Skip to content

Add Cursor provider support#59

Merged
prakersh merged 4 commits intoonllm-dev:mainfrom
LeslieLeung:feature/cursor
Apr 18, 2026
Merged

Add Cursor provider support#59
prakersh merged 4 commits intoonllm-dev:mainfrom
LeslieLeung:feature/cursor

Conversation

@LeslieLeung
Copy link
Copy Markdown
Contributor

@LeslieLeung LeslieLeung commented Apr 11, 2026

No description provided.

@LeslieLeung
Add Cursor provider support
f1217c0
@LeslieLeung
Merge branch 'main' into feature/cursor
eb350ad 
Made-with: Cursor

# Conflicts:
#	internal/config/config.go
@prakersh prakersh self-requested a review April 13, 2026 18:08
prakersh
prakersh reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@prakersh prakersh left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: Add Cursor Provider Support

Solid provider implementation - follows the established pattern well and has good test coverage across all layers. A few things to address before merge:

Blocking

ParseIntString overflows on 32-bit (cursor_types.go)
Returns int (32-bit on 32-bit systems). Billing timestamps like "1768399334000" exceed int32 max. Fix: return int64 or use strconv.ParseInt.

Duplicate account type detection (cursor_client.go + cursor_types.go)
FetchQuotas and ToCursorSnapshot both detect account type independently. FetchQuotas then overwrites what ToCursorSnapshot set, but has extra logic (request-based -> enterprise promotion) the other doesn't. Pick one place to own this.

cursorTestMode data race (cursor_token.go)
Package-level bool read by production code and written by tests without synchronization. Will fail under -race. Use atomic.Bool.

Should fix

  • Platform file duplication - cursor_token_unix.go and cursor_token_windows.go duplicate readCursorStateValue, buildCursorAuthState nearly verbatim. Extract shared logic to cursor_token.go.

  • macOS path hardcoded in !windows build - getCursorStateDBPath returns ~/Library/Application Support/Cursor/... on Linux too. Should check runtime.GOOS == "darwin" and use ~/.config/Cursor/... on Linux.

  • Unbounded io.ReadAll in RefreshCursorToken - every other HTTP read in this file uses io.LimitReader. Be consistent.

  • No menubar integration - other providers are wired into menubar.go. Cursor quotas won't appear in the macOS status bar.

  • insightStat struct change - adding Key/Metric/Severity/Desc to the shared struct works (fields are omitempty), but consider whether Cursor-specific enrichment deserves its own type.

Nits

  • Missing newline at EOF in CURSOR_SETUP.md
  • Whitespace-only changes in unrelated code (codexProfileSave, stripProviderSecrets) - adds git blame noise
  • cursorAuthToCredentials appears unused outside tests - possible dead code
  • goto processSnapshot matches existing pattern in anthropic_agent.go but remains hard to follow

What's good

  • Clean pattern compliance across all 6 layers
  • Thorough tests at every level (types, client, token detection, store, tracker, agent, handlers)
  • Token redaction, parameterized SQL, LimitReader on most reads
  • Three account types (Individual/Team/Enterprise) with appropriate quota formats
  • Auto-detection from SQLite + Keychain/keyring with refresh token rotation
  • Full dashboard wiring: charts, burn rate forecasts, cycle tracking, logging history

Nice work overall - the blocking issues are small fixes.

@codecov
Copy link
Copy Markdown

codecov bot commented Apr 13, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 52.10256% with 934 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
internal/web/cursor_handlers.go 48.47% 171 Missing and 15 partials ⚠️
internal/store/cursor_store.go 54.82% 134 Missing and 25 partials ⚠️
internal/api/cursor_client.go 53.40% 103 Missing and 20 partials ⚠️
internal/api/cursor_token_unix.go 19.84% 91 Missing and 14 partials ⚠️
internal/agent/cursor_agent.go 31.91% 86 Missing and 10 partials ⚠️
internal/api/cursor_token.go 26.12% 80 Missing and 2 partials ⚠️
internal/tracker/cursor_tracker.go 56.77% 48 Missing and 19 partials ⚠️
internal/api/cursor_types.go 82.35% 32 Missing and 13 partials ⚠️
main.go 13.51% 23 Missing and 9 partials ⚠️
internal/web/handlers.go 65.93% 24 Missing and 7 partials ⚠️
... and 1 more

📢 Thoughts on this report? Let us know!

prakersh
prakersh reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@prakersh prakersh left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: Add Cursor Provider Support

Solid provider implementation - follows the established pattern well and has good test coverage across all layers. A few things to address before merge:

Blocking

ParseIntString overflows on 32-bit (cursor_types.go)
Returns int (32-bit on 32-bit systems). Billing timestamps like "1768399334000" exceed int32 max. Fix: return int64 or use strconv.ParseInt.

Duplicate account type detection (cursor_client.go + cursor_types.go)
FetchQuotas and ToCursorSnapshot both detect account type independently. FetchQuotas then overwrites what ToCursorSnapshot set, but has extra logic (request-based -> enterprise promotion) the other doesn't. Pick one place to own this.

cursorTestMode data race (cursor_token.go)
Package-level bool read by production code and written by tests without synchronization. Will fail under -race. Use atomic.Bool.

Should fix

  • Platform file duplication - cursor_token_unix.go and cursor_token_windows.go duplicate readCursorStateValue, buildCursorAuthState nearly verbatim. Extract shared logic to cursor_token.go.

  • macOS path hardcoded in !windows build - getCursorStateDBPath returns ~/Library/Application Support/Cursor/... on Linux too. Should check runtime.GOOS == "darwin" and use ~/.config/Cursor/... on Linux.

  • Unbounded io.ReadAll in RefreshCursorToken - every other HTTP read in this file uses io.LimitReader. Be consistent.

  • No menubar integration - other providers are wired into menubar.go. Cursor quotas won't appear in the macOS status bar.

  • insightStat struct change - adding Key/Metric/Severity/Desc to the shared struct works (fields are omitempty), but consider whether Cursor-specific enrichment deserves its own type.

Nits

  • Missing newline at EOF in CURSOR_SETUP.md
  • Whitespace-only changes in unrelated code (codexProfileSave, stripProviderSecrets) - adds git blame noise
  • cursorAuthToCredentials appears unused outside tests - possible dead code
  • goto processSnapshot matches existing pattern in anthropic_agent.go but remains hard to follow

What's good

  • Clean pattern compliance across all 6 layers
  • Thorough tests at every level (types, client, token detection, store, tracker, agent, handlers)
  • Token redaction, parameterized SQL, LimitReader on most reads
  • Three account types (Individual/Team/Enterprise) with appropriate quota formats
  • Auto-detection from SQLite + Keychain/keyring with refresh token rotation
  • Full dashboard wiring: charts, burn rate forecasts, cycle tracking, logging history

Nice work overall - the blocking issues are small fixes.

@LeslieLeung
Implement error handling for token saving in CursorAgent and add corr…
3231cd6 
…esponding test case

- Updated `applyRefreshedCredentials` method to return false on save failure.
- Added a new test `TestCursorAgent_ApplyRefreshedCredentials_FailsWhenSaveFails` to verify behavior when token saving fails.
- Refactored `FetchQuotas` to streamline account type determination and removed unused code.
- Enhanced `ToCursorSnapshot` to include request-based usage logic.
- Updated various tests to accommodate changes in function signatures and behavior.
@prakersh
Copy link
Copy Markdown
Contributor

prakersh commented Apr 17, 2026
edited
Loading

Hi @LeslieLeung - thanks for the quick turnaround on 3231cd6. Verified that all blocking and should-fix items from the earlier review are addressed:

  • ParseIntStringint64
  • cursorTestModeatomic.Bool
  • Account-type detection consolidated in ToCursorSnapshot
  • Platform token files deduplicated
  • Linux state DB path handled via cursorStateDBPathForOS
  • RefreshCursorToken using io.LimitReader consistently
  • Menubar integration wired up with tests

Looks good to me - happy to approve. One thing before we merge: the branch is currently behind main by 6 commits and showing conflicts. Could you rebase/merge main in and resolve them? Once that's clean, we're good to go.

prakersh
prakersh approved these changes Apr 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@prakersh prakersh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed all blocking/should-fix items addressed. Security review clean - no new vulnerabilities introduced. LGTM.

@prakersh prakersh merged commit a8be5cb into onllm-dev:main Apr 18, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prakersh prakersh prakersh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LeslieLeung @prakersh