Skip to main content
Sentrail offers two connection modes for Cursor. Choose Option A if you want to intercept local shell commands (rm -rf, git push --force, DROP TABLE, etc.). Use Option B if you only need to govern MCP tool calls routed to an upstream server.
For rm -rf, git push --force, DROP TABLE, and other shell-level commands, you must use Option A (local interceptor). The cloud proxy only sees MCP JSON-RPC calls — it cannot intercept commands the agent runs via bash or a terminal tool.
The Sentrail CLI runs a local proxy at http://localhost:3773. Cursor connects to it instead of the upstream MCP server. Every tools/call — including shell commands — is classified and checked against your policies before execution.

1. Install the CLI

npm install -g sentrail

2. Initialize

sentrail init
Enter your API key (agk_…), workspace ID, and upstream MCP server URL when prompted. The command writes ~/.sentrail/config.json.

3. Add to Cursor config

Open Cursor Settings → MCP or edit ~/.cursor/mcp.json: 
{
  "mcpServers": {
    "sentrail": {
      "url": "http://localhost:3773"
    }
  }
}

4. Start the interceptor

sentrail start

5. Verify with the demo

sentrail demo
The demo simulates rm -rf, git push --force, DROP TABLE, and cat README.md — and shows the Sentrail decision for each without executing anything real.
Do not commit your API key to version control. Cursor allows environment variable references — use $SENTRAIL_API_KEY if your setup supports it.

Option B — Cloud MCP proxy

Point Cursor directly at the Sentrail mcp-gate cloud endpoint. This governs MCP tools/call requests to an upstream MCP server but does not intercept local shell commands.

Prerequisites

  • A Sentrail workspace with an MCP server connected (Tools → MCP → Connect)
  • An API key with the mcp scope

Configuration

{
  "mcpServers": {
    "sentrail": {
      "url": "https://<project-ref>.supabase.co/functions/v1/mcp-gate/sse",
      "headers": {
        "Authorization": "Bearer agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
        "X-Agent-Id": "cursor"
      },
      "transport": "sse"
    }
  }
}

Verifying the connection

After saving, open the Cursor MCP panel. The sentrail server should appear with a green status indicator and the list of tools from your upstream MCP server.

How it works

When Cursor’s agent invokes an MCP tool:
  1. Cursor sends tools/list to mcp-gate — gets back your upstream tool list (cached 60s)
  2. Cursor sends tools/call to mcp-gate
  3. mcp-gate evaluates the call against your Sentrail policies
  4. On allow: call is forwarded to upstream; result returned to Cursor
  5. On block: Cursor receives a JSON-RPC error with the block reason
  6. On require_approval: Cursor receives a result with an approval message; the agent is paused until a reviewer decides

Agent identity

The X-Agent-Id: cursor header is recorded in all audit log entries from Cursor. Use it in policy conditions to scope rules specifically to Cursor: 
{
  "name": "Cursor - require approval for all writes",
  "tool": "mcp",
  "actionPattern": "*",
  "conditions": {
    "allowedAgents": ["cursor"],
    "minRiskLevel": "medium"
  },
  "mode": "require_approval",
  "priority": 20
}

Project-level configuration

For team setups, commit a project-level config that references an environment variable: 
{
  "mcpServers": {
    "sentrail": {
      "url": "https://<project-ref>.supabase.co/functions/v1/mcp-gate/sse",
      "headers": {
        "Authorization": "Bearer $SENTRAIL_API_KEY",
        "X-Agent-Id": "cursor"
      },
      "transport": "sse"
    }
  }
}
Each team member sets SENTRAIL_API_KEY in their shell profile. You can generate per-developer keys with the same scopes but different names for attribution in audit logs.

Troubleshooting

Confirm the Sentrail endpoint ends with /mcp-gate/sse. Cursor does not support stdio transport for remote servers.
The tool list is fetched from your upstream MCP server. If no tools appear, check that your MCP server is running and reachable at the URL configured in Sentrail → Tools → MCP.
This is expected behavior. When a require_approval decision is returned, Cursor surfaces the message from _meta.sentrail. Open the Sentrail dashboard → Approvals to review and decide.