I have denied git from my allowlist of commands because I don’t want agent mode to do a destructive action that it can’t easily come back from. E.g. deleting a branch without merging it.
That said, I would love it if I could set safe sub-commands in my allowlist, such as:
Allow: git status
Deny: git commit
Or maybe support for wildcards, unless they are overridden. E.g.:
Deny: git * or simply, git
Allow: git status
There’s actually a lot of things that fall into that category imo:
For example when working with golang, one might want to enable go fmt or go test without necessarily wanting to allow everything go.
I’d love more granular allowlist controls
I believe this is already possible by editing the config file yourself manually. See the Permissions documentation: Permissions | Cursor Docs
Here is a sample from my current ~/.cursor/cli-config.json file.
{
"permissions": {
"allow": [
"Shell(ls)",
"Shell(pre-commit)",
"Shell(git status)",
"Shell(git add)",
"Shell(git log)",
"Shell(git show)",
"Shell(pnpm typecheck)",
"Shell(git mv)",
"Shell(git reset)",
...
],
"deny": []
},
"version": 1,
"editor": {
"vimMode": true
},
...
}