fix: improve Cursor CLI implementation with type safety and security fixes

- Add getCliPath() public method to CursorProvider to avoid private field access - Add path validation to cursor-config routes to prevent traversal attacks - Add supportsVision field to CursorModelConfig (all false - CLI limitation) - Consolidate duplicate types in providers/types.ts (re-export from @automaker/types) - Add MCP servers warning log instead of error (not yet supported by Cursor CLI) - Fix debug log type safety (replace 'as any' with proper type narrowing) - Update docs to remove non-existent tier field, add supportsVision field - Remove outdated TODO comment in sdk-options.ts 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 08:13:37 +00:00 · 2026-01-03 03:35:33 +01:00
parent ec6d36bda5
commit 88aba360e3
7 changed files with 104 additions and 93 deletions
--- a/apps/server/src/providers/cursor-provider.ts
+++ b/apps/server/src/providers/cursor-provider.ts
@@ -614,6 +614,16 @@ export class CursorProvider extends CliProvider {
      );
    }

+    // MCP servers are not yet supported by Cursor CLI - log warning but continue
+    if (options.mcpServers && Object.keys(options.mcpServers).length > 0) {
+      const serverCount = Object.keys(options.mcpServers).length;
+      logger.warn(
+        `MCP servers configured (${serverCount}) but not yet supported by Cursor CLI in AutoMaker. ` +
+          `MCP support for Cursor will be added in a future release. ` +
+          `The configured MCP servers will be ignored for this execution.`
+      );
+    }
+
    // Extract prompt text to pass via stdin (avoids shell escaping issues)
    const promptText = this.extractPromptText(options);

@@ -643,7 +653,8 @@ export class CursorProvider extends CliProvider {

        // Log raw event for debugging
        if (debugRawEvents) {
-          logger.info(`[RAW EVENT] type=${event.type} subtype=${(event as any).subtype || 'none'}`);
+          const subtype = 'subtype' in event ? (event.subtype as string) : 'none';
+          logger.info(`[RAW EVENT] type=${event.type} subtype=${subtype}`);
          if (event.type === 'tool_call') {
            const toolEvent = event as CursorToolCallEvent;
            const tc = toolEvent.tool_call;
@@ -949,6 +960,14 @@ export class CursorProvider extends CliProvider {
    };
  }

+  /**
+   * Get the detected CLI path (public accessor for status endpoints)
+   */
+  getCliPath(): string | null {
+    this.ensureCliDetected();
+    return this.cliPath;
+  }
+
  /**
   * Get available Cursor models
   */
@@ -960,7 +979,7 @@ export class CursorProvider extends CliProvider {
      provider: 'cursor',
      description: config.description,
      supportsTools: true,
-      supportsVision: false,
+      supportsVision: config.supportsVision,
    }));
  }

--- a/apps/server/src/providers/types.ts
+++ b/apps/server/src/providers/types.ts
@@ -2,6 +2,7 @@
 * Shared types for AI model providers
 *
 * Re-exports types from @automaker/types for consistency across the codebase.
+ * All provider types are defined in @automaker/types to avoid duplication.
 */

 // Re-export all provider types from @automaker/types
@@ -13,80 +14,9 @@ export type {
  McpStdioServerConfig,
  McpSSEServerConfig,
  McpHttpServerConfig,
+  ContentBlock,
+  ProviderMessage,
+  InstallationStatus,
+  ValidationResult,
+  ModelDefinition,
 } from '@automaker/types';
-
-/**
- * Content block in a provider message (matches Claude SDK format)
- */
-export interface ContentBlock {
-  type: 'text' | 'tool_use' | 'thinking' | 'tool_result';
-  text?: string;
-  thinking?: string;
-  name?: string;
-  input?: unknown;
-  tool_use_id?: string;
-  content?: string;
-}
-
-/**
- * Message returned by a provider (matches Claude SDK streaming format)
- */
-export interface ProviderMessage {
-  type: 'assistant' | 'user' | 'error' | 'result';
-  subtype?: 'success' | 'error';
-  session_id?: string;
-  message?: {
-    role: 'user' | 'assistant';
-    content: ContentBlock[];
-  };
-  result?: string;
-  error?: string;
-  parent_tool_use_id?: string | null;
-}
-
-/**
- * Installation status for a provider
- */
-export interface InstallationStatus {
-  installed: boolean;
-  path?: string;
-  version?: string;
-  /**
-   * How the provider was installed/detected
-   * - cli: Direct CLI binary
-   * - wsl: CLI accessed via Windows Subsystem for Linux
-   * - npm: Installed via npm
-   * - brew: Installed via Homebrew
-   * - sdk: Using SDK library
-   */
-  method?: 'cli' | 'wsl' | 'npm' | 'brew' | 'sdk';
-  hasApiKey?: boolean;
-  authenticated?: boolean;
-  error?: string;
-}
-
-/**
- * Validation result
- */
-export interface ValidationResult {
-  valid: boolean;
-  errors: string[];
-  warnings?: string[];
-}
-
-/**
- * Model definition
- */
-export interface ModelDefinition {
-  id: string;
-  name: string;
-  modelString: string;
-  provider: string;
-  description: string;
-  contextWindow?: number;
-  maxOutputTokens?: number;
-  supportsVision?: boolean;
-  supportsTools?: boolean;
-  tier?: 'basic' | 'standard' | 'premium';
-  default?: boolean;
-}