mtrx-cli 0.1.26 → 0.1.27

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mtrx-cli",
-  "version": "0.1.26",
+  "version": "0.1.27",
   "description": "MATRX CLI for routing Codex, Claude, and Cursor through Matrx",
   "homepage": "https://mtrx.so",
   "repository": {

package/src/matrx/__init__.py

@@ -1 +1 @@
-__version__ = "0.1.26"
+__version__ = "0.1.27"

package/src/matrx/cli/cursor_ca.py

@@ -302,21 +302,89 @@ def trust_ca_system(cert_path: Path | None = None) -> bool:
     """Attempt to trust the CA certificate in the OS certificate store.
 
     Returns True on success.  May require elevated privileges.
+    Also persists NODE_EXTRA_CA_CERTS as a user environment variable so
+    Node.js processes trust the CA regardless of how they are launched.
     """
     cert_path = cert_path or ca_cert_path()
     system = platform.system()
+    ok = False
     try:
         if system == "Darwin":
-            return _trust_ca_macos(cert_path)
-        if system == "Linux":
-            return _trust_ca_linux(cert_path)
-        if system == "Windows":
-            return _trust_ca_windows(cert_path)
+            ok = _trust_ca_macos(cert_path)
+        elif system == "Linux":
+            ok = _trust_ca_linux(cert_path)
+        elif system == "Windows":
+            ok = _trust_ca_windows(cert_path)
     except Exception as exc:
         logger.warning("CA trust failed: %s", exc)
+    if ok:
+        persist_node_extra_ca_certs(cert_path)
+    return ok
+
+
+def persist_node_extra_ca_certs(cert_path: Path | None = None) -> bool:
+    """Persist NODE_EXTRA_CA_CERTS as a permanent user-level environment variable.
+
+    This ensures all Node.js processes — including Cursor sub-processes not
+    launched via the mtrx launcher — trust the MTRX CA certificate.
+
+    - Windows: ``setx NODE_EXTRA_CA_CERTS <path>`` writes to HKCU\\Environment;
+      all new user processes inherit it automatically.
+    - macOS: ``launchctl setenv`` for the current session; ``~/.zprofile`` for
+      persistence across reboots.
+    - Linux: ``~/.profile`` export line for login shells and display managers.
+
+    Returns True if the variable was persisted successfully.
+    """
+    cert_path = cert_path or ca_cert_path()
+    value = str(cert_path)
+    system = platform.system()
+    try:
+        if system == "Windows":
+            result = subprocess.run(
+                ["setx", "NODE_EXTRA_CA_CERTS", value],
+                capture_output=True,
+                timeout=15,
+            )
+            if result.returncode == 0:
+                logger.info("persist_node_extra_ca_certs: set via setx")
+                return True
+            logger.warning(
+                "persist_node_extra_ca_certs: setx failed: %s",
+                result.stderr.decode("utf-8", errors="replace").strip(),
+            )
+            return False
+
+        if system == "Darwin":
+            subprocess.run(
+                ["launchctl", "setenv", "NODE_EXTRA_CA_CERTS", value],
+                capture_output=True,
+                timeout=10,
+            )
+            zprofile = Path.home() / ".zprofile"
+            _append_env_export(zprofile, "NODE_EXTRA_CA_CERTS", value)
+            logger.info("persist_node_extra_ca_certs: set via launchctl + ~/.zprofile")
+            return True
+
+        if system == "Linux":
+            profile = Path.home() / ".profile"
+            _append_env_export(profile, "NODE_EXTRA_CA_CERTS", value)
+            logger.info("persist_node_extra_ca_certs: set via ~/.profile")
+            return True
+
+    except Exception as exc:
+        logger.warning("persist_node_extra_ca_certs failed: %s", exc)
     return False
 
 
+def _append_env_export(path: Path, name: str, value: str) -> None:
+    """Append ``export NAME="value"`` to a shell profile file if not already present."""
+    line = f'\nexport {name}="{value}"  # added by mtrx\n'
+    text = path.read_text(encoding="utf-8") if path.exists() else ""
+    if name not in text:
+        path.write_text(text + line, encoding="utf-8")
+
+
 def _trust_ca_macos(cert_path: Path) -> bool:
     result = subprocess.run(
         [

package/src/matrx/cli/cursor_config.py

@@ -464,6 +464,8 @@ def configure_cursor_proxy_settings(
     previous = {
         "http.proxy": settings.get("http.proxy"),
         "http.proxyStrictSSL": settings.get("http.proxyStrictSSL"),
+        "http.proxySupport": settings.get("http.proxySupport"),
+        "http.systemCertificates": settings.get("http.systemCertificates"),
         "terminal.integrated.env.osx": settings.get("terminal.integrated.env.osx"),
         "terminal.integrated.env.linux": settings.get("terminal.integrated.env.linux"),
         "terminal.integrated.env.windows": settings.get("terminal.integrated.env.windows"),
@@ -471,6 +473,8 @@ def configure_cursor_proxy_settings(
 
     settings["http.proxy"] = proxy_url
     settings["http.proxyStrictSSL"] = False
+    settings["http.proxySupport"] = "override"  # force all extensions through proxy agent
+    settings["http.systemCertificates"] = True  # use OS store where our CA is already trusted
 
     # Inject NODE_EXTRA_CA_CERTS into integrated terminal env so Cursor's
     # Node.js runtime trusts our CA.  Cursor itself reads this from the
@@ -501,7 +505,7 @@ def restore_cursor_proxy_settings(previous: dict) -> bool:
     """Restore Cursor's settings.json to pre-proxy values."""
     settings = _read_settings_json()
 
-    for key in ("http.proxy", "http.proxyStrictSSL"):
+    for key in ("http.proxy", "http.proxyStrictSSL", "http.proxySupport", "http.systemCertificates"):
         old = previous.get(key)
         if old is None:
             settings.pop(key, None)

package/src/matrx/cli/cursor_daemon.py

@@ -41,6 +41,8 @@ def main() -> int:
     matrx_base_url = config.get("matrx_base_url", "")
     host = config.get("host", "127.0.0.1")
     port = config.get("port", 8842)
+    agent_id = config.get("agent_id") or None
+    group_id = config.get("group_id") or None
 
     if not matrx_key or not matrx_base_url:
         print("Invalid proxy config: matrx_key and matrx_base_url required", file=sys.stderr)
@@ -56,6 +58,8 @@ def main() -> int:
         host=host,
         port=port,
         pid_file=pid_file,
+        agent_id=agent_id,
+        group_id=group_id,
     )
     return 0
 

package/src/matrx/cli/cursor_proxy.py

@@ -19,14 +19,16 @@ Design choices (informed by cursor-tap):
 from __future__ import annotations
 
 import asyncio
+import contextlib
 import logging
 import os
 import signal
 import ssl
+import sys
 import time
 import uuid
 from pathlib import Path
-from typing import Any
+from typing import TYPE_CHECKING, Any, AsyncGenerator
 
 import httpx
 
@@ -55,19 +57,61 @@ except ImportError:
 
 logger = logging.getLogger(__name__)
 
+
+class _SuppressAsyncioNoise(logging.Filter):
+    """Suppress known-benign asyncio noise on Windows and SSL connections.
+
+    Two cases are filtered:
+
+    1. SSL EOF warning — Python's asyncio SSL transport emits this at WARNING
+       level whenever a remote peer closes the connection.  The return value
+       from eof_received() is silently ignored for SSL connections; harmless
+       and unfixable without rewriting asyncio's SSL transport layer.
+
+    2. WinError 10054 in _call_connection_lost — Windows ProactorEventLoop
+       calls socket.shutdown(SHUT_RDWR) on already-reset sockets during
+       connection teardown.  Cursor's CodebaseSnapshotService packfile uploads
+       close connections with TCP RST, triggering this path.  The error is
+       logged at ERROR level by asyncio but indicates normal connection teardown;
+       the proxy's own logic is unaffected.
+    """
+
+    def filter(self, record: logging.LogRecord) -> bool:
+        msg = record.getMessage()
+        if "eof_received" in msg:
+            return False
+        if "_call_connection_lost" in msg and record.exc_info:
+            exc_type = record.exc_info[0]
+            if exc_type is not None and issubclass(exc_type, ConnectionResetError):
+                return False
+        return True
+
+
 _MAX_BODY_BYTES = 50 * 1024 * 1024  # 50 MB hard limit for buffered request bodies
 
 DEFAULT_PORT = 8842
 PROXY_HOST = "127.0.0.1"
 HEALTH_PATH = "/__mtrx_health__"
 
+
+def _print_inbox_notification(from_agent_id: str, prompt_preview: str) -> None:
+    """Print a visible terminal notification when an A2A task arrives while idle."""
+    preview_display = f': "{prompt_preview}"' if prompt_preview else ""
+    print(
+        f"\n\033[1m[MTRX]\033[0m \U0001f4ec A2A task from {from_agent_id}{preview_display}"
+        "\n       → Start a new turn to receive and process it.\n",
+        file=sys.stderr,
+        flush=True,
+    )
+
 # Domains whose TLS we intercept for observability.
 _INTERCEPT_DOMAINS = {
     "api2.cursor.sh",
     "api3.cursor.sh",
     "api4.cursor.sh",
     "api5.cursor.sh",
-    "agentn.global.api5.cursor.sh",
+    "agent.api5.cursor.sh",   # Cloud Agent (privacy mode)
+    "agentn.api5.cursor.sh",  # Cloud Agent (non-privacy mode)
     "api.anthropic.com",
     "api.openai.com",
 }
@@ -77,6 +121,8 @@ _PREWARM_DOMAINS = (
     "api3.cursor.sh",
     "api4.cursor.sh",
     "api5.cursor.sh",
+    "agent.api5.cursor.sh",
+    "agentn.api5.cursor.sh",
 )
 
 
@@ -90,16 +136,21 @@ class MITMProxy:
         matrx_base_url: str,
         host: str = PROXY_HOST,
         port: int = DEFAULT_PORT,
+        agent_id: str | None = None,
+        group_id: str | None = None,
     ):
         self.matrx_key = matrx_key
         self.matrx_base_url = matrx_base_url.rstrip("/")
         self.host = host
         self.port = port
+        self._agent_id: str | None = agent_id
+        self._group_id: str | None = group_id
         self._server: asyncio.Server | None = None
         self._telemetry_client: httpx.AsyncClient | None = None
         self._cert_cache: CertCache | None = None
         self._request_count = 0
         self._connect_count = 0
+        self._inbox_poll_task: asyncio.Task | None = None
 
     async def start(self) -> None:
         ca_key, ca_cert = load_ca()
@@ -110,6 +161,16 @@ class MITMProxy:
             self._handle_client, self.host, self.port
         )
         logger.info("MITM proxy listening on %s:%d", self.host, self.port)
+        if self._agent_id and self._group_id:
+            self._inbox_poll_task = asyncio.create_task(
+                self._run_inbox_poll_loop(),
+                name="mtrx-inbox-poll",
+            )
+            logger.info(
+                "proxy: inbox poller started agent_id=%s group_id=%s",
+                self._agent_id,
+                self._group_id,
+            )
 
     async def serve_forever(self) -> None:
         if self._server is None:
@@ -119,6 +180,10 @@ class MITMProxy:
             await self._server.serve_forever()
 
     async def stop(self) -> None:
+        if self._inbox_poll_task and not self._inbox_poll_task.done():
+            self._inbox_poll_task.cancel()
+            with contextlib.suppress(asyncio.CancelledError):
+                await self._inbox_poll_task
         if self._server:
             self._server.close()
             await self._server.wait_closed()
@@ -129,6 +194,58 @@ class MITMProxy:
     def request_count(self) -> int:
         return self._request_count
 
+    # -----------------------------------------------------------------
+    # Inbox background poller
+    # -----------------------------------------------------------------
+
+    async def _run_inbox_poll_loop(self) -> None:
+        """Long-poll /v1/inbox/wait while the proxy is running.
+
+        When a directed work item arrives for this agent, prints a visible
+        terminal notification so the user knows to give the agent its next
+        turn.  Actual task delivery still happens via the normal injection
+        path (claim_directed_work_for_injection) on the next proxy call —
+        this loop only provides the push notification.
+        """
+        url = f"{self.matrx_base_url}/v1/inbox/wait"
+        params: dict[str, str | int] = {
+            "group_id": str(self._group_id),
+            "timeout_s": 25,
+        }
+        if self._agent_id:
+            params["agent_id"] = self._agent_id
+        headers = {"X-Matrx-Key": self.matrx_key}
+
+        async with httpx.AsyncClient(timeout=httpx.Timeout(32.0, connect=5.0)) as client:
+            while True:
+                try:
+                    resp = await client.get(url, params=params, headers=headers)
+                    if resp.status_code == 200:
+                        data = resp.json()
+                        if data.get("has_pending"):
+                            from_label = data.get("from_agent_id") or "external"
+                            preview = (data.get("prompt_preview") or "").strip()
+                            _print_inbox_notification(from_label, preview)
+                    elif resp.status_code == 401:
+                        logger.warning("proxy: inbox poller received 401 — stopping")
+                        return
+                    # Any other non-2xx: log at debug and retry after backoff
+                    elif resp.status_code >= 400:
+                        logger.debug(
+                            "proxy: inbox poller got %s, retrying in 10s",
+                            resp.status_code,
+                        )
+                        await asyncio.sleep(10)
+                except asyncio.CancelledError:
+                    return
+                except (httpx.TimeoutException, httpx.ConnectError):
+                    # Timeout is expected (server held 25s with no work).
+                    # ConnectError happens briefly at startup or on network blip.
+                    pass
+                except Exception:
+                    logger.debug("proxy: inbox poller error", exc_info=True)
+                    await asyncio.sleep(5)
+
     # -----------------------------------------------------------------
     # Connection handling
     # -----------------------------------------------------------------
@@ -397,9 +514,18 @@ class MITMProxy:
                         success, resp_headers, resp_body, is_streaming = result
                         if success and resp_body is not None:
                             self._request_count += 1
-                            self._write_http_response(
-                                client_writer, 200, resp_headers, resp_body
-                            )
+                            if hasattr(resp_body, "__aiter__"):
+                                # Streaming generator: write chunked HTTP response
+                                resp_body_size = await self._write_chunked_reroute_response(
+                                    client_writer, resp_headers, resp_body
+                                )
+                            else:
+                                # Buffered bytes: write with content-length
+                                self._write_http_response(
+                                    client_writer, 200, resp_headers, resp_body
+                                )
+                                await client_writer.drain()
+                                resp_body_size = len(resp_body)
                             asyncio.create_task(
                                 self._ship_telemetry(
                                     hostname=hostname,
@@ -407,7 +533,7 @@ class MITMProxy:
                                     path=path,
                                     status_code=200,
                                     req_body_size=len(req_body),
-                                    resp_body_size=len(resp_body),
+                                    resp_body_size=resp_body_size,
                                     elapsed_ms=0,
                                     content_type=resp_headers.get("content-type", ""),
                                     is_streaming=is_streaming,
@@ -425,6 +551,7 @@ class MITMProxy:
                     )
                     body_to_forward = injected_body if injected_body is not None else req_body
                     fwd_headers = dict(req_headers)
+                    fwd_headers.pop("transfer-encoding", None)  # remove chunked before setting content-length
                     fwd_headers["content-length"] = str(len(body_to_forward))
                     up_writer.write(req_line)
                     self._write_headers(up_writer, fwd_headers)
@@ -494,19 +621,20 @@ class MITMProxy:
             elapsed_ms = int((time.monotonic() - started) * 1000)
             self._request_count += 1
 
-            asyncio.create_task(
-                self._ship_telemetry(
-                    hostname=hostname,
-                    method=method,
-                    path=path,
-                    status_code=status_code,
-                    req_body_size=req_body_size,
-                    resp_body_size=resp_body_size,
-                    elapsed_ms=elapsed_ms,
-                    content_type=content_type,
-                    is_streaming=is_streaming,
+            if _is_ai_req:  # backend rejects telemetry for non-AI infrastructure paths
+                asyncio.create_task(
+                    self._ship_telemetry(
+                        hostname=hostname,
+                        method=method,
+                        path=path,
+                        status_code=status_code,
+                        req_body_size=req_body_size,
+                        resp_body_size=resp_body_size,
+                        elapsed_ms=elapsed_ms,
+                        content_type=content_type,
+                        is_streaming=is_streaming,
+                    )
                 )
-            )
 
             conn_h = resp_headers.get("connection", "").lower()
             if "close" in conn_h:
@@ -842,6 +970,38 @@ class MITMProxy:
         writer.write(body)
         # Note: drain is caller's responsibility
 
+    async def _write_chunked_reroute_response(
+        self,
+        writer: asyncio.StreamWriter,
+        headers: dict[str, str],
+        frames: AsyncGenerator[bytes, None],
+    ) -> int:
+        """Write an HTTP/1.1 chunked-encoded response by iterating a Connect-frame generator.
+
+        Each Connect frame from the generator becomes one chunk.  The response ends
+        with the mandatory zero-length chunk terminator.  Returns total payload bytes
+        written (for telemetry).
+        """
+        writer.write(b"HTTP/1.1 200 OK\r\n")
+        merged = dict(headers)
+        merged["transfer-encoding"] = "chunked"
+        self._write_headers(writer, merged)
+        await writer.drain()
+
+        total = 0
+        async for chunk in frames:
+            if not chunk:
+                continue
+            writer.write(f"{len(chunk):x}\r\n".encode())
+            writer.write(chunk)
+            writer.write(b"\r\n")
+            await writer.drain()
+            total += len(chunk)
+
+        writer.write(b"0\r\n\r\n")
+        await writer.drain()
+        return total
+
     # -----------------------------------------------------------------
     # Raw bidirectional pipe (for opaque tunnels)
     # -----------------------------------------------------------------
@@ -888,7 +1048,7 @@ class MITMProxy:
         content_type: str,
         is_streaming: bool,
     ) -> None:
-        if self._telemetry_client is None:
+        if self._telemetry_client is None or not self.matrx_key:
             return
 
         payload = {
@@ -905,11 +1065,19 @@ class MITMProxy:
         }
         url = f"{self.matrx_base_url}/v1/telemetry/cursor"
         try:
-            await self._telemetry_client.post(
+            resp = await self._telemetry_client.post(
                 url,
                 json=payload,
                 headers={"X-Matrx-Key": self.matrx_key},
             )
+            if resp.status_code >= 400:
+                logger.warning(
+                    "telemetry: %s from %s (key=%s... path=%s)",
+                    resp.status_code,
+                    url,
+                    self.matrx_key[:8],
+                    path,
+                )
         except Exception:
             logger.debug("telemetry ship failed", exc_info=True)
 
@@ -925,8 +1093,16 @@ def run_proxy(
     host: str = PROXY_HOST,
     port: int = DEFAULT_PORT,
     pid_file: Path | None = None,
+    agent_id: str | None = None,
+    group_id: str | None = None,
 ) -> None:
     """Run the MITM proxy (blocking).  Intended for daemon/service use."""
+    logging.getLogger("asyncio").addFilter(_SuppressAsyncioNoise())
+
+    # Allow agent/group identity to come from environment when not explicitly set
+    agent_id = agent_id or os.environ.get("MTRX_AGENT_ID") or None
+    group_id = group_id or os.environ.get("MTRX_GROUP_ID") or None
+
     if pid_file:
         pid_file.parent.mkdir(parents=True, exist_ok=True)
         pid_file.write_text(str(os.getpid()), encoding="utf-8")
@@ -936,6 +1112,8 @@ def run_proxy(
         matrx_base_url=matrx_base_url,
         host=host,
         port=port,
+        agent_id=agent_id,
+        group_id=group_id,
     )
 
     loop = asyncio.new_event_loop()

package/src/matrx/cli/cursor_reroute.py

@@ -17,7 +17,7 @@ import asyncio
 import json
 import logging
 import re
-from typing import Any
+from typing import Any, AsyncGenerator
 
 import httpx
 
@@ -27,7 +27,9 @@ logger = logging.getLogger(__name__)
 # Cursor uses aiserver.v1.AiServerService for all AI endpoints.
 _AI_PATH_PATTERNS = (
     r"AiServerService",
-    r"AiService",
+    # r"AiService" intentionally omitted — too broad, matches non-inference endpoints like
+    # KnowledgeBaseList, UpdateVscodeProfile, GetDefaultModel. Actual inference methods
+    # on AiService are all covered by their specific method-level patterns below.
     r"ChatService",
     r"StreamUnifiedChat",
     r"StreamDiff",
@@ -51,7 +53,7 @@ _REROUTABLE_AI_PATH_PATTERNS = (
 )
 _AI_SERVICE_CANDIDATE_PATTERNS = (
     r"AiServerService",
-    r"AiService",
+    # r"AiService" intentionally omitted — see note in _AI_PATH_PATTERNS above.
     r"AgentService",
     r"ChatService",
     r"CppService",
@@ -289,6 +291,85 @@ def _inject_memory_context_items(
     return len(injected_items)
 
 
+# Pre-built Connect end-of-stream frame: flags=0x02, payload=b"{}"
+# Frame format: [flags:1][length:4 BE][payload]  →  \x02 \x00\x00\x00\x02 {}
+_EOS_FRAME = b"\x02\x00\x00\x00\x02{}"
+
+
+async def _stream_rerouted_frames(
+    url: str,
+    payload: dict[str, Any],
+    headers: dict[str, str],
+    provider: str,
+) -> AsyncGenerator[bytes, None]:
+    """POST to MTRX and yield Connect-framed protobuf text deltas as SSE events arrive.
+
+    Parses each ``data: `` line from the SSE stream, extracts the text delta
+    (Anthropic ``content_block_delta`` or OpenAI ``choices[].delta.content``),
+    wraps it in a Connect data frame (flags=0x00), and yields it immediately so
+    Cursor sees tokens arrive incrementally.
+
+    Always terminates with a Connect end-of-stream frame (flags=0x02).  Any error
+    causes a silent fallback: the generator yields only the EOS frame so Cursor
+    sees an empty stream rather than a broken connection.
+    """
+    try:
+        from matrx.cli.cursor_connect import build_connect_frame
+        from matrx.cli.cursor_proto import _PROTOS_AVAILABLE, server_chat_pb2  # type: ignore[import]
+    except Exception:
+        yield _EOS_FRAME
+        return
+
+    if not _PROTOS_AVAILABLE:
+        yield _EOS_FRAME
+        return
+
+    try:
+        async with httpx.AsyncClient(
+            timeout=httpx.Timeout(timeout=90.0, connect=5.0)
+        ) as client:
+            async with client.stream("POST", url, json=payload, headers=headers) as resp:
+                if resp.status_code >= 400:
+                    logger.info(
+                        "cursor_reroute: stream upstream returned %s", resp.status_code
+                    )
+                    yield _EOS_FRAME
+                    return
+                async for raw_line in resp.aiter_lines():
+                    if not raw_line.startswith("data: "):
+                        continue
+                    data_str = raw_line[6:].strip()
+                    if data_str == "[DONE]":
+                        break
+                    try:
+                        chunk = json.loads(data_str)
+                    except json.JSONDecodeError:
+                        continue
+
+                    text = ""
+                    if provider == "anthropic":
+                        # Mirrors extract_from_anthropic_sse_response inner loop
+                        if chunk.get("type") == "content_block_delta":
+                            delta = chunk.get("delta") or {}
+                            if delta.get("type") == "text_delta":
+                                text = delta.get("text") or ""
+                    else:
+                        # Mirrors extract_from_openai_sse_response inner loop
+                        for choice in chunk.get("choices") or []:
+                            delta = choice.get("delta") or {}
+                            text += delta.get("content") or ""
+
+                    if text:
+                        resp_msg = server_chat_pb2.StreamUnifiedChatWithToolsResponse()
+                        resp_msg.content.text = text
+                        yield build_connect_frame(0x00, resp_msg.SerializeToString())
+
+    except Exception:
+        logger.warning("cursor_reroute: streaming reroute error", exc_info=True)
+
+    yield _EOS_FRAME
+
+
 async def try_reroute_to_matrx(
     *,
     path: str,
@@ -300,13 +381,15 @@ async def try_reroute_to_matrx(
     session_id: str | None = None,
     group_id: str | None = None,
     project_id: str | None = None,
-) -> tuple[bool, dict[str, str], bytes | None, bool] | None:
+) -> tuple[bool, dict[str, str], AsyncGenerator[bytes, None] | bytes | None, bool] | None:
     """
     Attempt to reroute a Cursor AI request through MTRX.
 
     Returns:
-        (success, response_headers, response_body, is_streaming) if handled,
+        (success, response_headers, response_body_or_generator, is_streaming) if handled,
         None to fall back to normal forward.
+        response_body_or_generator is an AsyncGenerator[bytes, None] of Connect frames;
+        the proxy must iterate it using chunked transfer encoding.
     """
     classification = classify_ai_request(method, path, req_headers)
     if not classification["candidate"]:
@@ -319,8 +402,6 @@ async def try_reroute_to_matrx(
         from matrx.cli.cursor_connect import is_connect_proto_request, parse_connect_frame
         from matrx.cli.cursor_extraction import (
             _PROTOS_AVAILABLE,
-            extract_from_anthropic_sse_response,
-            extract_from_openai_sse_response,
             extract_from_request,
             parse_request_proto,
             ship_ai_telemetry,
@@ -372,52 +453,20 @@ async def try_reroute_to_matrx(
         headers["Authorization"] = f"Bearer {matrx_key}"
 
     url = f"{matrx_base_url.rstrip('/')}{upstream_path}"
-    try:
-        async with httpx.AsyncClient(timeout=httpx.Timeout(timeout=90.0, connect=5.0)) as client:
-            resp = await client.post(url, json={**payload, "stream": True}, headers=headers)
-    except Exception:
-        logger.warning("cursor_reroute: upstream request failed for %s", path, exc_info=True)
-        return None
-
-    if resp.status_code >= 400:
-        logger.info(
-            "cursor_reroute: upstream returned %s for %s; forwarding unchanged",
-            resp.status_code,
-            path,
-        )
-        return None
-
     provider = _detect_provider_from_model(str(payload.get("model", "")))
-    if provider == "anthropic":
-        frame_data = extract_from_anthropic_sse_response(resp.content)
-    else:
-        frame_data = extract_from_openai_sse_response(resp.content)
-
-    text = frame_data.get("text", "")
-    usage = frame_data.get("usage")
-    response_body = _build_cursor_response_bytes(text=text, usage=usage)
-    if response_body is None:
-        return None
-
-    response_telemetry = {
-        "session_id": extracted.get("session_id") or session_id or "",
-        "conversation_id": extracted.get("conversation_id") or "",
-        "model": extracted.get("model") or "",
-        "files": extracted.get("files", []),
-        "edits": extracted.get("edits", []),
-        "response_text": text,
-        "tool_calls": [],
-        "usage": usage,
-    }
-    asyncio.create_task(ship_ai_telemetry(response_telemetry, matrx_base_url, matrx_key))
-
+    gen = _stream_rerouted_frames(
+        url=url,
+        payload={**payload, "stream": True},
+        headers=headers,
+        provider=provider,
+    )
     return (
         True,
         {
             "content-type": req_headers.get("content-type", "application/connect+proto"),
             "connect-protocol-version": "1",
         },
-        response_body,
+        gen,
         True,
     )
 

package/src/matrx/cli/launcher.py

@@ -582,16 +582,21 @@ def _build_codex_env(
         env_b64 = base64.b64encode(json.dumps(env_snap).encode()).decode() if env_snap else ""
         session_id = str(uuid.uuid4())
         group_id, project_id = _resolve_matrx_context_overrides(state, env)
+        codex_root = ensure_root_url(matrx.get("base_url"))
+        if not group_id:
+            group_id = _auto_resolve_default_group_id(codex_root, mx_key)
         runtime_agent_id = (
             (orchestration or {}).get("agent_id")
             or _runtime_agent_basename("codex")[0]
         )
+        workspace_fp = _compute_workspace_fingerprint(_workspace_cwd(env))
         header_parts = [
             f'"Authorization" = "Bearer {provider_bearer}"',
             f'"X-Matrx-Key" = "{mx_key}"',
             f'"X-Matrx-Agent-Id" = "{runtime_agent_id}"',
             '"X-Matrx-Provider" = "codex"',
             f'"X-Matrx-Session-Id" = "{session_id}"',
+            f'"X-Matrx-Workspace" = "{workspace_fp}"',
         ]
         if group_id:
             header_parts.append(f'"X-Matrx-Group" = "{group_id}"')
@@ -655,11 +660,14 @@ def _build_gemini_env(
             env.pop(key, None)
         env.pop("MTRX_KEY", None)
         group_id, project_id = _resolve_matrx_context_overrides(state, env)
+        if not group_id:
+            group_id = _auto_resolve_default_group_id(proxy_root, mx_key)
         session_id = str(uuid.uuid4())
         runtime_agent_id = (
             (orchestration or {}).get("agent_id")
             or _runtime_agent_basename("gemini")[0]
         )
+        workspace_fp = _compute_workspace_fingerprint(_workspace_cwd(env))
         ctx_params: list[str] = []
         if project_id:
             ctx_params.append(f"mtrx_project={project_id}")
@@ -669,6 +677,7 @@ def _build_gemini_env(
             ctx_params.append(f"mtrx_session={session_id}")
         if runtime_agent_id:
             ctx_params.append(f"mtrx_agent={runtime_agent_id}")
+        ctx_params.append(f"mtrx_workspace={workspace_fp}")
         git_branch, git_commit = _capture_git_context(_workspace_cwd(env))
         git_repo_url = _capture_git_remote_url(_workspace_cwd(env))
         if git_branch:
@@ -686,6 +695,7 @@ def _build_gemini_env(
             f"x-matrx-agent-id: {runtime_agent_id}",
             "x-matrx-provider: gemini_code",
             f"x-matrx-session-id: {session_id}",
+            f"x-matrx-workspace: {workspace_fp}",
         ]
         if group_id:
             custom_headers.append(f"x-matrx-group: {group_id}")
@@ -767,6 +777,35 @@ def _build_gemini_env(
     return env, "missing_auth"
 
 
+def _compute_workspace_fingerprint(cwd: str) -> str:
+    return hashlib.sha256(cwd.encode("utf-8")).hexdigest()[:16]
+
+
+def _auto_resolve_default_group_id(base_url: str, mx_key: str) -> str:
+    """Fetch the user's groups; return the sole/default group ID if unambiguous."""
+    if not base_url or not mx_key:
+        return ""
+    try:
+        with httpx.Client(timeout=5) as client:
+            resp = client.get(
+                f"{base_url.rstrip('/')}/v1/groups",
+                headers={"X-Matrx-Key": mx_key},
+            )
+        if resp.status_code != 200:
+            return ""
+        groups = resp.json().get("groups", [])
+        if not groups:
+            return ""
+        if len(groups) == 1:
+            return str(groups[0].get("id", ""))
+        for g in groups:
+            if g.get("is_default"):
+                return str(g.get("id", ""))
+        return ""
+    except (httpx.HTTPError, Exception):
+        return ""
+
+
 def _build_claude_env(
     state: dict,
     route: str,
@@ -793,12 +832,14 @@ def _build_claude_env(
         env["ANTHROPIC_BASE_URL"] = proxy_root
         env.pop("ANTHROPIC_API_KEY", None)
         group_id, project_id = _resolve_matrx_context_overrides(state, env)
+        if not group_id:
+            group_id = _auto_resolve_default_group_id(proxy_root, mx_key)
         session_id = str(uuid.uuid4())
         runtime_agent_id = (
             (orchestration or {}).get("agent_id")
             or _runtime_agent_basename("claude")[0]
         )
-        # Evolutionary scaffolding: env snapshot for AI context injection
+        workspace_fp = _compute_workspace_fingerprint(_workspace_cwd(env))
         env_snap = _capture_env_snapshot()
         env_b64 = base64.b64encode(json.dumps(env_snap).encode()).decode() if env_snap else ""
         custom_headers = "\n".join(
@@ -809,6 +850,7 @@ def _build_claude_env(
                 f"x-matrx-session-id: {session_id}",
             ]
         )
+        custom_headers += f"\nx-matrx-workspace: {workspace_fp}"
         if group_id:
             custom_headers += f"\nx-matrx-group: {group_id}"
         if project_id:

package/src/matrx/cli/state.py

@@ -173,6 +173,10 @@ def normalize_matrx_key(value: str | None) -> str:
     return cleaned
 
 
+def _normalize_binding_value(value: str | None) -> str:
+    return (value or "").strip()
+
+
 def ensure_v1_url(base_url: str | None) -> str:
     cleaned = _normalize_base_url(base_url).rstrip("/")
     if cleaned.endswith("/v1"):
@@ -320,6 +324,12 @@ def _normalize_state(state: dict) -> None:
             binding["matrx_key"] = matrx_key
         else:
             binding.pop("matrx_key", None)
+        for field in ("project_id", "group_id"):
+            cleaned = _normalize_binding_value(binding.get(field))
+            if cleaned:
+                binding[field] = cleaned
+            else:
+                binding.pop(field, None)
 
 
 def _normalize_base_url(base_url: str | None) -> str: