
+    ? input.requestId
+    : (options.requestId ?? randomUUID)();
+
+  return {
+    requestId,
+    requestType: 'agent',
+    source: sanitizeSource(input.source),
+    model: sanitizeModel(input.model),
+    receivedAt: (options.now ?? (() => new Date().toISOString()))(),
+    runtimeId: options.runtimeId,
+    decision: options.decision,
+    forward: { state: 'unknown' },
+  };
+}
+
+export function sanitizeGatewayForward(input: unknown): SafeGatewayForwardState {
+  if (typeof input !== 'object' || input === null || Array.isArray(input)) {
+    return { state: 'unknown' };
+  }
+
+  const forward = input as Record<string, unknown>;
+  if (forward.state === 'skipped') {
+    return forward.reason === 'not-accepted'
+      ? { state: 'skipped', reason: 'not-accepted' }
+      : { state: 'unknown' };
+  }
+
+  if (forward.state === 'forwarded') {
+    if (!isSafeForwardToken(forward.upstreamRequestId) || !isSafeIsoTimestamp(forward.acceptedAt)) {
+      return { state: 'unknown' };
+    }
+    const content = safeForwardContent(forward.content);
+    return {
+      state: 'forwarded',
+      upstreamRequestId: forward.upstreamRequestId,
+      acceptedAt: forward.acceptedAt,
+      ...(content ? { content } : {}),
+    };
+  }
+
+  if (forward.state === 'rejected') {
+    if (typeof forward.reason !== 'string' || !FORWARD_REJECT_REASONS.has(forward.reason as GatewayForwardRejectReason)) {
+      return { state: 'unknown' };
+    }
+
+    const retryAfterMs = forward.retryAfterMs;
+    return {
+      state: 'rejected',
+      reason: forward.reason as GatewayForwardRejectReason,
+      ...(Number.isInteger(retryAfterMs) && retryAfterMs >= 0 && retryAfterMs <= MAX_RETRY_AFTER_MS
+        ? { retryAfterMs }
+        : {}),
+    };
+  }
+
+  if (forward.state === 'not-configured' || forward.state === 'timeout' || forward.state === 'network-error') {
+    return { state: forward.state };
+  }
+
+  return { state: 'unknown' };
+}
+
+export async function resolveGatewayForward(options: GatewayForwardRequest & {
+  forwarder?: GatewayForwarder;
+}): Promise<SafeGatewayForwardState> {
+  const { safe } = await resolveGatewayForwardResult(options);
+  return safe;
+}
+
+export async function resolveGatewayForwardResult(options: GatewayForwardRequest & {
+  forwarder?: GatewayForwarder;
+}): Promise<{ result: GatewayForwardResult; safe: SafeGatewayForwardState }> {
+  if (options.gateway.decision.state !== 'accepted') {
+    return {
+      result: { state: 'not-configured' },
+      safe: { state: 'skipped', reason: 'not-accepted' },
+    };
+  }
+
+  if (!options.forwarder) {
+    return {
+      result: { state: 'not-configured' },
+      safe: { state: 'not-configured' },
+    };
+  }
+
+  try {
+    const result = await options.forwarder({
+      gateway: options.gateway,
+      routeToken: options.routeToken,
+      poolSessionId: options.poolSessionId,
+      productId: options.productId,
+      model: options.model,
+      requestId: options.requestId,
+      settlementMode: options.settlementMode,
+      ...(options.openAiRequest ? { openAiRequest: options.openAiRequest } : {}),
+    });
+    return {
+      result,
+      safe: sanitizeGatewayForward(result),
+    };
+  } catch {
+    return {
+      result: { state: 'network-error' },
+      safe: { state: 'network-error' },
+    };
+  }
+}
+
+function cleanApiBaseUrl(apiBaseUrl: string) {
+  return apiBaseUrl.replace(/\/+$/, '');
+}
+
+export function createGatewayHttpForwarder(options: GatewayHttpForwarderOptions): GatewayForwarder {
+  return async (request) => {
+    if (!options.apiBaseUrl || !options.deviceToken) {
+      return { state: 'not-configured' };
+    }
+
+    const response = await fetch(`${cleanApiBaseUrl(options.apiBaseUrl)}/api/client/gateway/agent`, {
+      method: 'POST',
+      headers: {
+        'content-type': 'application/json',
+        authorization: `Bearer ${options.deviceToken}`,
+      },
+      body: JSON.stringify({
+        gateway: request.gateway,
+        routeToken: request.routeToken,
+        ...(request.poolSessionId ? { poolSessionId: request.poolSessionId } : {}),
+        productId: request.productId,
+        model: request.model,
+        requestId: request.requestId,
+        settlementMode: request.settlementMode ?? 'provider_forwarded',
+        ...(request.openAiRequest ? { openAiRequest: request.openAiRequest } : {}),
+      }),
+    });
+
+    if (!response.ok) {
+      return { state: 'network-error' };
+    }
+
+    return (await response.json()) as GatewayForwardResult;
+  };
+}
+
+export async function completeGatewayForward(options: GatewayCompleteOptions): Promise<GatewayCompleteResult> {
+  if (!options.apiBaseUrl || !options.deviceToken) {
+    return { state: 'not-configured' };
+  }
+
+  try {
+    const response = await fetch(
+      `${cleanApiBaseUrl(options.apiBaseUrl)}/api/client/gateway/agent/${encodeURIComponent(options.requestId)}/complete`,
+      {
+        method: 'POST',
+        headers: {
+          'content-type': 'application/json',
+          authorization: `Bearer ${options.deviceToken}`,
+        },
+        body: JSON.stringify({
+          routeToken: options.routeToken,
+          poolSessionId: options.poolSessionId,
+          productId: options.productId,
+        }),
+      },
+    );
+
+    if (!response.ok) {
+      return { state: 'network-error' };
+    }
+
+    return (await response.json()) as GatewayCompleteResult;
+  } catch {
+    return { state: 'network-error' };
+  }
+}
+
+export function createGatewayStore() {
+  let latestGateway: AgentGateway | null = null;
+
+  return {
+    record(gateway: AgentGateway): AgentGateway {
+      latestGateway = gateway;
+      return gateway;
+    },
+    latest(): AgentGateway | null {
+      return latestGateway;
+    },
+  };
+}

package/node_modules/@cursor-pool/service/src/runtime.ts

@@ -0,0 +1,48 @@
+import { mkdir, readFile, writeFile } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import { dirname, join } from 'node:path';
+import { randomUUID } from 'node:crypto';
+import { DEFAULT_RUNTIME_FILE } from '@cursor-pool/shared/runtime';
+
+export type RuntimeInfo = {
+  host: '127.0.0.1';
+  port: number;
+  runtimeId: string;
+};
+
+type RuntimeOptions = {
+  runtimeFile?: string;
+};
+
+export function createRuntimeId() {
+  return randomUUID();
+}
+
+export function resolveRuntimeFile(runtimeFile = DEFAULT_RUNTIME_FILE) {
+  if (runtimeFile.startsWith('~/')) {
+    return join(homedir(), runtimeFile.slice(2));
+  }
+  return runtimeFile;
+}
+
+export async function writeRuntimeInfo(runtime: RuntimeInfo, options: RuntimeOptions = {}) {
+  const runtimeFile = resolveRuntimeFile(options.runtimeFile);
+  await mkdir(dirname(runtimeFile), { recursive: true });
+  await writeFile(runtimeFile, `${JSON.stringify(runtime, null, 2)}\n`, 'utf8');
+}
+
+export async function readRuntimeInfo(options: RuntimeOptions = {}): Promise<RuntimeInfo | null> {
+  const runtimeFile = resolveRuntimeFile(options.runtimeFile);
+
+  try {
+    return JSON.parse(await readFile(runtimeFile, 'utf8')) as RuntimeInfo;
+  } catch (error) {
+    if ((error as NodeJS.ErrnoException).code === 'ENOENT') {
+      return null;
+    }
+    if (error instanceof SyntaxError) {
+      return null;
+    }
+    throw error;
+  }
+}