No option to use allowlist without sandbox

Ideas Feedback
, ,
1

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

The options for “Auto-run mode” are now only “Always ask”, “Auto-run in sandbox” (with allowlist for unsandboxed commands) and “always run everything”.

This means the most obvious and most desireable (for me at least) option is now nowhere to be seen. The allowlist to control what the model is allowed to do on its own is a completely separate feature from whatever sandboxing is going on and they should not be conflated.

Not only because I on “principle” don’t want the model to be able to execute code on its own - sandboxed or not - but the sandboxing also doesn’t particularly WORK very well as the models are not really aware of it or doesn’t understand when they will be limited by it. Right now model execution is almost always “try to run in sandbox → fail” then try again and ask for permission after being bewildered.

Steps to Reproduce

Just go to the Cursor options for Auto-run and try to use the software normally.

Expected Behavior

I expect to be able to control command allowlist separately from execution sandboxing because they are conceptually different things that solve different problems in different ways.

Screenshots / Screen Recordings

Cursor_whQvbG0q5E.png
Cursor_whQvbG0q5E.png999×627 18.9 KB

Operating System

Windows 10/11

Version Information

Version: 2.4.23 (user setup)
VSCode Version: 1.105.1
Commit: 379934e04d2b3290cf7aefa14560f942e4212920
Date: 2026-01-29T21:24:23.350Z
Build Type: Stable
Release Track: Default
Electron: 39.2.7
Chromium: 142.0.7444.235
Node.js: 22.21.1
V8: 14.2.231.21-electron.0
OS: Windows_NT x64 10.0.26100

Additional Information

It’s also more opaque and confusing because when the model runs commands in the sandbox it looks exactly the same as when running out of the sandbox. It used to have a title “Running in sandbox” but now it has the same title for both kinds of code execution. I would suggest that a sandboxed execution should even have a separate color background from proper execution to make it unmistakeable.

Does this stop you from using Cursor

No - Cursor works, but with this issue

3

I am waiting for final confirmation from support but apparently they have removed this feature from Personal and Teams and moved it to the Enterprise plan only with “custom pricing” :frowning:

If true, this lowers security across the board and removes the ability for automation for anyone not on an Enterprise plan.

To add, running in a sandbox isn’t an option for us since we have dependencies in private package servers that I don’t want to give Cursor the credentials to.

4

Update - allowlist is still available if you enable “Legacy Terminal Tool”

https://forum.cursor.com/t/running-in-sandbox-vs-allowlist/140434/3

My previously built allow list seems to be gone but I’ll take the win.

Happy to have found that but if they ultimately remove this feature, it would be a deal breaker for us and it would be time to look for alternatives. Hoping not!