Releases: nedcodes-ok/cursor-doctor
v1.7.7 — Smarter Lint Rules
Lint accuracy improvements (tested against real-world repos):
Reduced false positives:
- Vague rule detection is now context-aware: qualified phrases like 'be consistent with WordPress conventions' are no longer flagged
- Fixed false positives on empty description values and description-in-body check
New checks:
- Dead rule detection: Rules with
alwaysApply: falseand empty/missing globs now flagged as ERROR ('Rule will never load') - Empty frontmatter values: Catches
description:andglobs:with no value (common copy-paste mistake)
All 80 tests passing.
v1.7.6 — Windows + UX
Windows compatibility:
- Normalize CRLF line endings across all source files (was breaking line counting on Windows)
Edge cases:
- Detect and skip binary files in .cursor/rules/ with clear warning
- Exit code 2 for system/internal errors (1 = lint issues, 0 = clean)
UX:
- Added 6 missing commands to --help: doctor, order, diff, init, generate, verify
- Invalid --days values now show a warning instead of silently defaulting
v1.7.5
Fix plugin.js walkFiles: add node_modules exclusion and depth limit (5) to prevent unbounded directory scanning
v1.7.4 — Security Hardening
Security release — 7 vulnerabilities fixed
Critical:
- Sanitize numeric CLI parameters to prevent command injection via shell interpolation
- Block SSRF: validate URLs and reject private IPs/localhost in team baseline fetches
High:
- Path traversal protection on all rule file write operations (generate + team import)
- ReDoS mitigation: skip oversized lines in conflict directive extraction
Medium:
- Skip symlinks during file traversal to prevent arbitrary file reads
- Detect dangerous command patterns in MCP server configurations
v1.7.3
Bug fix release — 5 bugs fixed from audit pass 4
Critical:
- Rewrite LSP server to properly read multi-line JSON-RPC messages using Content-Length byte counting (was reading only first line)
Medium:
- Fix .cursorrules sort priority — now correctly sorts last within always tier (was incorrectly first)
- Fix prototype pollution risk in conflict deduplication (use Object.create(null))
- Fix prototype pollution risk in heading duplicate detection (2 locations)
Low:
- Clean up regex property access spacing
v1.7.2
Bug fix release — 10 bugs fixed from deep audit pass 3
Fixes:
- Fix execSync deadlock on large repos (add 10MB maxBuffer) in performance tracking
- Fix division by zero in overlap ratio calculation
- Add try-catch guards around lint modules to prevent cascading failures
- Add 15s request timeout to URL fetches in team-sync and generate
- Fix false positive conflict detection on short subjects
- Fix version parser to handle prerelease tags
- Improve token estimation accuracy with 10% metadata overhead factor
v1.7.0 — Critical Bug Fixes
14 bugs fixed from deep audit. See commit for full details.
Critical: YAML array globs now parsed correctly, ReDoS vulnerability fixed, alwaysApply logic fixed.
High: --json output works for check/lint/stats.
Medium: mcp.json allowlisted, agent files no longer need frontmatter, paywall exits correctly.
Low: TTY color detection, dead code cleanup, updated paywall message.
v1.6.0 — CLAUDE.md/AGENTS.md + MCP Validation
Phase 4: Selective Platform Expansion
New Free Commands
cursor-doctor agents — Validate CLAUDE.md, AGENTS.md, and .cursor/agents/
- Structure validation, anti-pattern detection, missing sections
- Duplicate heading detection, file size warnings
cursor-doctor mcp — Validate MCP config files
- JSON syntax validation, required field checks, type consistency
- Hardcoded secret detection (catches API keys in config files)
- Placeholder value warnings, hook conflict checks
Health Scan Integration
Both checks integrated into cursor-doctor scan with dynamic scoring.
npx cursor-doctor@1.6.0v1.5.0: Rule Performance Tracking, Rule Testing, Team Sync
Phase 3: New Capabilities
Rule Performance Tracking (npx cursor-doctor perf) — PRO
Answers the question every Cursor user has: are my rules actually doing anything?
- Analyzes git history to determine which rules fire
- Shows active, always-on, low activity, and dead rules
- Calculates wasted tokens on dead rules
- Suggests removing rules with zero file matches
- Supports VS Code extension activity data for richer metrics
Rule Testing (npx cursor-doctor test) — PRO
Give it a rule + code. It checks whether an AI model follows the rule.
- A/B comparison: run with rule vs without, shows the diff
- Adherence scoring (0-100) with violation and improvement lists
- Supports Gemini (free tier), OpenAI, Anthropic
- Single rule or batch test all rules against a code file
# Test one rule
GEMINI_API_KEY=... npx cursor-doctor test error-handling.mdc src/api.ts
# Test all rules
GEMINI_API_KEY=... npx cursor-doctor test src/api.tsTeam Sync (npx cursor-doctor team) — PRO
Share rules across teams. Detect when someone's gone rogue.
team export— Portable JSON config of all rulesteam import <file-or-url>— Import with --overwrite, --dry-runteam baseline <source>— Set team standard (file or URL)team drift— Shows added (personal overrides), modified, deleted rules vs baseline
Install
npx cursor-doctor perf
npx cursor-doctor test <code-file>
npx cursor-doctor team export --out=team-rules.json
npx cursor-doctor team driftv1.4.0: Smart Token Budget + Cross-Format Conflict Detection
Phase 2: Deepen the Moat
Smart Token Budget (npx cursor-doctor budget)
FREE:
- Context window usage visualization (% of 120K context window)
- Always-loaded vs conditional token split
- Top 5 rules ranked by token cost
PRO (--pro):
- Per-file-type breakdown
- Per-rule cost ranking (full list)
- Waste detection with suggested globs and savings estimates
- Historical tracking with trend analysis
Cross-Format Conflict Detection (npx cursor-doctor conflicts) — PRO
Detects contradictory instructions across .cursor/rules/, CLAUDE.md, AGENTS.md, .cursorrules, .cursor/agents/, and hooks.json.
Enhanced Existing Commands
- scan: Token budget now shows context window percentage
- audit: Includes file-type breakdown, waste detection, cross-format conflicts
Install
npx cursor-doctor budget
npx cursor-doctor budget --pro
npx cursor-doctor conflicts