aiden-runtime 4.8.0 → 4.9.0

package/dist/core/v4/identity/traceparent.js

@@ -0,0 +1,114 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/identity/traceparent.ts — v4.9.0 Slice 7.
+ *
+ * W3C Trace Context (https://www.w3.org/TR/trace-context/) parse +
+ * emit for the `traceparent` HTTP header. We DO NOT swap Aiden's
+ * typed-prefix `trc_<uuidv7>` ID; instead, an inbound trace's 32-hex
+ * traceId is stored alongside in `spans.external_trace_id` /
+ * `runs.external_trace_id` (schema v10). That gives us debuggable
+ * typed IDs internally while still letting an external caller
+ * correlate via W3C-standard headers.
+ *
+ *   traceparent: 00-<32hex traceId>-<16hex spanId>-<2hex flags>
+ *
+ * Total length: 4 + 32 + 16 + 2 + 3 dashes = 55 chars exactly.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseTraceparent = parseTraceparent;
+exports.emitTraceparent = emitTraceparent;
+exports.stripPrefix = stripPrefix;
+exports.validateExternalRequestId = validateExternalRequestId;
+const RE_HEX_32 = /^[0-9a-f]{32}$/;
+const RE_HEX_16 = /^[0-9a-f]{16}$/;
+const RE_HEX_2 = /^[0-9a-f]{2}$/;
+const ZERO_TRACE = '00000000000000000000000000000000';
+const ZERO_SPAN = '0000000000000000';
+/**
+ * Parse a `traceparent` header. Returns `null` on ANY validation
+ * failure — caller decides whether to log + generate fresh or fail.
+ *
+ * Per spec: a vendor MUST NOT propagate an invalid header. We follow
+ * the "ignore + start fresh" recommendation so a malformed upstream
+ * doesn't poison Aiden's trace.
+ */
+function parseTraceparent(header) {
+    if (!header || typeof header !== 'string')
+        return null;
+    if (header.length !== 55)
+        return null;
+    const parts = header.split('-');
+    if (parts.length !== 4)
+        return null;
+    const [version, traceId, parentSpanId, flagsHex] = parts;
+    if (version !== '00')
+        return null;
+    if (!RE_HEX_32.test(traceId))
+        return null;
+    if (!RE_HEX_16.test(parentSpanId))
+        return null;
+    if (!RE_HEX_2.test(flagsHex))
+        return null;
+    if (traceId === ZERO_TRACE)
+        return null;
+    if (parentSpanId === ZERO_SPAN)
+        return null;
+    const flags = parseInt(flagsHex, 16);
+    if (!Number.isFinite(flags))
+        return null;
+    return { traceId, parentSpanId, flags };
+}
+/**
+ * Emit a `traceparent` header from Aiden ID components. The caller
+ * strips the typed prefix (`trc_` / `spn_`) and converts the dashless
+ * 32-char compact form to the W3C shape. (Aiden's compact UUIDv7 IS
+ * 32 lowercase hex chars, so it's directly W3C-compatible after the
+ * prefix is removed.)
+ *
+ * `sampled` defaults to `true` — we want downstream services to record
+ * the trace by default. Set to false for low-priority work.
+ */
+function emitTraceparent(traceIdHex, spanIdHex, sampled = true) {
+    const t = stripPrefix(traceIdHex, 'trc_');
+    const s = stripPrefix(spanIdHex, 'spn_');
+    if (!RE_HEX_32.test(t)) {
+        throw new Error(`emitTraceparent: traceId must be 32 hex chars (got ${t.length})`);
+    }
+    // W3C spans are 16 hex; Aiden's span_id compact form is 32. Take
+    // the first 16 — UUIDv7's first 16 chars carry the ms timestamp +
+    // version + half of randomness, so collisions across one trace are
+    // astronomical.
+    const s16 = s.length === 16 ? s : s.slice(0, 16);
+    if (!RE_HEX_16.test(s16)) {
+        throw new Error(`emitTraceparent: spanId must be 16 hex chars (got ${s16.length})`);
+    }
+    const flags = sampled ? '01' : '00';
+    return `00-${t}-${s16}-${flags}`;
+}
+/** Strip the Aiden typed prefix (`trc_` / `spn_`) if present. */
+function stripPrefix(id, prefix) {
+    return id.startsWith(prefix) ? id.slice(prefix.length) : id;
+}
+/**
+ * Validate an external `X-Request-Id` style header. Per the project
+ * rule "don't poison indexes": max 128 chars, ASCII printable only.
+ * Returns the value if safe, `null` if it should be dropped + a
+ * fresh id generated.
+ */
+function validateExternalRequestId(raw) {
+    if (raw === undefined || raw === null)
+        return null;
+    if (typeof raw !== 'string')
+        return null;
+    if (raw.length === 0 || raw.length > 128)
+        return null;
+    if (!/^[\x20-\x7E]+$/.test(raw))
+        return null;
+    return raw;
+}

package/dist/core/v4/logger/index.js

@@ -1,7 +1,7 @@
 "use strict";
 // core/v4/logger/index.ts — Phase v4.1-1.3a barrel export.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MultiSink = exports.MemorySink = exports.NullSink = exports.StdoutJsonSink = exports.StderrSink = exports.FileSink = exports.isReplActive = exports.markReplInactive = exports.markReplActive = exports.noopLogger = exports.createBootLogger = exports.CoreLogger = void 0;
+exports.RedactingSink = exports.MultiSink = exports.MemorySink = exports.NullSink = exports.StdoutJsonSink = exports.StderrSink = exports.FileSink = exports.isReplActive = exports.markReplInactive = exports.markReplActive = exports.noopLogger = exports.createBootLogger = exports.CoreLogger = void 0;
 var logger_1 = require("./logger");
 Object.defineProperty(exports, "CoreLogger", { enumerable: true, get: function () { return logger_1.CoreLogger; } });
 var factory_1 = require("./factory");
@@ -20,3 +20,5 @@ Object.defineProperty(exports, "NullSink", { enumerable: true, get: function ()
 Object.defineProperty(exports, "MemorySink", { enumerable: true, get: function () { return nullSink_1.MemorySink; } });
 var multiSink_1 = require("./sinks/multiSink");
 Object.defineProperty(exports, "MultiSink", { enumerable: true, get: function () { return multiSink_1.MultiSink; } });
+var redact_1 = require("./redact");
+Object.defineProperty(exports, "RedactingSink", { enumerable: true, get: function () { return redact_1.RedactingSink; } });

package/dist/core/v4/logger/logger.js

@@ -37,11 +37,18 @@ class CoreLogger {
     /**
      * Construct a root logger. Use `child(segment)` for sub-loggers.
      * `sinks` may be empty — useful for tests; writes silently drop.
+     *
+     * v4.9.0 Slice 4 — `getContext` (optional) returns ambient fields
+     * (e.g. ExecutionContext + identity holders) merged into every
+     * record's `ctx`. Defaults to no-op. The Logger NEVER throws when
+     * the provider returns undefined or throws — that would defeat the
+     * point of an always-on diagnostic channel.
      */
     constructor(opts) {
         this.scope = opts.scope ?? '';
         this.sinks = opts.sinks;
         this.level = opts.level ?? 'debug';
+        this.getContext = opts.getContext;
         this.sinksOwner = {
             sinks: this.sinks,
             level: this.level,
@@ -57,6 +64,11 @@ class CoreLogger {
             sinks: parent.sinksOwner.sinks,
             level: parent.sinksOwner.level,
             sinksOwner: parent.sinksOwner,
+            // v4.9.0 Slice 4 — children inherit the parent's context provider
+            // so child-loggers stamped via `parent.child('foo')` carry the
+            // same identity fields without each sub-logger needing its own
+            // wiring.
+            getContext: parent.getContext,
         });
         return c;
     }
@@ -95,12 +107,27 @@ class CoreLogger {
     write(level, msg, ctx) {
         if (exports.LOG_LEVEL_ORDER[level] < exports.LOG_LEVEL_ORDER[this.sinksOwner.level])
             return;
+        // v4.9.0 Slice 4 — merge ambient context fields. Caller-supplied
+        // `ctx` wins on key collision (callers stamp run-specific data with
+        // intent; identity fields are the default backdrop). The provider
+        // is wrapped in try/catch — project rule "no log formatter throws
+        // because context is missing".
+        let merged = ctx;
+        if (this.getContext) {
+            try {
+                const ambient = this.getContext();
+                if (ambient && Object.keys(ambient).length > 0) {
+                    merged = { ...ambient, ...(ctx ?? {}) };
+                }
+            }
+            catch { /* never let a context provider break logging */ }
+        }
         const record = {
             ts: new Date(),
             level,
             scope: this.scope,
             msg,
-            ctx,
+            ctx: merged,
         };
         // Sinks must not throw — the helpers in ./sinks/* all wrap their
         // I/O in try/catch. Be defensive anyway. Phase v4.1.2-slice3:

package/dist/core/v4/logger/redact.js

@@ -0,0 +1,149 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/logger/redact.ts — v4.9.0 Slice 3.
+ *
+ * `RedactingSink` wraps any inner `LoggerSink` and scrubs known secret
+ * shapes out of `msg` + `ctx` before the inner sink sees the record.
+ * It does NOT touch `ts`, `level`, or `scope` — those are operational
+ * metadata, never user-supplied.
+ *
+ * The patterns are intentionally conservative: false positives (a stray
+ * `[REDACTED]` in a debug line) are cheap, false negatives (a real key
+ * leaking to disk) are not. When in doubt, add a pattern; when a
+ * pattern overlaps with normal log content, narrow it.
+ *
+ * The decorator pattern composes naturally with the existing sinks
+ * (FileSink, StderrSink, StdoutJsonSink, MultiSink): wrap whatever the
+ * inner sink is, hand the wrapper to `new CoreLogger({ sinks: [...] })`.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._SECRET_PATTERNS_FOR_TESTS = exports.RedactingSink = void 0;
+/**
+ * Patterns are conservative: each requires either a recognisable
+ * prefix (sk-, AKIA, Bearer …) or a labelled context (api_key="…"),
+ * so plain user text like a 32-char hash slug doesn't accidentally
+ * trip them.
+ */
+const SECRET_PATTERNS = [
+    { name: 'bearer',
+        regex: /Bearer\s+[A-Za-z0-9+/=._-]{20,}/g,
+        replacement: 'Bearer [REDACTED]' },
+    { name: 'sk-key',
+        regex: /sk-[a-zA-Z0-9_-]{20,}/g,
+        replacement: 'sk-[REDACTED]' },
+    { name: 'xoxp-key',
+        regex: /xox[pbar]-[a-zA-Z0-9-]{10,}/g,
+        replacement: 'xox*-[REDACTED]' },
+    { name: 'aws-akia',
+        regex: /AKIA[0-9A-Z]{16}/g,
+        replacement: 'AKIA[REDACTED]' },
+    { name: 'aws-asia',
+        regex: /ASIA[0-9A-Z]{16}/g,
+        replacement: 'ASIA[REDACTED]' },
+    { name: 'gcp-key',
+        regex: /AIza[0-9A-Za-z_-]{35}/g,
+        replacement: 'AIza[REDACTED]' },
+    { name: 'github',
+        regex: /gh[ps]_[A-Za-z0-9]{36,}/g,
+        replacement: 'gh*_[REDACTED]' },
+    // Generic "api_key = secret" / "token: secret" / "password=secret".
+    // The `\b` ensures we don't chew up part of a longer identifier; the
+    // 20+ char tail keeps short values (e.g. `password=admin`) out.
+    { name: 'generic-labelled',
+        regex: /\b(api[_-]?key|token|password|secret)(["':\s=]+)([A-Za-z0-9_-]{20,})/gi,
+        replacement: '$1$2[REDACTED]' },
+];
+/** Apply every pattern to a single string. Cheap; called per record. */
+function scrubString(s) {
+    let out = s;
+    for (const p of SECRET_PATTERNS) {
+        out = out.replace(p.regex, p.replacement);
+    }
+    return out;
+}
+/**
+ * Recursively scrub strings inside a structured payload. Numbers,
+ * booleans, null, undefined pass through. Cycles collapse to
+ * `[circular]` so a misbehaving caller can't OOM the sink.
+ *
+ * Depth is capped at 8 — deep enough for normal `ctx` shapes (error
+ * + stack + nested cause), shallow enough that pathological inputs
+ * don't burn CPU.
+ */
+function scrubValue(v, seen, depth) {
+    if (depth > 8)
+        return '[depth-capped]';
+    if (v === null || v === undefined)
+        return v;
+    if (typeof v === 'string')
+        return scrubString(v);
+    if (typeof v === 'number' || typeof v === 'boolean' || typeof v === 'bigint')
+        return v;
+    if (typeof v === 'function' || typeof v === 'symbol')
+        return String(v);
+    if (v instanceof Error) {
+        return {
+            type: v.name,
+            message: scrubString(v.message),
+            stack: v.stack ? scrubString(v.stack) : undefined,
+        };
+    }
+    if (typeof v === 'object') {
+        if (seen.has(v))
+            return '[circular]';
+        seen.add(v);
+        if (Array.isArray(v)) {
+            return v.map((item) => scrubValue(item, seen, depth + 1));
+        }
+        const out = {};
+        for (const [k, val] of Object.entries(v)) {
+            out[k] = scrubValue(val, seen, depth + 1);
+        }
+        return out;
+    }
+    return v;
+}
+/**
+ * `LoggerSink` decorator. Construct with the inner sink you want to
+ * protect; `write()` produces a redacted copy of the record before
+ * delegating. Never mutates the input — the original `record.msg` /
+ * `record.ctx` are untouched (other sinks attached to the same
+ * `CoreLogger` see their own unredacted copies if they're not
+ * themselves wrapped).
+ *
+ * Operational metadata (`ts`, `level`, `scope`) bypasses redaction:
+ * those fields can't carry user input, and aggregators key on them.
+ */
+class RedactingSink {
+    constructor(inner) {
+        this.inner = inner;
+        this.name = inner.name ? `redact:${inner.name}` : 'redact:anon';
+    }
+    write(record) {
+        const seen = new WeakSet();
+        const scrubbed = {
+            ts: record.ts,
+            level: record.level,
+            scope: record.scope,
+            msg: scrubString(record.msg),
+            ctx: record.ctx
+                ? scrubValue(record.ctx, seen, 0)
+                : undefined,
+        };
+        this.inner.write(scrubbed);
+    }
+    async close() {
+        if (typeof this.inner.close === 'function') {
+            await this.inner.close();
+        }
+    }
+}
+exports.RedactingSink = RedactingSink;
+/** Test seam — pattern list shape is exposed for assertions. */
+exports._SECRET_PATTERNS_FOR_TESTS = SECRET_PATTERNS.map((p) => ({ name: p.name }));

package/dist/core/v4/logger/sinks/fileSink.js

@@ -34,6 +34,8 @@ class FileSink {
         this.dirReady = false;
         this.dir = opts.dir;
         this.filePath = node_path_1.default.join(opts.dir, `${opts.name}.log`);
+        this.fmt = opts.format ?? 'human';
+        this.name = `file:${this.filePath}`;
     }
     write(record) {
         if (!this.ensureDir())
@@ -88,6 +90,17 @@ class FileSink {
      *   2026-05-08T01:32:50.001Z [warn] [channels.telegram] Polling 409 {"streak":1}
      */
     format(r) {
+        if (this.fmt === 'ndjson') {
+            const payload = {
+                ts: r.ts.toISOString(),
+                level: r.level,
+                scope: r.scope || undefined,
+                msg: r.msg,
+            };
+            if (r.ctx)
+                Object.assign(payload, r.ctx);
+            return safeJson(payload) + '\n';
+        }
         const scope = r.scope ? ` [${r.scope}]` : '';
         const ctx = r.ctx && Object.keys(r.ctx).length > 0
             ? ' ' + safeJson(r.ctx)

package/dist/core/v4/logger/sinks/stdSink.js

@@ -30,19 +30,37 @@ const LEVEL_THRESHOLD = {
 };
 class StderrSink {
     constructor(opts = {}) {
+        this.name = 'stderr';
         this.minLevel = LEVEL_THRESHOLD[opts.minLevel ?? 'warn'];
+        this.pretty = opts.pretty ?? false;
     }
     write(r) {
         if (LEVEL_THRESHOLD[r.level] < this.minLevel)
             return;
         const scope = r.scope ? ` [${r.scope}]` : '';
         try {
-            process.stderr.write(`${r.ts.toISOString()} [${r.level}]${scope} ${r.msg}\n`);
+            if (this.pretty) {
+                const ts = formatShortTime(r.ts);
+                const runId = typeof r.ctx?.runId === 'string' ? r.ctx.runId : '';
+                // Dim ANSI 2 = faint; 22 = reset intensity. Suffix renders as
+                // ` (run_…last8)` only when an ambient runId is present.
+                const suffix = runId.length >= 8
+                    ? ` \x1b[2m(${runId.slice(-8)})\x1b[22m`
+                    : '';
+                process.stderr.write(`${ts} [${r.level}]${scope} ${r.msg}${suffix}\n`);
+            }
+            else {
+                process.stderr.write(`${r.ts.toISOString()} [${r.level}]${scope} ${r.msg}\n`);
+            }
         }
         catch { /* dropped */ }
     }
 }
 exports.StderrSink = StderrSink;
+function formatShortTime(d) {
+    const pad = (n) => (n < 10 ? `0${n}` : String(n));
+    return `${pad(d.getHours())}:${pad(d.getMinutes())}:${pad(d.getSeconds())}`;
+}
 /**
  * NDJSON stdout for `serve` mode. One record per line, structured
  * fields preserved. Aggregators love this; humans don't. Headless

package/dist/core/v4/mcp/install/backup.js

@@ -0,0 +1,78 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/mcp/install/backup.ts — v4.9.0 Slice 2a.
+ *
+ * Timestamped backup of a third-party client config before Aiden's
+ * `init` / `repair` writes to it. Backups are kept indefinitely so
+ * a user can recover if Aiden's entry breaks something downstream.
+ * Naming: `<configPath>.aiden-backup-YYYYMMDD-HHMMSS`.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.backupConfig = backupConfig;
+exports.countBackups = countBackups;
+exports.findLatestBackup = findLatestBackup;
+const node_fs_1 = require("node:fs");
+const node_path_1 = __importDefault(require("node:path"));
+/** Generate a timestamp suffix matching the YYYYMMDD-HHMMSS pattern. */
+function nowStamp(date = new Date()) {
+    const pad = (n, w = 2) => String(n).padStart(w, '0');
+    return (`${date.getFullYear()}${pad(date.getMonth() + 1)}${pad(date.getDate())}` +
+        `-${pad(date.getHours())}${pad(date.getMinutes())}${pad(date.getSeconds())}`);
+}
+/**
+ * Create a backup of `configPath`. Returns the backup path on success,
+ * or null if the source doesn't exist (first-time init — nothing to
+ * back up). Re-throws fs errors so the caller can abort cleanly.
+ */
+function backupConfig(configPath, now = new Date()) {
+    if (!(0, node_fs_1.existsSync)(configPath))
+        return null;
+    const backupPath = `${configPath}.aiden-backup-${nowStamp(now)}`;
+    (0, node_fs_1.copyFileSync)(configPath, backupPath);
+    return backupPath;
+}
+/**
+ * Count existing backups for a given config path. Used by `doctor`
+ * to report backup count + by tests.
+ */
+function countBackups(configPath) {
+    const dir = node_path_1.default.dirname(configPath);
+    const base = node_path_1.default.basename(configPath);
+    if (!(0, node_fs_1.existsSync)(dir))
+        return 0;
+    try {
+        return (0, node_fs_1.readdirSync)(dir).filter((f) => f.startsWith(`${base}.aiden-backup-`)).length;
+    }
+    catch {
+        return 0;
+    }
+}
+/**
+ * Find the newest backup matching `<configPath>.aiden-backup-*`.
+ * Used by `repair` when restoring from a corrupted edit.
+ */
+function findLatestBackup(configPath) {
+    const dir = node_path_1.default.dirname(configPath);
+    const base = node_path_1.default.basename(configPath);
+    if (!(0, node_fs_1.existsSync)(dir))
+        return null;
+    try {
+        const files = (0, node_fs_1.readdirSync)(dir).filter((f) => f.startsWith(`${base}.aiden-backup-`));
+        if (files.length === 0)
+            return null;
+        files.sort(); // timestamp suffix sorts lexicographically = newest last
+        return node_path_1.default.join(dir, files[files.length - 1]);
+    }
+    catch {
+        return null;
+    }
+}

package/dist/core/v4/mcp/install/clientPaths.js

@@ -0,0 +1,90 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/mcp/install/clientPaths.ts — v4.9.0 Slice 2a.
+ *
+ * Per-client per-OS config-file path discovery. No hardcoded user
+ * paths — every path is built from `os.homedir()` / `process.env`
+ * at call time so tests can override via the env.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveClientPath = resolveClientPath;
+const node_os_1 = __importDefault(require("node:os"));
+const node_path_1 = __importDefault(require("node:path"));
+/**
+ * Resolve the config path for `clientId` on the host platform. Pass a
+ * custom env / platform / homedir override for tests.
+ */
+const MCP_SERVERS_SCHEMA = { topKey: 'mcpServers' };
+const VSCODE_SCHEMA = { topKey: 'servers', requiresType: true };
+function resolveClientPath(clientId, opts = {}) {
+    const platform = opts.platform ?? process.platform;
+    const homedir = opts.homedir ?? node_os_1.default.homedir();
+    const env = opts.env ?? process.env;
+    const cwd = opts.cwd ?? process.cwd();
+    if (clientId === 'vscode') {
+        // v4.9.0 Slice 2b — workspace-only config. The user must run
+        // `aiden mcp init vscode` from inside a VS Code project (where
+        // `.vscode/` is meaningful). We don't fabricate a global path;
+        // VS Code doesn't ship a stable global MCP config location.
+        const wsDir = node_path_1.default.join(cwd, '.vscode');
+        const wsFile = node_path_1.default.join(wsDir, 'mcp.json');
+        return {
+            configPath: wsFile,
+            parentDir: wsDir,
+            displayName: 'VS Code (workspace)',
+            format: 'jsonc',
+            schema: VSCODE_SCHEMA,
+        };
+    }
+    if (clientId === 'claude') {
+        if (platform === 'darwin') {
+            const dir = node_path_1.default.join(homedir, 'Library', 'Application Support', 'Claude');
+            return {
+                configPath: node_path_1.default.join(dir, 'claude_desktop_config.json'),
+                parentDir: dir,
+                displayName: 'Claude Desktop',
+                format: 'json',
+                schema: MCP_SERVERS_SCHEMA,
+            };
+        }
+        if (platform === 'win32') {
+            const appData = env.APPDATA ?? node_path_1.default.join(homedir, 'AppData', 'Roaming');
+            const dir = node_path_1.default.join(appData, 'Claude');
+            return {
+                configPath: node_path_1.default.join(dir, 'claude_desktop_config.json'),
+                parentDir: dir,
+                displayName: 'Claude Desktop',
+                format: 'json',
+                schema: MCP_SERVERS_SCHEMA,
+            };
+        }
+        // Linux / others — Claude Desktop has no official Linux build.
+        return {
+            configPath: node_path_1.default.join(homedir, '.config', 'Claude', 'claude_desktop_config.json'),
+            parentDir: node_path_1.default.join(homedir, '.config', 'Claude'),
+            displayName: 'Claude Desktop',
+            format: 'json',
+            schema: MCP_SERVERS_SCHEMA,
+            unsupportedOs: true,
+        };
+    }
+    // Cursor — same `~/.cursor/mcp.json` layout across all three OSes.
+    // Windows uses USERPROFILE if HOME isn't set; we already resolved
+    // via homedir which handles both.
+    return {
+        configPath: node_path_1.default.join(homedir, '.cursor', 'mcp.json'),
+        parentDir: node_path_1.default.join(homedir, '.cursor'),
+        displayName: 'Cursor',
+        format: 'jsonc',
+        schema: MCP_SERVERS_SCHEMA,
+    };
+}