Status: deferred from v0.8.0 plugin upgrade.
Plugin: cursor (plugins/cursor.go)
Capability cell: PERMS, currently ----
Context
Cursor 2.4+ added sandbox profiles (.cursor/sandbox.json) for permission policy — domain allowlists, filesystem scoping, per-workspace and admin-level configs. See:
The current cursor plugin marks PERMS as SupportUnsupported (v0.8.0 capability flip was deferred since the sandbox shape isn't a straight allow/ask/deny list).
What to implement
- In
plugins/cursor.go's Plan(), when proj.Permissions is non-nil, emit a .cursor/sandbox.json op (OpMerge so user-authored keys survive).
- Translate the canonical
tool:pattern grammar to Cursor's sandbox structure:
bash:<cmd> * → shell command allowlist / denylistRead|Write|Edit:<path> → filesystem scoping- URL or domain patterns → network allowlists
- Where the translation is lossy (e.g., Cursor's allowlist can't express a pattern), emit an info warning the way other plugins do.
- Flip
Capabilities().Permissions from SupportUnsupported → SupportNative (or SupportDegraded if the translation loses semantics for common cases).
- Importer parity: extend
internal/importer/cursor.go to read .cursor/sandbox.json back into model.Permissions.
Acceptance criteria
prism capabilities shows cursor PERMS = native (or degr. with clear docs).- A skill/scope-projected
.agents/permissions.yaml round-trips: prism init --from cursor && prism compile && prism check clean.
- Round-trip test in
internal/engine/roundtrip_test.go covers a sandbox.json fixture.
Status: deferred from v0.8.0 plugin upgrade.
Plugin: cursor (
plugins/cursor.go)Capability cell: PERMS, currently
----Context
Cursor 2.4+ added sandbox profiles (
.cursor/sandbox.json) for permission policy — domain allowlists, filesystem scoping, per-workspace and admin-level configs. See:The current
cursorplugin marks PERMS asSupportUnsupported(v0.8.0 capability flip was deferred since the sandbox shape isn't a straightallow/ask/denylist).What to implement
plugins/cursor.go'sPlan(), whenproj.Permissionsis non-nil, emit a.cursor/sandbox.jsonop (OpMergeso user-authored keys survive).tool:patterngrammar to Cursor's sandbox structure:bash:<cmd> *→ shell command allowlist / denylistRead|Write|Edit:<path>→ filesystem scopingCapabilities().PermissionsfromSupportUnsupported→SupportNative(orSupportDegradedif the translation loses semantics for common cases).internal/importer/cursor.goto read.cursor/sandbox.jsonback intomodel.Permissions.Acceptance criteria
prism capabilitiesshows cursor PERMS =native(ordegr.with clear docs)..agents/permissions.yamlround-trips:prism init --from cursor && prism compile && prism checkclean.internal/engine/roundtrip_test.gocovers a sandbox.json fixture.