Feature request for product/service
Chat
Describe the request
Cursor agents propose tool calls (file edits, shell commands, MCP calls, file
deletions) and the user accepts or rejects each one. None of these proposals
or decisions are persisted in any queryable, exportable form.
The Enterprise audit log covers administrative events (logins, role changes,
API keys, team settings) but explicitly excludes agent actions: “We do not log
agent responses or generated code content.” Hooks cover prompts submitted and
code generated — but not tool call proposals, approval/rejection decisions,
timestamps, or which model requested the action.
What should be logged per tool call:
- Timestamp
- Agent/model that proposed the call
- Tool type (Shell, Read, Write, StrReplace, MCP, Delete, etc.)
- Call parameters (command, file path, MCP server+tool, etc.)
- User decision: accepted / rejected / auto-approved (via allowlist)
- Execution result: success / failure / cancelled
Why this matters:
Governments, corporations, and regulated institutions require auditable
decision trails before adopting AI-assisted development tools. SOC 2, GDPR,
NIS2, HIPAA, and ISO 27001 all expect evidence of human oversight over
automated actions — especially actions that modify source code, execute
commands, or access external APIs.
Without a platform-level approval audit trail, organizations cannot answer:
“What did the AI agent do, and did a human authorize it?”
Suggested implementation:
- Append to existing Enterprise audit log stream (SIEM/S3/webhook)
- Also persist locally for individual users (JSONL alongside agent
transcripts) so non-Enterprise users benefit from session review - Expose via a hooks event type (e.g.
tool_call_proposed,
tool_call_decided) for custom compliance pipelines
Related: topic #156178
(persist tool calls before execution + crash recovery) covers the write-ahead persistence side. This FR covers the approval decision
audit trail, which is complementary: persistence makes recovery possible;
audit trail makes governance possible.