Skip to content

chore: refresh deps and fix cursor auto routing#7

Open
Leventionz wants to merge 2 commits into
andeya:mainfrom
Leventionz:codex/refresh-cursor-brain-deps
Open

chore: refresh deps and fix cursor auto routing#7
Leventionz wants to merge 2 commits into
andeya:mainfrom
Leventionz:codex/refresh-cursor-brain-deps

Conversation

@Leventionz

@Leventionz Leventionz commented Apr 24, 2026
edited
Loading

Copy link
Copy Markdown

Summary

  • Add npm overrides for vulnerable transitive dependencies pulled through the MCP SDK/runtime stack:
    • @hono/node-server -> 1.19.13
    • hono -> 4.12.15
    • path-to-regexp -> 8.4.2
  • Refresh package-lock.json so installs resolve to the fixed dependency graph.
  • Align the lockfile root package version with package.json at 1.5.4.
  • Fix Cursor Auto routing: explicit model: "auto" should be passed through to cursor-agent --model auto, not treated as an omitted model. Omitting it causes Cursor Agent to use the account's current/default model, which may be quota-limited and can incorrectly tell users to switch to Auto.

Why

While reviewing this plugin for a Docker-based OpenClaw deployment, OSV/npm audit flagged the existing lockfile dependency graph. Separately, runtime testing showed that OpenClaw's cursor-local/auto fallback was not actually invoking Cursor Agent's Auto model because the proxy stripped auto before spawning the agent.

@Leventionz Leventionz changed the title chore: refresh vulnerable transitive dependencies chore: refresh deps and fix cursor auto routing Apr 24, 2026
@SuiYixuan SuiYixuan mentioned this pull request May 1, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Leventionz