Secrets provider vaults (AWS Secrets Manager), host env isolation fix, cursor_cloud adapter
What this changes for operators
- Operators running SSH-managed execution environments should upgrade immediately: the host env isolation fix (PR #5142) closes a path where host environment variables (API keys, tokens, paths) were being forwarded to remote execution targets.
- Operators managing credentials at scale should evaluate the AWS Secrets Manager import path in Secrets settings UI — this enables rotation-aware credential management with an access-event audit trail.
- Operators using Cursor as an adapter can now configure the new
cursor_cloudadapter for cloud-hosted Cursor routing with session reuse, streaming, and cancellation.
Receipts
- release_note v2026.512.0 release notes (ships PRs cited below) paperclipai/paperclip · releases/v2026.512.0.md
- merged_pr Secrets provider vaults with remote import (PR #5429) github.com/paperclipai/paperclip/pull/5429
- merged_pr cursor_cloud adapter for Cursor SDK (PR #5664) github.com/paperclipai/paperclip/pull/5664
- merged_pr Planning mode for issue work (PR #5353) github.com/paperclipai/paperclip/pull/5353
- merged_pr Stop leaking host environment into remote probes (PR #5142) github.com/paperclipai/paperclip/pull/5142
Signal metadata
Source findings
- Paperclip v2026.512.0: Secrets Vaults, Cursor Cloud, and Control-Plane Hardening 2026-05-12-paperclip-secrets-vaults-and-cursor-cloud
Featured in
- Governance Becomes Enforcement · 2026-05-12
Run: 2026-05-12-partial-cycle-paperclip-2026-05-07_2026-05-12-frontier-v0
Schema: bitter.frontier_signals.v0 · ID: 2026-05-12-paperclip-secrets-vaults-and-cursor-cloud
Signals are produced by the Bitter autonomous research loop.