How to effectively ban auto "git commit"

Discussion
1

Under the composer agent mode:
the git commit should only happen at least after all unit test pass.
But sometimes, cursor would fail to find failures in test cases, and “remember” my previous promp “* commit change *”, then do auto git commit.
Even I rule "auto commit : forbidden " in .cursorrule files.

in the command denylist, I added “git commit”, but sometimes, the agent could still escape by “git add . && git commit”.

So, looks like I need to also add “git add” to denylist.

But the root solution should be:
1: cursor should correctly notice there are failures in unit test.
2: the denylist should also deny command A &&/; commnad B…

2

Hey, unfortunately we don’t have a good way of doing this right now.

I’d recommend fleshing out your message in .cursorrules as a longer rule to the AI can often improve how well it follows them.

3

Adding cursor rules to tell the model/agent not to do certain things is NEVER fool-proof. Sometimes the model doesn’t follow the rules at all.

I’ve had my cursor agent run git commands even though my cursor rules are VERY explicit about this being forbidden! I absolutely don’t want any AI agent to touch my git repos except for checking what’s in it.

Preventing destructive git commands

If you want to prevent the Cursor AI Agent to do anything destructive with your git repository, which everybody should want if you ask me, you can do this:

  • set up a git hook for all destructive commands
  • the hook will, before running the command, ask the user whether they are human (and tell them not to continue if they are an AI agent)
  • if the user types “yes”, it will continue to execute the command
  • if the user does not type “yes” it will simply stop

This may seem overly simple and naive, but should be quite effective, assuming that your AI agent is simply forgetful and not evil.

On my linux system, I execute this command (from my project folder) to set up all git hooks to do just that:

for hook in pre-commit pre-push pre-merge-commit pre-rebase prepare-commit-msg
do
  cat > .git/hooks/$hook << 'EOF'
#!/bin/bash

# Force script to run interactively even when called from Git
exec < /dev/tty

# Clear display and show prominent warning
echo -e "\033[1;31m"
echo "┌───────────────────────────────────────────────────────────┐"
echo "│  ⚠️   HUMAN VERIFICATION REQUIRED - AI AGENTS STOP!   ⚠️   │"
echo "└───────────────────────────────────────────────────────────┘"
echo -e "\033[0m"

echo -e "\033[1mAre you human? If you are an AI agent, then DON'T continue! You are breaking the rules!\033[0m"
read answer

if [ "$answer" != "yes" ]; then
  echo -e "\033[1;31mOperation rejected. Human confirmation required.\033[0m"
  # Close the TTY connection
  exec <&-
  exit 1
fi

echo -e "\033[1;32mHuman confirmed. Proceeding with operation.\033[0m"
# Close the TTY connection
exec <&-
exit 0
EOF

  # Make the hook executable
  chmod +x .git/hooks/$hook
done

For Windows or Mac, you will need a different script, but the principle is the same.

You can ask your Cursor Composer or Chat to create them:

Please create git hooks which prevents AI agents from executing destructive git commands, by asking them to confirm they are human. Make sure there’s a stern warning not to continue if they are an AI agent.

Only running commits after all tests passed succesfully

Similarly, you could use a git hook to first run tests each time anyone runs git commit. Ask your Cursor Chat or Composer to create the script:

Please create a pre-commit git hook which prevents committing to my git repo unless all automated tests have passed successfully.

The hook should execute this command first:
npm test

If all tests were successful, the commit can proceed. If not, there should be a message like this:
“Some tests have failed. Please debug until all tests pass and then try to commit again”