Hey Cursor team and community,
I upgraded to 2.0 yesterday, and now my AI agent flat-out refuses to run SSH/SCP commands, throwing errors like “operation not permitted.” This has always worked perfectly before, but now it’s blocked due to the new default sandboxing on macOS. From what I can tell, this is a deliberate “security” change that isolates the agent’s shell—no outbound network access, even for legit tools like SSH/SCP.
I get the intent (preventing malicious stuff), but if this is forced without an easy opt-out, it’s a huge step backward. It breaks my workflows, forces manual command-running in terminals, and kills productivity. Users should have the choice to toggle this on/off—enterprise folks get admin controls, why not everyone?
Quick Details:
-
Setup: macOS, Cursor 2.0 (fresh upgrade).
-
Error Example: “ssh: connect to host … Operation not permitted” when the agent tries SSH/SCP.
-
Repro: Prompt the agent to generate/run an SSH/SCP command—it fails in the sandbox but works fine manually outside Cursor.
Cursor 2.0 is bad:
Downgraded to 1.7, and I have my SSH/SCP and all other networking commands back; these are more important than some ■■■■ UI changes that I do not need. No more upgrades until they fix this.