claude-overnight 1.24.8 → 1.25.0

package/README.md

@@ -1,14 +1,10 @@
 # claude-overnight
 
-**A background lane for your Claude Max plan.** Runs a capped swarm of Claude Agent SDK sessions in isolated git worktrees  -- stops at a usage cap you set, so your interactive Claude Code always has headroom. Rate-limited? It waits. Crash? It resumes with full context.
+Parallel Claude agents in isolated git worktrees. Set a usage cap so your interactive Claude Code keeps its headroom. Rate-limited? It waits. Crash? It resumes with full context.
 
-Your Max plan rate limits eat interactive coding time. One deep refactor and the 5-hour window is gone before lunch. `claude-overnight` runs background agent sessions up to the percentage cap you pick (90% is typical), leaving the rest free for your own Claude Code session. Hand it an objective and a session budget, walk away, review the diff when the run ends.
+Hand it an objective and a session budget, walk away, review the diff when the run ends. Every agent runs in its own worktree on its own branch — a misbehaving agent can't trash your working tree. Unmerged branches are preserved for manual review, never discarded.
 
-Cursor API Proxy supported -- route through Cursor's model gateway for Composer-powered execution on `auto`, `composer`, or `composer-2` models. See **Run via Cursor API Proxy** below.
-
-Isolated by default. Every agent runs in its own git worktree on its own branch, so a misbehaving agent can't trash your working tree. You choose what agents can do before the run starts  -- no surprise escalation mid-flight. Unmerged branches are preserved for manual review, never discarded. Built on the [Claude Agent SDK](https://www.npmjs.com/package/@anthropic-ai/claude-agent-sdk)  -- not a Claude Code replacement, but a background lane that runs alongside it.
-
-Different shape from hosted agent harnesses like [Claude Managed Agents](https://platform.claude.com/docs/en/managed-agents/overview): instead of one agent in one cloud container billed separately, you get many parallel sessions on your own machine, in your real repo, against your own Max plan (or API key). Works with Claude Opus, Sonnet, and Haiku  -- or pair an Anthropic planner with a cheaper executor on Qwen, OpenRouter, or any Anthropic-compatible endpoint.
+Built on the [Claude Agent SDK](https://www.npmjs.com/package/@anthropic-ai/claude-agent-sdk). Pair any planner (Opus, Sonnet) with any executor — Anthropic, Cursor, Qwen, OpenRouter, or any Anthropic-compatible endpoint.
 
 ## Run on Qwen 3.6 Plus
 
@@ -39,6 +35,27 @@ claude-overnight
 
 Use Cursor's model gateway as an executor -- `auto` (delegates to best available), `composer`, or `composer-2` models. Runs locally through a proxy that speaks the Anthropic Messages API, so it's a drop-in replacement for any other provider.
 
+### macOS: Cursor agent shell patch
+
+On macOS, Cursor's `agent` / `cursor-agent` CLI often misbehaves because it uses a bundled Node.js. Add this to `~/.zshrc` so the `agent` command runs the real script with your **system** Node (then `source ~/.zshrc` or open a new terminal):
+
+```bash
+# Force Cursor Agent to use System Node.js
+run_cursor_agent() {
+    # Find the real directory of the cursor-agent script (resolves symlinks)
+    local agent_path="$(command -v cursor-agent)"
+    local script_dir="$(dirname "$(realpath "$agent_path")")"
+
+    # Run the core JS file directly with your system node
+    node "$script_dir/index.js" "$@"
+}
+
+# Overwrite any existing 'agent' alias to use our custom function
+alias agent="run_cursor_agent"
+```
+
+`claude-overnight` prints a one-time notice when you use the Cursor proxy and this snippet is not detected in `~/.zshrc` or `~/.zprofile`. The bundled proxy also sets `CURSOR_AGENT_NODE` / `CURSOR_AGENT_SCRIPT` when it can find `node` and `cursor-agent`, but your interactive shell still benefits from the alias.
+
 1. **Install the Cursor CLI and proxy:**
 
    ```bash
@@ -68,6 +85,24 @@ claude-overnight
 
 **Tip:** run `claude-overnight` with the `--model=cursor-auto` flag in non-interactive mode to skip the picker. If the proxy isn't running at startup, a warning is shown but Anthropic providers remain available.
 
+### macOS: “Keychain Not Found” / `cursor-user`
+
+The Cursor **`agent`** binary stores an interactive login as **`cursor-user`** in your **login** keychain. For automation, use a **[User API key](https://cursor.com/docs/cli/headless)** (`export CURSOR_API_KEY=...` from [Integrations](https://cursor.com/dashboard/integrations)) — the bundled proxy then does not need Keychain. `claude-overnight` forces `CURSOR_SKIP_KEYCHAIN=1` and `CI=true`; if System Settings still shows **“A keychain cannot be found to store …”**, the login keychain is often missing or damaged: open **Keychain Access → First Aid** on **login**, or use **Reset To Defaults** in the dialog. Some users fix a stuck keychain with:
+
+```bash
+security unlock-keychain ~/Library/Keychains/login.keychain-db
+```
+
+**Automation:** Saving a key via **Cursor…** in `claude-overnight` is enough — it is written to `providers.json` and injected into both the Claude SDK env and the bundled proxy (including `CURSOR_API_KEY` for the native `agent`). You do not need to `export` variables unless you want to override for one shell.
+
+**Advanced:** If something else must share port `8765` and you manage the proxy yourself, set `CURSOR_OVERNIGHT_NO_PROXY_RESTART=1` to skip the automatic “replace listener” step when a Cursor API token is present.
+
+**How headless Cursor + macOS Keychain actually works (discovery):** We documented the full investigation: why ACP + skip-authenticate + `CURSOR_API_KEY` were not enough, how **chat-only workspace** (default in cursor-composer) fakes `HOME` and still triggered **Keychain timeouts** despite a User API key, and how **`composer-2-fast`** can fail the ACP smoke test for reasons unrelated to Keychain. See **[docs/CURSOR_PROXY_MACOS_DISCOVERY.md](docs/CURSOR_PROXY_MACOS_DISCOVERY.md)**.
+
+**Quick reference — bundled proxy env:** `CURSOR_BRIDGE_ACP_SKIP_AUTHENTICATE=1`, `CURSOR_BRIDGE_USE_ACP=1`, `CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=false`, plus `CURSOR_API_KEY` / `CURSOR_AUTH_TOKEN` / `CURSOR_BRIDGE_API_KEY` and `CURSOR_SKIP_KEYCHAIN=1` / `CI=true`. Details and tables are in the doc above.
+
+**Regression / stress test:** `npm run matrix:cursor-proxy` (optional `--quick`, `--include-danger`). Use `MATRIX_MODELS=composer-2,composer-2-fast` to compare models; override `MATRIX_PORT_BASE`, `MATRIX_MODEL`, `MATRIX_MSG_TIMEOUT_MS` as needed.
+
 ## Install
 
 ```bash
@@ -126,24 +161,9 @@ claude-overnight
 
 You interact once (objective, budget, model, review themes), then the rest runs unattended  -- thinking, planning, executing, reflecting, steering. Rate-limited? It waits and retries. Crash? Resume where you left off. Capped at usage limit? Pick up next time with full context preserved.
 
-## How it differs
-
-- vs **Claude Code**: many agents, no driver, capped so your Claude Code session keeps its headroom
-- vs **[Managed Agents](https://platform.claude.com/docs/en/managed-agents/overview)**: on your machine, against your Max plan, in your real git history  -- not a cloud container billed separately
-- vs **Cursor / Copilot / Cline**: asynchronous, off the keyboard
-
 ## Use cases
 
-- **Overnight refactors**  -- "Modernize the auth system" at budget 200.
-- **Batch feature implementation**  -- dozens of features from a task file, parallelized.
-- **Codebase-wide cleanups**  -- deduplicate, simplify, rename, normalize.
-- **Test generation at scale**  -- integration tests for every route or module.
-- **Documentation sprints**  -- API docs, READMEs, inline comments, changelogs.
-- **Framework migrations**  -- version upgrades, type annotations, config format swaps.
-- **Quality audits**  -- reflection waves surface architectural issues and code smells.
-- **Long research runs**  -- architect sessions explore a large codebase before any code lands.
-
-Typical shape: one objective + a $20–$200 spend cap + walk away.
+Overnight refactors, batch feature implementation, codebase-wide cleanups, test generation, documentation sprints, framework migrations, quality audits, long research runs. One objective + a budget + walk away.
 
 ## How it works
 

package/dist/_version.d.ts

@@ -1 +1 @@
-export declare const VERSION = "1.24.8";
+export declare const VERSION = "1.25.0";

package/dist/_version.js

@@ -1,2 +1,2 @@
 // Auto-generated by build — do not edit manually.
-export const VERSION = "1.24.8";
+export const VERSION = "1.25.0";

package/dist/bin.js

@@ -4,6 +4,11 @@
 // rest of the module graph takes several seconds on a cold cache  -- without
 // this, the terminal sits black that whole time. index.ts stops the splash
 // via `globalThis.__coStopSplash` as soon as its header is about to print.
+// Cursor agent: never inherit a shell that disabled keychain skip (`CI=0`,
+// empty `CURSOR_SKIP_KEYCHAIN`) — the Cursor CLI may prompt for "cursor-user"
+// and block preflight. Force like cursor-composer-in-claude/dist/cli.js (not ??=).
+process.env.CURSOR_SKIP_KEYCHAIN = "1";
+process.env.CI = "true";
 const argv = process.argv.slice(2);
 const quiet = argv.includes("-h") || argv.includes("--help") || argv.includes("-v") || argv.includes("--version");
 if (!quiet && process.stdout.isTTY) {

package/dist/cursor-models.js

@@ -14,7 +14,6 @@
 import { modelDisplayName, formatContextWindow } from "./models.js";
 export const CURSOR_PRIORITY_MODELS = [
     { id: "composer-2", label: "composer-2", hint: "Cursor Composer 2 — latest, strongest Cursor model" },
-    { id: "composer-2-fast", label: "composer-2-fast", hint: "Cursor Composer 2 Fast — faster, cheaper variant" },
     { id: "auto", label: "auto", hint: "auto-delegates to the best available model" },
 ];
 export const CURSOR_KNOWN_MODELS = [

package/dist/index.js

@@ -9,7 +9,7 @@ import { Swarm } from "./swarm.js";
 import { planTasks, refinePlan, identifyThemes, buildThinkingTasks, orchestrate, salvageFromFile } from "./planner.js";
 import { modelDisplayName, formatContextWindow, DEFAULT_MODEL } from "./models.js";
 import { setPlannerEnvResolver } from "./planner-query.js";
-import { pickModel, loadProviders, preflightProvider, buildEnvResolver, healthCheckCursorProxy, PROXY_DEFAULT_URL, isCursorProxyProvider, ensureCursorProxyRunning, bundledComposerProxyShellCommand, } from "./providers.js";
+import { pickModel, loadProviders, preflightProvider, buildEnvResolver, healthCheckCursorProxy, PROXY_DEFAULT_URL, isCursorProxyProvider, ensureCursorProxyRunning, bundledComposerProxyShellCommand, warnMacCursorAgentShellPatchIfNeeded, hasCursorAgentToken, } from "./providers.js";
 import { RunDisplay } from "./ui.js";
 import { renderSummary } from "./render.js";
 import { executeRun } from "./run.js";
@@ -158,8 +158,9 @@ async function promptResumeOverrides(state, cliFlags, argv, noTTY, runDir) {
     console.log();
 }
 async function main() {
-    // Prevent macOS keychain popups from the Cursor CLI agent subprocess.
-    process.env.CURSOR_SKIP_KEYCHAIN ??= "1";
+    // Same as bin.ts: do not use ??= — parent shell can set CI=0 / CURSOR_SKIP_KEYCHAIN=0.
+    process.env.CURSOR_SKIP_KEYCHAIN = "1";
+    process.env.CI = "true";
     const argv = process.argv.slice(2);
     if (argv.includes("-v") || argv.includes("--version")) {
         const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -220,6 +221,7 @@ async function main() {
     // ── Pre-check: warn if saved Cursor providers exist but proxy is down ──
     const savedCursorProviders = loadProviders().filter(isCursorProxyProvider);
     if (savedCursorProviders.length > 0 && !dryRun) {
+        warnMacCursorAgentShellPatchIfNeeded();
         const proxyUp = await healthCheckCursorProxy();
         if (!proxyUp) {
             console.warn(chalk.yellow(`\n  ⚠ ${savedCursorProviders.length} Cursor provider(s) saved but proxy is not running at ${PROXY_DEFAULT_URL}`));
@@ -513,15 +515,10 @@ async function main() {
         mergeStrategy = resumeState.mergeStrategy;
     }
     else if (!nonInteractive) {
-        while (true) {
-            objective = await ask(`\n  ${chalk.cyan("①")} ${chalk.bold("What should the agents do?")}\n  ${chalk.cyan(">")} `);
-            if (!objective) {
-                console.error(chalk.red("\n  No objective provided."));
-                process.exit(1);
-            }
-            if (objective.split(/\s+/).length >= 5)
-                break;
-            console.log(chalk.yellow('  Be specific, e.g. "refactor the auth module, add tests, and update docs"'));
+        objective = (await ask(`\n  ${chalk.cyan("①")} ${chalk.bold("What should the agents do?")}\n  ${chalk.cyan(">")} `)).trim();
+        if (!objective) {
+            console.error(chalk.red("\n  No objective provided."));
+            process.exit(1);
         }
         const modelsPromise = fetchModels();
         const budgetAns = await ask(`\n  ${chalk.cyan("②")} ${chalk.dim("Budget")} ${chalk.dim("[")}${chalk.white("10")}${chalk.dim("]:")} `);
@@ -763,18 +760,43 @@ async function main() {
                     cursorProxies.push(p);
             }
         }
-        // Auto-start cursor proxy before pinging
+        // Auto-start cursor proxy before pinging (restarts when a token exists so stale listeners get CURSOR_API_KEY).
         if (cursorProxies.length > 0) {
             await ensureCursorProxyRunning();
+            if (!hasCursorAgentToken()) {
+                console.error(chalk.red(`  ✗ Cursor models require a User API key — add it via ${chalk.bold("Cursor…")} setup, or set ` +
+                    `${chalk.bold("CURSOR_API_KEY")} / ${chalk.bold("CURSOR_BRIDGE_API_KEY")}, or ${chalk.bold("cursorApiKey")} in providers.json.`));
+                console.error(chalk.dim(`    Without it the Cursor CLI falls back to macOS Keychain (\`cursor-user\`).`));
+                process.exit(1);
+            }
         }
         process.stdout.write(`  ${chalk.dim(`◆ Pinging ${pending.map(([r, p]) => `${r} (${p.displayName})`).join(", ")}…`)}\n`);
-        const results = await Promise.all(pending.map(async ([role, p]) => ({
-            role,
-            provider: p,
-            result: await preflightProvider(p, cwd, 20_000, {
-                onProgress: (msg) => process.stdout.write(chalk.dim(`    ${msg}\n`)),
-            }),
-        })));
+        // Cursor proxy: each saved model is a distinct provider id (`cursor-composer-2`, etc.), so
+        // planner + executor + fast can schedule multiple preflights. The bundled proxy typically
+        // handles one agent query at a time — parallel preflights starve each other and hit the
+        // 20s timeout. Run non-proxy checks in parallel, then cursor proxy checks one at a time
+        // (preserve original `pending` order for messages).
+        const progress = (msg) => process.stdout.write(chalk.dim(`    ${msg}\n`));
+        /** Cursor agent cold start + model variance can exceed 20s; API providers stay tight. */
+        const preflightMs = (p) => isCursorProxyProvider(p) ? 60_000 : 20_000;
+        const nonCursorIdx = [];
+        const cursorIdx = [];
+        for (let i = 0; i < pending.length; i++) {
+            if (isCursorProxyProvider(pending[i][1]))
+                cursorIdx.push(i);
+            else
+                nonCursorIdx.push(i);
+        }
+        const slot = Array.from({ length: pending.length });
+        await Promise.all(nonCursorIdx.map(async (i) => {
+            const [role, p] = pending[i];
+            slot[i] = { role, provider: p, result: await preflightProvider(p, cwd, preflightMs(p), { onProgress: progress }) };
+        }));
+        for (const i of cursorIdx) {
+            const [role, p] = pending[i];
+            slot[i] = { role, provider: p, result: await preflightProvider(p, cwd, preflightMs(p), { onProgress: progress }) };
+        }
+        const results = slot;
         for (const { role, provider, result } of results) {
             if (!result.ok) {
                 console.error(chalk.red(`  ✗ ${role} preflight failed: ${chalk.dim(result.error)}`));

package/dist/models.d.ts

@@ -1,5 +1,6 @@
 export interface ModelCapability {
     contextWindow: number;
+    safeContext: number;
     contextConstraint: "tight" | "moderate" | "relaxed";
     /** Human-readable label for UI display. Falls back to the model key if absent. */
     displayName?: string;
@@ -16,7 +17,8 @@ export declare function getModelCapability(model: string): ModelCapability;
 export declare function modelDisplayName(model: string): string;
 /**
  * Context constraint instruction injected into planner prompts.
- * Tells the planner how to scope tasks based on the worker model's context.
+ * Uses safeContext (not declared contextWindow) so planners scope tasks
+ * to what the model can actually handle reliably.
  */
 export declare function contextConstraintNote(model: string): string;
 /** Format context window for display (e.g. "256K"). */

package/dist/models.js

@@ -4,33 +4,58 @@
 // arrive (which happens basically daily). Each entry describes what the model
 // can handle in terms of context and task scoping.
 //
-// contextConstraint:
-//   "tight"    — small context window. Model is lazy and error-prone on big
-//                tasks. Needs surgical, hyper-specific instructions.
-//   "moderate" — decent context. Can handle focused missions but may lose
-//                thread on sprawling codebases.
-//   "relaxed"  — large context. Can read most of the codebase at once,
-//                reliably own multi-file features with autonomy.
+// contextWindow   — declared/advertised context (shown in UI)
+// safeContext     — conservative usable context ≤40% of declared, adjusted for
+//                   model quality. This is what planners use to scope tasks.
+//                   Based on: RULER benchmarks, "lost in the middle" research,
+//                   Chroma context-rot studies, and real-world experience.
+//
+// contextConstraint — combines usable context AND model laziness/diligence:
+//   "tight"    — lazy or small context. Needs surgical, hyper-specific tasks.
+//   "moderate" — decent. Focused missions with clear targets.
+//   "relaxed"  — large usable context + low laziness. Full autonomy.
+//
+// Laziness source: IFEval scores, Ian Paterson 38-task routing benchmark,
+// Chroma hallucination study. "relaxed" = 95%+ on all three axes.
 export const MODEL_CAPABILITIES = {
-    // ── Anthropic Claude 4.5 / 4.6 ──
-    "claude-sonnet-4-6": { contextWindow: 256_000, contextConstraint: "relaxed", displayName: "Sonnet 4.6" },
-    "claude-sonnet-4-5": { contextWindow: 256_000, contextConstraint: "relaxed", displayName: "Sonnet 4.5" },
-    "claude-opus-4-6": { contextWindow: 200_000, contextConstraint: "relaxed", displayName: "Opus 4.6" },
-    "claude-opus-4-5": { contextWindow: 200_000, contextConstraint: "relaxed", displayName: "Opus 4.5" },
-    "claude-opus-4-20250514": { contextWindow: 200_000, contextConstraint: "relaxed", displayName: "Opus 4" },
-    "claude-haiku-4-5": { contextWindow: 200_000, contextConstraint: "moderate", displayName: "Haiku 4.5" },
-    "claude-haiku-4-5-20251001": { contextWindow: 200_000, contextConstraint: "moderate", displayName: "Haiku 4.5" },
-    // ── Cursor models ──
-    "auto": { contextWindow: 256_000, contextConstraint: "relaxed", displayName: "Cursor Auto" },
-    "composer-2": { contextWindow: 200_000, contextConstraint: "relaxed", displayName: "Composer 2" },
-    "composer-2-fast": { contextWindow: 128_000, contextConstraint: "moderate", displayName: "Composer 2 Fast" },
-    "composer": { contextWindow: 128_000, contextConstraint: "moderate", displayName: "Composer" },
-    // ── Qwen (via DashScope / custom provider) ──
-    "qwen3.6-plus": { contextWindow: 131_072, contextConstraint: "moderate", displayName: "Qwen 3.6 Plus" },
-    "qwen3-coder": { contextWindow: 262_144, contextConstraint: "relaxed", displayName: "Qwen 3 Coder" },
-    "qwen-max": { contextWindow: 32_768, contextConstraint: "tight", displayName: "Qwen Max" },
-    // ── Fallback for unknown models ──
-    "unknown": { contextWindow: 128_000, contextConstraint: "moderate" },
+    // ── Anthropic Claude (Apr 2026) ──
+    // Opus: only model that earns "relaxed". 100% on 38-task routing, 95%+ IFEval.
+    "claude-opus-4-6": { contextWindow: 1_000_000, safeContext: 400_000, contextConstraint: "relaxed", displayName: "Opus 4.6" },
+    // Sonnet: good but loses thread more than Opus on autonomous multi-file work.
+    "claude-sonnet-4-6": { contextWindow: 1_000_000, safeContext: 300_000, contextConstraint: "moderate", displayName: "Sonnet 4.6" },
+    // Haiku: cheapest Claude. Skips steps more often. No 1M upgrade.
+    "claude-haiku-4-5": { contextWindow: 200_000, safeContext: 60_000, contextConstraint: "moderate", displayName: "Haiku 4.5" },
+    "claude-haiku-4-5-20251001": { contextWindow: 200_000, safeContext: 60_000, contextConstraint: "moderate", displayName: "Haiku 4.5" },
+    // ── OpenAI (Apr 2026 — GPT-4.1/o3/o4-mini retired Feb 2026) ──
+    // GPT-5.4: current flagship. 1M context, 128K output. Good but literal.
+    "gpt-5.4": { contextWindow: 1_050_000, safeContext: 300_000, contextConstraint: "moderate", displayName: "GPT-5.4" },
+    "gpt-5.4-mini": { contextWindow: 1_050_000, safeContext: 200_000, contextConstraint: "moderate", displayName: "GPT-5.4 Mini" },
+    // Codex 5.3: best agentic coder from OpenAI. 400K context, 128K output.
+    "gpt-5.3-codex": { contextWindow: 400_000, safeContext: 160_000, contextConstraint: "moderate", displayName: "Codex 5.3" },
+    // ── Google Gemini 3 (Apr 2026 — Gemini 2.5 deprecated June 2026) ──
+    // Large context but terrible at agentic coding: 13.5% SWE-bench (vs Sonnet 31.2%).
+    // Good for reading lots of code, bad at following through. Needs surgical tasks.
+    "gemini-3.1-pro": { contextWindow: 1_000_000, safeContext: 350_000, contextConstraint: "tight", displayName: "Gemini 3.1 Pro" },
+    "gemini-3-pro": { contextWindow: 1_000_000, safeContext: 350_000, contextConstraint: "tight", displayName: "Gemini 3 Pro" },
+    // Flash: 8.2% SWE-bench. Essentially unusable for autonomous agent work.
+    "gemini-3-flash": { contextWindow: 1_000_000, safeContext: 250_000, contextConstraint: "tight", displayName: "Gemini 3 Flash" },
+    // ── DeepSeek V3.2 (Apr 2026 — V3/R1 superseded, V4 not yet out) ──
+    "deepseek-chat": { contextWindow: 128_000, safeContext: 40_000, contextConstraint: "tight", displayName: "DeepSeek V3.2" },
+    "deepseek-reasoner": { contextWindow: 128_000, safeContext: 45_000, contextConstraint: "moderate", displayName: "DeepSeek V3.2 Reasoner" },
+    // ── Meta Llama 4 (Apr 2025 — still latest open-weight) ──
+    // Scout: claims 10M via iRoPE, providers cap at ~327K. No independent validation.
+    "llama-4-scout": { contextWindow: 327_680, safeContext: 80_000, contextConstraint: "moderate", displayName: "Llama 4 Scout" },
+    "llama-4-maverick": { contextWindow: 1_000_000, safeContext: 100_000, contextConstraint: "moderate", displayName: "Llama 4 Maverick" },
+    // ── Cursor models (opaque routing) ──
+    "auto": { contextWindow: 256_000, safeContext: 60_000, contextConstraint: "moderate", displayName: "Cursor Auto" },
+    "composer-2": { contextWindow: 200_000, safeContext: 40_000, contextConstraint: "tight", displayName: "Composer 2" },
+    "composer": { contextWindow: 128_000, safeContext: 30_000, contextConstraint: "tight", displayName: "Composer" },
+    // ── Qwen (Apr 2026 — qwen3.6-plus is newest flagship) ──
+    "qwen3.6-plus": { contextWindow: 1_000_000, safeContext: 200_000, contextConstraint: "moderate", displayName: "Qwen 3.6 Plus" },
+    "qwen3-coder-plus": { contextWindow: 1_000_000, safeContext: 200_000, contextConstraint: "moderate", displayName: "Qwen 3 Coder Plus" },
+    "qwen3-max": { contextWindow: 262_144, safeContext: 60_000, contextConstraint: "moderate", displayName: "Qwen 3 Max" },
+    // ── Fallback — unknown models get maximum caution ──
+    "unknown": { contextWindow: 128_000, safeContext: 40_000, contextConstraint: "tight" },
 };
 // ── Default / fallback models ──
 export const DEFAULT_MODEL = "claude-sonnet-4-6";
@@ -69,18 +94,19 @@ export function modelDisplayName(model) {
 }
 /**
  * Context constraint instruction injected into planner prompts.
- * Tells the planner how to scope tasks based on the worker model's context.
+ * Uses safeContext (not declared contextWindow) so planners scope tasks
+ * to what the model can actually handle reliably.
  */
 export function contextConstraintNote(model) {
     const cap = getModelCapability(model);
-    const ctx = Math.round(cap.contextWindow / 1000);
+    const safe = Math.round(cap.safeContext / 1000);
     switch (cap.contextConstraint) {
         case "tight":
-            return `Worker agents have a TIGHT context window (~${ctx}K tokens). They are prone losing thread on large tasks. Be hyper-specific: name exact files, functions, and changes. One narrow deliverable per task. No ambiguity.`;
+            return `Worker agents have a TIGHT usable context (~${safe}K tokens). They lose thread and skip steps on large tasks. Be hyper-specific: name exact files, functions, and changes. One narrow deliverable per task. No ambiguity.`;
         case "moderate":
-            return `Worker agents have a moderate context window (~${ctx}K tokens). They can handle focused missions but may struggle with sprawling codebases. Be specific about files and expected outcomes. Scope tasks to clear, concrete deliverables.`;
+            return `Worker agents have a moderate usable context (~${safe}K tokens). They can handle focused missions but may struggle with sprawling tasks. Be specific about target files and expected outcomes. Scope tasks to clear, concrete deliverables — not open-ended explorations.`;
         case "relaxed":
-            return `Worker agents have a large context window (~${ctx}K tokens). They can read most of the codebase at once and reliably own multi-file features. Give them missions with full autonomy — "Design and implement X" not "edit line 42 of Y.ts".`;
+            return `Worker agents have ~${safe}K usable tokens and high instruction-following. They can own multi-file features with autonomy. Give them missions — "Design and implement X" not "edit line 42 of Y.ts".`;
     }
 }
 /** Format context window for display (e.g. "256K"). */

package/dist/providers.d.ts

@@ -62,6 +62,17 @@ export declare function preflightProvider(p: ProviderConfig, cwd: string, timeou
 export declare const PROXY_DEFAULT_URL = "http://127.0.0.1:8765";
 /** Check if a provider routes through cursor-composer-in-claude. */
 export declare function isCursorProxyProvider(p: ProviderConfig): boolean;
+/** True if ~/.zshrc / ~/.zprofile contain the `run_cursor_agent` workaround (see README). */
+export declare function hasCursorMacAgentZshPatch(): boolean;
+/**
+ * On macOS, if the Cursor `agent` / `cursor-agent` CLI is installed but the zsh
+ * workaround is missing, print once. See README: macOS Cursor agent shell patch.
+ */
+export declare function warnMacCursorAgentShellPatchIfNeeded(): void;
+/** True when a User API key (or bridge key) is available for Cursor agent + proxy. */
+export declare function hasCursorAgentToken(): boolean;
+/** Resolved token for tests/diagnostics (never log the return value). */
+export declare function getCursorAgentToken(): string | null;
 /**
  * Health check: GET /health on the proxy. Returns true if proxy is reachable.
  * Passes the stored API key so the /health endpoint doesn't return 401.

package/dist/providers.js

@@ -108,9 +108,19 @@ export function envFor(p) {
             base[k] = v;
     if (p.cursorProxy) {
         base.ANTHROPIC_BASE_URL = p.baseURL;
-        const key = process.env.CURSOR_BRIDGE_API_KEY || p.cursorApiKey;
-        base.ANTHROPIC_AUTH_TOKEN = key || "unused";
+        // HTTP Authorization to the proxy: bridge env > per-provider > any resolved agent token (env or providers.json).
+        const agentTok = resolveCursorAgentToken();
+        const bridgeBearer = process.env.CURSOR_BRIDGE_API_KEY?.trim() ||
+            p.cursorApiKey?.trim() ||
+            agentTok?.trim() ||
+            "";
+        base.ANTHROPIC_AUTH_TOKEN = bridgeBearer || "unused";
         delete base.ANTHROPIC_API_KEY;
+        // Native Cursor agent — same token so SDK and proxy never fall through to Keychain (`cursor-user`).
+        if (agentTok) {
+            base.CURSOR_API_KEY = agentTok;
+            base.CURSOR_AUTH_TOKEN = agentTok;
+        }
         // SDK replaces env for subprocesses — force these so nothing inherits a bad CI / skip flag.
         base.CI = "true";
         base.CURSOR_SKIP_KEYCHAIN = "1";
@@ -323,6 +333,48 @@ export const PROXY_DEFAULT_URL = "http://127.0.0.1:8765";
 export function isCursorProxyProvider(p) {
     return p.cursorProxy === true || p.baseURL === PROXY_DEFAULT_URL;
 }
+/** True if ~/.zshrc / ~/.zprofile contain the `run_cursor_agent` workaround (see README). */
+export function hasCursorMacAgentZshPatch() {
+    let combined = "";
+    for (const f of [".zshrc", ".zprofile"]) {
+        try {
+            combined += readFileSync(join(homedir(), f), "utf8");
+        }
+        catch {
+            /* missing */
+        }
+    }
+    return /run_cursor_agent\s*\(/.test(combined) || /alias\s+agent=\s*['"]?run_cursor_agent['"]?/.test(combined);
+}
+let warnedMacCursorAgentPatch = false;
+/**
+ * On macOS, if the Cursor `agent` / `cursor-agent` CLI is installed but the zsh
+ * workaround is missing, print once. See README: macOS Cursor agent shell patch.
+ */
+export function warnMacCursorAgentShellPatchIfNeeded() {
+    if (warnedMacCursorAgentPatch || process.platform !== "darwin")
+        return;
+    let agentPath = "";
+    try {
+        agentPath = execSync("command -v cursor-agent 2>/dev/null || command -v agent 2>/dev/null", {
+            encoding: "utf8",
+            shell: "bash",
+            timeout: 3_000,
+            stdio: ["pipe", "pipe", "pipe"],
+        }).trim();
+    }
+    catch {
+        return;
+    }
+    if (!agentPath)
+        return;
+    if (hasCursorMacAgentZshPatch())
+        return;
+    warnedMacCursorAgentPatch = true;
+    console.warn(chalk.yellow("\n  ⚠ macOS: Cursor's `agent` CLI is unreliable with its bundled Node.js."));
+    console.warn(chalk.dim("    Append the snippet from README (\"macOS: Cursor agent shell patch\") to ~/.zshrc, then run: source ~/.zshrc"));
+    console.warn("");
+}
 /** Resolve the cursor-composer-in-claude API key from env or providers.json. */
 function resolveCursorProxyKey() {
     if (process.env.CURSOR_BRIDGE_API_KEY?.trim())
@@ -332,6 +384,26 @@ function resolveCursorProxyKey() {
         return saved.cursorApiKey.trim();
     return null;
 }
+/**
+ * Token for the native Cursor `agent` binary — same order as cursor-composer `loadBridgeConfig`
+ * (CURSOR_API_KEY → CURSOR_AUTH_TOKEN → bridge / stored). Without a real token the CLI tries
+ * login/keychain and macOS may show “Keychain Not Found” for `cursor-user`.
+ */
+function resolveCursorAgentToken() {
+    if (process.env.CURSOR_API_KEY?.trim())
+        return process.env.CURSOR_API_KEY.trim();
+    if (process.env.CURSOR_AUTH_TOKEN?.trim())
+        return process.env.CURSOR_AUTH_TOKEN.trim();
+    return resolveCursorProxyKey();
+}
+/** True when a User API key (or bridge key) is available for Cursor agent + proxy. */
+export function hasCursorAgentToken() {
+    return resolveCursorAgentToken() != null;
+}
+/** Resolved token for tests/diagnostics (never log the return value). */
+export function getCursorAgentToken() {
+    return resolveCursorAgentToken();
+}
 /** Build fetch options with the cursor proxy auth header if a key is available. */
 function cursorProxyFetchOpts() {
     const key = resolveCursorProxyKey();
@@ -544,9 +616,16 @@ async function isPortInUse(port, host = "127.0.0.1") {
  * Returns true when the proxy is reachable at PROXY_DEFAULT_URL.
  */
 export async function ensureCursorProxyRunning(baseUrl = PROXY_DEFAULT_URL, forceRestart = false) {
+    warnMacCursorAgentShellPatchIfNeeded();
     const url = new URL(baseUrl);
     const port = parseInt(url.port, 10) || 80;
-    if (forceRestart && resolveCursorComposerCli()) {
+    // Stale listener on :8765 may have been started without CURSOR_API_KEY for the agent child.
+    // When we have a token, replace the listener by default so the bundled proxy always inherits it.
+    // Opt out: CURSOR_OVERNIGHT_NO_PROXY_RESTART=1 (e.g. shared port / external proxy).
+    const token = resolveCursorAgentToken();
+    const skipTokenRestart = process.env.CURSOR_OVERNIGHT_NO_PROXY_RESTART === "1";
+    const effectiveForce = forceRestart || (!!token && !skipTokenRestart);
+    if (effectiveForce && resolveCursorComposerCli()) {
         console.log(chalk.dim(`  Replacing listener on port ${port} with bundled cursor-composer-in-claude…`));
         killProcessOnPort(port, url.hostname);
         await new Promise(r => setTimeout(r, 500));
@@ -600,10 +679,21 @@ async function startProxyProcess(baseUrl, url, port) {
         }
     }
     catch { }
-    // Resolve the API key source for logging
-    const apiKeyEnv = process.env.CURSOR_BRIDGE_API_KEY;
     const apiKeyStored = loadProviders().find(p => p.cursorProxy)?.cursorApiKey;
-    const keySource = apiKeyEnv ? "env CURSOR_BRIDGE_API_KEY" : (apiKeyStored ? "providers.json (stored)" : "none — using 'unused'");
+    const agentToken = resolveCursorAgentToken();
+    if (!agentToken) {
+        console.log(chalk.red(`  ✗ Cursor proxy needs a User API key so the agent does not use macOS Keychain (\`cursor-user\`).\n` +
+            `    Set ${chalk.bold("CURSOR_API_KEY")} (${chalk.dim("Cursor dashboard → Integrations / API Keys")}) ` +
+            `or complete the ${chalk.bold("Cursor…")} setup in claude-overnight (saved to providers.json).\n` +
+            `    See: ${chalk.dim("https://cursor.com/docs/cli/headless")}`));
+        return false;
+    }
+    const bridgeKey = process.env.CURSOR_BRIDGE_API_KEY?.trim() ||
+        apiKeyStored?.trim() ||
+        agentToken;
+    const keySource = process.env.CURSOR_BRIDGE_API_KEY?.trim()
+        ? "env CURSOR_BRIDGE_API_KEY"
+        : (apiKeyStored?.trim() ? "providers.json (stored)" : "mirrored from CURSOR_API_KEY / token");
     const proxyVersion = getEmbeddedComposerProxyVersion() ?? "unknown";
     const composerCli = resolveCursorComposerCli();
     if (!composerCli) {
@@ -617,21 +707,25 @@ async function startProxyProcess(baseUrl, url, port) {
     catch {
         cliResolved = composerCli;
     }
-    const bridgeKey = apiKeyEnv || apiKeyStored || "unused";
     const proxyEnv = {
         ...Object.fromEntries(Object.entries(process.env).filter(([, v]) => v !== undefined)),
         CI: "true",
         CURSOR_BRIDGE_API_KEY: bridgeKey,
         CURSOR_SKIP_KEYCHAIN: "1",
+        // Always set — cursor-composer only forwards these to the agent; spread alone is not enough
+        // if the shell omitted CURSOR_API_KEY (GUI launches, etc.).
+        CURSOR_API_KEY: agentToken,
+        CURSOR_AUTH_TOKEN: agentToken,
+        // cursor-composer loadBridgeConfig: forces acpSkipAuthenticate so ACP never sends
+        // `authenticate` / `cursor_login` (that path touches macOS Keychain for `cursor-user`).
+        CURSOR_BRIDGE_ACP_SKIP_AUTHENTICATE: "1",
+        // Default bridge is useAcp=false → agent uses runStreaming; skip-authenticate only applies
+        // to runAcpStream. Force ACP so real traffic matches the headless/keychain-avoidance path.
+        CURSOR_BRIDGE_USE_ACP: "1",
+        // cursor-composer chat-only mode fakes HOME to a temp dir; on macOS the agent still waits on
+        // Keychain (~30s) for `cursor-user` despite CURSOR_API_KEY. Use the real workspace profile.
+        CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE: "false",
     };
-    // cursor-composer-in-claude passes CURSOR_API_KEY / CURSOR_AUTH_TOKEN to the agent only from
-    // these vars — not from CURSOR_BRIDGE_API_KEY. Without them the Cursor CLI falls back to
-    // login/keychain (macOS dialogs, "cursor-user", hangs under preflight).
-    const explicitAgentKey = process.env.CURSOR_API_KEY?.trim() || process.env.CURSOR_AUTH_TOKEN?.trim();
-    if (!explicitAgentKey && bridgeKey !== "unused") {
-        proxyEnv.CURSOR_API_KEY = bridgeKey;
-        proxyEnv.CURSOR_AUTH_TOKEN = bridgeKey;
-    }
     if (sysNode && agentJs) {
         proxyEnv.CURSOR_AGENT_NODE = sysNode;
         proxyEnv.CURSOR_AGENT_SCRIPT = agentJs;
@@ -644,12 +738,14 @@ async function startProxyProcess(baseUrl, url, port) {
             cliPath: cliResolved,
             nodeExec: process.execPath,
             apiKey: keySource,
-            agentCursorKey: explicitAgentKey ? "env CURSOR_API_KEY or CURSOR_AUTH_TOKEN" : (bridgeKey === "unused" ? "none" : "mirrored from bridge key"),
+            agentCursorKey: "set (CURSOR_API_KEY / bridge / stored)",
             agentPaths: sysNode && agentJs ? { node: sysNode, script: agentJs } : undefined,
             childEnv: {
                 CI: proxyEnv.CI,
                 CURSOR_SKIP_KEYCHAIN: proxyEnv.CURSOR_SKIP_KEYCHAIN,
-                CURSOR_API_KEY: proxyEnv.CURSOR_API_KEY ? "(set)" : "(unset)",
+                CURSOR_BRIDGE_USE_ACP: proxyEnv.CURSOR_BRIDGE_USE_ACP,
+                CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE: proxyEnv.CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE,
+                CURSOR_API_KEY: "(set)",
             },
         },
     })));
@@ -716,10 +812,7 @@ function setupSteps() {
         },
         {
             label: "Cursor API key",
-            check: () => {
-                const key = process.env.CURSOR_BRIDGE_API_KEY;
-                return !!key && key.trim().length > 0;
-            },
+            check: () => !!resolveCursorAgentToken(),
             autoCmd: "",
             manualCmd: "",
             successMsg: "Cursor API key configured",

package/docs/CURSOR_PROXY_MACOS_DISCOVERY.md

@@ -0,0 +1,116 @@
+# Cursor bundled proxy on macOS: Keychain, ACP, and what actually fixed it
+
+This document records **why** the Cursor API proxy (`cursor-composer-in-claude`) triggered macOS Keychain dialogs and long hangs on automation, **what did not fix it**, and **which environment variables and model choices** make headless runs reliable. It is written for maintainers and for anyone debugging similar “it still asks for Keychain” reports.
+
+---
+
+## Context
+
+- **claude-overnight** can bundle **cursor-composer-in-claude**, which exposes an Anthropic-compatible HTTP server and forwards requests to the Cursor **`agent`** CLI (often via **ACP**, the Agent Client Protocol over stdio).
+- Headless use is supposed to rely on a **[User API key](https://cursor.com/docs/cli/headless)** (`CURSOR_API_KEY` / dashboard), not on interactive login stored as **`cursor-user`** in the login keychain.
+- Despite setting `CURSOR_SKIP_KEYCHAIN=1`, `CI=true`, and API keys, macOS could still show Keychain UI or block for ~30s with errors like **`Keychain operation timed out after 30000ms`** in the proxy log (`~/.cursor-api-proxy/sessions.log` or stderr).
+
+---
+
+## Symptoms we saw
+
+1. **GUI:** System Keychain prompts, or “Keychain Not Found” style dialogs for `cursor-user`.
+2. **Proxy logs:** `Agent error: Cursor CLI failed (exit 1): Error: Keychain operation timed out after 30000ms`.
+3. **Stress tests:** Every matrix row returning **HTTP 500** looked like one bug; in reality **two different failure modes** were mixed (see below).
+
+---
+
+## What we tried that was necessary but not sufficient
+
+These are still **correct** to set; they address real issues, but they did **not** alone stop Keychain contention on macOS.
+
+| Measure | Role |
+|--------|------|
+| **`CURSOR_SKIP_KEYCHAIN=1`** + **`CI=true`** | Cursor’s own convention to discourage interactive keychain probes in CI-style runs. |
+| **`CURSOR_API_KEY` / `CURSOR_AUTH_TOKEN`** (User API key) | Headless auth for the native agent; must be injected into the **proxy process** env, not only the parent shell (GUI launches often omit them). |
+| **`CURSOR_BRIDGE_API_KEY`** | HTTP bearer for the proxy’s `/health` and `/v1/*` routes; often mirrored from the same token. |
+| **`CURSOR_BRIDGE_ACP_SKIP_AUTHENTICATE=1`** | In `cursor-composer-in-claude`, `loadBridgeConfig` sets `acpSkipAuthenticate` when this is on **or** when an API key is present. Skips the ACP **`authenticate` / `cursor_login`** step that can touch Keychain. |
+| **`CURSOR_BRIDGE_USE_ACP=1`** | Default bridge config has **`useAcp: false`**. Without ACP, traffic used **`runStreaming`** instead of **`runAcpStream`**; skip-authenticate only applies on the **ACP** path. Forcing ACP keeps behavior aligned with the intended headless/ACP pipeline. |
+
+Without **`CURSOR_BRIDGE_USE_ACP=1`**, skip-authenticate did not apply to the code path that handled streaming requests.
+
+---
+
+## Discovery 1: Chat-only workspace and a fake `HOME` (main Keychain fix)
+
+**cursor-composer** defaults **`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE`** to **`true`** (“chat-only workspace: yes (isolated temp dir)” in the startup banner).
+
+For each request it:
+
+- Creates a **temporary directory** and points **`CURSOR_CONFIG_DIR`** at a minimal tree under it.
+- In **`getChatOnlyEnvOverrides`** (when no account-pool `authConfigDir`), it sets **`HOME`** (and related profile vars) to that **temp** directory so rules from the real `~/.cursor` are not loaded.
+
+**Observation:** With a valid User API key in env, **`composer-2`** could still hit **`Keychain operation timed out after 30000ms`** when chat-only was **on**. With **`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=false`**, the same model and key **succeeded** (real workspace / real profile resolution, no temp `HOME`).
+
+**Interpretation:** The Cursor CLI in ACP mode was still probing macOS Keychain for `cursor-user` when the process believed it was in an isolated “empty” profile (temp `HOME`), even though API key auth was set. That matches a **profile / keychain resolution** path, not a missing `CURSOR_API_KEY` in the parent shell.
+
+**Fix shipped in claude-overnight:** spawn the bundled proxy with **`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=false`**.
+
+**Trade-off:** You lose the strictest isolation (the agent no longer runs with a disposable fake `HOME` for every request). You gain reliable headless behavior on macOS with API keys. For many automation setups this is the right default.
+
+**How to see it in tests:** The matrix script includes a row **`12-chat-workspace-isolated`** (`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=true`). With **`composer-2`**, that row tends to **fail** while **`01-overnight-parity`** passes, reproducing the regression.
+
+---
+
+## Discovery 2: `composer-2-fast` was never a real model
+
+The ACP model catalog only offers `composer-2` with `modelId: composer-2[fast=true]`. There is no separate `composer-2-fast` model — `composer-2` already IS the fast variant. Passing `composer-2-fast` to `session/set_config_option` fails with "Invalid model value" because it's not in the catalog. Use **`composer-2`** as the model name.
+
+---
+
+## What claude-overnight sets when it auto-starts the proxy
+
+When `startProxyProcess` runs, it builds a **`proxyEnv`** that always includes (among others):
+
+| Variable | Purpose |
+|----------|--------|
+| `CI` | `"true"` (forced so a parent shell cannot leave `CI` empty and re-enable interactive probes). |
+| `CURSOR_SKIP_KEYCHAIN` | `"1"` (forced). |
+| `CURSOR_API_KEY` / `CURSOR_AUTH_TOKEN` | Resolved User API key / bridge key (same token mirrored for the native agent). |
+| `CURSOR_BRIDGE_API_KEY` | HTTP auth for the proxy. |
+| `CURSOR_BRIDGE_ACP_SKIP_AUTHENTICATE` | `"1"` (skip `cursor_login` on ACP). |
+| `CURSOR_BRIDGE_USE_ACP` | `"1"` (use ACP path so skip-authenticate applies). |
+| **`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE`** | **`"false"`** (avoid temp `HOME` Keychain behavior on macOS). |
+| `CURSOR_AGENT_NODE` / `CURSOR_AGENT_SCRIPT` | When detected: system Node + `agent` `index.js` (avoids known issues with the bundled Node on some macOS installs). |
+
+See `startProxyProcess` in `src/providers.ts` for the exact spawn and logging.
+
+---
+
+## How to verify
+
+1. **Matrix (recommended):**  
+   `MATRIX_MODELS=composer-2 npm run matrix:cursor-proxy`  
+   - Expect **`composer-2`** parity row **HTTP 200**.
+
+2. **Logs:** On failure, check proxy stderr / `~/.cursor-api-proxy/sessions.log` for **`Keychain operation timed out`** vs empty stderr / generic exit 1.
+
+3. **Preflight:** claude-overnight runs provider preflights with timeouts; Cursor proxy preflights are serialized to avoid starving the single agent listener.
+
+---
+
+## When the OS keychain itself is broken
+
+If **`login.keychain`** is missing or damaged, macOS can still show dialogs unrelated to Cursor. Keychain Access → First Aid, or `security unlock-keychain ~/Library/Keychains/login.keychain-db`, may help. That is **orthogonal** to the chat-only / `HOME` discovery above.
+
+---
+
+## References in this repo
+
+- Implementation: `src/providers.ts` (`startProxyProcess`, `envFor`, `ensureCursorProxyRunning`).
+- Stress harness: `scripts/cursor-proxy-keychain-matrix.mjs`, `npm run matrix:cursor-proxy`.
+- Upstream behavior: `node_modules/cursor-composer-in-claude/dist/lib/config.js` (`loadBridgeConfig`), `workspace.js` (`getChatOnlyEnvOverrides`), `acp-client.js` (`buildAcpSpawnEnv`, ACP handshake).
+
+---
+
+## Summary
+
+1. **ACP + skip-authenticate + USE_ACP** are required so the bridge uses the path where headless auth is designed to apply.  
+2. **`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=false`** is the macOS-specific fix that stops temp-`HOME` isolation from driving Keychain waits despite API keys.  
+3. **Keychain shim** (`NODE_OPTIONS=--require keychain-shim.cjs`) intercepts `/usr/bin/security` calls at the Node.js level, eliminating macOS Keychain dialogs regardless of other env vars.  
+4. Use **`composer-2`** as the model name — `composer-2-fast` was never a real model in the ACP catalog.

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "claude-overnight",
-  "version": "1.24.8",
-  "description": "Background lane for your Claude Max plan. Parallel Claude Agent SDK sessions in git worktrees with a usage cap that reserves headroom for your interactive Claude Code. Crash-safe resume. Provider-agnostic model catalog with capability-based planning.",
+  "version": "1.25.0",
+  "description": "Parallel Claude agents in git worktrees with a usage cap that reserves headroom for your interactive Claude Code. Crash-safe resume. Provider-agnostic model catalog (Anthropic, Cursor, OpenAI, Gemini, DeepSeek, Llama, Qwen) with capability-based task scoping.",
   "type": "module",
   "bin": {
     "claude-overnight": "dist/bin.js"
@@ -11,12 +11,13 @@
     "dev": "tsc --watch",
     "start": "node dist/bin.js",
     "test": "node --test dist/__tests__/*.test.js",
+    "matrix:cursor-proxy": "node scripts/cursor-proxy-keychain-matrix.mjs",
     "prepublishOnly": "node scripts/sync-plugin-version.js"
   },
   "dependencies": {
     "@anthropic-ai/claude-agent-sdk": "^0.2.92",
     "chalk": "^5.4.1",
-    "cursor-composer-in-claude": "0.7.9",
+    "cursor-composer-in-claude": "0.8.0",
     "jsonwebtoken": "^9.0.2"
   },
   "devDependencies": {
@@ -72,6 +73,7 @@
   "files": [
     "dist",
     "!dist/__tests__",
+    "docs",
     "plugins",
     "QUICKSHEET_PLAYWRIGHT.md",
     "README.md",

package/plugins/claude-overnight/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-overnight",
-  "version": "1.24.8",
+  "version": "1.25.0",
   "description": "Claude Code skill for understanding, installing, and inspecting claude-overnight runs  -- parallel Claude agents in git worktrees with thinking waves, multi-wave steering, and crash-safe resume. Supports Cursor API Proxy, Qwen, OpenRouter.",
   "author": {
     "name": "Francesco Fornace"