Sandbox mode makes using cursor annoying

AmbThir · November 12, 2025, 10:14am

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

When I accept a command that required internet access or they are on my allowlist, the models gets an error and just stops the process, this is very annoying.

For example, I have a rule to create the changelog since last tag, where the model needs to read all the commits, then commit, create a tag, push, and create a PR. Since those are not in the allow list they do not run automatically but I expect that If I manually accept the command they should be able to run.

Or that the system understands it and tries to run it again with full permissions. But I currently find my self adding in several of my cursor rules a text like do not run this in sandbox mode, use full permissions.

Steps to Reproduce

Ask any model to git push, accept the command, it will get an error, and just stop (sometimes it tries again with full permissions)

Expected Behavior

I expect that if I accept a command and it does not work due to sandbox that the model tries again with full permissions

Operating System

MacOS

Current Cursor Version (Menu → About Cursor → Copy)

Version: 2.0.74
VSCode Version: 1.99.3
Commit: a965544b869cfb53b46806974091f97565545e40
Date: 2025-11-12T00:47:02.205Z
Electron: 37.7.0
Chromium: 138.0.7204.251
Node.js: 22.20.0
V8: 13.8.258.32-electron.0
OS: Darwin arm64 24.6.0

Does this stop you from using Cursor

No - Cursor works, but with this issue

deanrie · November 12, 2025, 12:21pm

Hey, thanks for the report. You’ve found a workflow issue with sandbox mode.

Current sandbox behavior: when commands fail due to sandbox restrictions, the agent doesn’t always retry with full permissions after you manually accept them. This is frustrating, especially for git operations like git push.

Related issue: there’s a known bug where sandbox mode completely bypasses command allowlists for git operations: 2.0.73: executing unauthorized commands!

Potential workaround:

Open Settings → Agents → Auto Run
Enable “Legacy Terminal Tool”
This restores the older allowlist-based approach where you can pre-approve commands
However, it might not fully solve the retry-after-accept issue

Your feature request makes sense - if you manually accept a sandboxed command, the agent should smartly retry with the necessary permissions.

Did the Legacy Terminal Tool option help your workflow?

AmbThir · November 14, 2025, 10:57am

Yes! Thank you so much that is what I was looking for! The legacy system was just perfect for me and what I would expect as behaviour. To me the bug you mentioned is not the same issue though, in my case it is using properly the allowlist, just it is runnning the commands without full permissions and therefore getting an error.

I hope in the future this will be a forth option, meaning run in full permission mode, using allowlist, and if a command is not in the allowlist then ask me, if I confirm it should still have full permissions

rolloT · November 14, 2025, 6:30pm

The legacy terminal tool toggle did not fix this for me. With it toggled on and auto-run mode set to ask every time i still get messages like this. “I can’t run Alembic migrations in this sandbox (no DB access).“ Very frustrating given the lack of control and how intermittent it is.

system · December 6, 2025, 6:31pm

This topic was automatically closed 22 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cursor Able to git commit with out user permission in sandbox mode Bug Reports	1	26	November 21, 2025
Running in Sandbox vs Allowlist Bug Reports	2	236	November 24, 2025
How do I disable sandbox when agent wants to run commands? Bug Reports	3	416	November 11, 2025
Agents git committing when they shouldn't Bug Reports	3	41	December 4, 2025
Dangerous change in last update! Bug Reports	11	413	November 7, 2025