-
Notifications
You must be signed in to change notification settings - Fork 2
feat(agent): Cursor provider authentication — Agent Adapter Architecture step 1 #56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -23,6 +23,24 @@ If none is found, the agent reports an `auth-required` state. Sign in to Claude | |
| as usual, then use "retry auth" so Limboo re-probes. Questions about provider | ||
| pricing or model behavior belong with the agent / provider, not Limboo. | ||
|
|
||
| ### Connecting Cursor (preview) | ||
|
|
||
| Settings › Agent › Providers has a **Cursor** card. Running Cursor agents arrives | ||
| in a later update — connecting your account now just gets it ready. Two paths: | ||
|
|
||
| - **Sign in** — Limboo runs `cursor-agent login`; the CLI authenticates in your | ||
| browser and keeps its own credentials (Limboo never reads or copies them). | ||
| Enable **Manual browser login** on remote/headless machines: the login URL is | ||
| printed instead, with Copy URL / Open Browser actions. | ||
| - **API key** — paste a key from the Cursor Dashboard. It is encrypted with the | ||
| OS keychain (Electron `safeStorage`), stored outside the settings file, never | ||
| shown again, and injected only into Cursor child processes as `CURSOR_API_KEY`. | ||
| A `CURSOR_API_KEY` already present in your environment is detected and wins. | ||
|
|
||
| The card classifies the state locally (no network): Not installed → Sign in | ||
| required → Connected (via CLI login or API key). **Refresh** re-probes after you | ||
| install the CLI or sign in elsewhere. | ||
|
Comment on lines
+26
to
+42
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win Scope the "never stores credentials" claim. This new Cursor section makes the page's earlier blanket statement inaccurate as written, because Cursor API keys are now persisted encrypted in SecretStore. Narrow the wording to Anthropic sign-in only, or explicitly call out Cursor as the exception. 🤖 Prompt for AI Agents |
||
|
|
||
| ## Plan vs implement | ||
|
|
||
| - **Plan mode** — the agent produces a review-first plan and stops. You approve, | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Clarify the API-key transport wording.
The new Cursor section says the API key is "never IPC'd", but
cursor.setApiKey()still has to cross the renderer→main boundary once to persist it. Rephrase this to say the key is never echoed back, logged, or placed on argv after that initial setter call.🤖 Prompt for AI Agents