AI Agent keeps prompting me to accept every code edit in agent mode

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

I’m having a problem where suddenly since a few days ago any ai I use has been asking me to accept its changes when in agent mode.

Steps to Reproduce

Ask it to do anything in agent mode

Expected Behavior

Automatically make all the changes I requested.

Screenshots / Screen Recordings

image.png793×261 9.12 KB

Operating System

Windows 10/11

Current Cursor Version (Menu → About Cursor → Copy)

Version: 2.1.46 (user setup)
VSCode Version: 1.105.1
Date: 2025-12-02T03:59:29.283Z
Electron: 37.7.0
Chromium: 138.0.7204.251
Node.js: 22.20.0
V8: 13.8.258.32-electron.0
OS: Windows_NT x64 10.0.26100

For AI issues: which model did you use?

Any of them, Grok, composer, claude

Additional Information

I havent messed with any settings so im not sure, maybe I just need to re install but would rather know if I can do something on my end

Does this stop you from using Cursor

No - Cursor works, but with this issue

same

Same, hard to work like this.

apparently allowlist functionality changed in the last update, I posted a similar request. That was one of the best features for productivity

but the allow list is for terminal commands so why would this effect the ai coding?

Hey, thanks for the report. Yes, this is a known bug. We’re already tracking it (discussion: Accept Editing File Bug (since 2.0v)). There’s no reliable workaround yet. If you’re using git worktrees, temporarily work from a regular clone (without worktree).

could I get any response regarding the serious security bug that allows the AI agent to type text in the same chat field the user is typing in? This is not funny, it’s actually terrifying when you see it with your own eyes…

https://forum.cursor.com/t/weird-chat-message/139915/8?u=r4zen

chill out bro

Could anyone share a request ID here? Looking into this

One with CPT5.1 Codex, where the buttons actually render: da8a29d2-7668-4437-b115-9735a960e3a7
One with auto where they don’t: 3f7213a1-fcd8-42f2-b9be-f37a21d141e6

I missed replying to you, post above this has request ids

We’re looking at these!

ah okay, well sure hope it gets figured out soon thank you

Updated this morning, now codex has the same behavior. New request id: 239f7d61-e040-46cd-b3cc-8b298f6fb0b6

Thank you. Could you confirm that the paths the agent is trying to edit are inside your workspace? Or, are they outside? Are they inside directories with dots in them like .github?

Thanks, reviewing!

if y’all need help reproducing / want to reach out directly i’m on the cursor community discord with the same name/username as here

@deanrie - I’m almost 100% sure the bug everyone is talking about is not related to a bug from 27 days ago. With the last 2 updates 2 new bugs were introduced:

1. Accept changes for literally every file created by AI in Agent/Plan mode unless External File Protection is disabled(workaround)
2. Terminal failing to execute any command the moment there is lots of context in the current chat. This breaks even new chats/modes. The only fix is literally creating a new directory and moving your project files there. This will fix the terminal bug and allow again to execute even simple commands like ``echo hello`` (Legacy Terminal won’t work either).

Terminal bug is still happening even after the last update from few hours ago. I can’t say for the other bug as I have External File Protection disabled.

I’m running Windows WSL - tried running Cursor as admin but the bug is still there. All my projects are in /home/username .. no spaces, symbols etc.

Hey all - trying a temporary fix here now. Can you let me know if resolved?