2.0.73: executing unauthorized commands!

Describe the Bug

sonnet decided the best way to undo a change was to do a git checkout of the file vaporizing everything prior done in the workspace.

Cursor did not block the command or ask for authorization to run git checkout. What the what?!

Steps to Reproduce

no idea

Operating System

MacOS

Current Cursor Version (Menu → About Cursor → Copy)

Version: 2.0.73
VSCode Version: 1.99.3
Commit: 55b873ebecb5923d3b947d7e67e841d3ac781880
Date: 2025-11-11T06:49:12.965Z
Electron: 37.7.0
Chromium: 138.0.7204.251
Node.js: 22.20.0
V8: 13.8.258.32-electron.0
OS: Darwin arm64 24.6.0

Does this stop you from using Cursor

Yes - Cursor is unusable

Hey, thanks for the report. This confirms the bug - sandbox mode is bypassing your command allowlist and running git checkout even though you explicitly excluded it.

This is a known issue: the new sandbox in Cursor 2.0 bypasses the allowlist for git commands: Agents git committing when they shouldn't

Fix:

• Open Settings → Agents → Auto Run
• Enable “Legacy Terminal Tool”
• This restores proper allowlist enforcement and stops the agent from running git checkout without approval

Your allowlist looks carefully configured (I can see you excluded destructive commands like git checkout), so the Legacy Terminal Tool should fit your setup well.

Let me know if this resolves it.

Will give it a shot, ty!

Took a moment to find the setting, for others its

cursor settings→agents→inline editing & terminal→legacy terminal tool (not under auto run, at least in my version)