I understand the frustration, especially with a live financial system. The behavior you’re describing is how Agent mode works by default: it auto-applies file edits and runs terminal commands without asking. For your use case, a few settings changes will give you the control you need:
1. Use Ask mode for Q&A (no edits)
At the top of the chat panel, switch from Agent to Ask. In Ask mode, the AI can read your code and answer questions but cannot make any file changes or run commands. Use Agent mode only when you specifically want code written.
2. Disable auto-run for terminal commands
Go to Cursor Settings > Features > Chat > Auto-Run Mode and switch it to Off (or use the Allowlist option to only auto-approve safe commands). With auto-run off, the agent must ask before executing any terminal command, including git.
3. Add project rules to constrain behavior
Create a .cursor/rules/safety.mdc file in your project with rules like:
- Never run git commands without explicit approval
- Never modify files during Q&A — only when explicitly asked to make a code change
- Always show the exact diff before applying changes
- Never touch production/live trader files unless specifically instructed
These rules are included in every session automatically. More on rules: Rules
4. Use checkpoints to revert unwanted changes
Every agent turn creates a checkpoint. If something goes wrong, click any checkpoint in the chat timeline to instantly restore your files to that state. Details: Checkpoints
General recommendation: For a live financial system handling real money, I’d strongly recommend working on a separate git branch and only merging to production after manual review. No AI coding tool today should have unsupervised write access to production code.
I also see you posted a related thread - Structural failure modes. I’ll merge that into this one so everything stays in one place.
Let me know if you have questions about setting any of this up.