I’m having some trouble with the agent sandbox. It seems there’s currently no reliable way to whitelist commands for the agent.
Even though certain commands aren’t included in the allow list, the agent can still execute them — including destructive ones like rm -rf inside the workspace. That’s quite concerning, since local files not tracked in Git might still be important, and right now I don’t see a way to fully prevent this.
Unless I’m missing something, the behavior feels inconsistent:
With the sandbox off, I have to manually allow every command.
With the sandbox on, the allow list exists but doesn’t appear to be strictly enforced.
Is this expected behavior, or is there a known workaround?
Yeah, is there a way to go back to the old allowlist model while the sandbox is ironed out as a feature?
Especially since the sandbox currently doesn’t work for pnpm, which makes it unusable in my case since my whole project uses pnpm.
Running any pnpm command (something as innocuous as pnpm lint causes the sandbox to experience a memory leak, which isn’t resolved when quitting Cursor. I’ve had to shut down my computer twice, now!
dotnet commands timeout in the sandbox, and my cursor rule which tells the LLMs that they should run dotnet commands outside of it is also ignored 80% of the time. Really anoying.
Before when I was working with Next.js and npm it was a great feature.
