Where does the bug appear (feature/product)?
Cursor IDE
Describe the Bug
The new /worktree, /apply-worktree, and /delete-worktree commands are hard to whitelist because they run arbitrary Bash commands. Managing worktrees created by Cursor should be a relatively safe operation, and the user should have the option to whitelist it.
Steps to Reproduce
- Call /worktree.
- You should see it asking for permission to run a command like the one above in unrestricted mode.
set -euo pipefail
WORKTREE_ID="worktree-bbd914fb"
REPO_ROOT="$(git rev-parse --show-toplevel)"
REPO_BASENAME="$(basename "$REPO_ROOT")"
if command -v shasum >/dev/null 2>&1; then
REPO_HASH="$(printf '%s' "$REPO_ROOT" | shasum -a 256 | cut -c1-12)"
else
REPO_HASH="$(printf '%s' "$REPO_ROOT" | sha256sum | cut -c1-12)"
fi
REPO_KEY="${REPO_BASENAME}-${REPO_HASH}"
WORKTREE_SET_DIR="$HOME/.cursor/worktrees/$WORKTREE_ID"
WORKTREE_DIR="$WORKTREE_SET_DIR/$REPO_KEY"
mkdir -p "$WORKTREE_SET_DIR"
if [ -d "$WORKTREE_DIR" ]; then echo "ERROR: worktree directory already exists: $WORKTREE_DIR" >&2; exit 1; fi
WORKTREE_START_REF="${WORKTREE_START_REF:-HEAD}"
git worktree add --detach "$WORKTREE_DIR" "$WORKTREE_START_REF"
HEAD_COMMIT="$(git -C "$WORKTREE_DIR" rev-parse HEAD)"
echo "WORKTREE_ID=$WORKTREE_ID"
echo "REPO_KEY=$REPO_KEY"
echo "WORKTREE_PATH=$WORKTREE_DIR"
echo "REPO_ROOT=$REPO_ROOT"
echo "HEAD_COMMIT=$HEAD_COMMIT"
echo "WORKTREE_START_REF=$WORKTREE_START_REF"
Expected Behavior
Expect it to request tool permission, or at least permission to execute a script—such as bash ~/.cursor/skill-cursor/scripts/create-worktree.sh—which can be whitelisted.
Operating System
MacOS
Version Information
Version: 3.0.12 (Universal)
VSCode Version: 1.105.1
Commit: a80ff7dfcaa45d7750f6e30be457261379c29b00
Date: 2026-04-04T00:13:18.452Z
Layout: editor
Build Type: Stable
Release Track: Default
Electron: 39.8.1
Chromium: 142.0.7444.265
Node.js: 22.22.1
V8: 14.2.231.22-electron.0
OS: Darwin arm64 25.4.0
Does this stop you from using Cursor
No - Cursor works, but with this issue