Currently the cursor cli agent sends a preToolUse hook when attempting to edit files within the current workspace. I can use the response documented here with {"permission": "allow"} and the agent will continue to edit files within my current workspace.
If the agent attempts to edit a file outside of my workspace, I am sent the same preToolUse hook, though its response is not accepted, and instead defaults to the configured permissions allowlist.There is then an additional notification in the terminal that requires another action on my part to allow editing outside of the current workspace.
The only way to get around this is to configure the desired path in ~/<me>/.cursor/cli-config.json however this file is shared by all agents globally and will therefore leak any permissions I want to grant to the current session to any other agent sessions I have running.
I think there should be some way to grant bypass permissions for writes (and other actions) to directories to a given agent session and not have it leak to others. Perhaps an additional layer in the cli-config.json or a new file within the actual chat session directory itself. There are several cases where I have one session working on a project that I do not want to supervise, and other sessions that I do, and this mixed permission gating approach is not ideal.
If there is someway to do this today let me know. Happy to share screenshots too