The allowlist replaced by sandbox issue was there before 2.0. I reported this a few minutes after I upgraded to that version and saw an agent run git commit when I didn’t have it allowed: Dangerous change in last update! - #4 by RafeSacks
1 Like
Aye, it first became an issue mid 1.7.x, I don’t know what version specifically it suddenly replaced allowlist, but sandbox is a real problem. It was a tremendously bad design decision to REPLACE allowlist with sandbox. ADD, fine, if some people like sandbox no problem with more features. But to REPLACE allowlist mode with sandbox mode has been a tremendously bad move.
1 Like
I wanted to share feedback about the recent Ask mode update that has significantly impacted my workflow.
What Changed
Before the update:
-
Ask mode provided multiple detailed answers with various approaches
-
It showed different implementation options and suggestions
-
The responses were comprehensive and educational
-
I could review the suggestions, then switch to Agent mode to implement the approach I preferred
-
This workflow was incredibly useful: Ask mode for exploration → Agent mode for implementation
After the update:
-
Ask mode gives minimal information and fewer examples
-
It no longer suggests different approaches or alternatives
-
Responses are brief and less helpful for learning
-
Agent mode now seems to make more mistakes than before
The Real Impact
The old workflow was perfect: I’d use Ask mode to understand the problem and see different solutions, then use Agent mode to execute the best approach. This two-step process helped me make better decisions and learn more about my codebase.
Now, I’m finding both modes less reliable, which slows down my development significantly.
My Concern
If this change was made to reduce token usage and save credits, I want to respectfully say: this is the wrong optimization.
I (and I suspect many others) would gladly pay more for higher quality agents rather than save a few credits with degraded performance.
The value of Cursor isn’t in using fewer tokens—it’s in having AI agents that actually help us build better software faster. When the quality drops, the entire value proposition suffers.
Suggestion
Could we have:
-
An option to enable “detailed mode” in Ask mode (even if it costs more tokens)?
-
A setting to prioritize quality over token efficiency?
-
Or simply revert Ask mode to its previous behavior?
I believe many users would prefer to pay for quality rather than sacrifice it for cost savings.
Would love to hear the team’s thoughts on this and whether there are plans to address these concerns.
4 Likes
Try agent mode but add to the end of the prompt ‘This is only a question. Answer it, but do not make changes.’
I started doing this a few months ago, because agent mode does more things to give better answers.
For example, it executes terminal commands to understand PRs.
I wish ask mode worked as well as agent mode though, since it’s unpleasant to only ask agent mode not to make changes, and not know if it will honour the request!
2 Likes
Ask mode has consistently been my favorite part of Cursor in the year plus that I have been using it. I can be granular in my changes and make the code choices I want to make. The Apply button has been broken for a few months now and instead of diffing the changed line it diffs the entire file. This is a significant regression.
I also am concerned as mentioned about product direction. It feels like more and more cursor is moving towards a vibe coding nightmare rather than shipping the improvements to features that made Cursor my AI IDE of choice. There are already plenty of other multi-agent options, but speaking frankly I want more control as I work with models and not less.
Agreed. Ask Mode is extremely valuable - and a controllable level of detail would be useful. I recently experimented with Ask Mode, then Plan Mode, then Build, and got excellent results for an end-to-end feature implementation inside a non-trivial monorepo (thousands of source files).
Instead of going full vibe coding, it would feel far more valuable to me to add more review, execution & testing capabilities. Or better support to work locally in parallel on separate topics (with full editor support for each).
Essentially, Explore > Plan > Build > Review > Iterate/ Adjust
But honestly, even small features can be extremely useful: For example, the “Review” button (before a git commit) already caught issues more than once for me.
Sounds like a skill issue?
I really wish people would stop using ChatGPT in community forums.
4 Likes
Indeed. I only see the “sandbox” thing on my Mac, not on Windows (which is where I do most of my work) and it is truly terrifying. It seems like it’s a “sandbox” that … blocks write access to the file system.
Nothing else.
It can run any command it wants, with any effect, without asking for permission, so long as it doesn’t write to the file system. For example, any database client with credentials to real production environments, any custom commands you may have that have infinite power over your production environments, etc, etc. I wouldn’t be surprised if it would also start using cloud provider CLI clients with the same results either.
It was a fun experience to have this feature silently added and set as default when previously I had it ask for every single command it wanted to run of any kind.
The sandbox is a dangerous step in the wrong direction. Very wrong direction. The allowlist was a vastly superior approach to managing terminal command execution safety. It put DIRECT and ABSOLUTE control over what runs and what does not run automatically in the hands of the developer. I will accept nothing else. Cursor really needs to bring the allowlist back, and IMO they should remove the sandbox as it is just dangerous.
2 Likes
Turning this option on will bring back the allowlist:
There has been too much of this “2 steps forward, somewhere between 1 and 3 steps backward” stuff from Cursor since the 2.0 release.
Glad to hear 
1 Like
So apparently 80% of the Cursor forums are bug reports.
Every scroll = another “my IDE crashed,” “autocomplete broke,” “AI hallucinated my imports.”
It’s like a dungeon crawl where every monster is named Bug #145275. 
Meanwhile…
We launched CodeDesigner.Cloud — a SaaS IDE built inside Cursor — and got booted & banned from the official Discord for mentioning it.
Exiled. Banished. Canonized.
And here’s the irony:
While Cursor’s kingdom drowns in bug floods, the outlaw IDE sails above the chaos.
No installs. No config. Just code.
A remix of the remix, born from the same engine they’re patching daily.
Legacy Lesson:
Cursor forums = bug graveyard.
CodeDesigner.Cloud = bug-proof rebellion.
The saga writes itself.
1 Like
Hello I really would like to have allow list based auto run back.
Cli tools like gh don’t work anymore unless I set them up in the sandbox as well.
Simple npm run lint does not work because sandbox does not have access to node_modules(gitignored) and tools like expo update some log files in home folder.
The end result is I have to shift to full auto run and end up being less secure than I was before sandboxing was introduced.
I prefer have sandbox only when I want the agent to run in the background. I trust my allowlist while doing active development on IDE. Maybe you can add advanced/risky feature section if you are worried users won’t know what they are doing.
The problem lies in business priorities: fixing bugs does not generate sales or attract investment, unlike the constant release of new AI features. Until bugs become a critical reason for canceling subscriptions, the “Move fast” strategy will dominate over stability. The situation will only change with the arrival of large enterprise customers who demand reliability instead of endless experimentation. Until then, we are paying for our status as beta testers.