From 274f29e26b8cbecd19fbe4cb0de248c58c635b6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=BB=84=E5=A7=9C=E6=81=92?= Date: Wed, 25 Mar 2026 17:24:37 +0800 Subject: [PATCH] fix(cursor): improve session key uniqueness for multi-session safety Include system prompt prefix (first 200 chars) in session key derivation. Claude Code sessions have unique system prompts containing cwd, session_id, file paths, etc., making collisions between concurrent sessions from the same user virtually impossible. Session key now = SHA256(apiKey + model + systemPrompt[:200] + firstUserMsg) Co-Authored-By: Claude Opus 4.6 (1M context) --- internal/runtime/executor/cursor_executor.go | 23 +++++++++++++++----- 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/internal/runtime/executor/cursor_executor.go b/internal/runtime/executor/cursor_executor.go index 699c8d21..515d1001 100644 --- a/internal/runtime/executor/cursor_executor.go +++ b/internal/runtime/executor/cursor_executor.go @@ -1091,16 +1091,27 @@ func newH2Client() *http.Client { func deriveSessionKey(clientKey string, model string, messages []gjson.Result) string { var firstUserContent string + var systemContent string for _, msg := range messages { - if msg.Get("role").String() == "user" { + role := msg.Get("role").String() + if role == "user" && firstUserContent == "" { firstUserContent = extractTextContent(msg.Get("content")) - break + } else if role == "system" && systemContent == "" { + // System prompt differs per Claude Code session (contains cwd, session_id, etc.) + content := extractTextContent(msg.Get("content")) + if len(content) > 200 { + systemContent = content[:200] + } else { + systemContent = content + } } } - // Include client API key to prevent session collisions across users - input := clientKey + ":" + model + ":" + firstUserContent - if len(input) > 300 { - input = input[:300] + // Include client API key + system prompt hash to prevent session collisions: + // - Different users have different API keys + // - Different Claude Code sessions have different system prompts (cwd, tools, etc.) + input := clientKey + ":" + model + ":" + systemContent + ":" + firstUserContent + if len(input) > 500 { + input = input[:500] } h := sha256.Sum256([]byte(input)) return hex.EncodeToString(h[:])[:16]