I think yes, and cursor well need reset tokens for all users.
Just used deep research, analysis from Nov 7 – Dec 7, 2025, confirm a critical regression in the Agent State Machine. The system exhibits “Split-Brain” behavior where the UI state desynchronizes from the Backend/Shadow Workspace state, leading to the accumulation of orphaned (“zombie”) processes.
Technical Diagnosis:
1. Session Leaking & PID Accumulation
Observation: Multiple Cursor Helper (Renderer) processes persist with high CPU usage after the main window is idle.
Hypothesis: The dispose() logic for Shadow Workspaces fails during soft timeouts. The parent process spawns a new worker but leaves the old worker’s IPC channel open.
Impact: Concurrent writes to globalStorage (SQLite WAL locking) and state.vscdb bloat (up to 13GB confirmed reports).
2. The “Packet Delta” Anomaly
Metric: \Delta P = P_{sent} - P_{rendered}.
Anomaly: In the “Terminal No Output” bug, the backend executes the shell command successfully (Exit Code 0), meaning packets were generated. However, they were routed to the Session ID of a zombie listener, not the active UI.
Security Implication: Backend rules allow multiple active sessions per user token to access distinct data paths simultaneously. Without strict serialization, this results in context cross-contamination (Project A data leaking into Project B’s stream).
3. Triplication Race Condition
The “Shadow Workspace” is intended to be a singleton for linting/diffing. Currently, it appears to be spawning multiple instances (A, B, C) on retries.
Race: Instances A, B, and C function competitively. When a diff is computed, all three push Apply events to the main thread. The main thread lacks a deduplication filter (e.g., checking event.nonce against current_session.nonce), resulting in the same code block being appended 2-3 times.
