npm - claude-overnight - Versions diffs - 1.19.1 → 1.23.0 - Mend

claude-overnight 1.19.1 → 1.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/_version.d.ts +1 -1
package/dist/_version.js +1 -1
package/dist/providers.d.ts +5 -1
package/dist/providers.js +137 -31
package/package.json +1 -1
package/plugins/claude-overnight/.claude-plugin/plugin.json +1 -1

package/dist/_version.d.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export declare const VERSION = "1.19.1";
1	+ export declare const VERSION = "1.23.0";

package/dist/_version.js CHANGED Viewed

@@ -1,2 +1,2 @@
 // Auto-generated by build — do not edit manually.
-export const VERSION = "1.19.1";
+export const VERSION = "1.23.0";

package/dist/providers.d.ts CHANGED Viewed

@@ -58,6 +58,7 @@ export declare const PROXY_DEFAULT_URL = "http://127.0.0.1:8765";
 export declare function isCursorProxyProvider(p: ProviderConfig): boolean;
 /**
  * Health check: GET /health on the proxy. Returns true if proxy is reachable.
+ * Passes the stored API key so the /health endpoint doesn't return 401.
  */
 export declare function healthCheckCursorProxy(baseUrl?: string): Promise<boolean>;
 /**
@@ -81,9 +82,12 @@ export declare function fetchCursorModels(baseUrl?: string): Promise<string[]>;
  *  - Proxy not running → spawns `npx cursor-api-proxy` detached, waits for health
  *  - Spawn fails (not installed) → returns false, caller falls back to manual instructions
  *
+ * When `forceRestart` is true and a stale process is on the port, it will be
+ * killed and the proxy restarted.
+ *
  * Returns true when the proxy is reachable at PROXY_DEFAULT_URL.
  */
-export declare function ensureCursorProxyRunning(baseUrl?: string): Promise<boolean>;
+export declare function ensureCursorProxyRunning(baseUrl?: string, forceRestart?: boolean): Promise<boolean>;
 /**
  * Full install + configure flow for cursor-api-proxy.
  * Walks through CLI install, API key config, and proxy start.

package/dist/providers.js CHANGED Viewed

@@ -262,13 +262,28 @@ export const PROXY_DEFAULT_URL = "http://127.0.0.1:8765";
 export function isCursorProxyProvider(p) {
     return p.cursorProxy === true || p.baseURL === PROXY_DEFAULT_URL;
 }
+/** Resolve the cursor-api-proxy API key from env or providers.json. */
+function resolveCursorProxyKey() {
+    if (process.env.CURSOR_BRIDGE_API_KEY?.trim())
+        return process.env.CURSOR_BRIDGE_API_KEY.trim();
+    const saved = loadProviders().find(p => p.cursorProxy);
+    if (saved?.cursorApiKey?.trim())
+        return saved.cursorApiKey.trim();
+    return null;
+}
+/** Build fetch options with the cursor proxy auth header if a key is available. */
+function cursorProxyFetchOpts() {
+    const key = resolveCursorProxyKey();
+    return key ? { headers: { Authorization: `Bearer ${key}` } } : {};
+}
 /**
  * Health check: GET /health on the proxy. Returns true if proxy is reachable.
+ * Passes the stored API key so the /health endpoint doesn't return 401.
  */
 export async function healthCheckCursorProxy(baseUrl = PROXY_DEFAULT_URL) {
     const url = `${baseUrl.replace(/\/$/, "")}/health`;
     try {
-        const res = await fetch(url, { method: "GET", signal: AbortSignal.timeout(3_000) });
+        const res = await fetch(url, { method: "GET", signal: AbortSignal.timeout(3_000), ...cursorProxyFetchOpts() });
         return res.ok;
     }
     catch {
@@ -282,7 +297,7 @@ export async function healthCheckCursorProxy(baseUrl = PROXY_DEFAULT_URL) {
 export async function fetchCursorModels(baseUrl = PROXY_DEFAULT_URL) {
     const url = `${baseUrl.replace(/\/$/, "")}/v1/models`;
     try {
-        const res = await fetch(url, { method: "GET", signal: AbortSignal.timeout(5_000) });
+        const res = await fetch(url, { method: "GET", signal: AbortSignal.timeout(5_000), ...cursorProxyFetchOpts() });
         if (!res.ok)
             return [];
         const json = await res.json();
@@ -336,22 +351,52 @@ async function fetchLiveCursorModels() {
 }
 /**
  * Verify something is actually cursor-api-proxy (not just any HTTP service on the port).
- * Calls /v1/models and checks the response shape. Returns true if it looks like the proxy.
+ * Tries /health first (proxy identity), then falls back to /v1/models shape check.
+ * Returns true if it looks like the proxy.
  */
 async function verifyCursorProxy(baseUrl = PROXY_DEFAULT_URL) {
-    const url = `${baseUrl.replace(/\/$/, "")}/v1/models`;
+    const url = baseUrl.replace(/\/$/, "");
+    const opts = cursorProxyFetchOpts();
+    // /health is the most reliable proxy identity check — works even when
+    // /v1/models fails due to agent subprocess crash (macOS segfault).
     try {
-        const res = await fetch(url, { method: "GET", signal: AbortSignal.timeout(3_000) });
+        const res = await fetch(`${url}/health`, { method: "GET", signal: AbortSignal.timeout(3_000), ...opts });
+        if (res.ok)
+            return true;
+    }
+    catch { }
+    // Fallback: check /v1/models response shape
+    try {
+        const res = await fetch(`${url}/v1/models`, { method: "GET", signal: AbortSignal.timeout(3_000), ...opts });
         if (!res.ok)
             return false;
         const json = await res.json();
-        // cursor-api-proxy returns { data: [{ id: "...", ... }] }
         return Array.isArray(json?.data);
     }
     catch {
         return false;
     }
 }
+/**
+ * Kill whatever process is bound to the given port. Uses `lsof` on macOS /
+ * `fuser` on Linux. Returns the PID that was killed, or null if nothing found
+ * or permission denied.
+ */
+function killProcessOnPort(port, host = "127.0.0.1") {
+    try {
+        // macOS / BSD: lsof -ti :PORT gives just the PID
+        const pid = execSync(`lsof -ti :${port} 2>/dev/null`, {
+            timeout: 5_000, encoding: "utf-8",
+        }).trim().split("\n")[0];
+        if (!pid || !/^\d+$/.test(pid))
+            return null;
+        execSync(`kill -9 ${pid} 2>/dev/null`, { timeout: 5_000 });
+        return parseInt(pid, 10);
+    }
+    catch {
+        return null;
+    }
+}
 /**
  * Check whether something is already listening on the proxy port.
  * Returns true if any process bound the port (another instance, Cursor CLI, etc.).
@@ -437,6 +482,35 @@ function patchProxyEnvJs(proxyDir) {
     }
     return true;
 }
+/**
+ * Patch the proxy's token-cache.js to skip the macOS keychain read.
+ *
+ * The proxy calls `security find-generic-password -s "cursor-access-token" -w`
+ * after every agent run to cache tokens for its multi-account pool feature.
+ * This triggers a macOS keychain popup even though the key is not needed for
+ * auth (the cursor-agent subprocess handles its own auth). We neutralize it.
+ *
+ * Safe to call repeatedly — the patch is idempotent.
+ */
+function patchProxyTokenCacheJs(proxyDir) {
+    const tcJs = join(proxyDir, "dist", "lib", "token-cache.js");
+    if (!existsSync(tcJs))
+        return false;
+    const src = readFileSync(tcJs, "utf-8");
+    // Check if already patched
+    if (src.includes("/* claude-overnight patch: skip keychain */"))
+        return true;
+    const patch = `\n/* claude-overnight patch: skip keychain */\n` +
+        `return undefined;`;
+    // Replace the entire execSync chain inside readKeychainToken (multi-line)
+    const target = `const t = execSync('security find-generic-password -s "cursor-access-token" -w', { stdio: ["pipe", "pipe", "pipe"], timeout: 5000 })
+            .toString()
+            .trim();`;
+    if (!src.includes(target))
+        return false;
+    writeFileSync(tcJs, src.replace(target, patch + "\n// " + target.replace(/\n/g, "\n// ")), "utf-8");
+    return true;
+}
 /**
  * Find the cursor-api-proxy package directory (npx cache or global install).
  */
@@ -482,14 +556,30 @@ function findProxyPackageDir() {
  *  - Proxy not running → spawns `npx cursor-api-proxy` detached, waits for health
  *  - Spawn fails (not installed) → returns false, caller falls back to manual instructions
  *
+ * When `forceRestart` is true and a stale process is on the port, it will be
+ * killed and the proxy restarted.
+ *
  * Returns true when the proxy is reachable at PROXY_DEFAULT_URL.
  */
-export async function ensureCursorProxyRunning(baseUrl = PROXY_DEFAULT_URL) {
+export async function ensureCursorProxyRunning(baseUrl = PROXY_DEFAULT_URL, forceRestart = false) {
     const url = new URL(baseUrl);
     const port = parseInt(url.port, 10) || 80;
+    // Always patch the npx cache on startup so proxy skips keychain reads.
+    // Idempotent — safe to call on every run.
+    const proxyDir = findProxyPackageDir();
+    if (proxyDir)
+        patchProxyTokenCacheJs(proxyDir);
     // Already healthy?
-    if (await healthCheckCursorProxy(baseUrl))
+    if (await healthCheckCursorProxy(baseUrl)) {
+        // Proxy was running before the patch — restart it to load the patched token-cache.js.
+        console.log(chalk.dim(`  Proxy already running — restarting to pick up keychain patch…`));
+        const killedPid = killProcessOnPort(port, url.hostname);
+        if (killedPid) {
+            await new Promise(r => setTimeout(r, 500));
+            return startProxyProcess(baseUrl, url, port);
+        }
         return true;
+    }
     // Something bound the port — verify it's actually the cursor proxy
     if (await isPortInUse(port, url.hostname)) {
         const isProxy = await verifyCursorProxy(baseUrl);
@@ -497,11 +587,25 @@ export async function ensureCursorProxyRunning(baseUrl = PROXY_DEFAULT_URL) {
             console.log(chalk.dim(`  Proxy verified at port ${port}`));
             return true;
         }
-        console.log(chalk.yellow(`  ⚠ Something is on port ${port} but it's not cursor-api-proxy`));
-        console.log(chalk.dim(`  Skip auto-start. If this is unexpected, stop the service or pick a different port.`));
-        return false;
+        // Stale process on the port — kill it if forceRestart, or try automatically
+        if (!forceRestart) {
+            console.log(chalk.yellow(`  ⚠ Something is on port ${port} but it's not cursor-api-proxy — killing stale process…`));
+        }
+        const killedPid = killProcessOnPort(port, url.hostname);
+        if (killedPid) {
+            console.log(chalk.green(`  ✓ Killed stale process PID ${killedPid} on port ${port}`));
+            await new Promise(r => setTimeout(r, 500));
+            return startProxyProcess(baseUrl, url, port);
+        }
+        // Couldn't kill (permission denied, already gone) — try starting anyway
+        console.log(chalk.yellow(`  ⚠ Couldn't kill process on port ${port} — attempting to start proxy anyway…`));
+        return startProxyProcess(baseUrl, url, port);
     }
     // Port is free — auto-start the proxy
+    return startProxyProcess(baseUrl, url, port);
+}
+/** Spawn the proxy process and wait for it to become healthy. */
+async function startProxyProcess(baseUrl, url, port) {
     console.log(chalk.yellow(`\n  Proxy not running at ${baseUrl} — starting it for you…`));
     // Resolve system node and agent index.js so the proxy doesn't use the
     // agent's bundled node (segfaults with --list-models on macOS).
@@ -746,11 +850,11 @@ export async function setupCursorProxy() {
     console.log(chalk.white(`    ${chalk.bold("npx cursor-api-proxy")}`));
     for (;;) {
         const choice = await selectKey(`  Proxy started?`, [
-            { key: "r", desc: "etry" },
+            { key: "r", desc: "etry (re-attempt auto-start + kill stale)" },
             { key: "c", desc: "ancel" },
         ]);
         if (choice === "r") {
-            if (await healthCheckCursorProxy()) {
+            if (await ensureCursorProxyRunning(PROXY_DEFAULT_URL, true)) {
                 console.log(chalk.green("\n  ✓ Proxy is running and healthy"));
                 return true;
             }
@@ -802,36 +906,38 @@ async function pickCursorModel() {
     clearInterval(spinner);
     process.stdout.write("\x1B[2K\r");
     if (!healthy) {
-        // Try to auto-start the proxy before bugging the user
+        // Try to auto-start the proxy (auto-kills stale processes)
         const autoStarted = await ensureCursorProxyRunning();
         if (autoStarted) {
             // Proxy is up now — proceed to model list
         }
         else {
             console.log(chalk.yellow("  Proxy is not running at " + PROXY_DEFAULT_URL));
-            const choice = await selectKey(`  How to proceed?`, [
-                { key: "i", desc: "nstall + configure (CLI, API key, server)" },
-                { key: "r", desc: "etry (I started it manually)" },
-                { key: "c", desc: "ancel" },
-            ]);
-            if (choice === "s") {
-                const ok = await setupCursorProxy();
-                if (!ok)
+            for (;;) {
+                const choice = await selectKey(`  How to proceed?`, [
+                    { key: "r", desc: "etry (re-attempt auto-start + kill stale)" },
+                    { key: "i", desc: "nstall + configure (CLI, API key, server)" },
+                    { key: "c", desc: "ancel" },
+                ]);
+                if (choice === "r") {
+                    if (await ensureCursorProxyRunning(PROXY_DEFAULT_URL, true)) {
+                        console.log(chalk.green("  ✓ Proxy started"));
+                        break;
+                    }
+                    console.log(chalk.yellow(`  Still not reachable at ${PROXY_DEFAULT_URL}`));
+                }
+                else if (choice === "i") {
+                    const ok = await setupCursorProxy();
+                    if (!ok)
+                        return null;
+                    if (await healthCheckCursorProxy())
+                        break;
                     return null;
-            }
-            else if (choice === "r") {
-                // User manually started it — one more health check
-                if (await healthCheckCursorProxy()) {
-                    console.log(chalk.green("  ✓ Proxy detected"));
                 }
                 else {
-                    console.log(chalk.yellow("  Still not reachable — try the install flow or cancel."));
                     return null;
                 }
             }
-            else {
-                return null;
-            }
         }
     }
     const { top, more } = await buildCursorPicker();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "claude-overnight",
-  "version": "1.19.1",
+  "version": "1.23.0",
   "description": "Background lane for your Claude Max plan. Parallel Claude Agent SDK sessions in git worktrees with a usage cap that reserves headroom for your interactive Claude Code. Crash-safe resume. Provider-agnostic model catalog with capability-based planning.",
   "type": "module",
   "bin": {

package/plugins/claude-overnight/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "claude-overnight",
-  "version": "1.19.1",
+  "version": "1.23.0",
   "description": "Claude Code skill for understanding, installing, and inspecting claude-overnight runs  -- parallel Claude agents in git worktrees with thinking waves, multi-wave steering, and crash-safe resume. Supports Cursor API Proxy, Qwen, OpenRouter.",
   "author": {
     "name": "Francesco Fornace"