Cursor Setup

Agent Keeper hooks into Cursor's tool use lifecycle. The default installer enforces shell commands, MCP tool calls, and Cursor's generic preToolUse payloads before execution.

What gets monitored

Tool	Enforcement
Shell commands (`run_terminal_cmd`)	Block or warn before execution
MCP tool calls (`mcp__*`)	Block or warn before execution
Generic tool calls (`preToolUse`)	Block or warn when Cursor emits a pre-tool payload
File reads and writes	Not installed by default

For pre-execution file-write blocking, use Claude Code, Windsurf, Codex, or Gemini CLI. Cursor's shell and MCP paths are enforced by the hooks below.

Installation

Get your API key from Settings > API Keys in the dashboard, then run the installer:

export AGENTKEEPER_API_URL="https://YOUR_AGENTKEEPER_URL"
export AGENTKEEPER_API_KEY="ak_live_..."
bash <(curl -fsSL "$AGENTKEEPER_API_URL/install-hooks.sh") --ide cursor

The installer stores the API key in ~/.agentkeeper/config, installs ~/.cursor/hooks/agentkeeper-hook.sh, and merges Agent Keeper commands into ~/.cursor/hooks.json.

What gets generated

{
  "hooks": [
    {
      "event": "preToolUse",
      "command": ["bash", "~/.cursor/hooks/agentkeeper-hook.sh"],
      "failClosed": false
    },
    {
      "event": "beforeShellExecution",
      "command": ["bash", "~/.cursor/hooks/agentkeeper-hook.sh"],
      "failClosed": false
    },
    {
      "event": "beforeMCPExecution",
      "command": ["bash", "~/.cursor/hooks/agentkeeper-hook.sh"],
      "failClosed": false
    }
  ]
}

For team rollout, deploy the same hook file and ~/.cursor/hooks.json through your device management tool, or package a repo-level config after validating it in a test workspace.

Connecting to the dashboard

After running the installer, open Cursor and start a Composer session. Agent Keeper registers the workstation on the first event. You can verify coverage in the Workstations page of your dashboard within a few seconds.

Known limitations

File writes are not blocked by the default Cursor installer. Use Claude Code, Windsurf, Codex, or Gemini CLI when you need pre-execution write-path enforcement.

Prompt blocking is not installed for Cursor by default. Shell and MCP blocking are the supported first-try enforcement paths for Cursor.

Permission deny bug. In Cursor 0.44 and earlier, returning a non-2xx response from a PreToolUse hook sometimes fails to surface the rejection message to the user. The tool call is still blocked, but Cursor may show a generic error instead of Agent Keeper's block reason. This is resolved in Cursor 0.45+.

Matchers use glob syntax, not regex. The mcp__* matcher in .cursor/hooks.json requires glob-style patterns. Cursor does not support the regex patterns used in Claude Code's settings.json.

Enforcement status

Check	Status
Shell command blocking	Enforced
MCP tool call blocking	Enforced
Generic `preToolUse` blocking	Enforced when Cursor emits the event
Prompt blocking	Not installed by default
File read/write blocking	Not installed by default
Session check-in	Auto (registered on first event)