Feature request for product/service
Cursor IDE
Describe the request
Problem
AI agents in Cursor should follow project rules (like reading context files before coding), but there’s no enforcement mechanism. Rules in .cursor/rules/*.mdc are suggestions - the agent can skip straight to Grep, Write, or Shell without reading required context.
Real Example
We have rules requiring the agent to read MEMORY.md (documented patterns) before any work. But when asked “where is the cron UI?”, the agent immediately ran Grep for “cron” instead of checking if a pattern was already documented in MEMORY.md.
Result: Wasted time rediscovering patterns that were already documented.
Proposed Solution
Add one of these capabilities:
Option A: Required First Tool Config
In .cursor/rules/*.mdc or workspace settings, allow:
requiredFirstTool:
server: “session-guard”
tool: “session_init”
message: “You must initialize session context before any work”
When the agent’s first tool call is NOT session_init, Cursor would:
Block the tool call
Show the message
Require calling the specified tool first
Option B: Pre-Tool Hook
Allow MCP servers to register as “pre-tool hooks” that run before any other tool:
{
“session-guard”: {
“command”: “node”,
“args”: [“session-guard/index.js”],
“preToolHook”: true // Runs before any other tool call
}
}
Option C: Tool Dependencies
Allow tools to declare dependencies:
{
“tools”: {
“Grep”: { “requires”: [“session_init”] },
“Write”: { “requires”: [“session_init”] },
“Shell”: { “requires”: [“session_init”] }
}
}
Use Cases
Context Loading - Ensure agent reads project memory/patterns before coding
Safety Checks - Require environment verification before destructive operations
Audit Logging - Log session start before any file modifications
Permission Checks - Verify authorization before sensitive operations
Current Workaround
We built a custom MCP server (session-guard) that provides session_init and session_check tools. Rules say “MUST call first”. But this is purely behavioral - the agent can still skip it.
Files (can share if helpful)
mcp-servers/session-guard/index.js - MCP server
.cursor/rules/global.mdc - Rules with enforcement section
Impact
Without this: Projects can’t enforce workflows, rules are suggestions
With this: Projects can guarantee certain steps happen, improving reliability
Environment
Cursor version: Latest (January 2026)
OS: Windows 11
MCP servers in use: playwright, godaddy, custom session-guard
Related Issues
#3280 - Granular control over MCP server tools (related: controlling when tools run)
Forum discussions about MCP tool recognition
Additional Context
Happy to share our session-guard MCP implementation if useful as a reference for what we’re trying to achieve.
Operating System (if it applies)
Windows 10/11