Clarifying the relationship between sandbox.json and required_permissions

Kihiro_Takahashi · February 26, 2026, 2:26pm

Cursor IDE

I’ve configured sandbox.json in my project with networkPolicy: { default: "deny", allow: [] } to restrict network access.

Agent bypass
The agent can bypass sandbox.json restrictions by specifying required_permissions: ["network"], which allows network access after user approval. I couldn’t find any official way to disable this permission request.
Purpose of sandbox.json
I understand it acts as a safety net when the agent forgets to request permissions, but since users can always approve and bypass it, the value of configuring sandbox.json feels unclear.

Add an option to disable bypass via required_permissions (e.g. “Strict sandbox mode: do not allow permission requests”).
Or clarify in the docs how sandbox.json and required_permissions interact and what the recommended usage is.

Topic		Replies	Views
The configuration settings for sandboxing and auto-run are lacking Feedback sandbox , terminal , auto-run	0	73	January 29, 2026
Why does the Sandboxed terminal asks for permission Feedback sandbox , terminal , auto-run	0	28	March 3, 2026
Agent sandbox: prompt when commands use absolute paths or parent traversal Feature Requests sandbox , auto-run , security	0	2	March 13, 2026
No option to use allowlist without sandbox Feedback sandbox , terminal , auto-run	3	287	March 4, 2026
Cursor 2.5: Sandbox Network Access Controls Release Discussions sandbox , teams-enterprise , security	9	519	March 10, 2026