I pretty much want to allow Cursor to run any command except a few (mostly git add and git commit but also any console like rails consolerails c etc.
I can’t figure out how the allow and deny list exactly work.
For instance all rails command can be called with or without bundle exec but that’s fine still I have just a few deny commands I can add the variations.
At the beginning I had only deny commands but Cursor would get stuck at approvals so I started adding allow commands which grew a lot but it’s been manageable.
The problem is with command parameters - for incense I’ve got grep in the allowlist but it asks me for permission when running eg. grep -A 5 -B 5 "STEP DEBUG.*contract ID\|CONTROLLER DEBUG.*Contract ID" log/test_p5.log
How does it exactly work?
Simple wildcards or regexes would solve this.
Do I need to add commands to allowlist once I have some in denylist?…
It is not a simple exact match on the command name (executable). I’ve added git and it still ask about git log ... commands.
So is it a pattern on the whole command line?
In general the lack of sanboxing is a bit turnoff. Hope they will focus on this in the future (if not, at least provide a guide for how to best run the whole IDE in a sandbox on different platforms)
+1 here. It’s a safety-critical alternative for babysitting each action of the AI agent. It needs to be better specified.
Even without malicious AI hijacks I’ve seen enough sudden AI meltdowns where it would go haywire and start randomly breaking things. For now I keep an IntelliJ IDE running in parallel to track local history (vscode local history extension isn’t a good replacement there).