copilot-cursor-proxy 1.0.4 → 1.1.1

package/README.md

@@ -46,12 +46,12 @@ Copy the HTTPS URL (e.g., `https://xxxxx.trycloudflare.com`).
 
 ## 🏗 Architecture
 
-```
+```text
 Cursor → (HTTPS tunnel) → proxy-router (:4142) → copilot-api (:4141) → GitHub Copilot
 ```
 
-*   **Port 4141 (`copilot-api`):** Authenticates with GitHub and provides the OpenAI-compatible API.
-    *   *Powered by [copilot-api](https://www.npmjs.com/package/copilot-api) (installed via `npx`).*
+*   **Port 4141 (`copilot-api`):** Authenticates with GitHub, provides the OpenAI-compatible API, and natively handles the Responses API for GPT-5.x models.
+    *   *Powered by [@jeffreycao/copilot-api](https://github.com/caozhiyuan/copilot-api) (installed via `npx`).*
 *   **Port 4142 (`proxy-router`):** Converts Anthropic-format messages to OpenAI format, bridges Responses API for GPT-5.x models, handles the `cus-` prefix, and serves the dashboard.
 *   **HTTPS tunnel:** Cursor requires HTTPS — a tunnel exposes the local proxy.
 
@@ -81,32 +81,32 @@ Cursor → (HTTPS tunnel) → proxy-router (:4142) → copilot-api (:4141) → G
 
 > **💡 Tip:** Visit the [Dashboard](http://localhost:4142) to see all available models and copy their IDs.
 
-### Tested Models (15/21 passing)
+### Tested Models (19/20 passing)
 
 | Cursor Model Name | Actual Model | Status |
 |---|---|---|
 | `cus-gpt-4o` | GPT-4o | ✅ |
 | `cus-gpt-4.1` | GPT-4.1 | ✅ |
+| `cus-gpt-41-copilot` | GPT-4.1 Copilot | ❌ Not supported by GitHub |
 | `cus-gpt-5-mini` | GPT-5 Mini | ✅ |
-| `cus-gpt-5.1` | GPT-5.1 | ✅ |
-| `cus-gpt-5.2` | GPT-5.2 | ⚠️ See note |
-| `cus-gpt-5.2-codex` | GPT-5.2 Codex | ⚠️ See note |
-| `cus-gpt-5.3-codex` | GPT-5.3 Codex | ⚠️ See note |
-| `cus-gpt-5.4` | GPT-5.4 | ⚠️ See note |
-| `cus-gpt-5.4-mini` | GPT-5.4 Mini | ⚠️ See note |
-| `cus-goldeneye` | Goldeneye | ⚠️ See note |
+| `cus-gpt-5.1` | GPT-5.1 | ✅ (deprecating 2026-04-15) |
+| `cus-gpt-5.2` | GPT-5.2 | ✅ |
+| `cus-gpt-5.2-codex` | GPT-5.2 Codex | ✅ |
+| `cus-gpt-5.3-codex` | GPT-5.3 Codex | ✅ |
+| `cus-gpt-5.4` | GPT-5.4 | ✅ |
+| `cus-gpt-5.4-mini` | GPT-5.4 Mini | ✅ |
 | `cus-claude-haiku-4.5` | Claude Haiku 4.5 | ✅ |
 | `cus-claude-sonnet-4` | Claude Sonnet 4 | ✅ |
 | `cus-claude-sonnet-4.5` | Claude Sonnet 4.5 | ✅ |
 | `cus-claude-sonnet-4.6` | Claude Sonnet 4.6 | ✅ |
 | `cus-claude-opus-4.5` | Claude Opus 4.5 | ✅ |
 | `cus-claude-opus-4.6` | Claude Opus 4.6 | ✅ |
-| `cus-claude-opus-4.6-1m` | Claude Opus 4.6 (1M) | ✅ |
 | `cus-gemini-2.5-pro` | Gemini 2.5 Pro | ✅ |
 | `cus-gemini-3-flash-preview` | Gemini 3 Flash | ✅ |
 | `cus-gemini-3.1-pro-preview` | Gemini 3.1 Pro | ✅ |
+| `cus-text-embedding-3-small` | Text Embedding 3 Small | N/A (embedding model) |
 
-> **⚠️ GPT-5.2+, GPT-5.x-codex, and goldeneye** are currently broken. These models require the `/v1/responses` API or `max_completion_tokens` instead of `max_tokens`, but `copilot-api` injects `max_tokens` into all requests. The proxy has a Responses API bridge built in, but `copilot-api` no longer exposes the `/v1/responses` endpoint. This will be resolved when `copilot-api` is updated. **All Claude, Gemini, GPT-4.x, GPT-5-mini, and GPT-5.1 models work fine.**
+> All GPT-5.x models now work thanks to the switch to [@jeffreycao/copilot-api](https://github.com/caozhiyuan/copilot-api), which natively supports the Responses API. The proxy also includes its own Responses API bridge as a fallback.
 
 ![Cursor Settings Configuration](./cursor-settings.png)
 
@@ -186,7 +186,7 @@ Three tabs:
 | Streaming | ✅ Works |
 | Plan mode | ✅ Works |
 | Agent mode | ✅ Works |
-| GPT-5.x models | ⚠️ Blocked by copilot-api `max_tokens` bug |
+| All GPT-5.x models | ✅ Works |
 | Extended thinking (chain-of-thought) | ❌ Stripped |
 | Prompt caching (`cache_control`) | ❌ Stripped |
 | Claude Vision | ❌ Not supported via Copilot |

package/auth-config.ts

@@ -20,15 +20,19 @@ const CONFIG_PATH = join(CONFIG_DIR, 'auth.json');
 
 const DEFAULT_CONFIG: AuthConfig = { requireApiKey: false, keys: [] };
 
+let cachedConfig: AuthConfig | null = null;
+
 export function loadAuthConfig(): AuthConfig {
+    if (cachedConfig) return cachedConfig;
     try {
         if (!existsSync(CONFIG_PATH)) return { ...DEFAULT_CONFIG, keys: [] };
         const raw = readFileSync(CONFIG_PATH, 'utf-8');
         const parsed = JSON.parse(raw);
-        return {
+        cachedConfig = {
             requireApiKey: !!parsed.requireApiKey,
             keys: Array.isArray(parsed.keys) ? parsed.keys : [],
         };
+        return cachedConfig;
     } catch {
         return { ...DEFAULT_CONFIG, keys: [] };
     }
@@ -37,6 +41,7 @@ export function loadAuthConfig(): AuthConfig {
 export function saveAuthConfig(config: AuthConfig): void {
     if (!existsSync(CONFIG_DIR)) mkdirSync(CONFIG_DIR, { recursive: true });
     writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2), 'utf-8');
+    cachedConfig = null; // Invalidate cache on write
 }
 
 function randomHex(bytes: number): string {

package/dashboard.html

@@ -354,10 +354,10 @@ tr:hover td { background: var(--bg-hover); }
 </div>
 
 <!-- Tabs -->
-<div class="tabs">
-    <div class="tab active" data-tab="endpoint">Endpoint</div>
-    <div class="tab" data-tab="usage">Usage</div>
-    <div class="tab" data-tab="console">Console Log</div>
+<div class="tabs" role="tablist">
+    <div class="tab active" data-tab="endpoint" role="tab" tabindex="0" aria-selected="true">Endpoint</div>
+    <div class="tab" data-tab="usage" role="tab" tabindex="0" aria-selected="false">Usage</div>
+    <div class="tab" data-tab="console" role="tab" tabindex="0" aria-selected="false">Console Log</div>
 </div>
 
 <!-- Content -->
@@ -537,13 +537,20 @@ tr:hover td { background: var(--bg-hover); }
 <script>
 /* ── Tab switching ──────────────────────────────────────────── */
 const tabs = document.querySelectorAll('.tab');
-tabs.forEach(t => t.addEventListener('click', () => {
-    tabs.forEach(x => x.classList.remove('active'));
+function switchTab(t) {
+    tabs.forEach(x => { x.classList.remove('active'); x.setAttribute('aria-selected', 'false'); });
     document.querySelectorAll('.tab-panel').forEach(p => p.classList.remove('active'));
     t.classList.add('active');
+    t.setAttribute('aria-selected', 'true');
     document.getElementById('tab-' + t.dataset.tab).classList.add('active');
     if (t.dataset.tab === 'usage') fetchUsage();
-}));
+}
+tabs.forEach(t => {
+    t.addEventListener('click', () => switchTab(t));
+    t.addEventListener('keydown', (e) => {
+        if (e.key === 'Enter' || e.key === ' ') { e.preventDefault(); switchTab(t); }
+    });
+});
 
 /* ── Helpers ────────────────────────────────────────────────── */
 function copyText(text, btn) {
@@ -578,7 +585,8 @@ function esc(s) {
 /* ── Tab 1: Models ──────────────────────────────────────────── */
 async function fetchModels() {
     try {
-        const res = await fetch('/v1/models');
+        // Fetch via /api/models to bypass API key auth for dashboard
+        const res = await fetch('/api/models');
         if (!res.ok) throw new Error('HTTP ' + res.status);
         const data = await res.json();
         const models = (data.data || []).sort((a, b) => a.id.localeCompare(b.id));
@@ -598,7 +606,9 @@ async function fetchModels() {
                 '<td><span class="model-badge">' + esc(m.id) + '</span></td>' +
                 '<td style="color:var(--text-dim)">' + esc(origId) + '</td>' +
                 '<td style="color:var(--text-dim)">' + esc(m.display_name || m.id) + '</td>' +
-                '<td><button class="copy-btn" onclick="copyText(\'' + esc(m.id).replace(/'/g, "\\'") + '\',this)">Copy</button></td>';
+                '<td><button class="copy-btn">Copy</button></td>';
+            const btn = tr.querySelector('.copy-btn');
+            btn.addEventListener('click', function() { copyText(m.id, this); });
             tbody.appendChild(tr);
         });
     } catch (e) {
@@ -631,10 +641,13 @@ function renderKeys() {
         list.innerHTML = '<div style="color: #666; font-size: 13px; padding: 12px 0;">No API keys created yet.</div>';
         return;
     }
-    list.innerHTML = authConfig.keys.map(k => `
-        <div style="display: flex; align-items: center; gap: 12px; padding: 10px 0; border-bottom: 1px solid #222;">
+    list.innerHTML = '';
+    authConfig.keys.forEach(k => {
+        const row = document.createElement('div');
+        row.style.cssText = 'display: flex; align-items: center; gap: 12px; padding: 10px 0; border-bottom: 1px solid #222;';
+        row.innerHTML = `
             <label class="toggle" style="flex-shrink: 0;">
-                <input type="checkbox" ${k.active ? 'checked' : ''} onchange="toggleKey('${esc(k.id)}', this.checked)">
+                <input type="checkbox" ${k.active ? 'checked' : ''}>
                 <span class="toggle-slider"></span>
             </label>
             <div style="flex: 1; min-width: 0;">
@@ -642,9 +655,12 @@ function renderKeys() {
                 <code style="color: #888; font-size: 12px;">${esc(k.key)}</code>
             </div>
             <div style="color: #666; font-size: 12px; white-space: nowrap;">${timeAgo(k.createdAt)}</div>
-            <button onclick="deleteKey('${esc(k.id)}')" style="background: none; border: none; color: #666; cursor: pointer; font-size: 16px; padding: 4px 8px;" title="Delete">🗑</button>
-        </div>
-    `).join('');
+            <button style="background: none; border: none; color: #666; cursor: pointer; font-size: 16px; padding: 4px 8px;" title="Delete">🗑</button>
+        `;
+        row.querySelector('input[type="checkbox"]').addEventListener('change', function() { toggleKey(k.id, this.checked); });
+        row.querySelector('button[title="Delete"]').addEventListener('click', function() { deleteKey(k.id); });
+        list.appendChild(row);
+    });
 }
 
 async function toggleRequireKey(enabled) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "copilot-cursor-proxy",
-  "version": "1.0.4",
+  "version": "1.1.1",
   "description": "Proxy that bridges GitHub Copilot API to Cursor IDE — translates Anthropic format, bridges Responses API for GPT 5.x, and more",
   "bin": {
     "copilot-cursor-proxy": "bin/cli.js"
@@ -14,7 +14,7 @@
   "scripts": {
     "build": "bun build start.ts proxy-router.ts anthropic-transforms.ts responses-bridge.ts responses-converters.ts stream-proxy.ts debug-logger.ts auth-config.ts --outdir dist --target node",
     "dev": "bun run start.ts",
-    "start": "node dist/start.js"
+    "start": "bun dist/start.js"
   },
   "keywords": [
     "copilot",

package/proxy-router.ts

@@ -124,7 +124,19 @@ Bun.serve({
     }
 
     if (url.pathname === "/api/keys" && req.method === "POST") {
-        const { name } = await req.json();
+        let body: unknown;
+        try {
+            body = await req.json();
+        } catch {
+            return Response.json({ error: "Invalid JSON body" }, { status: 400, headers: corsHeaders });
+        }
+        if (typeof body !== 'object' || body === null) {
+            return Response.json({ error: "Request body must be a JSON object" }, { status: 400, headers: corsHeaders });
+        }
+        const { name } = body as { name?: unknown };
+        if (name !== undefined && typeof name !== 'string') {
+            return Response.json({ error: "`name` must be a string if provided" }, { status: 400, headers: corsHeaders });
+        }
         const config = loadAuthConfig();
         const newKey = generateApiKey(name || 'Untitled');
         config.keys.push(newKey);
@@ -157,6 +169,28 @@ Bun.serve({
         return Response.json({ ok: true }, { headers: corsHeaders });
     }
 
+    // ── Dashboard API: model list (bypasses API key auth) ──────────────
+    if (url.pathname === "/api/models" && req.method === "GET") {
+        try {
+            const modelsUrl = new URL('/v1/models', TARGET_URL);
+            const response = await fetch(modelsUrl.toString());
+            const data = await response.json();
+            if (data.data && Array.isArray(data.data)) {
+                data.data = data.data.map((model: any) => ({
+                    ...model,
+                    id: PREFIX + model.id,
+                    display_name: PREFIX + (model.display_name || model.id)
+                }));
+            }
+            return new Response(JSON.stringify(data), {
+                status: response.status,
+                headers: { "Content-Type": "application/json", "Access-Control-Allow-Origin": "*" }
+            });
+        } catch (e: any) {
+            return Response.json({ error: e?.message || 'Failed to fetch models' }, { status: 502, headers: corsHeaders });
+        }
+    }
+
     // ── Proxy logic ───────────────────────────────────────────────────────
     const targetUrl = new URL(url.pathname + url.search, TARGET_URL);
 
@@ -170,9 +204,8 @@ Bun.serve({
       });
     }
 
-    try {
-      if (req.method === "POST" && url.pathname.includes("/chat/completions")) {
-        // Check API key if required
+    // ── Enforce API key auth on all /v1/* routes ──────────────────────────
+    if (url.pathname.startsWith("/v1/")) {
         const authConfig = loadAuthConfig();
         if (authConfig.requireApiKey) {
             const authHeader = req.headers.get('authorization');
@@ -184,7 +217,10 @@ Bun.serve({
                 );
             }
         }
+    }
 
+    try {
+      if (req.method === "POST" && url.pathname.includes("/chat/completions")) {
         const startTime = Date.now();
         let json = await req.json();
 
@@ -205,38 +241,37 @@ Bun.serve({
 
         logTransformedRequest(json);
 
-        const body = JSON.stringify(json);
         const headers = new Headers(req.headers);
         headers.set("host", targetUrl.host);
-        headers.set("content-length", String(new TextEncoder().encode(body).length));
+        headers.delete("authorization"); // Don't leak proxy API keys upstream
 
         const needsResponsesAPI = targetModel.match(/^gpt-5\.[2-9]|^gpt-5\.\d+-codex|^o[1-9]|^goldeneye/i);
         
-        // For models that need max_completion_tokens instead of max_tokens
-        const needsMaxCompletionTokens = targetModel.match(/^gpt-5\.[2-9]|^gpt-5\.\d+-codex|^goldeneye/i);
-        if (needsMaxCompletionTokens && json.max_tokens) {
+        if (needsResponsesAPI && json.max_tokens) {
             json.max_completion_tokens = json.max_tokens;
             delete json.max_tokens;
             console.log(`🔧 Converted max_tokens → max_completion_tokens`);
         }
 
-        // Try Responses API first for models that may need it; fall back to chat completions
         if (needsResponsesAPI) {
-            console.log(`🔀 Model ${targetModel} — trying Responses API bridge`);
+            console.log(`🔀 Model ${targetModel} — using Responses API bridge`);
             const chatId = `chatcmpl-proxy-${++responseCounter}`;
             try {
-                const result = await handleResponsesAPIBridge(json, req, chatId, TARGET_URL);
-                if (result.status !== 404) {
-                    addRequestLog({
-                        id: getNextRequestId(), timestamp: startTime, model: targetModel,
-                        promptTokens: 0, completionTokens: 0, totalTokens: 0,
-                        status: result.status, duration: Date.now() - startTime, stream: !!json.stream,
-                    });
-                    return result;
-                }
-                console.log(`⚠️ Responses API returned 404 — falling back to chat/completions`);
-            } catch (e) {
-                console.log(`⚠️ Responses API failed — falling back to chat/completions`);
+                const bridgeResult = await handleResponsesAPIBridge(json, req, chatId, TARGET_URL);
+                addRequestLog({
+                    id: getNextRequestId(), timestamp: startTime, model: targetModel,
+                    promptTokens: bridgeResult.usage.promptTokens,
+                    completionTokens: bridgeResult.usage.completionTokens,
+                    totalTokens: bridgeResult.usage.totalTokens,
+                    status: bridgeResult.response.status, duration: Date.now() - startTime, stream: !!json.stream,
+                });
+                return bridgeResult.response;
+            } catch (e: any) {
+                console.error(`❌ Responses API bridge failed for ${targetModel}:`, e?.message || e);
+                return new Response(
+                    JSON.stringify({ error: { message: `Responses API bridge failed: ${e?.message || 'Unknown error'}`, type: "proxy_error" } }),
+                    { status: 502, headers: { "Content-Type": "application/json", "Access-Control-Allow-Origin": "*" } }
+                );
             }
         }
 
@@ -248,6 +283,9 @@ Bun.serve({
              headers.set("Copilot-Vision-Request", "true");
         }
 
+        const body = JSON.stringify(json);
+        headers.set("content-length", String(new TextEncoder().encode(body).length));
+
         const response = await fetch(targetUrl.toString(), {
           method: "POST",
           headers: headers,
@@ -304,21 +342,9 @@ Bun.serve({
       }
 
       if (req.method === "GET" && url.pathname.includes("/models")) {
-        // Check API key if required
-        const authConfig = loadAuthConfig();
-        if (authConfig.requireApiKey) {
-            const authHeader = req.headers.get('authorization');
-            const providedKey = authHeader?.replace('Bearer ', '');
-            if (!providedKey || !validateApiKey(providedKey)) {
-                return Response.json(
-                    { error: { message: "Invalid API key. Generate one from the dashboard.", type: "invalid_api_key" } },
-                    { status: 401, headers: { "Access-Control-Allow-Origin": "*" } }
-                );
-            }
-        }
-
         const headers = new Headers(req.headers);
         headers.set("host", targetUrl.host);
+        headers.delete("authorization"); // Don't leak proxy API keys upstream
         const response = await fetch(targetUrl.toString(), { method: "GET", headers: headers });
         const data = await response.json();
         
@@ -337,6 +363,7 @@ Bun.serve({
 
       const headers = new Headers(req.headers);
       headers.set("host", targetUrl.host);
+      headers.delete("authorization"); // Don't leak proxy API keys upstream
       const response = await fetch(targetUrl.toString(), {
         method: req.method,
         headers: headers,

package/responses-bridge.ts

@@ -1,6 +1,11 @@
 import { convertResponsesSyncToChatCompletions, convertResponsesStreamToChatCompletions } from './responses-converters';
 
-export async function handleResponsesAPIBridge(json: any, req: Request, chatId: string, targetUrl: string) {
+export interface BridgeResult {
+    response: Response;
+    usage: { promptTokens: number; completionTokens: number; totalTokens: number };
+}
+
+export async function handleResponsesAPIBridge(json: any, req: Request, chatId: string, targetUrl: string): Promise<BridgeResult> {
     const corsHeaders = { "Access-Control-Allow-Origin": "*" };
 
     const responsesReq: any = {
@@ -55,7 +60,7 @@ export async function handleResponsesAPIBridge(json: any, req: Request, chatId:
 
             return {
                 role: m.role === 'assistant' ? 'assistant' : 'user',
-                content: typeof content === 'string' ? content : content,
+                content,
             };
         }).flat();
     } else {
@@ -96,6 +101,7 @@ export async function handleResponsesAPIBridge(json: any, req: Request, chatId:
     headers.set("host", responsesUrl.host);
     headers.set("content-type", "application/json");
     headers.set("content-length", String(new TextEncoder().encode(responsesBody).length));
+    headers.delete("authorization"); // Don't leak proxy API keys upstream
 
     const response = await fetch(responsesUrl.toString(), {
         method: "POST",
@@ -108,12 +114,28 @@ export async function handleResponsesAPIBridge(json: any, req: Request, chatId:
     if (!response.ok) {
         const errText = await response.text();
         console.error(`❌ Responses API Error (${response.status}):`, errText);
-        return new Response(errText, { status: response.status, headers: corsHeaders });
+        return {
+            response: new Response(errText, { status: response.status, headers: corsHeaders }),
+            usage: { promptTokens: 0, completionTokens: 0, totalTokens: 0 },
+        };
     }
 
     if (json.stream && response.body) {
-        return convertResponsesStreamToChatCompletions(response, json.model, chatId, corsHeaders);
+        return {
+            response: convertResponsesStreamToChatCompletions(response, json.model, chatId, corsHeaders),
+            // Streaming usage is embedded in the stream; not available synchronously
+            usage: { promptTokens: 0, completionTokens: 0, totalTokens: 0 },
+        };
     } else {
-        return convertResponsesSyncToChatCompletions(response, json.model, chatId, corsHeaders);
+        const data = await response.json() as any;
+        const usage = data.usage ? {
+            promptTokens: data.usage.input_tokens || 0,
+            completionTokens: data.usage.output_tokens || 0,
+            totalTokens: data.usage.total_tokens || 0,
+        } : { promptTokens: 0, completionTokens: 0, totalTokens: 0 };
+        return {
+            response: convertResponsesSyncToChatCompletions(data, json.model, chatId, corsHeaders),
+            usage,
+        };
     }
 }

package/responses-converters.ts

@@ -1,5 +1,4 @@
-export async function convertResponsesSyncToChatCompletions(response: Response, model: string, chatId: string, corsHeaders: any) {
-    const data = await response.json() as any;
+export function convertResponsesSyncToChatCompletions(data: any, model: string, chatId: string, corsHeaders: any) {
     const result: any = {
         id: chatId,
         object: 'chat.completion',
@@ -49,7 +48,13 @@ export async function convertResponsesSyncToChatCompletions(response: Response,
 }
 
 export function convertResponsesStreamToChatCompletions(response: Response, model: string, chatId: string, corsHeaders: any) {
-    const reader = response.body!.getReader();
+    if (!response.body) {
+        return new Response(JSON.stringify({ error: 'No response body' }), {
+            status: 502,
+            headers: { ...corsHeaders, "Content-Type": "application/json" },
+        });
+    }
+    const reader = response.body.getReader();
     const decoder = new TextDecoder();
     const encoder = new TextEncoder();
     let buffer = '';
@@ -101,6 +106,7 @@ export function convertResponsesStreamToChatCompletions(response: Response, mode
             }
 
             else if (eventType === 'response.function_call_arguments.delta') {
+                if (toolCallIndex < 1) continue; // Guard against out-of-order events
                 controller.enqueue(encoder.encode(makeChatChunk({
                     tool_calls: [{
                         index: toolCallIndex - 1,

package/start.ts

@@ -54,7 +54,7 @@ async function main() {
         const isWindows = process.platform === 'win32';
         const npxCmd = isWindows ? 'npx.cmd' : 'npx';
 
-        copilotProc = spawn([npxCmd, 'copilot-api', 'start'], {
+        copilotProc = spawn([npxCmd, '@jeffreycao/copilot-api@latest', 'start'], {
             stdout: 'pipe',
             stderr: 'pipe',
         });

package/usage-db.ts

@@ -1,4 +1,5 @@
-import { mkdirSync, existsSync, readFileSync, writeFileSync } from 'fs';
+import { mkdirSync, existsSync, readFileSync } from 'fs';
+import { writeFile } from 'fs/promises';
 import { homedir } from 'os';
 import { join } from 'path';
 
@@ -86,7 +87,7 @@ const loadSync = (): UsageData => {
 const saveToDisk = async () => {
     try {
         data.lastSavedAt = Date.now();
-        writeFileSync(USAGE_FILE, JSON.stringify(data, null, 2), 'utf-8');
+        await writeFile(USAGE_FILE, JSON.stringify(data, null, 2), 'utf-8');
     } catch (e) {
         console.error('Failed to save usage data:', e);
     }
@@ -205,6 +206,6 @@ export const flushToDisk = async () => {
     await saveToDisk();
 };
 
-process.on('beforeExit', () => { flushToDisk(); });
+process.on('beforeExit', async () => { await flushToDisk(); });
 process.on('SIGINT', async () => { await flushToDisk(); process.exit(0); });
 process.on('SIGTERM', async () => { await flushToDisk(); process.exit(0); });