clawdex-mobile 5.1.3-internal.0 → 5.1.3-internal.10

package/README.md

@@ -4,9 +4,9 @@
   <img src="https://raw.githubusercontent.com/Mohit-Patil/clawdex-mobile/main/screenshots/social/clawdex-social-poster-1200x675.png" alt="Clawdex social banner" width="100%" />
 </p>
 
-Run Codex or OpenCode from your phone. `clawdex-mobile` ships the bridge CLI plus bundled Rust bridge binaries for supported hosts, and the mobile app pairs to that bridge over Tailscale, local LAN, or GitHub Codespaces forwarded HTTPS URLs.
+Run Codex or OpenCode from your phone. `clawdex-mobile` ships the bridge CLI plus bundled Rust bridge binaries for supported hosts, and the mobile app pairs to that bridge over Tailscale or local LAN.
 
-This project is for trusted/private networking by default. GitHub Codespaces is supported as an internet-reachable exception: keep bridge auth enabled, use only repos you trust, and remember forwarded public ports reset to private when a codespace restarts.
+This project is for trusted/private networking by default. Keep the bridge on a private network, leave bridge auth enabled, and do not expose it directly to the public internet.
 
 ## What You Get
 
@@ -25,6 +25,7 @@ Before you start:
 - `git`
 - `codex` in `PATH` for the default Codex flow
 - `opencode` in `PATH` if you want the OpenCode flow
+- `cursor-app-server` in `PATH` if you want the Cursor SDK flow
 
 Install the mobile app:
 
@@ -52,62 +53,24 @@ clawdex init
 clawdex stop
 ```
 
-## GitHub Codespaces
+## Extra Harness Setup
 
-You can run the bridge inside a GitHub Codespace instead of keeping a laptop or server online.
-
-From a repo checkout inside Codespaces:
-
-```bash
-npm run setup:wizard
-```
-
-Pick `GitHub Codespaces` as the network mode. The setup flow writes forwarded HTTPS bridge URLs into `.env.secure`, and bridge startup will try to mark both bridge ports public automatically.
-
-Notes:
-
-- The mobile app should pair to the printed `https://<codespace>-8787.app.github.dev` URL, not `127.0.0.1`.
-- Browser preview uses a second forwarded port (`8788` by default), so both ports need public visibility.
-- GitHub resets public forwarded ports back to private when a codespace restarts. Restarting the bridge reruns the visibility step.
-- If automatic visibility setup fails, run `gh codespace ports visibility 8787:public 8788:public`.
-- If the mobile app is built with `EXPO_PUBLIC_GITHUB_CLIENT_ID`, users can now tap `Use GitHub Codespaces` in onboarding/settings, sign in with GitHub, pick a Codespace, and connect without manually copying the bridge token.
-- The app can also create a new repo-backed Codespace directly. It prefers `<signed-in-user>/<EXPO_PUBLIC_GITHUB_CODESPACES_REPO_NAME>` first. If that repo does not exist, it automatically forks `EXPO_PUBLIC_GITHUB_CODESPACES_SOURCE_OWNER/<EXPO_PUBLIC_GITHUB_CODESPACES_REPO_NAME>` into the signed-in user account, then creates the Codespace there.
-
-This repo now also includes a Codespaces bootstrap flow. On Codespace start/resume, `.devcontainer/devcontainer.json` runs:
-
-```bash
-npm run codespaces:bootstrap
-```
-
-During initial Codespace creation, the devcontainer also runs:
-
-```bash
-npm run codespaces:bootstrap -- --prepare-only
-```
-
-That pre-installs Codex and prebuilds the Rust bridge binary so the later startup path is faster. The normal bootstrap command rewrites `.env.secure` for Codespaces with `codex` as the only enabled engine and starts the bridge in the background. You can rerun either command manually any time.
-
-The published npm package now includes that bootstrap script too, so a minimal Codespaces template repo can install `clawdex-mobile@latest` in `postCreateCommand` and call the packaged bootstrap without vendoring bridge source into the template itself.
-
-In Codespaces mode, the bootstrap also enables bridge-side GitHub bearer auth for the current `CODESPACE_NAME`, so the mobile app can authenticate with the same GitHub OAuth token it used to discover and start the Codespace.
-
-## OpenCode Setup
-
-OpenCode is supported directly from the CLI now.
+OpenCode and Cursor can run beside Codex from the same bridge.
 
 ```bash
 npm install -g opencode-ai
+npm install -g @clawdex/cursor-app-server
 npm install -g clawdex-mobile@latest
-clawdex init --engines codex,opencode
+clawdex init --engines codex,opencode,cursor
 ```
 
-That writes `BRIDGE_ENABLED_ENGINES=codex,opencode` to `.env.secure`, so the mobile app can control both harnesses from one bridge.
+That writes `BRIDGE_ENABLED_ENGINES=codex,opencode,cursor` to `.env.secure`, so the mobile app can control the selected harnesses from one bridge. When Cursor is selected, `clawdex init` asks for the Cursor API key and saves it in `.env.secure`.
 
 Notes:
 
 - `clawdex init` without flags now lets you multi-select harnesses in the wizard with Space, then Enter to continue.
-- Use `clawdex init --engine codex` or `clawdex init --engine opencode` if you want a single-harness setup.
-- Use `clawdex init --engines codex,opencode` if you want both non-interactively.
+- Use `clawdex init --engine codex`, `clawdex init --engine opencode`, or `clawdex init --engine cursor` if you want a single-harness setup.
+- For non-interactive host automation, set `CURSOR_API_KEY` before running setup. `CURSOR_MODEL` is optional; the app model picker sends the model for normal chats.
 
 ## Monorepo Development
 
@@ -119,6 +82,16 @@ npm run setup:wizard
 npm run mobile
 ```
 
+For one-step restarts that switch the bridge network mode, reuse the existing token, start the
+bridge in the background, and then launch Expo:
+
+```bash
+npm run stack:lan
+npm run stack:tailscale
+```
+
+`stack:lan` is the local network path, so it also covers the same-device LAN/VLAN case.
+
 For an OpenCode-first repo checkout:
 
 ```bash
@@ -129,13 +102,15 @@ Use `npm run setup:wizard -- --no-start` if you only want to write config.
 
 ## Main Commands
 
-- `clawdex init [--engine codex|opencode] [--engines codex,opencode] [--no-start]`
+- `clawdex init [--engine codex|opencode|cursor] [--engines codex,opencode,cursor] [--no-start]`
 - `clawdex stop`
 - `clawdex upgrade` / `clawdex update`
 - `clawdex version`
 - `npm run setup:wizard`
 - `npm run secure:bridge`
 - `npm run mobile`
+- `npm run stack:lan`
+- `npm run stack:tailscale`
 - `npm run ios`
 - `npm run android`
 - `npm run stop:services`

package/docs/setup-and-operations.md

@@ -6,21 +6,23 @@ This guide is the detailed companion to the top-level `README.md`.
 
 The setup wizard now lets you choose which harnesses the phone should control.
 
-If you want both Codex and OpenCode:
+If you want Codex, OpenCode, and Cursor:
 
 ```bash
-clawdex init --engines codex,opencode
+clawdex init --engines codex,opencode,cursor
 ```
 
 From a source checkout, the equivalent command is:
 
 ```bash
-npm run setup:wizard -- --engines codex,opencode
+npm run setup:wizard -- --engines codex,opencode,cursor
 ```
 
-That writes `BRIDGE_ENABLED_ENGINES=codex,opencode` into `.env.secure`, so the bridge starts both backends and the mobile app can control both from one UI.
+That writes `BRIDGE_ENABLED_ENGINES=codex,opencode,cursor` into `.env.secure`, so the bridge starts the selected backends and the mobile app can control them from one UI. When Cursor is selected, `clawdex init` asks for the Cursor API key and saves it in `.env.secure`.
 
-If you want only one harness, use `--engine codex` or `--engine opencode`.
+If you want only one harness, use `--engine codex`, `--engine opencode`, or `--engine cursor`.
+
+Cursor usage limits are not exposed by Cursor's public API today. The app shows key status, key metadata, runtime state, and models from Cursor; plan or weekly usage details remain in Cursor.
 
 ## Onboarding Output Cues
 
@@ -37,75 +39,6 @@ Published npm releases bundle prebuilt bridge binaries for `darwin-arm64`, `darw
 
 Published CLI installs are bridge-only. They do not include the Expo workspace or mobile app source files.
 
-## GitHub Codespaces Setup
-
-Codespaces can replace a user-managed always-on machine for development and lightweight remote use.
-
-From a repo checkout inside an active codespace:
-
-```bash
-npm run setup:wizard
-```
-
-Choose `GitHub Codespaces` for the bridge network mode.
-
-What that does:
-
-- binds the bridge locally inside the codespace
-- writes `BRIDGE_CONNECT_URL` and `BRIDGE_PREVIEW_CONNECT_URL` using the codespace forwarded HTTPS domain
-- enables bridge-side GitHub bearer auth for the current codespace
-- starts the bridge normally
-- attempts to mark the bridge port and browser-preview port public on each startup
-
-Important constraints:
-
-- Pair the mobile app to the printed `https://<codespace>-8787.app.github.dev` URL, not `127.0.0.1`
-- Browser preview uses the preview port (`8788` by default), so that forwarded port must also be public
-- GitHub resets public forwarded ports back to private whenever the codespace restarts
-- Keep bridge auth enabled and use Codespaces only for repos you trust, because public forwarded ports are internet-reachable
-- If the mobile app build sets `EXPO_PUBLIC_GITHUB_CLIENT_ID`, onboarding/settings can now sign in with GitHub, start the Codespace, and connect directly with the same OAuth token instead of copying `BRIDGE_AUTH_TOKEN`
-- The same in-app GitHub flow can create a new Codespace. It prefers `<signed-in-user>/<EXPO_PUBLIC_GITHUB_CODESPACES_REPO_NAME>`. If that repo does not exist yet, Clawdex automatically forks `EXPO_PUBLIC_GITHUB_CODESPACES_SOURCE_OWNER/<EXPO_PUBLIC_GITHUB_CODESPACES_REPO_NAME>` into the signed-in user account and creates the Codespace from that fork
-
-Manual recovery if port visibility does not update automatically:
-
-```bash
-gh codespace ports visibility 8787:public 8788:public
-```
-
-### Codespaces Bootstrap
-
-The repo devcontainer now includes:
-
-- `postCreateCommand`: `npm install --include=dev && npm run codespaces:bootstrap -- --prepare-only`
-- `postStartCommand`: `npm run codespaces:bootstrap`
-
-`npm run codespaces:bootstrap` does the following:
-
-- installs the Codex CLI via `npm install -g @openai/codex` if it is missing
-- in `--prepare-only` mode, prebuilds the Rust bridge binary without starting it
-- rewrites `.env.secure` for `BRIDGE_NETWORK_MODE=codespaces` with `BRIDGE_ACTIVE_ENGINE=codex`, `BRIDGE_ENABLED_ENGINES=codex`, and `BRIDGE_GITHUB_CODESPACES_AUTH=true`
-- starts the bridge in the background unless you set `CLAWDEX_CODESPACES_SKIP_START=true` or pass `--no-start`
-
-That means the first Codespace create now front-loads the expensive bridge compile during `postCreateCommand`, so the later `postStartCommand` can usually start the bridge much faster.
-
-The same bootstrap script is included in the published `clawdex-mobile` npm package. That lets the `clawdex-codespace` template stay minimal: it can install `clawdex-mobile@latest` globally in the devcontainer and invoke the packaged bootstrap against the current workspace instead of copying `scripts/*` and `services/rust-bridge/*` into the template repo.
-
-Manual examples:
-
-```bash
-npm run codespaces:bootstrap -- --prepare-only
-npm run codespaces:bootstrap
-npm run codespaces:bootstrap -- --no-start
-```
-
-Minimal template equivalent:
-
-```bash
-npm install -g clawdex-mobile@latest @openai/codex
-CLAWDEX_WORKSPACE_ROOT="$PWD" node "$(npm root -g)/clawdex-mobile/scripts/codespaces-bootstrap.js" --prepare-only
-CLAWDEX_WORKSPACE_ROOT="$PWD" node "$(npm root -g)/clawdex-mobile/scripts/codespaces-bootstrap.js"
-```
-
 ## Manual Secure Setup (No Wizard)
 
 ### 1) Install dependencies
@@ -120,10 +53,10 @@ npm install
 npm run secure:setup
 ```
 
-To generate OpenCode-first config instead:
+To generate multi-harness config instead:
 
 ```bash
-BRIDGE_ENABLED_ENGINES=codex,opencode npm run secure:setup
+BRIDGE_ENABLED_ENGINES=codex,opencode,cursor npm run secure:setup
 ```
 
 Creates/updates:
@@ -137,17 +70,17 @@ Creates/updates:
 npm run secure:bridge
 ```
 
-If you want a one-off OpenCode launch without rewriting `.env.secure`:
+If you want a one-off multi-harness launch without rewriting `.env.secure`:
 
 ```bash
-BRIDGE_ENABLED_ENGINES=codex,opencode npm run secure:bridge
+BRIDGE_ENABLED_ENGINES=codex,opencode,cursor npm run secure:bridge
 ```
 
-When both CLIs are selected, the bridge starts both backends and merges chat lists while still routing each thread by engine.
+When multiple harnesses are selected, the bridge starts each backend and merges chat lists while still routing each thread by engine.
 
 ### 4) Pair from the mobile app
 
-Open the installed mobile app on your phone, then scan the bridge QR. If needed, enter the bridge URL manually (for example `http://100.x.y.z:8787`, `http://192.168.x.y:8787`, or `https://<codespace>-8787.app.github.dev`). The chosen bridge URL is stored on-device and can be changed later in Settings.
+Open the installed mobile app on your phone, then scan the bridge QR. If needed, enter the bridge URL manually (for example `http://100.x.y.z:8787` or `http://192.168.x.y:8787`). The chosen bridge URL is stored on-device and can be changed later in Settings.
 
 ### In-app Bridge Maintenance
 
@@ -174,6 +107,18 @@ npm run mobile
 
 `npm run mobile` uses `scripts/start-expo.sh`, which sets `REACT_NATIVE_PACKAGER_HOSTNAME` from your secure config so QR resolution is predictable.
 
+If you want one command that switches the bridge between LAN/VLAN and Tailscale, preserves your
+existing bridge token and enabled harnesses, restarts the bridge in the background, and then opens
+Expo:
+
+```bash
+npm run stack:lan
+npm run stack:tailscale
+```
+
+Both wrappers call `scripts/start-mobile-stack.sh`. Pass `--expo ios` or `--expo android` if you
+want the same flow but to open a native Expo run command instead of the default `mobile` mode.
+
 ## Advanced Knobs
 
 Optional environment variables:
@@ -242,7 +187,7 @@ npm run teardown -- --yes
 
 | Variable | Purpose |
 |---|---|
-| `BRIDGE_NETWORK_MODE` | bridge connectivity mode (`tailscale`, `local`, or `codespaces`) |
+| `BRIDGE_NETWORK_MODE` | bridge connectivity mode (`tailscale` or `local`) |
 | `BRIDGE_HOST` | bind host for rust bridge |
 | `BRIDGE_PORT` | bridge port (default `8787`) |
 | `BRIDGE_PREVIEW_PORT` | browser preview port for proxied localhost web apps (default `BRIDGE_PORT + 1`) |
@@ -250,13 +195,13 @@ npm run teardown -- --yes
 | `BRIDGE_PREVIEW_CONNECT_URL` | externally reachable browser preview base URL |
 | `BRIDGE_AUTH_TOKEN` | required auth token |
 | `BRIDGE_ALLOW_QUERY_TOKEN_AUTH` | query-token auth fallback |
-| `BRIDGE_GITHUB_CODESPACES_AUTH` | accept GitHub bearer tokens for the current codespace |
-| `BRIDGE_GITHUB_CODESPACE_NAME` | codespace name used when validating GitHub bearer tokens |
-| `BRIDGE_GITHUB_API_URL` | GitHub REST API base URL for Codespaces auth checks |
 | `CODEX_CLI_BIN` | codex executable |
 | `BRIDGE_ACTIVE_ENGINE` | internal preferred routing backend used when multiple harnesses are enabled |
-| `BRIDGE_ENABLED_ENGINES` | selected harnesses to expose (`codex`, `opencode`, or both) |
+| `BRIDGE_ENABLED_ENGINES` | selected harnesses to expose (`codex`, `opencode`, `cursor`, or a comma-separated mix) |
 | `OPENCODE_CLI_BIN` | opencode executable for dual-engine startup |
+| `CURSOR_APP_SERVER_BIN` | Cursor app-server executable, usually `cursor-app-server` |
+| `CURSOR_API_KEY` | Cursor API key used by the Cursor SDK harness; collected by `clawdex init` when Cursor is selected |
+| `CURSOR_MODEL` | optional Cursor model id for non-interactive host defaults; normal mobile chats send the selected model |
 | `BRIDGE_OPENCODE_HOST` | loopback host for spawned opencode server |
 | `BRIDGE_OPENCODE_PORT` | loopback port for spawned opencode server |
 | `BRIDGE_OPENCODE_SERVER_USERNAME` | basic-auth username passed to opencode server |
@@ -269,11 +214,6 @@ npm run teardown -- --yes
 | Variable | Purpose |
 |---|---|
 | `EXPO_PUBLIC_HOST_BRIDGE_TOKEN` | token used by local mobile dev builds |
-| `EXPO_PUBLIC_GITHUB_CLIENT_ID` | GitHub OAuth app client ID for in-app Codespaces sign-in |
-| `EXPO_PUBLIC_GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN` | forwarded port domain used to derive Codespaces bridge URLs (`app.github.dev` by default) |
-| `EXPO_PUBLIC_GITHUB_CODESPACES_REPO_NAME` | repository name to sort matching Codespaces first in the in-app picker |
-| `EXPO_PUBLIC_GITHUB_CODESPACES_SOURCE_OWNER` | template/source repository owner used for automatic forking when the signed-in user does not have a same-name repo |
-| `EXPO_PUBLIC_GITHUB_CODESPACES_REPO_REF` | optional git ref/branch used when creating a new Codespace |
 | `EXPO_PUBLIC_ALLOW_QUERY_TOKEN_AUTH` | query-token behavior for WebSocket auth fallback |
 | `EXPO_PUBLIC_ALLOW_INSECURE_REMOTE_BRIDGE` | suppress insecure-HTTP warning |
 | `EXPO_PUBLIC_PRIVACY_POLICY_URL` | in-app Privacy link |
@@ -294,8 +234,7 @@ If you enable the optional tip jar:
 ## Production Readiness Checklist
 
 - Keep bridge network-private only by default (Tailscale/private LAN/VPN + host firewall)
-- If using GitHub Codespaces, remember the bridge is internet-reachable whenever its forwarded ports are public
-- Require bridge auth of some kind (`BRIDGE_AUTH_TOKEN` or GitHub Codespaces auth)
+- Require bridge auth with `BRIDGE_AUTH_TOKEN`
 - Keep `BRIDGE_ALLOW_QUERY_TOKEN_AUTH=true` only on private networks (required for Android WS auth fallback)
 - Do not set `BRIDGE_ALLOW_INSECURE_NO_AUTH=true` outside local debugging
 - Scope `BRIDGE_WORKDIR` to minimal required root

package/docs/troubleshooting.md

@@ -34,75 +34,24 @@ npm run stop:services
 ## Bridge auth errors (`401`, invalid token)
 
 - For the shipped mobile app, rescan the bridge QR or update the stored token in Settings.
-- For GitHub-auth Codespaces profiles, reopen `GitHub Codespaces` in the app and sign in with GitHub again if the OAuth token was revoked or expired.
 - For a local dev build, also ensure `BRIDGE_AUTH_TOKEN` in `.env.secure` matches `EXPO_PUBLIC_HOST_BRIDGE_TOKEN` in `apps/mobile/.env`.
 - Restart the bridge after token changes.
 - On secure-launcher installs, `Settings > Bridge Maintenance > Restart bridge safely` can do that from the phone.
 - If an in-app bridge update fails, inspect `.bridge-updater.log` and `.bridge-update-status.json` in the bridge install root.
 
-## GitHub Codespaces bridge URL does not connect
-
-- Pair to the printed forwarded HTTPS URL such as `https://<codespace>-8787.app.github.dev`, not `127.0.0.1`.
-- Public forwarded ports reset back to private when the codespace restarts.
-- Restart the bridge or rerun `npm run codespaces:bootstrap` to rerun the automatic visibility step.
-- If needed, set both ports public manually:
-
-```bash
-gh codespace ports visibility 8787:public 8788:public
-```
-
-- If `gh` is unavailable in the codespace, use the Codespaces `Ports` panel and change both forwarded ports to `Public`.
-- Keep bridge auth enabled. Public forwarded ports without bridge auth are not a safe setup.
-- If GitHub direct sign-in is not showing in the app, confirm the build includes `EXPO_PUBLIC_GITHUB_CLIENT_ID`.
-- If in-app Codespace creation forks or targets the wrong repo, check `EXPO_PUBLIC_GITHUB_CODESPACES_REPO_NAME`, `EXPO_PUBLIC_GITHUB_CODESPACES_SOURCE_OWNER`, and `EXPO_PUBLIC_GITHUB_CODESPACES_REPO_REF` in the mobile build env.
-
-## GitHub Codespaces bootstrap did not start the bridge
-
-- Check the post-start command output in the Codespace terminal or rerun it manually:
-
-```bash
-npm run codespaces:bootstrap -- --prepare-only
-npm run codespaces:bootstrap
-```
-
-- On the minimal `clawdex-codespace` template, rerun the packaged bootstrap instead:
-
-```bash
-CLAWDEX_WORKSPACE_ROOT="$PWD" node "$(npm root -g)/clawdex-mobile/scripts/codespaces-bootstrap.js" --prepare-only
-CLAWDEX_WORKSPACE_ROOT="$PWD" node "$(npm root -g)/clawdex-mobile/scripts/codespaces-bootstrap.js"
-```
-
-- The Codespaces bootstrap only prepares the `codex` engine. It will try to install Codex automatically with `npm install -g @openai/codex`.
-- `--prepare-only` installs Codex if needed and prebuilds the Rust bridge binary without starting the bridge.
-- The bootstrap also enables `BRIDGE_GITHUB_CODESPACES_AUTH=true` so GitHub bearer tokens can connect directly to the bridge.
-- If that install fails, fix npm/global package permissions in the codespace and rerun the bootstrap.
-- Bridge startup logs and runtime state live in the Codespace repo root:
-
-```bash
-tail -n 200 .bridge.log
-ls -la .bridge.pid .bridge.log .env.secure
-```
-
-- To only rewrite `.env.secure` without starting the bridge:
-
-```bash
-npm run codespaces:bootstrap -- --no-start
-```
-
 ## Voice transcription says no credentials were found
 
-- The bridge can transcribe with either `OPENAI_API_KEY`, `BRIDGE_CHATGPT_ACCESS_TOKEN`, or the same ChatGPT auth tokens already used for Codex login.
-- In GitHub Codespaces, finish the ChatGPT/Codex login step from the app first. The bridge will persist those tokens to `BRIDGE_WORKDIR/.clawdex-chatgpt-auth.json` and reuse them for voice transcription.
-- If you still see the error after logging in, restart the bridge once so it reloads the persisted auth cache:
+- The bridge can transcribe with `OPENAI_API_KEY`, `BRIDGE_CHATGPT_ACCESS_TOKEN`, a legacy bridge token cache, or the Codex-managed ChatGPT token in `$CODEX_HOME/auth.json`.
+- If Codex login just completed, restart the bridge once so it reloads the Codex auth home:
 
 ```bash
 npm run secure:bridge
 ```
 
-- You can inspect whether the bridge captured the token bundle:
+- You can inspect whether Codex saved auth:
 
 ```bash
-ls -la .clawdex-chatgpt-auth.json
+ls -la "${CODEX_HOME:-$HOME/.codex}/auth.json"
 ```
 
 ## Local browser preview does not open
@@ -115,7 +64,6 @@ ls -la .clawdex-chatgpt-auth.json
 - By default the preview server binds to `BRIDGE_PORT + 1`.
 - Restart the bridge after changing `BRIDGE_PREVIEW_PORT`.
 - If the page shell loads but live reload does not, verify the target dev server is still serving its WebSocket/HMR endpoint locally.
-- In GitHub Codespaces, the preview port (`8788` by default) must also be public or the Browser screen will fail even if the main bridge port works.
 
 ## Tailscale issues
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawdex-mobile",
-  "version": "5.1.3-internal.0",
+  "version": "5.1.3-internal.10",
   "description": "Private-network mobile bridge and CLI for Codex and OpenCode",
   "keywords": [
     "codex",
@@ -34,7 +34,6 @@
     "docs/troubleshooting.md",
     "scripts/bridge-binary.js",
     "scripts/bridge-self-update.js",
-    "scripts/codespaces-bootstrap.js",
     "scripts/setup-secure-dev.sh",
     "scripts/setup-wizard.sh",
     "scripts/start-bridge-secure.js",
@@ -52,6 +51,13 @@
     "mobile": "./scripts/start-expo.sh mobile",
     "ios": "./scripts/start-expo.sh ios",
     "android": "./scripts/start-expo.sh android",
+    "desktop:mac": "swift run --package-path apps/macos ClawdexDesktop",
+    "desktop:mac:build": "swift build --package-path apps/macos",
+    "desktop:mac:bundle": "./scripts/build-macos-desktop-app.sh",
+    "desktop:mac:sign": "./scripts/sign-macos-desktop-app.sh",
+    "desktop:mac:notarize": "./scripts/notarize-macos-desktop-app.sh",
+    "stack:lan": "./scripts/start-mobile-stack-lan.sh",
+    "stack:tailscale": "./scripts/start-mobile-stack-tailscale.sh",
     "bridge": "BRIDGE_WORKDIR=$(pwd) npm run -w @codex/rust-bridge dev",
     "bridge:package:stage-current": "node ./scripts/bridge-binary.js stage-current",
     "setup:wizard": "./scripts/setup-wizard.sh",
@@ -59,13 +65,12 @@
     "secure:setup": "./scripts/setup-secure-dev.sh",
     "secure:bridge": "node ./scripts/start-bridge-secure.js",
     "secure:bridge:dev": "node ./scripts/start-bridge-secure.js --dev",
-    "codespaces:bootstrap": "node ./scripts/codespaces-bootstrap.js",
     "bridge:ts": "BRIDGE_WORKDIR=$(pwd) npm run -w @codex/mac-bridge dev",
     "version:sync": "node scripts/sync-versions.js",
     "build": "npm run --workspaces build",
     "typecheck": "npm run --workspaces typecheck",
     "lint": "npm run --workspaces lint",
-    "test": "npm run test -w @codex/mac-bridge && npm run test -w apps/mobile && npm run test -w @codex/rust-bridge",
+    "test": "npm run test -w @codex/mac-bridge && npm run test -w apps/mobile && npm run test -w @codex/rust-bridge && npm run test -w @clawdex/cursor-app-server",
     "teardown": "./scripts/teardown.sh"
   }
 }

package/scripts/setup-secure-dev.sh

@@ -13,6 +13,9 @@ MOBILE_ENV_EXAMPLE="$ROOT_DIR/apps/mobile/.env.example"
 BRIDGE_ACTIVE_ENGINE="${BRIDGE_ACTIVE_ENGINE:-codex}"
 BRIDGE_ENABLED_ENGINES="${BRIDGE_ENABLED_ENGINES:-$BRIDGE_ACTIVE_ENGINE}"
 OPENCODE_CLI_BIN="${OPENCODE_CLI_BIN:-opencode}"
+CURSOR_APP_SERVER_BIN="${CURSOR_APP_SERVER_BIN:-cursor-app-server}"
+CURSOR_API_KEY="${CURSOR_API_KEY:-}"
+CURSOR_MODEL="${CURSOR_MODEL:-}"
 BRIDGE_CONNECT_URL=""
 BRIDGE_PREVIEW_CONNECT_URL=""
 
@@ -109,51 +112,6 @@ is_non_loopback_ipv4() {
   [[ "$ip" != 127.* ]]
 }
 
-normalize_base_url() {
-  local value="$1"
-  value="$(printf '%s' "$value" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
-  if [[ -z "$value" ]]; then
-    return 1
-  fi
-
-  case "$value" in
-    http://*|https://*)
-      ;;
-    *)
-      return 1
-      ;;
-  esac
-
-  printf '%s' "${value%/}"
-}
-
-resolve_codespaces_forwarded_url() {
-  local port="$1"
-  local override="$2"
-  local normalized_override=""
-  local codespace_name=""
-  local forwarding_domain=""
-
-  if [[ -n "$override" ]]; then
-    normalized_override="$(normalize_base_url "$override" || true)"
-    if [[ -z "$normalized_override" ]]; then
-      echo "error: invalid Codespaces URL override '$override'." >&2
-      return 1
-    fi
-    printf '%s' "$normalized_override"
-    return 0
-  fi
-
-  codespace_name="$(printf '%s' "${CODESPACE_NAME:-}" | tr -d '[:space:]')"
-  forwarding_domain="$(printf '%s' "${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN:-}" | tr -d '[:space:]')"
-  if [[ -z "$codespace_name" ]] || [[ -z "$forwarding_domain" ]]; then
-    echo "error: GitHub Codespaces env vars are missing. Run this inside an active codespace or set BRIDGE_CONNECT_URL_OVERRIDE." >&2
-    return 1
-  fi
-
-  printf 'https://%s-%s.%s' "$codespace_name" "$port" "$forwarding_domain"
-}
-
 resolve_tailscale_ipv4() {
   local ip
   ip="$(tailscale ip -4 2>/dev/null | head -n1 | tr -d '[:space:]' || true)"
@@ -269,19 +227,19 @@ HOST_SOURCE=""
 BRIDGE_NETWORK_MODE="${BRIDGE_NETWORK_MODE:-tailscale}"
 
 case "$BRIDGE_NETWORK_MODE" in
-  tailscale|local|codespaces)
+  tailscale|local)
     ;;
   *)
-    echo "error: BRIDGE_NETWORK_MODE must be 'tailscale', 'local', or 'codespaces'." >&2
+    echo "error: BRIDGE_NETWORK_MODE must be 'tailscale' or 'local'." >&2
     exit 1
     ;;
 esac
 
 case "$BRIDGE_ACTIVE_ENGINE" in
-  codex|opencode)
+  codex|opencode|cursor)
     ;;
   *)
-    echo "error: BRIDGE_ACTIVE_ENGINE must be 'codex' or 'opencode'." >&2
+    echo "error: BRIDGE_ACTIVE_ENGINE must be 'codex', 'opencode', or 'cursor'." >&2
     exit 1
     ;;
 esac
@@ -301,7 +259,7 @@ validate_enabled_engines() {
       continue
     fi
     case "$normalized" in
-      codex|opencode)
+      codex|opencode|cursor)
         ;;
       *)
         return 1
@@ -323,7 +281,7 @@ validate_enabled_engines() {
 }
 
 if ! validate_enabled_engines "$BRIDGE_ENABLED_ENGINES"; then
-  echo "error: BRIDGE_ENABLED_ENGINES must contain one or more of 'codex' and 'opencode'." >&2
+  echo "error: BRIDGE_ENABLED_ENGINES must contain one or more of 'codex', 'opencode', and 'cursor'." >&2
   exit 1
 fi
 
@@ -342,9 +300,6 @@ else
     ensure_tailscale_cli
     BRIDGE_HOST="$(resolve_tailscale_ipv4)"
     HOST_SOURCE="tailscale"
-  elif [[ "$BRIDGE_NETWORK_MODE" == "codespaces" ]]; then
-    BRIDGE_HOST="127.0.0.1"
-    HOST_SOURCE="codespaces"
   else
     BRIDGE_HOST="$(resolve_local_ipv4)"
     HOST_SOURCE="local"
@@ -358,17 +313,8 @@ if [[ "$BRIDGE_PREVIEW_PORT" == "$BRIDGE_PORT" ]]; then
   exit 1
 fi
 
-if [[ "$BRIDGE_NETWORK_MODE" == "codespaces" ]]; then
-  BRIDGE_CONNECT_URL="$(
-    resolve_codespaces_forwarded_url "$BRIDGE_PORT" "${BRIDGE_CONNECT_URL_OVERRIDE:-}"
-  )"
-  BRIDGE_PREVIEW_CONNECT_URL="$(
-    resolve_codespaces_forwarded_url "$BRIDGE_PREVIEW_PORT" "${BRIDGE_PREVIEW_CONNECT_URL_OVERRIDE:-}"
-  )"
-else
-  BRIDGE_CONNECT_URL="http://$BRIDGE_HOST:$BRIDGE_PORT"
-  BRIDGE_PREVIEW_CONNECT_URL="http://$BRIDGE_HOST:$BRIDGE_PREVIEW_PORT"
-fi
+BRIDGE_CONNECT_URL="http://$BRIDGE_HOST:$BRIDGE_PORT"
+BRIDGE_PREVIEW_CONNECT_URL="http://$BRIDGE_HOST:$BRIDGE_PREVIEW_PORT"
 
 EXISTING_TOKEN=""
 if [[ -f "$SECURE_ENV_FILE" ]]; then
@@ -380,13 +326,6 @@ if [[ -z "$BRIDGE_TOKEN" ]]; then
   BRIDGE_TOKEN="$(openssl rand -hex 24)"
 fi
 
-GITHUB_CODESPACES_AUTH_ENABLED="false"
-GITHUB_CODESPACES_NAME=""
-if [[ "$BRIDGE_NETWORK_MODE" == "codespaces" ]]; then
-  GITHUB_CODESPACES_AUTH_ENABLED="true"
-  GITHUB_CODESPACES_NAME="$(printf '%s' "${CODESPACE_NAME:-}" | tr -d '[:space:]')"
-fi
-
 cat > "$SECURE_ENV_FILE" <<EOT
 BRIDGE_NETWORK_MODE=$BRIDGE_NETWORK_MODE
 BRIDGE_HOST=$BRIDGE_HOST
@@ -396,13 +335,13 @@ BRIDGE_CONNECT_URL=$BRIDGE_CONNECT_URL
 BRIDGE_PREVIEW_CONNECT_URL=$BRIDGE_PREVIEW_CONNECT_URL
 BRIDGE_AUTH_TOKEN=$BRIDGE_TOKEN
 BRIDGE_ALLOW_QUERY_TOKEN_AUTH=true
-BRIDGE_GITHUB_CODESPACES_AUTH=$GITHUB_CODESPACES_AUTH_ENABLED
-BRIDGE_GITHUB_CODESPACE_NAME=$GITHUB_CODESPACES_NAME
-BRIDGE_GITHUB_API_URL=https://api.github.com
 BRIDGE_ACTIVE_ENGINE=$BRIDGE_ACTIVE_ENGINE
 BRIDGE_ENABLED_ENGINES=$BRIDGE_ENABLED_ENGINES
 CODEX_CLI_BIN=codex
 OPENCODE_CLI_BIN=$OPENCODE_CLI_BIN
+CURSOR_APP_SERVER_BIN=$CURSOR_APP_SERVER_BIN
+CURSOR_API_KEY=$CURSOR_API_KEY
+CURSOR_MODEL=$CURSOR_MODEL
 BRIDGE_WORKDIR=$ROOT_DIR
 EOT
 
@@ -422,9 +361,6 @@ echo "Bridge network mode: $BRIDGE_NETWORK_MODE"
 echo "Bridge host: $BRIDGE_HOST ($HOST_SOURCE)"
 echo "Bridge port: $BRIDGE_PORT"
 echo "Bridge connect URL: $BRIDGE_CONNECT_URL"
-if [[ "$GITHUB_CODESPACES_AUTH_ENABLED" == "true" ]]; then
-  echo "GitHub Codespaces auth: enabled"
-fi
 echo "Harnesses: $BRIDGE_ENABLED_ENGINES"
 echo "Token source: $SECURE_ENV_FILE"
 if has_local_mobile_workspace; then