I’ll be advocating for this until Cursor implements a proper deny / allow list, or a competitor will.
Lack of a proper user-controlled deny and allow list invites a serious failure for someone! At least, it prevents much smoother flow!
The commands must go through a deny list first, then through an allow list.
Match on deny list - immediate stop of a command.
No match on either list - ask user!
It’s much better than whitlisting all possible git commands except git add and git commit!
I want to deny *rm -rf* in any piping command but I’m fine with single rm .
I want to deny *console* so it does not run any f console ever again!
These MUST be project specific - when I’m developing in a dev container with git the risk of catastrophic failure is super low, it’s opposite when I do a quick thing on my host machine.