AI coding app quick start
Cursor quick start
Check Cursor MCP config first, then keep a stable local memory of approvals.
Prerequisite
Install Guard
If you haven't installed Guard yet, run the install script first. This installs hol-guard via pipx and configures it for Cursor in one step.
Terminal
set -o pipefail; curl -fsSL https://hol.org/guard/install.sh | bash -s -- --harness cursor --mode install --verifyAlready have Guard installed? Skip to the harness command below. Full install guide.
Harness command
Attach to Cursor
Terminal
hol-guard install cursorGuard stays local by default — no account required to protect your first session. Connect Guard Cloud later to sync security records across your devices.
What Guard checks
- ~/.cursor/mcp.json
- project .cursor/mcp.json
- local MCP server declarations before launch
What install changes
- Uses wrapper mode first for low-risk rollout.
- Does not require account sign-in to remember local approvals.
Verification
Confirm the setup before your first protected session.
Run the setup command
Start with the Guard command matched to this AI coding app and its setup mode.
Command
hol-guard install cursorRun the next verification commands
Confirm Guard sees the expected config paths before your first protected session.
Command
hol-guard doctor cursorCheck your first security record
After Guard records a local decision, open the receipt list to confirm what was scanned.
Command
hol-guard receiptsSafe demo & test protection
Use --dry-run for demos and CI. Guard scans and reports without blocking, so you can show what it catches without interrupting a live session.
Sync to Guard Cloud
Connect Guard Cloud to carry your security records, team memory, and approval history across every machine and teammate — no rebuilding approvals when you switch devices.
Review Guard Cloud plans →Troubleshooting
Something not working?
Guard does not intercept launches
Run
hol-guard doctor cursorand check that the wrapper path matches your installed binary.No security record after the first run
Check that
~/.hol-guard/is writable. Guard writes every decision there by default.Cloud sync not reflecting local decisions
Run
hol-guard sync --statusto see if Guard Cloud can reach the server. Local protection keeps running even when sync is unavailable.
Approval surface
Guard local approval center (browser, localhost) — Cursor's built-in tool approval surface is not replaced, by design.
Run command
hol-guard run cursorUninstall / revert
Guard leaves no background services. Your approval history stays on disk in ~/.hol-guard/ unless you delete that folder.
Uninstall command
hol-guard uninstall cursorCurrent phase notes
- Does not override Cursor's built-in tool confirmation dialogs — Guard adds artifact-level trust before tool use.
- MCP Extension API integration is future work. Wrapper mode is the current enforcement path.