fix: strip ANSI cursor escapes from non-TTY stdout/stderr

aidandaly24 · aidandaly24 · commit a2daa8214410 · 2026-05-20T21:42:31.000Z
ink (via cli-cursor) writes \x1b[?25h to its render stream on App unmount.
The cli-cursor isTTY check was passing because ink's stdout wrapper
inherits isTTY from the underlying stream object, even when stdout is
piped or redirected. The trailing escape corrupted machine-parseable
output for every CLI invocation that captured stdout — most
visibly --json (broke JSON parsing) but also any pipe/redirect
workflow.

Found by the round-2 bug bash (E6) when an agent tried to
`json.load()` the output of `agentcore add interceptor --json` and got
"Extra data" — the bytes after the JSON were the cursor-show escape.

Fix: at the CLI entry, wrap process.stdout and process.stderr writes
to strip \x1b[?25[hl] (cursor show / hide) when the stream is NOT a
TTY. Real TTYs are untouched so interactive terminal behavior — cursor
hiding during spinners, restoring on exit — keeps working.

Verified live with the bundled CLI:
- agentcore --version: ends with newline only, no escape
- agentcore validate: ends with newline only
- agentcore add gateway --json: produces valid JSON, json.load() succeeds
diff --git a/src/cli/index.ts b/src/cli/index.ts
@@ -2,6 +2,31 @@
 import { main } from './cli.js';
 import { getErrorMessage } from './errors.js';
 
+// Strip cursor show/hide ANSI escapes from non-TTY stdout/stderr.
+// ink (via cli-cursor) writes `\x1b[?25h` on exit, even when stdout is piped or
+// redirected. That trailing escape corrupts machine-parseable output (e.g. the
+// `--json` flag). Filter the two known cursor escapes while leaving real text
+// alone. Real TTYs keep the escapes so interactive terminal behavior is
+// unchanged.
+// eslint-disable-next-line no-control-regex -- \x1b is the ANSI escape we are explicitly filtering
+const CURSOR_ESCAPE_PATTERN = /\x1b\[\?25[hl]/g;
+function patchStream(stream: NodeJS.WriteStream): void {
+  if (stream.isTTY) return;
+  const originalWrite = stream.write.bind(stream);
+  stream.write = ((chunk: unknown, ...rest: unknown[]) => {
+    if (typeof chunk === 'string') {
+      return originalWrite(chunk.replace(CURSOR_ESCAPE_PATTERN, ''), ...(rest as [never]));
+    }
+    if (chunk instanceof Buffer) {
+      const filtered = chunk.toString('utf8').replace(CURSOR_ESCAPE_PATTERN, '');
+      return originalWrite(filtered, ...(rest as [never]));
+    }
+    return originalWrite(chunk as never, ...(rest as [never]));
+  }) as typeof stream.write;
+}
+patchStream(process.stdout);
+patchStream(process.stderr);
+
 // Global safety net — prevent raw stack traces from reaching the user
 process.on('uncaughtException', err => {
   console.error(`Error: ${getErrorMessage(err)}`);
