I’m testing Cursor on my work computer. Everything works except Copilot++. When I edit a line I can see the following logs
I’m on a MacBook Pro which uses a security software called Zscaler. I didn’t find any rejected requests in the Zscaler logs so I’m not sure if this is the problem or not.
Does anyone have experience with this or any idea on how to get more information about the failing requests?
Hmm, this might have been a temporary error on Cursor’s side. Does Copilot++ still not work for you?
Unfortunately it still doesn’t work. I tested it on my private machine and there are no problems. Both are similar MacBooks but on the company machine I have Zscaler. So I’m assuming that’s the problem. Could be anything else though. So it would be great to understand how to further debug this problem
Have the same issue - Copilot++ does not work behind Zscaler (proxy/firewall).
Often such issue pops up re: Zscaler root CA certificate needs to be added / accounted for in application specific trust stores.
@almirm thanks for confirming the issue. I remember having a problem with GitHub Copilot a while ago. That was also related to certificates. Installing an extension (win-ca or mac-ca) worked back then. Will try and see if they help here as well. Here are some additional infos:
GitHub Copilot behind a Proxy with a self-signed certificate chain does still not work · community · Discussion #35544
self signed certificate in certificate chain on github copilot
@jkettmann yes - had to do the same fix with GitHub Copilot that you explained - installing mac-ca into node environment used by vscode. This fix also works for using GitHub Copilot in Cursor (due to being a fork of vscode).
Unfortunately this fix does not work for Copilot++ which seems to be using C++ (cpp) implementation of some communication protocol (assume streaming data back and forth) - based on your posted screenshot above.
Codebase indexing which is suppose to be “local”, doesn’t work because I am also behind a zscaler proxy. Been able to fix it various places, but can’t figure it out for Cursor.
Anything we can do to bring it to the Cursor dev team attention?
We are aware of a small amount of downtime. Working to bring this to near 0.
This has nothing to do with downtime. The indexer doesn’t work because it doesn’t use the system certificate chains, which in my case is managed by Zscaler.
Same with me - not related to downtime. Copilot++ and index stop working and get error messages posted in this thread when turn on Zscaler. Issue as described by @tnypxl.
@sualeh How are these custom C++ streaming processes referencing system certs? Can this be overridden with a cursor-specific environment variable? Something like, “CURSOR_CA_BUNDLE=/path/to/cert.pem”?
I was finally able to fix this without needing to turn off Zscaler internet security. I follow the instructions here:
@tnypxl could you please describe in more detail what is your system (Windows/Mac/Linux) and what you at the end did to get Copilot++ working with Zscaler on?
I am on MacOS Sonoma 14.4.1 and tried following the instructions but could not get Copilot++ to work yet. Tried:
$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ZscalerRootCertificate-2048-SHA256.crt
$ sudo cat ZscalerRootCertificate-2048-SHA256.crt >> /opt/homebrew/etc/ca-certificates/cert.pem
After this Copilot++ still outputs in its logs:
2024-05-06 01:34:45.005 [info] CURSOR LOG: Finished creating provider!
2024-05-06 01:34:51.924 [info] CURSOR LOG: restFunc initiated 3a4ccdb3-3151-46eb-83f2-324ae29b93db
2024-05-06 01:34:52.209 [info] CURSOR LOG: Error in streaming cpp [canceled] This operation was aborted
2024-05-06 01:34:52.209 [info] CURSOR LOG: restFunc done 3a4ccdb3-3151-46eb-83f2-324ae29b93db
2024-05-06 01:34:52.211 [info] CURSOR LOG: restFunc initiated 41059f1d-14af-4503-aa51-e489ed32c264
2024-05-06 01:34:52.784 [info] CURSOR LOG: Error in streaming cpp [internal] Protocol error
2024-05-06 01:34:52.784 [info] CURSOR LOG: restFunc done 41059f1d-14af-4503-aa51-e489ed32c264
2024-05-06 01:34:53.663 [info] CURSOR LOG: restFunc initiated 12630ca6-82e7-42f2-baa6-d868ff308afc
2024-05-06 01:34:54.200 [info] CURSOR LOG: Error in streaming cpp [internal] Protocol error
2024-05-06 01:34:54.200 [info] CURSOR LOG: restFunc done 12630ca6-82e7-42f2-baa6-d868ff308afc
2024-05-06 01:34:54.742 [info] CURSOR LOG: restFunc initiated 0124085f-3f12-4c90-8a35-b93ffa6af866
2024-05-06 01:34:55.193 [info] CURSOR LOG: Error in streaming cpp [canceled] This operation was aborted
I am on macOS (similar version)
security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain >/Users/<USER>/tmp/certs-system.crt
security find-certificate -a -c zscaler -p /Library/Keychains/System.keychain >> /Users/<USER>/tmp/certs-system.crt
Those are the two commands I ran. Then you have to export some environment vars as defined in the discussions on that link I posted.
Edit: What this does is bake all your normal certs and the zscaler root cert into one. I think some of the issue is that the cert chain is not complete in the eyes of some applications since zscaler is essentially a custom cert. Below are the ENV vars I used:
SSL_CERT_FILE=/path/to/foo.cert
REQUESTS_CA_BUNDLE=/path/to/foo.cert
I see the same problem as OP on an ssh server behind a proxy. It doesn’t use Zscaler and I am not sure how to translate the Zscaler instructions to my situation. Would be really helpful if someone could flesh out the steps here. Thanks!
EDIT : I just tried using the last nightly build (v 0.28.3-nightly) and copilot++ works on the same server.
I have a similar situation on the corporate MacBook with Zscaler.
I tried some tips and environment variables with the custom Zscaler certificate, but I still have the same issue with Copilot++ and Codebase Indexing.
Indexing logs:
2024-05-14 10:48:47.527 [info] Handshake start
2024-05-14 10:49:51.566 [error] Handshake failed:
2024-05-14 10:49:51.580 [error] Error: timeout in handshake with retry
at e.RepoClientMultiplexer.handshakeWithRetry (/Applications/Cursor.app/Contents/Resources/app/extensions/cursor-retrieval/dist/main.js:2:995054)
at async m.getServerStatus (/Applications/Cursor.app/Contents/Resources/app/extensions/cursor-retrieval/dist/main.js:2:1009958)
at async m.startIndexingRepository (/Applications/Cursor.app/Contents/Resources/app/extensions/cursor-retrieval/dist/main.js:2:1012203)
2024-05-14 10:49:51.581 [error] Handshake failed.
2024-05-14 10:49:51.581 [info] Indexing job successfully done or aborted.
Environment variables I added to bash_profile:
# Zscaler
export CERT_PATH=/Users/username/ZscalerRootCerts/ZscalerRootCertificate-2048-SHA256.pem
export CERT_DIR=/Users/username/ZscalerRootCerts/
export CURL_CA_BUNDLE=${CERT_PATH}
export SSL_CERT_FILE=${CERT_PATH}
export SSL_CERT_DIR=${CERT_DIR}
export REQUESTS_CA_BUNDLE=${CERT_PATH}
export NODE_EXTRA_CA_CERTS=${CERT_PATH}
The solution I was using only works intermittently and doesn’t work at all outside of the trusted network.
