v0.3.0

What's new in v0.3.0

Cursor cloud sync — contributed by @octavi42 in #2. Thank you!

Cursor cloud sync

Track your real Cursor usage — accurate models, token counts, and costs — straight from Cursor's official dashboard API, instead of local heuristics.

• tokenleader login-cursor --auto (macOS) reads your signed-in Cursor IDE session automatically, verifies your account, and stores credentials for token refresh. No copy-pasting.
• Manual fallback on any platform: tokenleader login-cursor <token>, or tokenleader login-cursor - to read the token from stdin so it stays out of your shell history (pbpaste | tokenleader login-cursor -).
• Official usage is ingested as a new cursor source with real model names, tokens, and per-event cost.
• Automatic background backfill — once a token is saved, the daemon pulls your full dashboard history in bounded chunks across ticks (never blocking a tick), then settles into a cheap incremental window. tokenleader sync-cursor does the same full backfill immediately in the foreground.
• Local-Cursor fallback (cursor_local, parsed from state.vscdb) when cloud sync is unavailable; the server reconciles the two so the same usage is never double-counted.

Operator note

Server and daemon ship together — the server must accept source: "cursor" before daemons send it. The production server has already been updated for this release.

Hardening (from review)

Bounded/resumable pagination so no events are dropped at the page cap; window-pinned resume; corrupt-credential tolerance; request timeouts that survive a caller-supplied abort signal; redirect-safe credential requests; a per-event cost ceiling; and an isolated e2e harness.

Full diff: v0.2.2...v0.3.0