From 82d435831f58a50dafcf7992e826d8c2edee4b40 Mon Sep 17 00:00:00 2001
From: spawn-bot <spawn-bot@openrouter.ai>
Date: Mon, 30 Mar 2026 04:02:50 +0000
Subject: [PATCH] fix(cursor): set CURSOR_API_KEY to skip browser login

Cursor CLI requires authentication before making API calls. Without
CURSOR_API_KEY set, it falls back to browser-based OAuth which fails
because the proxy spoofs api2.cursor.sh to localhost, breaking the
OAuth callback. Setting a dummy CURSOR_API_KEY makes Cursor use the
/auth/exchange_user_api_key endpoint instead, which the proxy already
handles with a fake JWT.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 packages/cli/src/shared/agent-setup.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/cli/src/shared/agent-setup.ts b/packages/cli/src/shared/agent-setup.ts
index fff4406b3..1d0f86a6c 100644
--- a/packages/cli/src/shared/agent-setup.ts
+++ b/packages/cli/src/shared/agent-setup.ts
@@ -1128,6 +1128,7 @@ function createAgents(runner: CloudRunner): Record<string, AgentConfig> {
         ),
       envVars: (apiKey) => [
         `OPENROUTER_API_KEY=${apiKey}`,
+        "CURSOR_API_KEY=spawn-proxy",
       ],
       configure: () => setupCursorProxy(runner),
       preLaunch: () => startCursorProxy(runner),