Ive had similar happen, immediately after asking agent “Verify the script functions as required and can put data into the DB”
It immediately dropped all the tabels in the DB.
WHen asked to “VALIDATE SCRIPT IS FUNCTIONAL”
Anyway - there was a question about ‘cascading removal of code’ – and thinking about it and talking to bot, very bad catastrophic failure modes.
However, after seeing your post, I wonder if I can use the same logic in reverse.
Let me take a stab at inquiring:
(overall good - would need some attention and cleanup - but promising.
I want to take a look at al lthe control inputs we have over agent behavior…)
Pretty good comprehension and initial proposal, the .ps1 thing I have already implemented with my agents as I wanted a postgres catalog of ALL cursor YOLOs and Code…
# Agentic Control Plane Specification
## Core Safety Principles
1. **Non-Destructive Operations**
- All operations must be reversible
- Automatic backups before modifications
- Change size thresholds for approval
- Audit trail of all operations
2. **Command Execution Safety**
- Wrapped PowerShell execution
- Logging and monitoring
- Version control integration
- Rollback capabilities
## Implementation
### 1. Cursor Rules Configuration
```json
{
"cursor.safety": {
"backupBeforeEdit": true,
"maxCodeDeletionPercent": 10,
"requireApprovalAbove": 5,
"autoRollbackThreshold": 15,
"preventRecursiveDeletes": true
},
"cursor.logging": {
"level": "DEBUG",
"path": "./logs/cursor-agent.log",
"format": "detailed",
"retentionDays": 30
},
"cursor.powershell": {
"wrapCommands": true,
"scriptPath": "./scripts/wrapped",
"logPath": "./logs/ps-execution.log",
"requireApproval": true
}
}
2. PowerShell Command Wrapper Template
<#
.SYNOPSIS
Wrapped command execution with safety controls
.DESCRIPTION
Version: 1.0
Path: ${scriptPath}
Created: ${timestamp}
Author: Cursor Agent
#>
# Logging setup
$LogPath = "./logs/ps-execution.log"
$ErrorActionPreference = "Stop"
function Write-ExecutionLog {
param(
[string]$Command,
[string]$Status,
[string]$Details
)
$LogEntry = @{
Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
Command = $Command
Status = $Status
Details = $Details
ScriptVersion = "1.0"
ScriptPath = $PSCommandPath
} | ConvertTo-Json
Add-Content -Path $LogPath -Value $LogEntry
}
function Invoke-WrappedCommand {
param(
[string]$Command,
[string]$Description
)
try {
Write-ExecutionLog -Command $Command -Status "Starting" -Details $Description
# Create backup
$BackupPath = "./backups/$(Get-Date -Format 'yyyyMMdd_HHmmss')"
Copy-Item -Path "./" -Destination $BackupPath -Recurse -Force
# Execute command
$Result = Invoke-Expression $Command
Write-ExecutionLog -Command $Command -Status "Completed" -Details "Success"
return $Result
}
catch {
Write-ExecutionLog -Command $Command -Status "Failed" -Details $_.Exception.Message
# Restore from backup
Copy-Item -Path "$BackupPath/*" -Destination "./" -Recurse -Force
throw
}
}
3. Rules for AI
# AI Operation Rules
ai_rules:
- rule: "NO_LARGE_DELETIONS"
condition: "changes.deletions > 10% of codebase"
action: "REQUIRE_APPROVAL"
- rule: "BACKUP_BEFORE_CHANGES"
condition: "before any modification"
action: "CREATE_BACKUP"
- rule: "WRAPPED_COMMANDS"
condition: "executing shell commands"
action: "USE_PS1_WRAPPER"
- rule: "PREVENT_RECURSIVE_CHANGES"
condition: "detecting cascading modifications"
action: "PAUSE_AND_NOTIFY"
# Safety Thresholds
thresholds:
max_file_deletions: 5
max_code_removal_percent: 10
max_concurrent_changes: 3
required_approval_threshold: 5
# Logging Requirements
logging:
level: DEBUG
retention_days: 30
required_fields:
- timestamp
- operation
- files_affected
- change_size
- agent_id
- approval_status
Safety Mechanisms
-
Pre-Execution Checks
- Codebase size verification
- Impact assessment
- Dependency analysis
- Backup confirmation
-
Execution Monitoring
- Real-time change tracking
- Pattern detection
- Cascade prevention
- Resource monitoring
-
Post-Execution Validation
- Code integrity checks
- Functionality testing
- Performance impact
- Rollback readiness
Emergency Procedures
-
Automatic Suspension
- Triggered by threshold violations
- Immediate operation pause
- Notification dispatch
- State preservation
-
Rollback Protocol
- Automatic state restoration
- Dependency reversion
- Configuration reset
- Log analysis
Integration Requirements
-
Version Control
- Pre-commit hooks
- Branch protection
- Review enforcement
- History preservation
-
Monitoring
- Real-time metrics
- Alert thresholds
- Performance tracking
- Health checks
-
Reporting
- Operation logs
- Change summaries
- Impact analysis
- Safety metrics
Best Practices
-
Change Management
- Incremental changes
- Review checkpoints
- Documentation updates
- Communication protocols
-
Safety Culture
- Conservative defaults
- Explicit approvals
- Clear documentation
- Regular audits
<#
.SYNOPSIS
Safe command execution wrapper for Cursor Agent operations
.DESCRIPTION
Provides a safety layer for executing PowerShell commands with automatic backup,
logging, and rollback capabilities.
.NOTES
Version: 1.0
Author: Cursor Agent
Created: 2024-03-14
#>
[CmdletBinding()]
param(
[Parameter(Mandatory = $true)]
[string]$Command,
[Parameter(Mandatory = $true)]
[string]$Description,
[Parameter(Mandatory = $false)]
[string]$WorkspacePath = $PWD,
[Parameter(Mandatory = $false)]
[switch]$Force
)
# Configuration
$Script:Config = @{
LogPath = Join-Path $WorkspacePath "logs/ps-execution.log"
BackupPath = Join-Path $WorkspacePath "backups"
MaxBackups = 10
RequireApproval = $true
LogRetentionDays = 30
}
# Ensure log directory exists
$LogDir = Split-Path $Script:Config.LogPath -Parent
if (-not (Test-Path $LogDir)) {
New-Item -ItemType Directory -Path $LogDir -Force | Out-Null
}
# Ensure backup directory exists
if (-not (Test-Path $Script:Config.BackupPath)) {
New-Item -ItemType Directory -Path $Script:Config.BackupPath -Force | Out-Null
}
function Write-ExecutionLog {
param(
[string]$Command,
[string]$Status,
[string]$Details
)
$LogEntry = @{
Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
Command = $Command
Status = $Status
Details = $Details
ScriptVersion = "1.0"
ScriptPath = $PSCommandPath
WorkspacePath = $WorkspacePath
User = $env:USERNAME
ComputerName = $env:COMPUTERNAME
} | ConvertTo-Json
Add-Content -Path $Script:Config.LogPath -Value $LogEntry
}
function New-WorkspaceBackup {
$BackupName = "backup_$(Get-Date -Format 'yyyyMMdd_HHmmss')"
$BackupPath = Join-Path $Script:Config.BackupPath $BackupName
# Create backup
Write-Verbose "Creating backup at: $BackupPath"
Copy-Item -Path $WorkspacePath -Destination $BackupPath -Recurse -Force
# Cleanup old backups
Get-ChildItem -Path $Script:Config.BackupPath -Directory |
Sort-Object CreationTime -Descending |
Select-Object -Skip $Script:Config.MaxBackups |
Remove-Item -Recurse -Force
return $BackupPath
}
function Restore-WorkspaceBackup {
param([string]$BackupPath)
Write-Warning "Restoring from backup: $BackupPath"
Copy-Item -Path "$BackupPath/*" -Destination $WorkspacePath -Recurse -Force
}
function Test-CommandSafety {
param([string]$Command)
# List of potentially dangerous commands
$DangerousCommands = @(
'Remove-Item',
'rm',
'del',
'rmdir',
'Format-Volume',
'Clear-Content',
'Stop-Computer',
'Stop-Process'
)
foreach ($dangerous in $DangerousCommands) {
if ($Command -match $dangerous) {
return $false
}
}
return $true
}
function Get-UserApproval {
param(
[string]$Command,
[string]$Description
)
Write-Host "`nCommand Execution Request" -ForegroundColor Cyan
Write-Host "======================" -ForegroundColor Cyan
Write-Host "Description: $Description"
Write-Host "Command: $Command"
Write-Host "Workspace: $WorkspacePath"
Write-Host "`nDo you approve this command execution? (y/n): " -NoNewline
$response = Read-Host
return $response -eq 'y'
}
# Main execution
try {
# Safety check
if (-not (Test-CommandSafety -Command $Command)) {
if (-not $Force -and -not (Get-UserApproval -Command $Command -Description $Description)) {
throw "Command execution not approved by user"
}
}
Write-ExecutionLog -Command $Command -Status "Starting" -Details $Description
# Create backup
$BackupPath = New-WorkspaceBackup
Write-ExecutionLog -Command $Command -Status "Backup" -Details "Created backup at: $BackupPath"
# Execute command
Write-Verbose "Executing command: $Command"
$Result = Invoke-Expression $Command
Write-ExecutionLog -Command $Command -Status "Completed" -Details "Success"
return $Result
}
catch {
Write-ExecutionLog -Command $Command -Status "Failed" -Details $_.Exception.Message
# Restore from backup
if ($BackupPath) {
Restore-WorkspaceBackup -BackupPath $BackupPath
Write-ExecutionLog -Command $Command -Status "Rollback" -Details "Restored from backup: $BackupPath"
}
throw
}
Powershell wrapper
<#
.SYNOPSIS
Safe command execution wrapper for Cursor Agent operations
.DESCRIPTION
Provides a safety layer for executing PowerShell commands with automatic backup,
logging, and rollback capabilities.
.NOTES
Version: 1.0
Author: Cursor Agent
Created: 2024-03-14
#>
[CmdletBinding()]
param(
[Parameter(Mandatory = $true)]
[string]$Command,
[Parameter(Mandatory = $true)]
[string]$Description,
[Parameter(Mandatory = $false)]
[string]$WorkspacePath = $PWD,
[Parameter(Mandatory = $false)]
[switch]$Force
)
# Configuration
$Script:Config = @{
LogPath = Join-Path $WorkspacePath "logs/ps-execution.log"
BackupPath = Join-Path $WorkspacePath "backups"
MaxBackups = 10
RequireApproval = $true
LogRetentionDays = 30
}
# Ensure log directory exists
$LogDir = Split-Path $Script:Config.LogPath -Parent
if (-not (Test-Path $LogDir)) {
New-Item -ItemType Directory -Path $LogDir -Force | Out-Null
}
# Ensure backup directory exists
if (-not (Test-Path $Script:Config.BackupPath)) {
New-Item -ItemType Directory -Path $Script:Config.BackupPath -Force | Out-Null
}
function Write-ExecutionLog {
param(
[string]$Command,
[string]$Status,
[string]$Details
)
$LogEntry = @{
Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
Command = $Command
Status = $Status
Details = $Details
ScriptVersion = "1.0"
ScriptPath = $PSCommandPath
WorkspacePath = $WorkspacePath
User = $env:USERNAME
ComputerName = $env:COMPUTERNAME
} | ConvertTo-Json
Add-Content -Path $Script:Config.LogPath -Value $LogEntry
}
function New-WorkspaceBackup {
$BackupName = "backup_$(Get-Date -Format 'yyyyMMdd_HHmmss')"
$BackupPath = Join-Path $Script:Config.BackupPath $BackupName
# Create backup
Write-Verbose "Creating backup at: $BackupPath"
Copy-Item -Path $WorkspacePath -Destination $BackupPath -Recurse -Force
# Cleanup old backups
Get-ChildItem -Path $Script:Config.BackupPath -Directory |
Sort-Object CreationTime -Descending |
Select-Object -Skip $Script:Config.MaxBackups |
Remove-Item -Recurse -Force
return $BackupPath
}
function Restore-WorkspaceBackup {
param([string]$BackupPath)
Write-Warning "Restoring from backup: $BackupPath"
Copy-Item -Path "$BackupPath/*" -Destination $WorkspacePath -Recurse -Force
}
function Test-CommandSafety {
param([string]$Command)
# List of potentially dangerous commands
$DangerousCommands = @(
'Remove-Item',
'rm',
'del',
'rmdir',
'Format-Volume',
'Clear-Content',
'Stop-Computer',
'Stop-Process'
)
foreach ($dangerous in $DangerousCommands) {
if ($Command -match $dangerous) {
return $false
}
}
return $true
}
function Get-UserApproval {
param(
[string]$Command,
[string]$Description
)
Write-Host "`nCommand Execution Request" -ForegroundColor Cyan
Write-Host "======================" -ForegroundColor Cyan
Write-Host "Description: $Description"
Write-Host "Command: $Command"
Write-Host "Workspace: $WorkspacePath"
Write-Host "`nDo you approve this command execution? (y/n): " -NoNewline
$response = Read-Host
return $response -eq 'y'
}
# Main execution
try {
# Safety check
if (-not (Test-CommandSafety -Command $Command)) {
if (-not $Force -and -not (Get-UserApproval -Command $Command -Description $Description)) {
throw "Command execution not approved by user"
}
}
Write-ExecutionLog -Command $Command -Status "Starting" -Details $Description
# Create backup
$BackupPath = New-WorkspaceBackup
Write-ExecutionLog -Command $Command -Status "Backup" -Details "Created backup at: $BackupPath"
# Execute command
Write-Verbose "Executing command: $Command"
$Result = Invoke-Expression $Command
Write-ExecutionLog -Command $Command -Status "Completed" -Details "Success"
return $Result
}
catch {
Write-ExecutionLog -Command $Command -Status "Failed" -Details $_.Exception.Message
# Restore from backup
if ($BackupPath) {
Restore-WorkspaceBackup -BackupPath $BackupPath
Write-ExecutionLog -Command $Command -Status "Rollback" -Details "Restored from backup: $BackupPath"
}
throw
}
cursor-safety.code-workspace
{
"folders": [
{
"path": ".",
"name": "Safe Cursor Workspace"
}
],
"settings": {
// Core Safety Settings
"cursor.safety": {
"enabled": true,
"backupBeforeEdit": true,
"maxCodeDeletionPercent": 10,
"requireApprovalAbove": 5,
"autoRollbackThreshold": 15,
"preventRecursiveDeletes": true,
"safeMode": true
},
// Logging Configuration
"cursor.logging": {
"level": "DEBUG",
"path": "./logs/cursor-agent.log",
"format": "detailed",
"retentionDays": 30,
"required_fields": [
"timestamp",
"operation",
"files_affected",
"change_size",
"agent_id",
"approval_status"
]
},
// PowerShell Safety Integration
"cursor.powershell": {
"wrapCommands": true,
"scriptPath": "./scripts/wrapped",
"logPath": "./logs/ps-execution.log",
"requireApproval": true,
"safetyWrapper": "./scripts/Invoke-SafeCommand.ps1",
"maxBackups": 10,
"dangerousCommands": [
"Remove-Item",
"rm",
"del",
"rmdir",
"Format-Volume",
"Clear-Content",
"Stop-Computer",
"Stop-Process"
]
},
// AI Operation Rules
"cursor.ai": {
"rules": [
{
"name": "NO_LARGE_DELETIONS",
"condition": "changes.deletions > 10% of codebase",
"action": "REQUIRE_APPROVAL"
},
{
"name": "BACKUP_BEFORE_CHANGES",
"condition": "before any modification",
"action": "CREATE_BACKUP"
},
{
"name": "WRAPPED_COMMANDS",
"condition": "executing shell commands",
"action": "USE_PS1_WRAPPER"
},
{
"name": "PREVENT_RECURSIVE_CHANGES",
"condition": "detecting cascading modifications",
"action": "PAUSE_AND_NOTIFY"
}
],
"thresholds": {
"maxFileDeletions": 5,
"maxCodeRemovalPercent": 10,
"maxConcurrentChanges": 3,
"requiredApprovalThreshold": 5
}
},
// Editor Safety Settings
"editor.formatOnSave": true,
"editor.formatOnPaste": true,
"files.autoSave": "afterDelay",
"files.autoSaveDelay": 1000,
"editor.suggest.snippetsPreventQuickSuggestions": false,
// Git Integration
"git.enableSmartCommit": false,
"git.confirmSync": true,
"git.requireGitUserConfig": true,
"git.branchProtection": ["main", "master"],
"git.branchValidationRegex": "^(feature|bugfix|hotfix)/[a-z0-9-]+$",
// Backup Settings
"files.backup": {
"enabled": true,
"location": "./backups",
"maxBackups": 10,
"interval": 300000
},
// Language-specific Safety
"[typescript]": {
"editor.codeActionsOnSave": {
"source.fixAll.eslint": "explicit",
"source.organizeImports": "explicit"
}
},
"[javascript]": {
"editor.codeActionsOnSave": {
"source.fixAll.eslint": "explicit",
"source.organizeImports": "explicit"
}
},
"[python]": {
"editor.formatOnSave": true,
"editor.codeActionsOnSave": {
"source.organizeImports": "explicit"
}
}
},
"extensions": {
"recommendations": [
"ms-vscode.powershell",
"eamodio.gitlens",
"streetsidesoftware.code-spell-checker",
"davidanson.vscode-markdownlint"
]
},
"tasks": {
"version": "2.0.0",
"tasks": [
{
"label": "Verify Workspace Safety",
"type": "shell",
"command": "./scripts/Invoke-SafeCommand.ps1",
"args": [
"-Command",
"Write-Host 'Workspace safety verification complete'",
"-Description",
"Verify workspace safety settings"
],
"group": {
"kind": "build",
"isDefault": true
}
}
]
}
}