Feature request for product/service
Chat
Describe the request
The legacy terminal mode for cursor’s agent generally suits my need. I need a standard allowlist approach to the terminal, without any sandboxing (as it seems to cause a great many problems with the way I work!). I don’t have any interest in yolo mode, at the same time I cannot be waiting around to approve every single benign command that could never cause any harm. So the allow list lets me keep things moving and still be asked to approve risky commands. I like that.
I think an argument can be made, however, that this legacy terminal allowlist mode, needs a companion denylist. Both should work together. The denylist would allow me to mark certain commands as plain and simply OFF LIMITS, and the agent should simply never run them. IF the agent tries to execute any command, that includes a denied command or commands (even if it is part of a larger more complex execution involving other commands, the pipe, and combinations with && and ||), Cursor should deny the entire command in a manner the agent/model can recognize. A terminal instance should never be created (if one does not already exist) and the command should never even be issued to the terminal. It should be preemptively denied and the agent should give the model a response that allows it to either reformulate the command without the denied command(s), take a different approach, or stop and ask the user for instructions.
There are some things I just don’t want the agent doing, period. A naive example would be rm -rf / but another, at least in my case personally, is git push of any kind, and shure as hell nothing with a force option!!! There are others as well. Having a denylist would allow me to just premptively prevent these kinds of commands from ever bening run, and not have to be manually rejected by me. I have rules for most of these, however, Cursor does not seem to be applying rules well these days, and the agent/models are very frequently just blatantly ignoring my rules now, doing things that they haven’t done in months, and its quite baffling. A lot of them have to do with terminal commands, and a denylist would be great as it would just preemptively halt the agent from going down those paths at all.