Agent executes destructive git commands without confirmation

orchid · February 19, 2026, 10:39pm

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Previously, Cursor had a setting in Settings → Agents that required manual confirmation before the agent executed destructive git commands: commit, reset, restore, checkout. Every time the agent attempted to run one of these commands, a dialog appeared in the UI asking me to click Allow or Reject.
After the latest Cursor update (2.5), this setting is gone. Now the agent executes git reset and git checkout without any confirmation, even though these commands are not in my Command Allowlist.
These commands are not in my Command Allowlist, but the agent runs them anyway without prompting.
Expected: agent shows Allow/Reject dialog before executing destructive git commands.
Actual: agent executes them silently without confirmation.

Steps to Reproduce

Open Cursor with Auto-Run Mode set to “Auto-Run in Sandbox”
Make sure git reset, git checkout, git commit are NOT in the Command Allowlist
Ask the agent to perform any task that involves git changes
Observe: agent executes git reset or git checkout without showing Allow/Reject dialog

Operating System

MacOS

Version Information

Version: 2.5.17
VSCode Version: 1.105.1
Commit: 7b98dcb824ea96c9c62362a5e80dbf0d1aae4770
Date: 2026-02-17T05:58:33.110Z

Does this stop you from using Cursor

No - Cursor works, but with this issue

deanrie · February 20, 2026, 7:42am

Hey, this is a known issue. In Auto-Run in Sandbox mode, the Command Allowlist isn’t applied. Sandbox replaces per-command approvals with filesystem and network restrictions, but the UI doesn’t explain this well.

The same issue is described here: Command Allowlist is silently ignored when “Auto-Run in Sandbox” is enabled

Workaround: enable Legacy Terminal Tool in Cursor Settings > Agents > Inline Editing & Terminal. With that, the allowlist works as expected, and git commands will require approval again.

The team is aware the UI is misleading. It shows the allowlist as active even though it’s not used in sandbox mode.

Let me know if the workaround doesn’t help.

orchid · February 20, 2026, 4:37pm

But in Cursor, besides Allowlist, there was another setting to prohibit automatic repository changes (checkout, commit, reset, etc.).
In the latest version, this setting has been removed. Why?

Topic		Replies	Views
Agents git committing when they shouldn't Bug Reports	3	104	December 4, 2025
2.0.73: executing unauthorized commands! Bug Reports	4	84	December 4, 2025
Dangerous change in last update! Bug Reports	11	540	November 7, 2025
Command Allowlist is silently ignored when "Auto-Run in Sandbox" is enabled Bug Reports sandbox , terminal , auto-run , windows	2	186	March 4, 2026
Cursors runs not allowed comands! Help sandbox , terminal , auto-run , rules	1	39	February 21, 2026