@evanovation/open-cursor 2.4.15

package/src/proxy/server.ts

@@ -0,0 +1,207 @@
+import { execSync } from "node:child_process";
+import { createServer } from "node:net";
+import { platform } from "node:os";
+import type { ProxyConfig, ProxyServer } from "./types.js";
+import { createLogger } from "../utils/logger.js";
+
+const log = createLogger("proxy-server");
+
+const DEFAULT_PORT = 32124;
+const PORT_RANGE_SIZE = 256;
+
+async function isPortAvailable(port: number, host: string): Promise<boolean> {
+  return await new Promise<boolean>((resolve) => {
+    const server = createServer();
+    server.unref();
+
+    server.once("error", () => {
+      resolve(false);
+    });
+
+    server.listen({ port, host }, () => {
+      server.close(() => {
+        resolve(true);
+      });
+    });
+  });
+}
+
+/**
+ * Returns the set of ports in [minPort, maxPort) that are currently in use (listening).
+ * Uses platform-specific commands:
+ * - Linux: `ss -tlnH`
+ * - macOS: `lsof -iTCP -sTCP:LISTEN -nP`
+ * Falls back to empty set if command is unavailable (e.g., Windows).
+ */
+function getUsedPortsInRange(minPort: number, maxPort: number): Set<number> {
+  const used = new Set<number>();
+  const os = platform();
+
+  try {
+    let out: string;
+    if (os === "linux") {
+      out = execSync("ss -tlnH", { encoding: "utf8", timeout: 5000, stdio: ["pipe", "pipe", "ignore"] });
+      // ss output format: State Recv-Q Send-Q Local-Address:Port Peer-Address:Port
+      for (const line of out.split("\n")) {
+        const cols = line.trim().split(/\s+/);
+        const local = cols[3]; // e.g. "127.0.0.1:32124" or "*:22"
+        if (!local) continue;
+        const portStr = local.includes(":") ? local.slice(local.lastIndexOf(":") + 1) : local;
+        const port = parseInt(portStr, 10);
+        if (!Number.isNaN(port) && port >= minPort && port < maxPort) used.add(port);
+      }
+    } else if (os === "darwin") {
+      out = execSync("lsof -iTCP -sTCP:LISTEN -nP", { encoding: "utf8", timeout: 5000, stdio: ["pipe", "pipe", "ignore"] });
+      // lsof output: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
+      // NAME column contains: *:PORT or 127.0.0.1:PORT
+      for (const line of out.split("\n")) {
+        const match = line.match(/:(\d+)\s*(?:\(LISTEN\))?$/);
+        if (match) {
+          const port = parseInt(match[1], 10);
+          if (!Number.isNaN(port) && port >= minPort && port < maxPort) used.add(port);
+        }
+      }
+    } else {
+      // Windows and other platforms: no port detection available
+      // Will fall back to probe-based discovery via tryStart failures
+      log.debug(`Port detection not supported on ${os}. Using probe-based discovery.`);
+    }
+  } catch (error) {
+    const msg = error instanceof Error ? error.message : String(error);
+    log.debug(`Port detection failed: ${msg}. Using probe-based discovery.`);
+  }
+  return used;
+}
+
+/**
+ * Finds an available port in [DEFAULT_PORT, DEFAULT_PORT + PORT_RANGE_SIZE).
+ * Uses platform-specific tools (ss on Linux, lsof on macOS) to check used ports.
+ * On unsupported platforms, returns DEFAULT_PORT and relies on tryStart fallback.
+ */
+export async function findAvailablePort(host = "127.0.0.1"): Promise<number> {
+  const minPort = DEFAULT_PORT;
+  const maxPort = DEFAULT_PORT + PORT_RANGE_SIZE;
+  const used = getUsedPortsInRange(minPort, maxPort);
+  for (let p = minPort; p < maxPort; p++) {
+    if (used.has(p)) continue;
+    if (await isPortAvailable(p, host)) {
+      return p;
+    }
+  }
+
+  // Port listing can be incomplete in sandboxed environments; fall back to probing
+  // ports we believe are "used" as well.
+  for (let p = minPort; p < maxPort; p++) {
+    if (await isPortAvailable(p, host)) {
+      return p;
+    }
+  }
+  throw new Error(`No available port in range ${minPort}-${maxPort - 1}`);
+}
+
+export function createProxyServer(config: ProxyConfig): ProxyServer {
+  const requestedPort = config.port ?? 0;
+  const host = config.host ?? "127.0.0.1";
+  const healthCheckPath = config.healthCheckPath ?? "/health";
+
+  let server: any = null;
+  let baseURL = requestedPort > 0 ? `http://${host}:${requestedPort}/v1` : "";
+
+  const bunAny = (globalThis as any).Bun;
+
+  // Check Bun runtime availability
+  if (!bunAny || typeof bunAny.serve !== "function") {
+    throw new Error(
+      `Proxy server requires Bun runtime. Current runtime: ${typeof process !== "undefined" ? "Node.js" : "unknown"}. ` +
+      `Please run with Bun.`
+    );
+  }
+
+  const tryStart = (port: number): { success: boolean; error?: Error } => {
+    try {
+      server = bunAny.serve({
+        port,
+        hostname: host,
+        fetch(request: Request): Response | Promise<Response> {
+          const url = new URL(request.url);
+          const path = url.pathname;
+
+          if (path === healthCheckPath && request.method === "GET") {
+            return Response.json({ ok: true });
+          }
+
+          return new Response("Not Found", { status: 404 });
+        },
+      });
+      return { success: true };
+    } catch (error) {
+      const err = error instanceof Error ? error : new Error(String(error));
+      // Log unexpected errors (not port-in-use)
+      const isPortInUse = err.message.includes("EADDRINUSE") ||
+                          err.message.includes("address already in use") ||
+                          err.message.includes("port is already in use");
+      if (!isPortInUse) {
+        log.debug(`Unexpected error starting on port ${port}: ${err.message}`);
+      }
+      return { success: false, error: err };
+    }
+  };
+
+  return {
+    async start(): Promise<string> {
+      if (server) {
+        return baseURL;
+      }
+
+      let port: number;
+      if (requestedPort > 0) {
+        const result = tryStart(requestedPort);
+        if (result.success) {
+          port = requestedPort;
+        } else {
+          log.debug(
+            `Requested port ${requestedPort} unavailable: ${result.error?.message ?? "unknown"}. Falling back to automatic port selection.`
+          );
+          port = await findAvailablePort(host);
+          const fallbackResult = tryStart(port);
+          if (!fallbackResult.success) {
+            throw new Error(
+              `Failed to start server on port ${requestedPort} (${result.error?.message ?? "unknown"}) ` +
+              `and fallback port ${port} (${fallbackResult.error?.message ?? "unknown"})`
+            );
+          }
+          log.debug(`Server started on fallback port ${port} instead of requested port ${requestedPort}`);
+        }
+      } else {
+        port = await findAvailablePort(host);
+        const result = tryStart(port);
+        if (!result.success) {
+          throw new Error(`Failed to start server on port ${port}: ${result.error?.message ?? "unknown"}`);
+        }
+      }
+
+      const actualPort = server.port ?? port ?? DEFAULT_PORT;
+      baseURL = `http://${host}:${actualPort}/v1`;
+      return baseURL;
+    },
+
+    stop(): Promise<void> {
+      if (!server) {
+        return Promise.resolve();
+      }
+
+      server.stop(true);
+      server = null;
+      baseURL = "";
+      return Promise.resolve();
+    },
+
+    getBaseURL(): string {
+      return baseURL;
+    },
+
+    getPort(): number | null {
+      return server?.port ?? null;
+    },
+  };
+}

package/src/proxy/session-resume.ts

@@ -0,0 +1,312 @@
+/**
+ * Maps OpenCode conversation anchors to cursor-agent chat IDs for --resume.
+ *
+ * OpenCode does not pass its session ID through the HTTP proxy, so we derive a
+ * stable key from workspace + model + first real user message in the request.
+ *
+ * Limitations:
+ * - In-memory, non-persistent cache. Restarting the plugin loses all resume
+ *   state and the next turn falls back to a full prompt.
+ * - Entries expire after 1 hour (DEFAULT_TTL_MS).
+ * - Cache is capped at 64 entries (DEFAULT_MAX_ENTRIES); least-recently-used
+ *   entry is evicted when the cap is exceeded.
+ * - Anchor is derived from the first non-meta user message using a heuristic
+ *   filter for OpenCode's title-generation prompts. If OpenCode rewords those
+ *   prompts, the filter may need updating.
+ * - Session resume is keyed per workspace + model + first-message hash. Changing
+ *   any of those starts a fresh chat.
+ * - Session resume is only supported for the cursor-agent backend.
+ */
+
+import { createHash } from "node:crypto";
+import { createLogger } from "../utils/logger.js";
+import { extractTextContent, type ProxyMessage } from "./incremental-prompt.js";
+
+const log = createLogger("session-resume");
+
+/** Safe resume chat ID pattern: alphanumeric, hyphen, underscore; no spaces or shell metacharacters. */
+export const RESUME_CHAT_ID_SAFE_RE = /^[A-Za-z0-9][A-Za-z0-9_-]*$/;
+
+interface SessionResumeEntry {
+  chatId: string;
+  /** First-message content prefix used as a collision safety check on lookup. */
+  contentPrefix: string;
+  /** Fingerprint of the tool schema active when the session was created. */
+  toolFingerprint?: string;
+  /** Fingerprint of the subagent list active when the session was created. */
+  subagentFingerprint?: string;
+  updatedAt: number;
+}
+
+const DEFAULT_TTL_MS = 60 * 60 * 1000; // 1 hour
+const DEFAULT_MAX_ENTRIES = 64;
+
+const cache = new Map<string, SessionResumeEntry>();
+
+/** 128-bit SHA-256 prefix. SHA-256 cost is independent of digest length. */
+function simpleHash(input: string): string {
+  return createHash("sha256").update(input).digest("hex").slice(0, 32);
+}
+
+/** Skip OpenCode meta-requests that share the proxy but aren't the main chat.
+ *
+ * These substrings are observed heuristics, not a stable contract. If OpenCode
+ * rewords its title-generation prompt, update this filter.
+ */
+function isMetaUserMessage(content: string): boolean {
+  const lower = content.toLowerCase();
+  return (
+    lower.includes("title generator") ||
+    lower.includes("thread title") ||
+    lower.includes("generate a brief title")
+  );
+}
+
+/**
+ * Stable anchor for a conversation: SHA-256 hash of the first non-meta user
+ * message content, plus an original-content prefix for collision detection.
+ * Assumes `opencode run -c` preserves the opening user message so the anchor
+ * remains stable across turns.
+ * Returns undefined when no usable user message exists, which tells callers
+ * to skip session resume entirely and avoid the collision-prone "default" key.
+ */
+export function deriveConversationAnchor(
+  messages: Array<ProxyMessage>,
+): { anchor: string; contentPrefix: string } | undefined {
+  for (const message of messages) {
+    if (message?.role !== "user") continue;
+    const text = extractTextContent(message.content).trim();
+    if (!text || isMetaUserMessage(text)) continue;
+    const canonical = canonicalizeContentForAnchor(message.content);
+    return { anchor: simpleHash(canonical), contentPrefix: text.slice(0, 500) };
+  }
+  return undefined;
+}
+
+/**
+ * Prefixes used to validate a resume cache entry as a conversation advances.
+ *
+ * The session key intentionally remains based on the first real user message so
+ * turn 2 can find the chat ID recorded after turn 1. The content prefix is the
+ * safety check: lookup uses the prior user-message sequence, while recording
+ * stores the current user-message sequence for the next request. If two chats
+ * share the same opener but diverge later, the mismatch drops resume instead of
+ * attaching to the wrong cursor-agent chat.
+ */
+export function deriveConversationResumePrefixes(
+  messages: Array<ProxyMessage>,
+): { lookupContentPrefix: string; recordContentPrefix: string } | undefined {
+  const users: Array<{ canonical: string; prefix: string; index: number }> = [];
+  for (let index = 0; index < messages.length; index++) {
+    const message = messages[index];
+    if (message?.role !== "user") continue;
+    const text = extractTextContent(message.content).trim();
+    if (!text || isMetaUserMessage(text)) continue;
+    users.push({
+      canonical: canonicalizeContentForAnchor(message.content),
+      prefix: text.slice(0, 500),
+      index,
+    });
+  }
+  if (users.length === 0) return undefined;
+
+  const lastUserIsLatestMessage = users[users.length - 1]?.index === messages.length - 1;
+  const lookupUsers = lastUserIsLatestMessage && users.length > 1
+    ? users.slice(0, -1)
+    : users;
+
+  return {
+    lookupContentPrefix: buildUserSequencePrefix(lookupUsers),
+    recordContentPrefix: buildUserSequencePrefix(users),
+  };
+}
+
+function buildUserSequencePrefix(users: Array<{ canonical: string; prefix: string }>): string {
+  if (users.length === 1) return users[0].prefix;
+  return `users:${users.length}:${simpleHash(users.map((user) => user.canonical).join("\n\0\n"))}`;
+}
+
+/** Canonical serialization of message content for anchor hashing.
+ *  Includes text and non-text parts so identical text with different images
+ *  do not collide. A pure-text array produces the same canonical form as a
+ *  plain string so the anchor is stable across OpenCode's content formats.
+ */
+function canonicalizeContentForAnchor(content: unknown): string {
+  if (typeof content === "string") return content;
+  if (!Array.isArray(content)) return "";
+  const hasNonText = content.some((part: any) => part?.type !== "text" || typeof part.text !== "string");
+  if (!hasNonText) {
+    return content.map((part: any) => part.text).join("\n");
+  }
+  return content
+    .map((part: any) => {
+      if (part?.type === "text" && typeof part.text === "string") {
+        return `text:${part.text}`;
+      }
+      if (part?.type === "image_url") {
+        return `image_url:${typeof part.image_url?.url === "string" ? part.image_url.url : ""}`;
+      }
+      return `part:${part?.type ?? ""}`;
+    })
+    .join("\n");
+}
+
+/** Build a unique session key from workspace, model, and conversation anchor. */
+export function buildSessionKey(workspace: string, model: string, anchor: string): string {
+  return `${workspace}\0${model}\0${anchor}`;
+}
+
+/** Return whether `CURSOR_ACP_SESSION_RESUME` is enabled (1/true/on/yes). */
+export function isSessionResumeEnabled(): boolean {
+  const value = process.env.CURSOR_ACP_SESSION_RESUME?.toLowerCase();
+  return value === "1" || value === "true" || value === "on" || value === "yes";
+}
+
+/**
+ * Look up a cached cursor-agent chat ID for the given session key.
+ *
+ * Validates TTL, content prefix, and tool/subagent fingerprints. A request that
+ * supplies a non-empty fingerprint will evict a cached entry that was recorded
+ * without that fingerprint (or with a different one), preventing a stale chat
+ * from being resumed with an incompatible tool/subagent schema. Returns
+ * undefined and evicts stale entries on any mismatch.
+ */
+export function getResumeChatId(
+  sessionKey: string,
+  expectedPrefix?: string,
+  toolFingerprint?: string,
+  subagentFingerprint?: string,
+): string | undefined {
+  const entry = cache.get(sessionKey);
+  if (!entry) return undefined;
+  if (Date.now() - entry.updatedAt > DEFAULT_TTL_MS) {
+    evictEntry(sessionKey, "ttlExpired", {
+      ageMs: Date.now() - entry.updatedAt,
+      ttlMs: DEFAULT_TTL_MS,
+    });
+    return undefined;
+  }
+  if (expectedPrefix != null && entry.contentPrefix !== expectedPrefix) {
+    log.warn("Skipping session resume entry due to content prefix mismatch", {
+      sessionKeyHash: sanitizeSessionKey(sessionKey),
+      storedPrefixLength: entry.contentPrefix.length,
+      expectedPrefixLength: expectedPrefix.length,
+    });
+    return undefined;
+  }
+  if ((toolFingerprint || entry.toolFingerprint) && entry.toolFingerprint !== toolFingerprint) {
+    evictEntry(sessionKey, "toolFingerprintMismatch", {}, "warn");
+    return undefined;
+  }
+  if ((subagentFingerprint || entry.subagentFingerprint) && entry.subagentFingerprint !== subagentFingerprint) {
+    evictEntry(sessionKey, "subagentFingerprintMismatch", {}, "warn");
+    return undefined;
+  }
+  // Refresh LRU order on a successful read.
+  cache.delete(sessionKey);
+  cache.set(sessionKey, entry);
+  return entry.chatId;
+}
+
+/**
+ * Check whether a resume chat ID exists without evicting stale entries or
+ * refreshing LRU order. Use for observability-only checks (e.g. post-response
+ * warnings) where side effects would be incorrect.
+ */
+export function hasResumeChatId(
+  sessionKey: string,
+  expectedPrefix?: string,
+  toolFingerprint?: string,
+  subagentFingerprint?: string,
+): boolean {
+  const entry = cache.get(sessionKey);
+  if (!entry) return false;
+  if (Date.now() - entry.updatedAt > DEFAULT_TTL_MS) return false;
+  if (expectedPrefix != null && entry.contentPrefix !== expectedPrefix) return false;
+  if ((toolFingerprint || entry.toolFingerprint) && entry.toolFingerprint !== toolFingerprint) {
+    return false;
+  }
+  if ((subagentFingerprint || entry.subagentFingerprint) && entry.subagentFingerprint !== subagentFingerprint) {
+    return false;
+  }
+  return !!entry.chatId;
+}
+
+/**
+ * Store or refresh a chat ID for the given session key.
+ *
+ * Refreshes LRU insertion order, ignores empty chat IDs, and evicts the
+ * least-recently-used entry when the cache exceeds DEFAULT_MAX_ENTRIES.
+ */
+export function recordResumeChatId(
+  sessionKey: string,
+  chatId: string,
+  contentPrefix: string,
+  toolFingerprint?: string,
+  subagentFingerprint?: string,
+): void {
+  if (!chatId) return;
+  const trimmed = chatId.trim();
+  if (!RESUME_CHAT_ID_SAFE_RE.test(trimmed)) {
+    log.warn("Refusing to cache unsafe resume chat ID", {
+      sessionKeyHash: sanitizeSessionKey(sessionKey),
+      chatIdHash: hashForLog(trimmed),
+    });
+    return;
+  }
+  // Delete first so a re-set moves the key to the end (LRU insertion order).
+  cache.delete(sessionKey);
+  cache.set(sessionKey, {
+    chatId: trimmed,
+    contentPrefix,
+    toolFingerprint,
+    subagentFingerprint,
+    updatedAt: Date.now(),
+  });
+  while (cache.size > DEFAULT_MAX_ENTRIES) {
+    const oldest = cache.keys().next().value;
+    if (oldest === undefined) break;
+    evictEntry(oldest, "maxEntries", { maxEntries: DEFAULT_MAX_ENTRIES });
+  }
+}
+
+/** Sanitize a session key for logging by hashing the full key (128-bit prefix). */
+export function sanitizeSessionKey(sessionKey: string): string {
+  return createHash("sha256").update(sessionKey).digest("hex").slice(0, 32);
+}
+
+/** Generic helper for hashing arbitrary text before logging. */
+export function hashForLog(input: unknown): string {
+  return sanitizeSessionKey(typeof input === "string" ? input : String(input ?? ""));
+}
+
+/** Evict a stale cache entry with a single, consistent log line. */
+function evictEntry(
+  sessionKey: string,
+  reason: string,
+  extra: Record<string, unknown> = {},
+  logLevel: "info" | "warn" = "info",
+): void {
+  const payload = {
+    sessionKeyHash: sanitizeSessionKey(sessionKey),
+    reason,
+    ...extra,
+  };
+  if (logLevel === "warn") {
+    log.warn("Evicting session resume entry", payload);
+  } else {
+    log.info("Evicting session resume entry", payload);
+  }
+  cache.delete(sessionKey);
+}
+
+/** Remove a cached chat ID, e.g. after a resume-specific cursor-agent failure. */
+export function clearResumeChatId(sessionKey: string): void {
+  cache.delete(sessionKey);
+}
+
+/** @internal Testing only. Gated on NODE_ENV to prevent accidental production wipe. */
+export function _resetSessionResumeCache(): void {
+  if (process.env.NODE_ENV !== "test") return;
+  cache.clear();
+}