feat(stats): scan every Cursor store (Nightly GUI + CLI agent) and deslop the engine

Broaden which local agent history `stats` reads, and refine the engine.

Coverage:
- Cursor GUI: scan both the stable and Nightly builds' composer databases
  (was stable-only — a Nightly-only user got zero GUI sessions), and read a
  live, editor-locked database via SQLite's immutable mode instead of letting
  the lock crash the run.
- Cursor CLI agent: new source for the per-session content-addressed stores
  under ~/.cursor and ~/.cursor-nightly — decode the hex meta row, parse the
  binary message manifest, and map Write/ApplyPatch/StrReplace/Delete tool
  calls to edits, capturing Read results as reconstruction bases.
- Codex (~/.codex) was already covered; verified.

Engine deslop (behavior-preserving):
- consolidate the zip-slip path-inside guard into one audited core util
  (@react-doctor/core isPathInside), and share the node:sqlite read-only open
  and the empty-string-preserving string narrow (coerce asNullableString)
  instead of hand-rolling copies
- drop dead code (write-only session timestamps, an unused export, an
  unreachable branch), replace forbidden nested ternaries with if/else and a
  lookup table, collapse a redundant variable and a pass-through wrapper
- guard every SQLite close so a locked/unreadable store degrades to "skip"
  rather than sinking the whole stats run

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: rayhanadev

.changeset/stats-agent-leaderboard.md

@@ -4,11 +4,11 @@
 
 Add a `react-doctor stats` subcommand — a per-model code-quality leaderboard built from local AI agent chat history.
 
-`stats` reads local agent history — Claude Code (`~/.claude`) and Codex (`~/.codex`) transcripts, plus the Cursor composer database — reconstructs the file content each model actually wrote (Claude post-edit snapshots, Cursor full post-edit file snapshots, Codex `apply_patch` envelopes), lints that content with the existing engine, and ranks models and providers by their React Doctor score and diagnostics-per-file. The job: answer "which agent/model writes the cleanest React code in my repo".
+`stats` reads local agent history — Claude Code (`~/.claude`) and Codex (`~/.codex`) transcripts, plus Cursor's GUI composer databases and CLI agent stores (`~/.cursor`, `~/.cursor-nightly`) — reconstructs the file content each model actually wrote (Claude post-edit snapshots, Cursor full post-edit file snapshots, Codex `apply_patch` envelopes), lints that content with the existing engine, and ranks models and providers by their React Doctor score and diagnostics-per-file. The job: answer "which agent/model writes the cleanest React code in my repo".
 
 - Only the React code each model wrote is scored. Reconstructed files are filtered to actual React (JSX/TSX, `use client`/`use server` directives, or a React-ecosystem import) before linting, so a model's plain backend/util/config files don't pad its file count or dilute its diagnostics-per-file. A scan that errors, is skipped, or whose lint phase fails is dropped rather than counted as zero-diagnostic "clean" code, so un-lintable output can't inflate a model's score.
 - Ranking is by a confidence-weighted score, not the raw score: each group's score is regressed toward the global mean by its evidence, so a model with a handful of clean files can't top the board on a tiny sample. Files are the dominant signal; sessions only lightly discount the file weight (many files from one session are one correlated sample) and never below a floor.
-- Cursor attribution reads the canonical composer database (`state.vscdb`) directly, so each session carries its real model (e.g. `claude-opus-4-8`, `gpt-5.5`, `composer-2`) and an exact post-edit snapshot of every edited file — the model-less agent-transcript JSONL files are no longer used. Attribution falls back to `unknown` only for chats left on the "Auto" model.
+- Cursor is read from every place it stores chats: the GUI composer database (`state.vscdb`) for both the stable and Nightly builds, and the CLI agent's per-session stores under `~/.cursor` and `~/.cursor-nightly`. Each session carries its real model (e.g. `claude-opus-4-8`, `gpt-5.5`, `composer-2.5`) and a faithful reconstruction of every edited file (full GUI post-edit snapshots; CLI `Write`/`ApplyPatch`/`StrReplace`/`Delete` tool calls replayed against captured reads). A database a running editor holds locked is read via SQLite's `immutable` mode rather than skipped. Attribution falls back to `unknown` only for GUI chats left on the "Auto" model.
 - Default scope is the current repository (sessions whose cwd or edits touch the repo root); `--global` ranks across every repo on the machine. `--since`, `--limit`, and `--provider` bound the work.
 - `--json` emits a structured leaderboard (`{ schemaVersion, scope, models, providers, best, worst, … }`); the terminal output shows the top models and per-tool tables with a single score bar (the confidence-weighted score) and a best/worst callout.
-- Coverage is honest about its limits: Codex shell-based edits are not faithfully reconstructable (surfaced as skipped), the Cursor composer database requires `node:sqlite` (Node 22.13+) and covers GUI agent sessions (not cursor-agent CLI runs), and the score requires network access.
+- Coverage is honest about its limits: Codex shell-based edits are not faithfully reconstructable (surfaced as skipped), reading any Cursor database requires `node:sqlite` (Node 22.13+), and the score requires network access.

packages/core/src/index.ts

@@ -88,6 +88,7 @@ export * from "./utils/define-config.js";
 export * from "./utils/group-by.js";
 export * from "./utils/has-published-fix-recipe.js";
 export * from "./utils/is-large-minified-file.js";
+export * from "./utils/is-path-inside.js";
 export * from "./utils/list-source-files.js";
 export * from "./utils/map-with-concurrency.js";
 export * from "./utils/match-glob-pattern.js";

packages/core/src/materialize-source-tree.ts

@@ -3,24 +3,14 @@ import fs from "node:fs";
 import path from "node:path";
 import { STAGED_FILES_PROJECT_CONFIG_FILENAMES } from "./constants.js";
 import type { ReactDoctorError } from "./errors.js";
+import { isPathInside } from "./utils/is-path-inside.js";
 
 export interface MaterializedTree {
   readonly tempDirectory: string;
   readonly materializedFiles: ReadonlyArray<string>;
   readonly cleanup: () => void;
 }
 
-/**
- * Zip-Slip defense: relative paths come from git (`diff --name-only`), which
- * normalizes during ordinary adds, but a crafted index/pack/symlinked tree can
- * smuggle `..` segments that escape the temp root. Resolve against the temp dir
- * and reject anything that lands outside before writing.
- */
-const isPathInsideDirectory = (childAbsolutePath: string, parentAbsolutePath: string): boolean => {
-  const relative = path.relative(parentAbsolutePath, childAbsolutePath);
-  return Boolean(relative) && !relative.startsWith("..") && !path.isAbsolute(relative);
-};
-
 /**
  * Writes a set of source files (supplied by `readContent` — e.g.
  * `git show <ref>:<path>` for a baseline tree, or `git show :<path>` for the
@@ -44,7 +34,7 @@ export const materializeSourceTree = (input: {
       const content = yield* input.readContent(relativePath).pipe(Effect.orElseSucceed(() => null));
       if (content === null) continue;
       const candidateTargetPath = path.resolve(resolvedTempDirectory, relativePath);
-      if (!isPathInsideDirectory(candidateTargetPath, resolvedTempDirectory)) continue;
+      if (!isPathInside(candidateTargetPath, resolvedTempDirectory)) continue;
       yield* Effect.sync(() => {
         fs.mkdirSync(path.dirname(candidateTargetPath), { recursive: true });
         fs.writeFileSync(candidateTargetPath, content);

…react-doctor/src/stats/is-path-inside.ts packages/core/src/utils/is-path-inside.tspackages/react-doctor/src/stats/is-path-inside.ts renamed to packages/core/src/utils/is-path-inside.ts packages/react-doctor/src/stats/is-path-inside.ts renamed to packages/core/src/utils/is-path-inside.ts

@@ -9,6 +9,13 @@ export interface IsPathInsideOptions {
  * `true` when `childPath` resolves within `parentPath`. By default the parent
  * directory itself does not count (the strict zip-slip guard); pass
  * `allowSame: true` to treat an exact match as inside (scope membership).
+ *
+ * Zip-Slip defense: relative paths can arrive from untrusted sources — a
+ * crafted git index/pack/symlinked tree, or a reconstructed agent transcript —
+ * and smuggle `..` segments that escape a temp root. Resolve against the parent
+ * and reject anything that lands outside before writing. This is the one
+ * audited copy of that guard, shared across the staged/baseline scan paths and
+ * the stats reconstruction tree so the two cannot drift.
  */
 export const isPathInside = (
   childPath: string,

packages/react-doctor/src/cli/commands/stats.ts

@@ -80,7 +80,6 @@ export const statsAction = async (flags: StatsFlags): Promise<void> => {
   // ora renders to stderr; suppress it in JSON mode so the run stays quiet.
   const progress = flags.json ? null : spinner("Looking through your agent history…").start();
   let report: StatsReport;
-  let providerCount: number;
   try {
     const sessions = await discoverSessions(root, scope, (foundCount) =>
       progress?.update(`Looking through your agent history… (${foundCount} found)`),
@@ -92,7 +91,6 @@ export const statsAction = async (flags: StatsFlags): Promise<void> => {
     });
     progress?.update("Scoring…");
     const aggregated = await aggregateStats(results, userConfig);
-    providerCount = aggregated.providers.length;
 
     report = {
       scope: scope.global ? "global" : "repo",
@@ -122,7 +120,7 @@ export const statsAction = async (flags: StatsFlags): Promise<void> => {
   recordCount(METRIC.statsRun, 1, {
     scope: report.scope,
     sessions: report.sessionsAnalyzed,
-    providers: providerCount,
+    providers: report.providers.length,
     provider: scope.provider ?? "all",
   });
 

packages/react-doctor/src/cli/index.ts

@@ -235,7 +235,7 @@ program
   .option("-c, --cwd <cwd>", "working directory", process.cwd())
   .option("--color", "force colored output")
   .option("--no-color", "disable colored output (also honors NO_COLOR)")
-  .action((location, options) => whyAction(location, options));
+  .action(whyAction);
 
 program
   .command("install")

packages/react-doctor/src/stats/aggregate-stats.ts

@@ -69,7 +69,7 @@ const upsert = (
  * mean; high-evidence groups keep their raw score. Returns the raw score when
  * there's no prior.
  */
-export const confidenceWeightedScore = (
+const confidenceWeightedScore = (
   rawScore: number | null,
   priorScore: number | null,
   filesScanned: number,

packages/react-doctor/src/stats/coerce.ts

@@ -6,6 +6,10 @@
 export const asString = (value: unknown): string | undefined =>
   typeof value === "string" && value.length > 0 ? value : undefined;
 
+/** Narrow an unknown to a string, preserving the empty string (unlike `asString`). */
+export const asNullableString = (value: unknown): string | null =>
+  typeof value === "string" ? value : null;
+
 /** Narrow an unknown to a plain object record, else undefined. */
 export const asRecord = (value: unknown): Record<string, unknown> | undefined =>
   value && typeof value === "object" && !Array.isArray(value)

packages/react-doctor/src/stats/cursor-cli-store.ts

@@ -0,0 +1,115 @@
+import { asRecord } from "./coerce.js";
+import { openReadOnlySqlite } from "./open-sqlite.js";
+
+// The Cursor CLI agent (`~/.cursor` / `~/.cursor-nightly`) stores each chat as
+// its own content-addressed SQLite store, distinct from the GUI's single
+// `state.vscdb`. The `meta` table holds one row whose `value` is hex-encoded
+// JSON (the latest root blob id + last-used model); the `blobs` table maps a
+// sha256 id to either a message (JSON: `{ role, content }`) or the binary root
+// manifest. The manifest is a protobuf-style flat list of `0x0a 0x20` followed
+// by a 32-byte blob id, giving the conversation's messages in order.
+
+export interface CursorCliMessage {
+  readonly role: string;
+  readonly content: unknown;
+}
+
+export interface CursorCliStore {
+  readonly lastUsedModel: string | null;
+  readonly messages: CursorCliMessage[];
+}
+
+const MANIFEST_RECORD_TAG = 0x0a;
+const MANIFEST_ID_LENGTH = 0x20;
+const MANIFEST_RECORD_LENGTH = 2 + MANIFEST_ID_LENGTH;
+
+/**
+ * The conversation's message blob ids, in order, read from the leading run of
+ * `[0x0a, 0x20, <32-byte id>]` records. Trailing protobuf fields after the run
+ * are ignored; a manifest that doesn't start with the run yields `[]`.
+ */
+const parseManifestBlobIds = (manifest: Buffer): string[] => {
+  const ids: string[] = [];
+  let offset = 0;
+  while (
+    offset + MANIFEST_RECORD_LENGTH <= manifest.length &&
+    manifest[offset] === MANIFEST_RECORD_TAG &&
+    manifest[offset + 1] === MANIFEST_ID_LENGTH
+  ) {
+    ids.push(manifest.subarray(offset + 2, offset + MANIFEST_RECORD_LENGTH).toString("hex"));
+    offset += MANIFEST_RECORD_LENGTH;
+  }
+  return ids;
+};
+
+/** blobs.data is a BLOB (Uint8Array); meta.value is hex-encoded TEXT. */
+const toBuffer = (value: unknown): Buffer | null => {
+  if (value instanceof Uint8Array) return Buffer.from(value);
+  if (typeof value === "string") return Buffer.from(value, "hex");
+  return null;
+};
+
+/**
+ * Read a Cursor CLI per-session `store.db`: the last-used model and every
+ * conversation message in order. Returns `null` when the store can't be opened
+ * (older Node without `node:sqlite`, or an unreadable/locked file) or has no
+ * usable `meta` row; the messages array is empty when the manifest is missing.
+ */
+export const readCursorCliStore = (storeDbPath: string): CursorCliStore | null => {
+  const database = openReadOnlySqlite(storeDbPath);
+  if (!database) return null;
+  try {
+    const metaRow = asRecord(database.prepare("SELECT value FROM meta LIMIT 1").get());
+    const metaValue = metaRow && typeof metaRow.value === "string" ? metaRow.value : null;
+    if (!metaValue) return null;
+    let meta: Record<string, unknown> | undefined;
+    try {
+      meta = asRecord(JSON.parse(Buffer.from(metaValue, "hex").toString("utf8")));
+    } catch {
+      return null;
+    }
+    if (!meta) return null;
+
+    const lastUsedModel = typeof meta.lastUsedModel === "string" ? meta.lastUsedModel : null;
+    const latestRootBlobId =
+      typeof meta.latestRootBlobId === "string" ? meta.latestRootBlobId : null;
+    if (!latestRootBlobId) return { lastUsedModel, messages: [] };
+
+    const blobStatement = database.prepare("SELECT data FROM blobs WHERE id = ?");
+    const blobBuffer = (id: string): Buffer | null => {
+      const row = asRecord(blobStatement.get(id));
+      return row ? toBuffer(row.data) : null;
+    };
+
+    const manifest = blobBuffer(latestRootBlobId);
+    if (!manifest) return { lastUsedModel, messages: [] };
+
+    const messages: CursorCliMessage[] = [];
+    for (const blobId of parseManifestBlobIds(manifest)) {
+      const raw = blobBuffer(blobId);
+      if (!raw) continue;
+      const text = raw.toString("utf8");
+      if (!text.startsWith("{")) continue;
+      let message: Record<string, unknown> | undefined;
+      try {
+        message = asRecord(JSON.parse(text));
+      } catch {
+        continue;
+      }
+      if (message && typeof message.role === "string") {
+        messages.push({ role: message.role, content: message.content });
+      }
+    }
+    return { lastUsedModel, messages };
+  } catch {
+    // A locked or unreadable store can throw mid-read; skip it rather than
+    // sinking the whole stats run.
+    return null;
+  } finally {
+    try {
+      database.close();
+    } catch {
+      // Already closed or never fully opened — nothing to release.
+    }
+  }
+};