feat(linux): support Cursor provider via app auth token#1908
Conversation
|
Codex review: needs maintainer review before merge. Reviewed July 5, 2026, 5:34 AM ET / 09:34 UTC. Summary Reproducibility: not applicable. for the feature request itself. For the prior review findings, source inspection shows Cursor Review metrics: 2 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Maintainer decision needed
Security Review detailsBest possible solution: Land the PR after current-head checks finish and maintainers accept the Linux Cursor app-token auth boundary, preserving macOS browser/WebKit behavior and the documented auth precedence. Do we have a high-confidence way to reproduce the issue? Not applicable for the feature request itself. For the prior review findings, source inspection shows Cursor Is this the best way to solve the issue? Yes, pending maintainer acceptance of the auth boundary. The patch reuses the existing Cursor web strategy, keeps macOS browser/WebKit behavior gated, and adds Linux app auth as a fallback with focused coverage. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 9f1a96c3a77b. Label changesLabel changes:
Label justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
Review history (6 earlier review cycles)
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: aa1a10df5c
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| ProviderDefaults.metadata[.cursor]?.browserCookieOrder ?? Browser.defaultImportOrder | ||
| #endif | ||
|
|
||
| #if os(macOS) |
There was a problem hiding this comment.
Keep CursorCookieImporter types available on Linux
When this file is compiled on Linux, the new outer #if os(macOS) || os(Linux) includes CursorStatusProbe, but this added macOS-only guard removes CursorCookieImporter; the unguarded helper signatures below still reference CursorCookieImporter.SessionInfo (scanBrowsers, scanImportedSessions, and fetchIfSessionAccepted), so the Linux CLI target cannot compile. Either provide a Linux-compatible SessionInfo/stub or wrap those helpers in the same macOS-only condition.
Useful? React with 👍 / 👎.
|
Thanks for the review — pushed fixes in 447df44:
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
447df44 to
f968dd9
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f968dd93a7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if provider == .cursor, | ||
| settings?.cursor?.cookieSource != .off | ||
| { | ||
| // Linux uses Cursor app auth and manual cookies; browser import remains macOS-only. | ||
| return false |
There was a problem hiding this comment.
Add Cursor web source before unblocking Linux web mode
For Linux Cursor manual-cookie runs with --source web or source: "web", this exception now skips the macOS-only web-support error, but CursorProviderDescriptor still declares only .auto and .cli (Sources/CodexBarCore/Providers/Cursor/CursorProviderDescriptor.swift:36) and CLIHelpers.fetchProviderUsage rejects unsupported source modes before the strategy runs (Sources/CodexBarCLI/CLIHelpers.swift:191). The result is still Source 'web' is not supported for cursor instead of using the configured manual cookie; either add .web to Cursor's source modes or limit this Linux exception to modes the descriptor actually accepts.
Useful? React with 👍 / 👎.
Enable the Cursor usage provider on Linux by reading the signed-in Cursor app's access token from the XDG config state database and reusing the existing cursor.com usage endpoints. - Resolve Linux state.vscdb path via XDG_CONFIG_HOME - Skip macOS-only browser cookie import on Linux - Allow Linux CLI web-source routing for Cursor - Document Linux auth path and manual cookie support
- Gate macOS-only browser session helpers behind os(macOS) - Use an empty browser import order on non-macOS Linux builds - Move Linux Cursor coverage into TestsLinux
f968dd9 to
bdc9ae9
Compare
|
@clawsweeper re-review Maintainer repair pushed at |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
Landed as 7807679 after maintainer repair and exact-head validation. The final change aligns Cursor's explicit web-source contract, adds Linux regression coverage, and preserves the existing macOS browser/WebKit behavior and credential order. Proof: Linux ARM64 focused suite 7/7; macOS Cursor 38/38 and CLI entry 23/23; all 47 local shards; Thank you @DonnieFi! |
Summary
Adds Linux Cursor usage support by reading the signed-in Cursor app token from its XDG state database and reusing the existing
cursor.comusage endpoints. macOS browser-cookie import and WebKit login behavior remain unchanged.Maintainer improvements
mainCSQLite3support for direct state-database readsXDG_CONFIG_HOMEvalues; otherwise use the standard~/.configfallback.web, not.auto.webas an explicit Cursor source so the CLI can reach the supported manual-cookie pathBehavior
Linux Cursor auth order remains explicit and fail-safe:
Automatic browser-cookie import on Linux remains out of scope.
Proof
make check: cleanExact reviewed head:
bdc9ae94a68dd35df7f2302ea5f65b70c93fc9d6Thanks @DonnieFi for the contribution.