I was trying to work on a feature that requires a database migration and it seems like the agent sandbox environment is missing dotfiles like .env, or perhaps files that have been git-ignored?
Steps to Reproduce
Try to do something in agent mode with sandbox enabled that makes use of a .env or git-ignored file, it should fail to find the file.
Expected Behavior
It should work normally.
Operating System
MacOS
Current Cursor Version (Menu → About Cursor → Copy)
Hey, thanks for the report. This is actually expected behavior .env files and other sensitive files are excluded by default for security and privacy reasons.
Solution: you can edit the global ignore list in Settings → Cursor → General: Global Cursor Ignore List.
This will allow the Agent Sandbox to access your .env file. You can use the same approach to allow access to other git-ignored files the agent needs.
Thanks for introducing sandbox feature to the Cursor, I really like it. However, there is one problem about it. When I try to run any python script which uses .env file inside (let’s say using load_dotenv()), the script fails with error “Permission error”.
If I try to run the same command once again, but outside of sandbox this time (Cursor actually does it automatically sometimes), the command will succeed. This is a problem, because it requires user’s approval and therefore makes the whole development process less smoother.
As far as I understood, the bug attributed due to the following reason:
.env file is included in .gitignore
Cursor forbids access inside sandbox to all files included in .gitignore
However, the problem is that the script is only reading from .env file. Can’t you adjust sandbox permissions and allow it to read from files that are inside workspace but in .gitignore? Or maybe some other fix that wouldn’t require user approval to run script.
Expected result
Cursor can successfully run python scripts loading variables from .env or other files containing secrets and included in .gitignore
Steps to Reproduce
Setup some python project loading variables from .env file using load_dotenv()
Add .env file to .gitignore
Setup cursor to run commands inside sandbox by default
Ask Cursor to run the script
Expected Behavior
Cursor should have no troubles running python scripts/applications that are loading secrets from some secret files included in .gitignore.
Operating System
MacOS
Current Cursor Version (Menu → About Cursor → Copy)
You see, my point that it is actually a bad behavior.
I understand why agent itself should have no read access to those files (to prevent them being included into the prompts being sent to some external AI server). But the problem is that Cursor restricts accessing those files even from the code I’ve either written or reviewed myself. There is no exposure risk (as long as I am myself not stupid to print credentials in logs). My python application just fetches environment variable from the .env file, without ever giving agent access to its contents.
I’d like the Cursor to act way smarter then just restricting access to my .env file at all. I’d like it to restrict the access to the agent (via calling file read tool or grep tool), but do not restrict access it from the code itself. If there would be such behavior, the sandbox experience would be way smoother, yet not less secure (at least, not noticablely).
