Disable permissions ask in sandbox

Hi,

I’m using the Cursor CLI with Auto-Run in Sandbox for autonomous workflows, where the sandbox boundaries are exactly what I want, but I’m running into a friction point.

Even with Auto-Run in Sandbox enabled, I get frequently prompted to approve commands like python or arbitrary bash scripts. I’m aware I could extend the command allowlist, but I’d rather not go that route. The whole point of relying on the sandbox is to define boundaries at the OS level (filesystem, network) rather than maintaining a list of trusted commands.

What I’m looking for: a way to make Cursor never prompt. When a command isn’t allowlisted or hits a sandbox restriction, I’d like it to simply fail (and let the agent react to that failure on its own) rather than interrupting with an approval dialog.

Is there a config flag, env var setting for this today? If not, I’d like to flag it as a feature request.

Thanks!

Hey @Hedi_Ghediri!

Thanks for the feedback. This isn’t possible today in the interactive TUI. There’s no flag to make sandbox-mode silently deny unapproved commands instead of prompting.

However, if you’re running autonomous workflows, headless mode does exactly what you’re describing:

agent --print --trust --sandbox enabled "your prompt"

In headless/print mode without --force, every command that isn’t on the allowlist is silently denied (no prompt, the agent sees the failure and reacts). Combined with --sandbox enabled, sandboxed commands auto-execute and everything else just fails. The tradeoff is you lose the interactive TUI.

Could you share more information about which version of Cursor you’re using / what OS, and also provide examples of commands that trigger the approval dialog? Curious what isn’t happy to run in the sandbox.