AI coding app quick start

Cursor quick start

Check Cursor MCP config first, then keep a stable local memory of approvals.

Prerequisite

Install Guard

If you haven't installed Guard yet, run the install script first. This installs hol-guard via pipx and configures it for Cursor in one step.

Terminal

set -o pipefail; curl -fsSL https://hol.org/guard/install.sh | bash -s -- --harness cursor --mode install --verify

Already have Guard installed? Skip to the harness command below. Full install guide.

Harness command

Attach to Cursor

Terminal

hol-guard install cursor

Guard stays local by default — no account required to protect your first session. Connect Guard Cloud later to sync security records across your devices.

What Guard checks

  • ~/.cursor/mcp.json
  • project .cursor/mcp.json
  • local MCP server declarations before launch

What install changes

  • Uses wrapper mode first for low-risk rollout.
  • Does not require account sign-in to remember local approvals.

Verification

Confirm the setup before your first protected session.

1

Run the setup command

Start with the Guard command matched to this AI coding app and its setup mode.

Command

hol-guard install cursor
2

Run the next verification commands

Confirm Guard sees the expected config paths before your first protected session.

Command

hol-guard doctor cursor
3

Check your first security record

After Guard records a local decision, open the receipt list to confirm what was scanned.

Command

hol-guard receipts

Safe demo & test protection

Use --dry-run for demos and CI. Guard scans and reports without blocking, so you can show what it catches without interrupting a live session.

Sync to Guard Cloud

Connect Guard Cloud to carry your security records, team memory, and approval history across every machine and teammate — no rebuilding approvals when you switch devices.

Review Guard Cloud plans →

Troubleshooting

Something not working?

  • Guard does not intercept launches

    Run hol-guard doctor cursor and check that the wrapper path matches your installed binary.

  • No security record after the first run

    Check that ~/.hol-guard/ is writable. Guard writes every decision there by default.

  • Cloud sync not reflecting local decisions

    Run hol-guard sync --status to see if Guard Cloud can reach the server. Local protection keeps running even when sync is unavailable.

Approval surface

Guard local approval center (browser, localhost) — Cursor's built-in tool approval surface is not replaced, by design.

Run command

hol-guard run cursor

Uninstall / revert

Guard leaves no background services. Your approval history stays on disk in ~/.hol-guard/ unless you delete that folder.

Uninstall command

hol-guard uninstall cursor

Current phase notes

  • Does not override Cursor's built-in tool confirmation dialogs — Guard adds artifact-level trust before tool use.
  • MCP Extension API integration is future work. Wrapper mode is the current enforcement path.