Cursor Adds Enterprise Controls for Safer, Observable Agent-Driven Coding

Cursor's new enterprise features — Hooks, Team Rules, upgraded analytics, Audit Log, and Sandbox Mode — improve observability, compliance, and control over AI-driven development. Built for large engineering teams and ...

Cursor
cursor cover

TL;DR

  • Hooks: run custom scripts at agent loop points to log prompts/completions, block or scrub commands, trigger automations, and distribute via MDM or Cursor cloud
  • Team Rules: centralize recommended or required conventions and schemas via the cloud dashboard
  • Upgraded Analytics: near real-time (data updates every two minutes), daily activity, adoption metrics, filters by Active Directory group, exportable API/CSV, and commit-level percentage of AI-generated lines of code; dashboard GA with data from Aug 27 for clients on 1.7+
  • Audit Log: tracks 19 event types covering access, asset edits, and configuration changes; viewable in the web dashboard and exportable as CSV
  • Sandbox Mode: executes agent terminal commands in a restricted environment (network/git blocked by default, file access limited to workspace and /tmp/), with options to skip or re-run failed commands and enterprise controls for git/network access
  • Enterprise engagement: features informed by work with large engineering orgs and available for tailored platform behavior and integrations

Cursor expands enterprise controls for agent-driven coding

Cursor has introduced a set of enterprise-focused features to give engineering teams stronger observability, compliance, and control over AI-assisted workflows. The rollout centers on five capabilities — Hooks, Team Rules, upgraded analytics, an Audit Log, and Sandbox Mode — aimed at making agent actions more transparent and safer for large organizations.

Hooks: observe, control, and extend the agent loop

Hooks let organizations run custom scripts at key points in the agent loop to record activity, enforce policies, or integrate external systems. Hooks can log prompts and completions, block or sanitize unapproved commands, and trigger automations or context injection. The feature supports distribution through MDM or Cursor’s cloud distribution option for enterprises. Documentation: https://cursor.com/docs/agent/hooks and cloud distribution details: https://cursor.com/docs/agent/hooks#cloud-distribution-enterprise-only.

Key capabilities

  • Add observability of agent tool calls, prompts, and completions.
  • Enforce compliance in real time (block commands, scrub secrets).
  • Extend Cursor by connecting external systems and automations.

Team Rules: shared conventions and enforced patterns

Team Rules centralize best practices and organizational standards so agents and developers follow the same constraints and recommendations. Admins can configure rules to be recommended or required via the cloud dashboard, helping standardize API schemas, conventions, and common workflows. Docs: https://cursor.com/docs/context/rules#team-rules and dashboard: https://cursor.com/dashboard?tab=team-content.

Upgraded Analytics: near real-time, exportable insights

The analytics suite has been rebuilt to surface how teams adopt and use AI features. Highlights include:

  • Daily activity and top users at a glance
  • Adoption metrics for CLI, Background Agent, and Bugbot
  • Commit-level percentage of AI-generated lines of code
  • Filters by Active Directory group
  • Exportable visualization data (API or CSV)
  • Data updates every two minutes (previously every 24 hours)

The upgraded dashboard is generally available today, with data from August 27th for all clients running 1.7 and later.

Audit Log: comprehensive event visibility

The Audit Log exposes platform events relevant to security and operations, tracking 19 event types that cover access changes, asset edits, and configuration updates. Audit data is available in the web dashboard and can be exported as CSV. Docs: https://cursor.com/docs/account/teams/dashboard#audit-log.

Sandbox Mode: safer command execution

Sandbox Mode runs agent terminal commands in a restricted environment to reduce risk during iteration. By default, the sandbox blocks network and git access and limits file access to the workspace and /tmp/. If a command fails due to restrictions, it can be skipped or re-run outside the sandbox. Enterprise admins retain controls over sandbox availability and team-wide git/network access. Docs on sandbox and enterprise controls: https://cursor.com/docs/agent/terminal and https://cursor.com/docs/agent/terminal#enterprise-controls.

Collaboration and enterprise support

Many of these features grew from work with large engineering organizations. Cursor offers enterprise engagement for teams that want to tailor platform behavior and integration. More information: https://cursor.com/enterprise.

Original source: https://cursor.com/blog/enterprise

Continue the conversation on Slack

Did this article spark your interest? Join our community of experts and enthusiasts to dive deeper, ask questions, and share your ideas.

Join our community

Related Articles

AI Coding Agents Boost Merged PRs by 39% and Shift Workflows, Study Finds

AI Coding Agents Boost Merged PRs by 39% and Shift Workflows, Study Finds

A University of Chicago study found Cursor's AI agent increased merged PRs by 39% after becoming default. Senior developers accepted agent edits more often and used it for planning and implementation.

1 shared tag
cursor-light cover

Cursor 2.0: Composer and Multi-Agent Interface for Faster Agentic Coding

Cursor 2.0 adds Composer, a low-latency coding model up to 4x faster, and a multi-agent interface to run parallel agents. Built-in review and browser testing accelerate verification and iteration.

1 shared tag
Cursor's Plan Mode: Spec-First Workflow for Long-Horizon Coding

Cursor's Plan Mode: Spec-First Workflow for Long-Horizon Coding

Plan Mode makes agents research your repo, ask clarifying questions, and produce editable markdown implementation plans with code snippets and file paths. Save plans in your repository to align teams before coding.

1 shared tag