Agent mode fails on Windows with PowerShell Constrained Language Mode

Bug Reports
1

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Cursor Bug Report: Agent Mode Fails on Windows with PowerShell Constrained Language Mode

Summary

Cursor’s agent mode (run_terminal_cmd tool) fails on Windows systems with PowerShell Constrained Language Mode enabled, despite terminal automation shell being configured to use cmd.exe.

Environment

  • OS: Windows 10/11 with WDAC (Windows Defender Application Control) enabled
  • Cursor Version: Latest (as of October 2024)
  • PowerShell Language Mode: ConstrainedLanguage
  • Configured Shell: cmd.exe (via terminal.integrated.automationProfile.windows)

Problem Description

What’s Happening

  1. User configures Cursor settings to use cmd.exe for automation:

    {
  "terminal.integrated.defaultProfile.windows": "Command Prompt",
  "terminal.integrated.automationProfile.windows": {
    "path": "C:\\Windows\\System32\\cmd.exe"
  },
  "terminal.integrated.automationShell.windows": "C:\\Windows\\System32\\cmd.exe"
}

  2. Despite this configuration, Cursor’s run_terminal_cmd tool in agent mode creates temporary PowerShell wrapper scripts in %TEMP%\ps-script-<guid>.ps1

  3. These PowerShell scripts use .NET method invocations like:

    [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(...))

  4. On systems with WDAC/Device Guard enforcement, PowerShell enters Constrained Language Mode, which blocks .NET method invocations

Error Example

Cannot invoke method. Method invocation is supported only on core types in this language mode.
At C:\Users\<user>\AppData\Local\Temp\ps-script-<guid>.ps1:33 char:1
+ Set-Item -LiteralPath 'Env:...' -Value ([System.Text.Encoding]::UTF8...

Impact

  • Agent mode is completely unusable on corporate Windows machines with WDAC
  • Users cannot use AI agent features for file operations, terminal commands, or debugging
  • Manual terminal still works (uses cmd.exe directly), but agent automation fails

Expected Behavior

When terminal.integrated.automationProfile.windows is set to cmd.exe, Cursor’s agent mode should:

  1. Respect this setting and execute commands directly in cmd.exe
  2. NOT wrap commands in PowerShell scripts
  3. Work on systems with PowerShell Constrained Language Mode

Actual Behavior

Cursor ignores the automation shell setting and always uses PowerShell wrappers on Windows, causing failures on WDAC-enabled systems.

Reproduction Steps

  1. Use a Windows machine with WDAC enabled (check with: powershell -Command "$ExecutionContext.SessionState.LanguageMode" - should return “ConstrainedLanguage”)
  2. Configure Cursor settings to use cmd.exe (see above)
  3. Use agent mode to run any terminal command
  4. Observe PowerShell Constrained Language Mode errors

Evidence

Temporary PowerShell scripts created by Cursor can be found in:

C:\Users\<username>\AppData\Local\Temp\ps-script-*.ps1

These scripts attempt to:

  • Base64-encode all environment variables (lines 3-60+)
  • Base64-encode the command itself (line 111+)
  • Use .NET methods that are blocked in Constrained Language Mode

Suggested Solutions

Option 1: Respect automation shell settings (Preferred)

When terminal.integrated.automationProfile.windows specifies cmd.exe, execute commands directly in cmd.exe without PowerShell wrappers.

Option 2: Provide Constrained Language Mode compatibility

If PowerShell must be used, avoid .NET method invocations and use PowerShell-native cmdlets that work in Constrained Language Mode.

Option 3: Add configuration option

Provide a setting like:

{
  "cursor.agent.forceShell": "cmd"
}

to explicitly bypass PowerShell wrappers.

Workarounds (for users)

Currently, users must:

  1. Switch from agent mode to ask mode
  2. Copy commands and run them manually in cmd.exe terminal
  3. Lose all agent mode automation benefits

Related Information

  • WDAC Enforcement Status: Check with Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard
  • Why admin mode doesn’t help: WDAC policies apply system-wide, regardless of admin privileges
  • Prevalence: Common on corporate/enterprise Windows environments

Priority

High - Agent mode is a core feature and is completely unusable for enterprise Windows users with security policies.

Additional Context

This affects a significant portion of enterprise users who:

  • Work on domain-joined machines
  • Have corporate security policies (WDAC/AppLocker)
  • Cannot modify system-level security policies
  • Are otherwise valid Cursor customers

The terminal automation shell settings exist for this exact use case but are not being respected by agent mode.

Steps to Reproduce

Use Agent mode and ask it to do something that involves it running terminal commands (debugging most often)

Operating System

Windows 10/11

Current Cursor Version (Menu → About Cursor → Copy)

Cursor Version 1.7.53

Does this stop you from using Cursor

Sometimes - I can sometimes use Cursor

2

Hey, thanks for the report. This is a known issue with the new terminal implementation on Windows.

Quick workaround: enable the “Legacy Terminal Tool” setting:

  • Open Cursor Settings > Chat > Inline Editing & Terminal
  • Enable “Legacy Terminal Tool”

This will make Agent respect terminal.integrated.automationProfile.windows and use cmd.exe directly instead of PowerShell wrappers.

Please let me know if this resolves the Constrained Language Mode errors. Your report about WDAC/enterprise environments is important, and I’ll share this scenario with the team.

3

This topic was automatically closed 22 days after the last reply. New replies are no longer allowed.