• Tech Dev NotesTech Dev Notes
Apps
  • App lookup
  • App compare
Market movement
  • App charts
  • App rankings
Visual proof
  • App screens
  • App listing screenshots
  • App icons
Build intelligence
  • App tech stacks
  • Tool releases
  • Developers
More
  • X feature flags
  • Grokipedia
  • Blog
  • Follow on X
Skip to content
All content/ filesChangelog

cursor-docs/latest/content · Jun 26, 20:20 UTC

pages/cli/reference/permissions.txt

TXT·3.2 KB·101 lines

content/

  • pages

    • api.txt
    • approval-agents.txt
    • bugbot.txt
    • cloud-agent.txt
    • customize-cursor.txt
    • enterprise.txt
    • evals.txt
    • extension-api.txt
    • hooks.txt
    • mcp.txt
    • models-and-pricing.txt
    • plugins.txt
    • rules.txt

  • pages/account

    • regions.txt
    • update-access.txt

  • pages/account/enterprise

    • billing-groups.txt
    • cyber-safeguards.txt
    • service-accounts.txt

  • pages/account/organizations

    • organization-admin-api.txt

  • pages/account/pricing

    • request-based-legacy.txt

  • pages/account/teams

    • admin-api.txt
    • ai-code-tracking-api.txt
    • analytics-api.txt
    • analytics.txt
    • dashboard.txt
    • members.txt
    • pricing.txt
    • scim.txt
    • setup.txt
    • sso.txt

  • pages/agent

    • agent-review.txt
    • agents-window.txt
    • debug-mode.txt
    • design-mode.txt
    • overview.txt
    • plan-mode.txt
    • prompting.txt
    • security.txt

  • pages/agent/security

    • run-modes.txt

  • pages/agent/tools

    • browser.txt
    • canvas.txt
    • search.txt
    • terminal.txt

  • pages/cli

    • acp.txt
    • changelog.txt
    • github-actions.txt
    • headless.txt
    • installation.txt
    • mcp.txt
    • overview.txt
    • shell-mode.txt
    • using.txt

  • pages/cli/reference

    • authentication.txt
    • configuration.txt
    • output-format.txt
    • parameters.txt
    • permissions.txt
    • slash-commands.txt
    • terminal-setup.txt

  • pages/cloud-agent

    • automations.txt
    • best-practices.txt
    • capabilities.txt
    • choose-runtime.txt
    • my-machines.txt
    • private-workers.txt
    • security-network.txt
    • self-hosted-cloud-run.txt
    • self-hosted-k8s.txt
    • self-hosted-pool.txt
    • settings.txt
    • setup.txt

  • pages/cloud-agent/api

    • endpoints.txt
    • webhooks.txt

  • pages/configuration

    • worktrees.txt

  • pages/configuration/migrations

    • vscode.txt

  • pages/cursor-review

    • merge-queue.txt
    • overview.txt
    • pr-inbox.txt
    • pr-page.txt

  • pages/cursor-review/cli

    • authentication.txt
    • parameters.txt
    • stacking.txt

  • pages/customizing

    • aws-bedrock.txt

  • pages/enterprise

    • baa.txt
    • compliance-and-monitoring.txt
    • deployment-patterns.txt
    • endpoint-security.txt
    • identity-and-access-management.txt
    • llm-safety-and-controls.txt
    • model-and-integration-management.txt
    • network-configuration.txt
    • organization-groups.txt
    • organizations.txt
    • pooled-usage.txt
    • privacy-and-data-governance.txt
    • private-connectivity.txt
    • security-hardening.txt

  • pages/get-started

    • quickstart.txt

  • pages/integrations

    • azure-devops.txt
    • bitbucket.txt
    • cursor-blame.txt
    • github.txt
    • gitlab.txt
    • jetbrains.txt
    • jira.txt
    • linear.txt
    • microsoft-teams.txt
    • notion.txt
    • slack.txt
    • xcode.txt

  • pages/mcp

    • install-links.txt

  • pages/models

    • claude-4-5-haiku.txt
    • claude-4-5-sonnet.txt
    • claude-4-6-sonnet.txt
    • claude-4-sonnet-1m.txt
    • claude-4-sonnet.txt
    • claude-fable-5.txt
    • claude-opus-4-5.txt
    • claude-opus-4-6-fast.txt
    • claude-opus-4-6.txt
    • claude-opus-4-7-fast.txt
    • claude-opus-4-7.txt
    • claude-opus-4-8.txt
    • cursor-composer-1-5.txt
    • cursor-composer-1.txt
    • cursor-composer-2-5.txt
    • cursor-composer-2.txt
    • gemini-2-5-flash.txt
    • gemini-3-1-pro.txt
    • gemini-3-5-flash.txt
    • gemini-3-flash.txt
    • gemini-3-pro-image-preview.txt
    • gemini-3-pro.txt
    • glm-5-2.txt
    • gpt-5-1-codex-max.txt
    • gpt-5-1-codex-mini.txt
    • gpt-5-1-codex.txt
    • gpt-5-2-codex.txt
    • gpt-5-2.txt
    • gpt-5-3-codex.txt
    • gpt-5-4-mini.txt
    • gpt-5-4-nano.txt
    • gpt-5-4.txt
    • gpt-5-5.txt
    • gpt-5-codex.txt
    • gpt-5-fast.txt
    • gpt-5-mini.txt
    • gpt-5.txt
    • grok-4-20.txt
    • grok-4-3.txt
    • grok-build-0-1.txt
    • kimi-k2-5.txt

  • pages/reference

    • deeplinks.txt
    • ignore-file.txt
    • keyboard-shortcuts.txt
    • permissions.txt
    • plugins.txt
    • sandbox.txt
    • third-party-hooks.txt

  • pages/sdk

    • python.txt
route: /docs/cli/reference/permissions
title: Permissions
description: Configure file permissions and access controls for Cursor CLI.

Permissions
Configure what the agent is allowed to do using permission tokens in your CLI configuration. Permissions are set in ~/.cursor/cli-config.json (global) or <project>/.cursor/cli.json (project-specific).
Permission types
Shell commands
Format: Shell(commandBase)
Controls access to shell commands. The commandBase is the first token in the command line. Supports glob patterns and an optional command:args syntax for finer control.
Example
Description
Shell(ls)
Allow running ls commands
Shell(git)
Allow any git subcommand
Shell(npm)
Allow npm package manager commands
Shell(curl:*)
Allow curl with any arguments
Shell(rm)
Deny destructive file removal (commonly in deny)
File reads
Format: Read(pathOrGlob)
Controls read access to files and directories. Supports glob patterns.
Example
Description
Read(src/**/*.ts)
Allow reading TypeScript files in src
Read(**/*.md)
Allow reading markdown files anywhere
Read(.env*)
Deny reading environment files
Read(/etc/passwd)
Deny reading system files
File writes
Format: Write(pathOrGlob)
Controls write access to files and directories. Supports glob patterns. Print mode can use write and shell tools. Use permissions.allow, permissions.deny, and --force to control what runs without prompts.
Example
Description
Write(src/**)
Allow writing to any file under src
Write(package.json)
Allow modifying package.json
Write(**/*.key)
Deny writing private key files
Write(**/.env*)
Deny writing environment files
Web fetch
Format: WebFetch(domainOrPattern)
Controls which domains the agent can fetch when using the web fetch tool (e.g., to retrieve documentation or web pages). Without an allowlist entry, each fetch prompts for approval. Add domains to allow to auto-approve fetches from trusted sources.
Example
Description
WebFetch(docs.github.com)
Allow fetches from docs.github.com
WebFetch(*.example.com)
Allow fetches from any subdomain of example.com
WebFetch(*)
Allow fetches from any domain (use with caution)
Domain pattern matching:
* matches all domains
*.example.com matches subdomains (e.g., docs.example.com, api.example.com)
example.com matches that exact domain only
MCP tools
Format: Mcp(server:tool)
Controls which MCP (Model Context Protocol) tools the agent can run. Use server (from mcp.json) and tool name, with * for wildcards.
Example
Description
Mcp(datadog:*)
Allow all tools from the Datadog MCP server
Mcp(*:search)
Allow any server's search tool
Mcp(*:*)
Allow all MCP tools (use with caution)
Configuration
Add permissions to the permissions object in your CLI configuration file:
{
"permissions": {
"allow": [
"Shell(ls)",
"Shell(git)",
"Read(src/**/*.ts)",
"Write(package.json)",
"WebFetch(docs.github.com)",
"WebFetch(*.github.com)",
"Mcp(datadog:*)"
],
"deny": [
"Shell(rm)",
"Read(.env*)",
"Write(**/*.key)",
"WebFetch(malicious-site.com)"
]
}
Pattern matching
Glob patterns use **, *, and ? wildcards
Relative paths are scoped to the current workspace
Absolute paths can target files outside the project
Deny rules take precedence over allow rules
Use command:args (e.g., curl:*) to match both command and arguments with globs
Previouspages/cli/reference/parameters.txtNextpages/cli/reference/slash-commands.txt

© 2026 Tech Dev Notes

RSSAboutAPIPrivacyTermsSitemap@techdevnotes