Cursor Cloud Self Hosted: How does git attribution work?

Support Help
,
1

I am currently in the process of setting up Cursor Cloud self-hosted agents for my workplace, but I am failing to understand how commits get attributed to the author.

Today, we have a set of VMs that resemble a development environment, with a few repositories auto checked out by a read only git key. Cursor cloud seems to want to use this git key to commit.

What is the process for the cloud agent to use a token from the session itself?

4

Hey, thanks for the request. Here’s the short version of how it works:

Hosted vs self-hosted are different auth modes for git push.

In Cursor-hosted mode, the agent gets a token from the Cursor GitHub App installation and uses it to push. In self-hosted mode private worker, it’s different: the agent runs on your VM and uses whatever git credentials are already set up on that machine. Cursor does not inject its SCM token and does not use the session initiator’s token for push. This is by design since the whole point of self-hosted is that your infra and creds are under your control.

So if the VM only has a read-only deploy key, push will fail. You need write-capable creds on the worker VM for the target repos, for example:

  • A deploy key with write access enabled
  • A PAT or fine-grained token from a machine user or service account
  • A GitHub App installation token if you want session-style rotation

Commit attribution:

  • The commit author will be whatever is set in git config user.name and user.email on the VM. On hosted this is Cursor Agent <[email protected]>, on your VM you can set it to anything.
  • For cloud hosted agents, the session initiator is added via a Co-authored-by: trailer by the server hook commit-msg.cursor.co-author, and you can’t disable it right now. The Attribution setting in the IDE only affects IDE or CLI agents, not cloud. For self-hosted, it depends on whether that hook is installed on the worker. If this matters for your setup, check after the first run and tell me what you see.
  • Heads-up: there’s a known bug where the AI copies someone else’s Co-authored-by from git history, and the hook sees an existing trailer and won’t overwrite it. That can attribute the change to the wrong user. Details: Cloud Agent co-author hook can be preempted by AI-hallucinated Co-authored-by trailer

Plan note: right now, self-hosted agents are effectively Enterprise-only, even though the docs mention Team. If you’re on Team, it’s worth confirming with your account manager before rolling it out. Context: Cursor Self Hosted Agents and Team Plan / Worker Pool - #18 by kevinn

Self-hosted pool docs: Self-Hosted Pool | Cursor Docs

If you specifically need a session-bound push token so commits are pushed as the GitHub user who started the session, that isn’t available in self-hosted today. I can pass it to the team as a feature request. Tell me if you want to dig deeper into any of the options.

5

Thanks for the detailed response.

If I wanted to ensure the self-hosted VM has credentials similarly to how Cursor Cloud does it, how would I go about doing that?

Does Cursor pass any information about the current session back to the VM that I could use?