Better access management when agent in different mode

Arya_Bhatt · May 6, 2026, 11:08am

During stress-testing of the latest build, I found that the AI could be “convinced” to perform file writes even while in Plan Mode. To ensure strict adherence to mode boundaries, I propose implementing directory-level read/write permissions tied directly to the active mode:

Plan Mode: Write Access: Restricted exclusively to .cursor/*.plan.md.
- Read Access: Global (or project-wide), but with all other file paths mounted as read-only.
Act Mode: Full Read/Write access as currently implemented.

Stripping write permissions at the system/plugin level (rather than relying on model instructions) would prevent accidental or “persuaded” edits during the planning phase.

Colin · May 6, 2026, 2:17pm

Hey @Arya_Bhatt

This should be the case now that Plan mode will only edit Markdown files (.md). While not as finely scoped as .plan.md, it’s a good step.

What files got edited when you were using Plan Mode? What version of Cursor are you using?

Topic		Replies	Views
Plan mode executes on ambiguous phrasing; user meant "update plan" not "execute" Bug Reports plan-mode , composer	8	70	April 30, 2026
Ask Mode / Git Read Only Operations Feature Requests terminal , ask-mode	0	9	April 28, 2026
Plan mode no longer updates plan files Bug Reports plan-mode	3	84	March 11, 2026
Cursor edited a file while in plan mode Bug Reports plan-mode	3	48	April 29, 2026
'Plan' mode is not respected by the Agent Bug Reports plan-mode	4	146	March 7, 2026

Better access management when agent in different mode

Related topics