I encountered a concerning workflow problem: Cursor’s LLM executed a terminal command to update my Docker image before I had the opportunity to review and approve the proposed code changes through the standard “Review next file” → “Keep” process and this raises two critical questions about Cursor’s behaviour:
Incomplete Updates: If the Docker image rebuild excludes the unapproved code changes, doesn’t this create inconsistent or broken container states?
Unauthorised Code Deployment: If the Docker image does include the unapproved changes, isn’t this a significant breach of user consent? The code was automatically deployed to a runnable container without explicit user approval.
The LLM should respect the review workflow and wait for explicit user approval before executing any commands that could deploy, build, or containerise code changes. As such, could you clarify:
How does Cursor handle Docker operations in relation to the code review process?
Are there safeguards in place to prevent the premature deployment of unreviewed code?
Should there be additional confirmation prompts for container/deployment commands?
To me, this seems like a fundamental workflow and security consideration that affects user control over their codebase.
Hi @LARAMediaGroup@MF_2000, thank you for your post. Please note that while we prioritize Bug Reports, we do follow discussions and posts where we are tagged, though it may sometimes take us a while to get to each topic.
To address your points:
While features like change review and Keep/Undo are intended for user control, please note that code changes are always written fully to the file. This is necessary because the Agent requires a stable version to continue its tasks. However, you retain the ability to undo or keep any changes made.
You remain in control of the process through Cursor settings, such as the Auto-run options. It’s important to permit only those actions that you intend to allow. This includes maintaining backups, protecting against accidental code or data deletion, preventing unauthorized access via tools (like MCPs, CLI, etc.), and providing a stable, safe environment for the Agent to operate.
Additionally:
AI may still occasionally “hallucinate” or generate output that seems correct but is actually flawed. This applies not only to code or chat text, but also to terminal commands and MCP usage. For this reason, always configure access and the environment so that AI errors cannot compromise your code or data.
Cursor does not have specific handling or settings for Docker operations or deployments. Within Cursor, actions are either tool calls (such as editing code) or commands executed in the terminal. This is independent of the language, environment, or process involved.
User requests are sent to the AI, which processes and returns suggested actions or code. Factors like rules and settings influence the AI’s processing.
Based on user-selected settings, certain actions become permissible and are carried out. For example, the Allowlist can automatically grant the AI permission to execute terminal commands, and options like Run Everything or Ask Every Time control what may be run without further user approval.
Note that the AI may sometimes attempt workarounds for restrictions you set or steps you deliberately skip in order to fulfill a task.
Ultimately, it is your responsibility to choose appropriate environments, tools, and processes to ensure the AI works on tasks you approve and in a way that does not cause permanent issues.
@condor So the answer is: 2.Unauthorised Code Deployment. The image includes unapproved changes, and the code is automatically deployed to a runnable container without explicit user approval = Breach of user consent.