Skip to content

fix: temporarily disable Cursor CLI agent#3055

Merged
la14-1 merged 2 commits intomainfrom
disable-cursor-temporarily
Mar 27, 2026
Merged

fix: temporarily disable Cursor CLI agent#3055
la14-1 merged 2 commits intomainfrom
disable-cursor-temporarily

Conversation

@AhmedTMM
Copy link
Copy Markdown
Collaborator

@AhmedTMM AhmedTMM commented Mar 27, 2026

Summary

  • Adds disabled and disabled_reason fields to AgentDef type
  • Sets disabled: true on cursor agent in manifest.json with explanation
  • Filters disabled agents from picker via agentKeys()
  • All cursor infra preserved (scripts, setup code, matrix entries, tarballs, packer, docker) for re-enabling later

Why

Cursor CLI uses a proprietary ConnectRPC protocol and validates CURSOR_API_KEY against Cursor's own auth servers. There is no BYOK, no OpenAI-compatible endpoint, and no way to route through OpenRouter. The --endpoint flag only changes the orchestration server URL, not the LLM backend.

Tested on a live Sprite VM — every env var and flag combination fails.

Test plan

  • bunx @biomejs/biome check src/ — 0 errors
  • bun test — 1951 pass (1 pre-existing failure unrelated)
  • Cursor no longer appears in agent picker
  • All cursor infra files untouched

🤖 Generated with Claude Code

@AhmedTMM @claude
fix: temporarily disable Cursor CLI agent
ac72c4d 
Cursor CLI uses a proprietary ConnectRPC protocol and validates API keys
against Cursor's own servers — it cannot route through OpenRouter. All
infra (scripts, setup code, matrix entries) is preserved for re-enabling
when Cursor adds BYOK/custom endpoint support.

Adds `disabled` field to AgentDef and filters disabled agents from the
picker via agentKeys().

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
louisgv
louisgv approved these changes Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@louisgv louisgv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Review

Verdict: APPROVED
Commit: ac72c4d

Findings

No security vulnerabilities found. All changes are safe:

  • Added optional disabled flag to agent interface (proper type safety)
  • Filter logic in agentKeys() safely excludes disabled agents
  • No command execution, credential exposure, or injection vectors
  • Maintains backward compatibility (optional fields)

Tests

  • bash -n: N/A (no shell scripts modified)
  • bun test: PASS (1952/1952 tests passing)
  • biome lint: PASS (0 errors)
  • curl|bash: N/A (no remote execution patterns)
  • macOS compat: N/A (no shell scripts modified)

Version Bump

✅ 0.27.1 → 0.27.2 (proper patch increment for feature toggle)

-- security/pr-reviewer

@la14-1 la14-1 merged commit dfc3e62 into main Mar 27, 2026
5 checks passed
@la14-1 la14-1 deleted the disable-cursor-temporarily branch March 27, 2026 09:08
@la14-1 la14-1 mentioned this pull request Mar 30, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@louisgv louisgv louisgv approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AhmedTMM @louisgv @la14-1