Agent escapes project root

Discussions
1

So, I heard about multi-project workspaces and got excited. I have 2 repos with 2 python virtual environments under the same workspace.

The tree looks something like this
root (workspace)/
├── .cursor/
│ └── rules
├── repo-one/
│ ├── .venv/
│ └── project-files/
└── repo-two/
├── .venv/
└── project-files/

I asked Gemini to move functionality from one service to the other. And it just got completely lost. Here’s what happened:

It instantly went rogue

  • Messed up environment settings
  • Couldn’t deactivate an environment.
  • But when i helped it get to the right setup and explained that it’s good to go, it suddenly decided to instantly deactivate the environment and cd up the tree TO MY USER FOLDER.

I didn’t know it was even possible tbh. This is concerning.

Questions:

  • Do you allow the agent to navigate the tree or blacklist cd completely?
  • How do you prevent it from leaving the workspace while still allowing it to navigate?
  • What are some cursor rules that work for you in setups like this (pls include your go-to model/mode)?
2

in cursor settings you should be able to see this setting you can tick should help you, its under chat/auto-run mode
obraz

3

Interesting. I don’t have that option. Only delete file protection…

Are you on windows by chance?

Screenshot 2025-05-22 at 23.47.18
Screenshot 2025-05-22 at 23.47.181086×610 45.4 KB

4

yes windows but it essentially the same as your outside workspace protection you have enabled, that should work, if its not working as intended i would suggest creating the bug report

1 Like
5

You forgot to mention that you’re using the night version.

6

what’s the night version?

7

yes mb on that but looking at the setting its essentialy the same with different name on it