KeypostKeypost

Cursor Integration

Add policy enforcement to Cursor's MCP connections.

Overview

Cursor uses the same MCP configuration format as Claude Desktop. The integration steps are identical.

Configuration file location

Cursor stores MCP configuration in:

  • macOS: ~/Library/Application Support/Cursor/mcp.json
  • Windows: %APPDATA%\Cursor\mcp.json
  • Linux: ~/.config/Cursor/mcp.json

HTTP servers

Replace your MCP server URL with your Keypost URL:

{
  "mcpServers": {
    "my-server": {
      "url": "https://abc123xyz.keypost.ai/mcp"
    }
  }
}

Stdio servers

Use keypost-wrapper to wrap local MCP servers:

{
  "mcpServers": {
    "filesystem": {
      "command": "keypost-wrapper",
      "args": [
        "--keypost-url", "https://abc123xyz.keypost.ai/mcp",
        "--",
        "npx", "-y", "@modelcontextprotocol/server-filesystem", "/path/to/allowed/dir"
      ]
    }
  }
}

Example: Filesystem with DLP

Prevent Cursor from reading or exposing sensitive files:

  1. Create a Keypost for the filesystem server
  2. Add a DLP policy to block paths containing .env, secrets, or credentials
  3. Add a parameter constraint to restrict the path parameter

Now Cursor can access files but won't be able to read sensitive configuration.

Restart required

After editing the MCP configuration, restart Cursor for changes to take effect.