claude-overnight 1.25.14 → 1.25.18

package/README.md

@@ -97,11 +97,11 @@ security unlock-keychain ~/Library/Keychains/login.keychain-db
 
 **Advanced:** If something else must share port `8765` and you manage the proxy yourself, set `CURSOR_OVERNIGHT_NO_PROXY_RESTART=1` to skip the automatic “replace listener” step when a Cursor API token is present.
 
-**How headless Cursor + macOS Keychain actually works (discovery):** We documented the full investigation: why ACP + skip-authenticate + `CURSOR_API_KEY` were not enough, how **chat-only workspace** (default in cursor-composer) fakes `HOME` and still triggered **Keychain timeouts** despite a User API key, and how **`composer-2-fast`** can fail the ACP smoke test for reasons unrelated to Keychain. See **[docs/CURSOR_PROXY_MACOS_DISCOVERY.md](docs/CURSOR_PROXY_MACOS_DISCOVERY.md)**.
+**How headless Cursor + macOS Keychain actually works (discovery):** We documented the full investigation: why ACP was the wrong path for opus/sonnet `*-thinking-*` variants (model-name mismatch → silent `exit 1`), how **chat-only workspace** (default in cursor-composer) fakes `HOME` and triggers **Keychain timeouts** despite a User API key, and how a cloned **account pool** makes parallel cursor-agent spawns race-free. See **[docs/CURSOR_PROXY_MACOS_DISCOVERY.md](docs/CURSOR_PROXY_MACOS_DISCOVERY.md)**.
 
-**Quick reference — bundled proxy env:** `CURSOR_BRIDGE_ACP_SKIP_AUTHENTICATE=1`, `CURSOR_BRIDGE_USE_ACP=1`, `CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=false`, plus `CURSOR_API_KEY` / `CURSOR_AUTH_TOKEN` / `CURSOR_BRIDGE_API_KEY` and `CURSOR_SKIP_KEYCHAIN=1` / `CI=true`. Details and tables are in the doc above.
+**Quick reference — bundled proxy env:** `CURSOR_BRIDGE_USE_ACP=0` (CLI streaming path accepts all friendly model names), `CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=false`, `CURSOR_CONFIG_DIRS=<5 cloned pool dirs>` (parallel-safe), plus `CURSOR_API_KEY` / `CURSOR_AUTH_TOKEN` / `CURSOR_BRIDGE_API_KEY` and `CURSOR_SKIP_KEYCHAIN=1` / `CI=true`. Details and tables are in the doc above.
 
-**Regression / stress test:** `npm run matrix:cursor-proxy` (optional `--quick`, `--include-danger`). Use `MATRIX_MODELS=composer-2,composer-2-fast` to compare models; override `MATRIX_PORT_BASE`, `MATRIX_MODEL`, `MATRIX_MSG_TIMEOUT_MS` as needed.
+**Regression / stress test:** `npm run matrix:cursor-proxy` (optional `--quick`, `--include-danger`). Use `MATRIX_MODELS=composer-2,claude-opus-4-7-thinking-high` to compare models; override `MATRIX_PORT_BASE`, `MATRIX_MODEL`, `MATRIX_MSG_TIMEOUT_MS` as needed.
 
 ## Install
 

package/dist/_version.d.ts

@@ -1 +1 @@
-export declare const VERSION = "1.25.14";
+export declare const VERSION = "1.25.18";

package/dist/_version.js

@@ -1,2 +1,2 @@
 // Auto-generated by build — do not edit manually.
-export const VERSION = "1.25.14";
+export const VERSION = "1.25.18";

package/dist/index.js

@@ -9,7 +9,7 @@ import { Swarm } from "./swarm.js";
 import { planTasks, refinePlan, identifyThemes, buildThinkingTasks, orchestrate, salvageFromFile } from "./planner.js";
 import { modelDisplayName, formatContextWindow, DEFAULT_MODEL } from "./models.js";
 import { setPlannerEnvResolver } from "./planner-query.js";
-import { pickModel, loadProviders, preflightProvider, buildEnvResolver, healthCheckCursorProxy, PROXY_DEFAULT_URL, isCursorProxyProvider, ensureCursorProxyRunning, bundledComposerProxyShellCommand, warnMacCursorAgentShellPatchIfNeeded, hasCursorAgentToken, } from "./providers.js";
+import { pickModel, loadProviders, preflightProvider, buildEnvResolver, healthCheckCursorProxy, PROXY_DEFAULT_URL, isCursorProxyProvider, readCursorProxyLogTail, ensureCursorProxyRunning, bundledComposerProxyShellCommand, warnMacCursorAgentShellPatchIfNeeded, hasCursorAgentToken, } from "./providers.js";
 import { RunDisplay } from "./ui.js";
 import { renderSummary } from "./render.js";
 import { executeRun } from "./run.js";
@@ -806,11 +806,11 @@ async function main() {
             }
         }
         process.stdout.write(`  ${chalk.dim(`◆ Pinging ${pending.map(([r, p]) => `${r} (${p.displayName})`).join(", ")}…`)}\n`);
-        // All preflights run in parallel. Cursor proxy preflights now go through a
-        // plain HTTP POST /v1/messages (see preflightCursorProxyViaHttp) instead of
-        // spawning the claude CLI, and the bundled proxy has no internal queue —
-        // each request spawns its own cursor-agent subprocess (request-listener.js
-        // → handleAnthropicMessages → runAgentStream).
+        // Preflight strategy: all providers run fully in parallel. Cursor proxy
+        // providers used to race on the shared `~/.cursor/cli-config.json`, but the
+        // proxy now uses an account pool (`CURSOR_CONFIG_DIRS`) — each parallel
+        // cursor-agent subprocess gets its own config dir, eliminating the race.
+        // See ensureCursorAccountPool() in providers.ts.
         const progress = (msg) => process.stdout.write(chalk.dim(`    ${msg}\n`));
         /** Cursor agent cold start + thinking-variant model latency can exceed 20s; API providers stay tight. */
         const preflightMs = (p) => isCursorProxyProvider(p) ? 60_000 : 20_000;
@@ -823,10 +823,14 @@ async function main() {
             if (!result.ok) {
                 console.error(chalk.red(`  ✗ ${role} preflight failed: ${chalk.dim(result.error)}`));
                 if (isCursorProxyProvider(provider)) {
-                    {
-                        const cmd = bundledComposerProxyShellCommand();
-                        console.error(chalk.yellow(`  The proxy at ${PROXY_DEFAULT_URL} may have crashed or timed out (e.g. keychain/UI). Retry, or start the bundled proxy: ${cmd ?? "npm install in the claude-overnight package, then re-run"}`));
+                    const tail = readCursorProxyLogTail(25);
+                    if (tail) {
+                        console.error(chalk.yellow(`  ── proxy log tail (agent stderr + sessions) ──`));
+                        for (const line of tail.split("\n"))
+                            console.error(chalk.dim(`    ${line}`));
                     }
+                    const cmd = bundledComposerProxyShellCommand();
+                    console.error(chalk.yellow(`  The proxy at ${PROXY_DEFAULT_URL} may have crashed or timed out (e.g. keychain/UI). Retry, or start the bundled proxy: ${cmd ?? "npm install in the claude-overnight package, then re-run"}`));
                 }
                 else {
                     console.error(chalk.red(`  Fix the provider at ~/.claude/claude-overnight/providers.json and retry.`));

package/dist/providers.d.ts

@@ -60,8 +60,33 @@ export declare function preflightProvider(p: ProviderConfig, cwd: string, timeou
     error: string;
 }>;
 export declare const PROXY_DEFAULT_URL = "http://127.0.0.1:8765";
+/** File we write the proxy child's stdout+stderr to (so agent errors aren't lost to stdio:ignore). */
+export declare function cursorProxyOutLogPath(): string;
+/** cursor-composer-in-claude's default sessions log (request trace + ERROR lines). */
+export declare function cursorProxySessionsLogPath(): string;
+/**
+ * Read the tail of both proxy logs for diagnostics. Returns a human-readable
+ * block with file paths + last lines, or null if neither log exists.
+ */
+export declare function readCursorProxyLogTail(linesPerFile?: number): string | null;
 /** Check if a provider routes through cursor-composer-in-claude. */
 export declare function isCursorProxyProvider(p: ProviderConfig): boolean;
+/**
+ * Ensure an "account pool" of cloned config dirs exists under
+ * `~/.cursor-api-proxy/accounts/pool-{1..N}`. Each clone is just a copy of the
+ * user's `~/.cursor/cli-config.json` (has `authInfo.email` so cursor-composer
+ * auto-discovers it as an authenticated account).
+ *
+ * Purpose: cursor-agent subprocesses write their own cli-config.json on every
+ * startup via atomic tmp+rename. When N siblings all write to the same file in
+ * parallel, rename can lose the race and raise ENOENT. Giving each spawned
+ * agent its own CURSOR_CONFIG_DIR (one per pool entry) lets cursor-composer's
+ * AccountPool round-robin between them — zero shared writes, zero race.
+ *
+ * Refreshed every startup so token rotations in ~/.cursor flow through.
+ * Returns the list of pool dir paths, or null if the source config is missing.
+ */
+export declare function ensureCursorAccountPool(poolSize?: number): string[] | null;
 /** True if ~/.zshrc / ~/.zprofile contain the `run_cursor_agent` workaround (see README). */
 export declare function hasCursorMacAgentZshPatch(): boolean;
 /**

package/dist/providers.js

@@ -1,4 +1,4 @@
-import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, realpathSync } from "fs";
+import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, realpathSync, openSync, statSync, readSync, closeSync } from "fs";
 import { createRequire } from "node:module";
 import { homedir } from "os";
 import { join, dirname } from "path";
@@ -385,10 +385,104 @@ async function preflightCursorProxyViaHttp(p, timeoutMs, opts) {
 }
 // ── Cursor API Proxy ──
 export const PROXY_DEFAULT_URL = "http://127.0.0.1:8765";
+/** Directory cursor-composer-in-claude uses for its own sessions.log (see env.js). */
+function cursorProxyLogDir() {
+    return join(homedir(), ".cursor-api-proxy");
+}
+/** File we write the proxy child's stdout+stderr to (so agent errors aren't lost to stdio:ignore). */
+export function cursorProxyOutLogPath() {
+    return join(cursorProxyLogDir(), "proxy.out.log");
+}
+/** cursor-composer-in-claude's default sessions log (request trace + ERROR lines). */
+export function cursorProxySessionsLogPath() {
+    return join(cursorProxyLogDir(), "sessions.log");
+}
+function tailFile(path, maxLines, maxBytes = 32_768) {
+    try {
+        const st = statSync(path);
+        const size = st.size;
+        const start = size > maxBytes ? size - maxBytes : 0;
+        const buf = Buffer.alloc(size - start);
+        const fd = openSync(path, "r");
+        try {
+            readSync(fd, buf, 0, buf.length, start);
+        }
+        finally {
+            try {
+                closeSync(fd);
+            }
+            catch { }
+        }
+        const text = buf.toString("utf8");
+        const lines = text.split("\n").filter(Boolean);
+        return lines.slice(-maxLines).join("\n");
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Read the tail of both proxy logs for diagnostics. Returns a human-readable
+ * block with file paths + last lines, or null if neither log exists.
+ */
+export function readCursorProxyLogTail(linesPerFile = 20) {
+    const out = cursorProxyOutLogPath();
+    const sess = cursorProxySessionsLogPath();
+    const parts = [];
+    const outTail = tailFile(out, linesPerFile);
+    if (outTail)
+        parts.push(`── ${out} (last ${linesPerFile} lines) ──\n${outTail}`);
+    const sessTail = tailFile(sess, linesPerFile);
+    if (sessTail)
+        parts.push(`── ${sess} (last ${linesPerFile} lines) ──\n${sessTail}`);
+    return parts.length ? parts.join("\n\n") : null;
+}
 /** Check if a provider routes through cursor-composer-in-claude. */
 export function isCursorProxyProvider(p) {
     return p.cursorProxy === true || p.baseURL === PROXY_DEFAULT_URL;
 }
+/**
+ * Ensure an "account pool" of cloned config dirs exists under
+ * `~/.cursor-api-proxy/accounts/pool-{1..N}`. Each clone is just a copy of the
+ * user's `~/.cursor/cli-config.json` (has `authInfo.email` so cursor-composer
+ * auto-discovers it as an authenticated account).
+ *
+ * Purpose: cursor-agent subprocesses write their own cli-config.json on every
+ * startup via atomic tmp+rename. When N siblings all write to the same file in
+ * parallel, rename can lose the race and raise ENOENT. Giving each spawned
+ * agent its own CURSOR_CONFIG_DIR (one per pool entry) lets cursor-composer's
+ * AccountPool round-robin between them — zero shared writes, zero race.
+ *
+ * Refreshed every startup so token rotations in ~/.cursor flow through.
+ * Returns the list of pool dir paths, or null if the source config is missing.
+ */
+export function ensureCursorAccountPool(poolSize = 5) {
+    if (poolSize <= 0)
+        return null;
+    const source = join(homedir(), ".cursor", "cli-config.json");
+    if (!existsSync(source))
+        return null;
+    let sourceBuf;
+    try {
+        sourceBuf = readFileSync(source);
+    }
+    catch {
+        return null;
+    }
+    const dirs = [];
+    for (let i = 1; i <= poolSize; i++) {
+        const dir = join(homedir(), ".cursor-api-proxy", "accounts", `pool-${i}`);
+        try {
+            mkdirSync(dir, { recursive: true });
+            writeFileSync(join(dir, "cli-config.json"), sourceBuf);
+            dirs.push(dir);
+        }
+        catch {
+            // skip this slot; pool still works with fewer dirs
+        }
+    }
+    return dirs.length > 0 ? dirs : null;
+}
 /** True if ~/.zshrc / ~/.zprofile contain the `run_cursor_agent` workaround (see README). */
 export function hasCursorMacAgentZshPatch() {
     let combined = "";
@@ -772,12 +866,18 @@ async function startProxyProcess(baseUrl, url, port) {
         // if the shell omitted CURSOR_API_KEY (GUI launches, etc.).
         CURSOR_API_KEY: agentToken,
         CURSOR_AUTH_TOKEN: agentToken,
-        // cursor-composer loadBridgeConfig: forces acpSkipAuthenticate so ACP never sends
-        // `authenticate` / `cursor_login` (that path touches macOS Keychain for `cursor-user`).
-        CURSOR_BRIDGE_ACP_SKIP_AUTHENTICATE: "1",
-        // Default bridge is useAcp=false → agent uses runStreaming; skip-authenticate only applies
-        // to runAcpStream. Force ACP so real traffic matches the headless/keychain-avoidance path.
-        CURSOR_BRIDGE_USE_ACP: "1",
+        // Use the CLI streaming path (runStreaming), NOT ACP. The ACP path is broken for
+        // opus/sonnet *-thinking-*/effort-variant friendly names: cursor-composer's
+        // resolveAcpModelConfigValue only matches against ACP `name` fields (e.g.
+        // `claude-opus-4-7`), while friendly IDs like `claude-opus-4-7-thinking-high`
+        // come from `agent --list-models`. The ACP agent then replies
+        // `{error: "Invalid model value: claude-opus-4-7-thinking-high"}` and
+        // cursor-composer's acp-client swallows the error to a silent exit-1.
+        // The CLI path accepts all friendly names (verified with opus-thinking-high,
+        // gemini-3.1-pro, composer-2 via HTTP preflight). Keychain safety is preserved:
+        // the CLI path injects keychain-shim-inject.js via NODE_OPTIONS which no-ops
+        // /usr/bin/security calls on macOS (cursor-composer/dist/lib/process.js).
+        CURSOR_BRIDGE_USE_ACP: "0",
         // cursor-composer chat-only mode fakes HOME to a temp dir; on macOS the agent still waits on
         // Keychain (~30s) for `cursor-user` despite CURSOR_API_KEY. Use the real workspace profile.
         CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE: "false",
@@ -786,6 +886,12 @@ async function startProxyProcess(baseUrl, url, port) {
         proxyEnv.CURSOR_AGENT_NODE = sysNode;
         proxyEnv.CURSOR_AGENT_SCRIPT = agentJs;
     }
+    // Enable the account pool so parallel cursor-agent subprocesses get
+    // separate CURSOR_CONFIG_DIRs — no more cli-config.json write race.
+    const pool = ensureCursorAccountPool(5);
+    if (pool && !proxyEnv.CURSOR_CONFIG_DIRS) {
+        proxyEnv.CURSOR_CONFIG_DIRS = pool.join(",");
+    }
     console.log(chalk.dim(JSON.stringify({
         claudeOvernight: VERSION,
         spawnProxy: {
@@ -802,14 +908,23 @@ async function startProxyProcess(baseUrl, url, port) {
                 CURSOR_BRIDGE_USE_ACP: proxyEnv.CURSOR_BRIDGE_USE_ACP,
                 CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE: proxyEnv.CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE,
                 CURSOR_API_KEY: "(set)",
+                accountPool: proxyEnv.CURSOR_CONFIG_DIRS ? `${proxyEnv.CURSOR_CONFIG_DIRS.split(",").length} dirs` : "disabled",
             },
         },
     })));
     try {
-        console.log(chalk.dim(`  Spawning proxy…`));
+        // Capture proxy stdout+stderr to a log file — stdio:"ignore" was hiding
+        // agent stderr so "cursor_cli_error" responses had no actionable context.
+        const logPath = cursorProxyOutLogPath();
+        try {
+            mkdirSync(dirname(logPath), { recursive: true });
+        }
+        catch { }
+        const logFd = openSync(logPath, "a");
+        console.log(chalk.dim(`  Spawning proxy… ${chalk.dim(`(logs: ${logPath})`)}`));
         const child = spawn(process.execPath, [composerCli], {
             detached: true,
-            stdio: "ignore",
+            stdio: ["ignore", logFd, logFd],
             env: proxyEnv,
         });
         child.unref(); // let it outlive this process

package/docs/CURSOR_PROXY_MACOS_DISCOVERY.md

@@ -1,116 +1,112 @@
-# Cursor bundled proxy on macOS: Keychain, ACP, and what actually fixed it
+# Cursor bundled proxy on macOS: Keychain, ACP, parallel safety
 
-This document records **why** the Cursor API proxy (`cursor-composer-in-claude`) triggered macOS Keychain dialogs and long hangs on automation, **what did not fix it**, and **which environment variables and model choices** make headless runs reliable. It is written for maintainers and for anyone debugging similar “it still asks for Keychain” reports.
+This document records **why** the Cursor API proxy (`cursor-composer-in-claude`) is tricky to run headlessly (macOS Keychain dialogs, parallel crashes, model-name mismatches), **what did not fix it**, and the **env vars + account-pool setup** `claude-overnight` now ships as defaults.
 
 ---
 
 ## Context
 
-- **claude-overnight** can bundle **cursor-composer-in-claude**, which exposes an Anthropic-compatible HTTP server and forwards requests to the Cursor **`agent`** CLI (often via **ACP**, the Agent Client Protocol over stdio).
-- Headless use is supposed to rely on a **[User API key](https://cursor.com/docs/cli/headless)** (`CURSOR_API_KEY` / dashboard), not on interactive login stored as **`cursor-user`** in the login keychain.
-- Despite setting `CURSOR_SKIP_KEYCHAIN=1`, `CI=true`, and API keys, macOS could still show Keychain UI or block for ~30s with errors like **`Keychain operation timed out after 30000ms`** in the proxy log (`~/.cursor-api-proxy/sessions.log` or stderr).
+- **claude-overnight** bundles **cursor-composer-in-claude**, an Anthropic-compatible HTTP server that forwards requests to the Cursor **`agent`** CLI. cursor-composer has **two agent paths**: **CLI streaming** (default, `useAcp=false`) and **ACP** (JSON-RPC over stdio, `useAcp=true`).
+- Headless use is supposed to rely on a **[User API key](https://cursor.com/docs/cli/headless)** (`CURSOR_API_KEY`), not on interactive login stored as **`cursor-user`** in the login keychain.
 
----
-
-## Symptoms we saw
-
-1. **GUI:** System Keychain prompts, or “Keychain Not Found” style dialogs for `cursor-user`.
-2. **Proxy logs:** `Agent error: Cursor CLI failed (exit 1): Error: Keychain operation timed out after 30000ms`.
-3. **Stress tests:** Every matrix row returning **HTTP 500** looked like one bug; in reality **two different failure modes** were mixed (see below).
+Three independent failure modes were mixed together in early reports: **Keychain contention**, **ACP model-name mismatch**, and a **`cli-config.json` write race** under parallel load.
 
 ---
 
-## What we tried that was necessary but not sufficient
-
-These are still **correct** to set; they address real issues, but they did **not** alone stop Keychain contention on macOS.
+## Failure mode 1: Keychain contention (chat-only workspace + temp `HOME`)
 
-| Measure | Role |
-|--------|------|
-| **`CURSOR_SKIP_KEYCHAIN=1`** + **`CI=true`** | Cursor’s own convention to discourage interactive keychain probes in CI-style runs. |
-| **`CURSOR_API_KEY` / `CURSOR_AUTH_TOKEN`** (User API key) | Headless auth for the native agent; must be injected into the **proxy process** env, not only the parent shell (GUI launches often omit them). |
-| **`CURSOR_BRIDGE_API_KEY`** | HTTP bearer for the proxy’s `/health` and `/v1/*` routes; often mirrored from the same token. |
-| **`CURSOR_BRIDGE_ACP_SKIP_AUTHENTICATE=1`** | In `cursor-composer-in-claude`, `loadBridgeConfig` sets `acpSkipAuthenticate` when this is on **or** when an API key is present. Skips the ACP **`authenticate` / `cursor_login`** step that can touch Keychain. |
-| **`CURSOR_BRIDGE_USE_ACP=1`** | Default bridge config has **`useAcp: false`**. Without ACP, traffic used **`runStreaming`** instead of **`runAcpStream`**; skip-authenticate only applies on the **ACP** path. Forcing ACP keeps behavior aligned with the intended headless/ACP pipeline. |
-
-Without **`CURSOR_BRIDGE_USE_ACP=1`**, skip-authenticate did not apply to the code path that handled streaming requests.
+- cursor-composer defaults **`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=true`**. For each request it creates a temp dir and sets **`HOME`** (and related profile vars) to that temp dir so rules from the real `~/.cursor` are not loaded.
+- With a valid User API key in env, `composer-2` could still hit **`Keychain operation timed out after 30000ms`** under chat-only. Setting **`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=false`** made the same call succeed — the Cursor CLI was probing Keychain for `cursor-user` when its profile view was empty, even though API key auth was set.
+- **Fix shipped:** spawn the proxy with `CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=false`. Trade-off: the agent no longer runs with a disposable fake `HOME` per request.
+- Orthogonally, cursor-composer injects **`keychain-shim-inject.js`** via `NODE_OPTIONS` on macOS (see `node_modules/cursor-composer-in-claude/dist/lib/keychain-shim-inject.js`). It no-ops `/usr/bin/security` at the Node level for spawned agents — Keychain safety is preserved on the CLI streaming path without needing ACP's `skipAuthenticate`.
 
 ---
 
-## Discovery 1: Chat-only workspace and a fake `HOME` (main Keychain fix)
-
-**cursor-composer** defaults **`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE`** to **`true`** (“chat-only workspace: yes (isolated temp dir)” in the startup banner).
-
-For each request it:
-
-- Creates a **temporary directory** and points **`CURSOR_CONFIG_DIR`** at a minimal tree under it.
-- In **`getChatOnlyEnvOverrides`** (when no account-pool `authConfigDir`), it sets **`HOME`** (and related profile vars) to that **temp** directory so rules from the real `~/.cursor` are not loaded.
-
-**Observation:** With a valid User API key in env, **`composer-2`** could still hit **`Keychain operation timed out after 30000ms`** when chat-only was **on**. With **`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=false`**, the same model and key **succeeded** (real workspace / real profile resolution, no temp `HOME`).
-
-**Interpretation:** The Cursor CLI in ACP mode was still probing macOS Keychain for `cursor-user` when the process believed it was in an isolated “empty” profile (temp `HOME`), even though API key auth was set. That matches a **profile / keychain resolution** path, not a missing `CURSOR_API_KEY` in the parent shell.
-
-**Fix shipped in claude-overnight:** spawn the bundled proxy with **`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=false`**.
-
-**Trade-off:** You lose the strictest isolation (the agent no longer runs with a disposable fake `HOME` for every request). You gain reliable headless behavior on macOS with API keys. For many automation setups this is the right default.
-
-**How to see it in tests:** The matrix script includes a row **`12-chat-workspace-isolated`** (`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=true`). With **`composer-2`**, that row tends to **fail** while **`01-overnight-parity`** passes, reproducing the regression.
+## Failure mode 2: ACP model-name mismatch (opus/sonnet `*-thinking-*`)
+
+- `agent --list-models` returns friendly IDs like `claude-opus-4-7-thinking-high`, `gemini-3.1-pro`.
+- The ACP model catalog only exposes **bracketed** IDs keyed by stripped `name` fields: `claude-opus-4-7` with `modelId: claude-opus-4-7[thinking=true,effort=high]`. cursor-composer's `resolveAcpModelConfigValue` has no mapping from `claude-opus-4-7-thinking-high` to the bracketed form.
+- When `USE_ACP=1`, the ACP agent replies:
+  ```
+  {"error":{"code":-32602,"message":"Invalid params","data":{"message":"Invalid model value: claude-opus-4-7-thinking-high"}}}
+  ```
+  `acp-client.js` swallows this RPC error to a silent `exit 1`, which the proxy surfaces as:
+  ```
+  HTTP 500: The Cursor agent process exited with code 1. See server logs for details.
+  ```
+- **Fix shipped:** force **`CURSOR_BRIDGE_USE_ACP=0`**. The CLI streaming path accepts every `agent --list-models` friendly name (verified: `claude-opus-4-7-thinking-high`, `gemini-3.1-pro`, `composer-2`). Keychain safety is preserved by the `NODE_OPTIONS` shim above.
+- `CURSOR_BRIDGE_ACP_SKIP_AUTHENTICATE` is no longer needed and no longer set: the CLI path never calls `cursor_login`.
 
 ---
 
-## Discovery 2: `composer-2-fast` was never a real model
+## Failure mode 3: `cli-config.json` write race (parallel spawns)
 
-The ACP model catalog only offers `composer-2` with `modelId: composer-2[fast=true]`. There is no separate `composer-2-fast` model — `composer-2` already IS the fast variant. Passing `composer-2-fast` to `session/set_config_option` fails with "Invalid model value" because it's not in the catalog. Use **`composer-2`** as the model name.
+- Every `cursor-agent` subprocess rewrites `~/.cursor/cli-config.json` on startup using atomic tmp+rename. N sibling spawns race on the `rename(*.tmp → cli-config.json)` step and intermittently raise:
+  ```
+  ERROR POST /v1/messages 127.0.0.1 agent_exit_1
+  Error: ENOENT: no such file or directory,
+  rename '/Users/x/.cursor/cli-config.json.tmp' -> '/Users/x/.cursor/cli-config.json'
+  ```
+- Observed hit rate: ~20% (3/15 queries) at swarm concurrency 5 with shared config. Preflights with 3 cursor providers hit it too.
+- cursor-composer has a built-in **AccountPool**: when `CURSOR_CONFIG_DIRS=<dir1,dir2,…>` is set (or `~/.cursor-api-proxy/accounts/<name>/cli-config.json` contains `authInfo.email`), it round-robins spawns across the dirs, each exported to the agent as its own `CURSOR_CONFIG_DIR`. Separate files, no shared rename target, no race.
+- **Fix shipped:** `ensureCursorAccountPool()` in `src/providers.ts` clones `~/.cursor/cli-config.json` into `~/.cursor-api-proxy/accounts/pool-{1..5}` on startup and exports `CURSOR_CONFIG_DIRS` to the proxy. Pool is refreshed every startup so token rotations in `~/.cursor` propagate.
+- **Verified:** 25/25 across 5 rounds × 5 parallel `composer-2` requests, zero `agent_exit_1` / `cli-config.json.tmp` entries in `~/.cursor-api-proxy/sessions.log`.
+- **Preflight impact:** 3 cursor providers in parallel drop from ~21s sequential to ~8s.
 
 ---
 
 ## What claude-overnight sets when it auto-starts the proxy
 
-When `startProxyProcess` runs, it builds a **`proxyEnv`** that always includes (among others):
+`startProxyProcess` in `src/providers.ts` builds a `proxyEnv` that always includes:
 
-| Variable | Purpose |
-|----------|--------|
-| `CI` | `"true"` (forced so a parent shell cannot leave `CI` empty and re-enable interactive probes). |
-| `CURSOR_SKIP_KEYCHAIN` | `"1"` (forced). |
-| `CURSOR_API_KEY` / `CURSOR_AUTH_TOKEN` | Resolved User API key / bridge key (same token mirrored for the native agent). |
-| `CURSOR_BRIDGE_API_KEY` | HTTP auth for the proxy. |
-| `CURSOR_BRIDGE_ACP_SKIP_AUTHENTICATE` | `"1"` (skip `cursor_login` on ACP). |
-| `CURSOR_BRIDGE_USE_ACP` | `"1"` (use ACP path so skip-authenticate applies). |
-| **`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE`** | **`"false"`** (avoid temp `HOME` Keychain behavior on macOS). |
-| `CURSOR_AGENT_NODE` / `CURSOR_AGENT_SCRIPT` | When detected: system Node + `agent` `index.js` (avoids known issues with the bundled Node on some macOS installs). |
+| Variable | Value | Purpose |
+|---|---|---|
+| `CI` | `"true"` | Forced; prevents a parent shell from re-enabling interactive probes. |
+| `CURSOR_SKIP_KEYCHAIN` | `"1"` | Cursor's own CI convention. |
+| `CURSOR_API_KEY` / `CURSOR_AUTH_TOKEN` | User API key | Headless auth for the native agent; mirrored into the proxy spawn env because GUI launches can omit them. |
+| `CURSOR_BRIDGE_API_KEY` | Same token | HTTP bearer for the proxy's `/health` and `/v1/*`. |
+| **`CURSOR_BRIDGE_USE_ACP`** | **`"0"`** | CLI streaming path; avoids the ACP model-name mismatch for `*-thinking-*` variants. |
+| **`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE`** | **`"false"`** | Avoids temp `HOME` → Keychain waits on macOS. |
+| **`CURSOR_CONFIG_DIRS`** | **`pool-1,…,pool-5`** | Cloned from `~/.cursor/cli-config.json`; eliminates the write race under parallel spawns. |
+| `CURSOR_AGENT_NODE` / `CURSOR_AGENT_SCRIPT` | When detected | System Node + `agent/index.js` (avoids known issues with the bundled Node on some macOS installs). |
 
-See `startProxyProcess` in `src/providers.ts` for the exact spawn and logging.
+Startup logs print an `accountPool` field in `spawnProxy.childEnv` showing how many pool dirs are active.
 
 ---
 
 ## How to verify
 
-1. **Matrix (recommended):**  
-   `MATRIX_MODELS=composer-2 npm run matrix:cursor-proxy`  
-   - Expect **`composer-2`** parity row **HTTP 200**.
+1. **Matrix (recommended):**
+   ```
+   MATRIX_MODELS=composer-2,claude-opus-4-7-thinking-high npm run matrix:cursor-proxy
+   ```
+   All rows (including thinking variants) should return **HTTP 200**.
+
+2. **Parallel smoke (manual):** fire 5 concurrent `POST /v1/messages` at `composer-2` through the running proxy. With the account pool enabled, expect 5/5 200s and zero `agent_exit_1` in `~/.cursor-api-proxy/sessions.log`.
 
-2. **Logs:** On failure, check proxy stderr / `~/.cursor-api-proxy/sessions.log` for **`Keychain operation timed out`** vs empty stderr / generic exit 1.
+3. **Logs:** claude-overnight redirects proxy stdout+stderr to `~/.cursor-api-proxy/proxy.out.log` and prints a tail on preflight failure. cursor-composer's own request trace is `~/.cursor-api-proxy/sessions.log`.
 
-3. **Preflight:** claude-overnight runs provider preflights with timeouts; Cursor proxy preflights are serialized to avoid starving the single agent listener.
+4. **Preflight:** claude-overnight runs provider preflights fully in parallel (HTTP `POST /v1/messages` with `max_tokens: 4096`, not a claude-CLI spawn). Cursor proxy providers ride the account pool.
 
 ---
 
 ## When the OS keychain itself is broken
 
-If **`login.keychain`** is missing or damaged, macOS can still show dialogs unrelated to Cursor. Keychain Access → First Aid, or `security unlock-keychain ~/Library/Keychains/login.keychain-db`, may help. That is **orthogonal** to the chat-only / `HOME` discovery above.
+If **`login.keychain`** is missing or damaged, macOS can still show dialogs unrelated to Cursor. Keychain Access → First Aid, or `security unlock-keychain ~/Library/Keychains/login.keychain-db`, may help. That is **orthogonal** to the chat-only / ACP / pool discoveries above.
 
 ---
 
 ## References in this repo
 
-- Implementation: `src/providers.ts` (`startProxyProcess`, `envFor`, `ensureCursorProxyRunning`).
+- Implementation: `src/providers.ts` (`startProxyProcess`, `ensureCursorAccountPool`, `preflightCursorProxyViaHttp`, `readCursorProxyLogTail`).
+- Preflight strategy: `src/index.ts` (all providers parallel via `Promise.all`).
 - Stress harness: `scripts/cursor-proxy-keychain-matrix.mjs`, `npm run matrix:cursor-proxy`.
-- Upstream behavior: `node_modules/cursor-composer-in-claude/dist/lib/config.js` (`loadBridgeConfig`), `workspace.js` (`getChatOnlyEnvOverrides`), `acp-client.js` (`buildAcpSpawnEnv`, ACP handshake).
+- Upstream behavior: `node_modules/cursor-composer-in-claude/dist/lib/` — `env.js` (`configDirs` discovery), `account-pool.js` (round-robin), `process.js` (sets `CURSOR_CONFIG_DIR` from pool), `workspace.js` (`getChatOnlyEnvOverrides`), `acp-client.js` (`resolveAcpModelConfigValue` and the error-swallowing `exit 1`), `keychain-shim-inject.js` (`/usr/bin/security` no-op).
 
 ---
 
 ## Summary
 
-1. **ACP + skip-authenticate + USE_ACP** are required so the bridge uses the path where headless auth is designed to apply.  
-2. **`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=false`** is the macOS-specific fix that stops temp-`HOME` isolation from driving Keychain waits despite API keys.  
-3. **Keychain shim** (`NODE_OPTIONS=--require keychain-shim.cjs`) intercepts `/usr/bin/security` calls at the Node.js level, eliminating macOS Keychain dialogs regardless of other env vars.  
-4. Use **`composer-2`** as the model name — `composer-2-fast` was never a real model in the ACP catalog.
+1. **`CURSOR_BRIDGE_USE_ACP=0`** routes requests through the CLI streaming path, which accepts every friendly model name including opus/sonnet `*-thinking-*`.
+2. **`CURSOR_BRIDGE_CHAT_ONLY_WORKSPACE=false`** stops temp-`HOME` from driving Keychain waits on macOS. The `NODE_OPTIONS` shim (`keychain-shim-inject.js`) keeps `/usr/bin/security` from reaching macOS.
+3. **`CURSOR_CONFIG_DIRS=<pool-1,…,pool-5>`** gives each parallel cursor-agent subprocess its own `cli-config.json` — no more `rename(.tmp→cli-config.json)` race under swarm concurrency or parallel preflights.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-overnight",
-  "version": "1.25.14",
+  "version": "1.25.18",
   "description": "Parallel Claude agents in git worktrees with a usage cap that reserves headroom for your interactive Claude Code. Crash-safe resume. Provider-agnostic model catalog (Anthropic, Cursor, OpenAI, Gemini, DeepSeek, Llama, Qwen) with capability-based task scoping.",
   "type": "module",
   "bin": {

package/plugins/claude-overnight/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-overnight",
-  "version": "1.25.14",
+  "version": "1.25.18",
   "description": "Claude Code skill for understanding, installing, and inspecting claude-overnight runs  -- parallel Claude agents in git worktrees with thinking waves, multi-wave steering, and crash-safe resume. Supports Cursor API Proxy, Qwen, OpenRouter.",
   "author": {
     "name": "Francesco Fornace"