Enterprise
Cursor Auto-review Run Mode Guide
Cursor's Auto-review Run Mode lets agents work longer with fewer prompts by allowing safe shell, MCP and fetch calls, sandboxing calls when possible and sending other actions to a classifier subagent.
What changed in Cursor Auto-review Run Mode, May 2026?
Cursor's Auto-review Run Mode lets agents work longer with fewer prompts by allowing safe shell, MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. and fetch calls, sandboxing calls when possible and sending other actions to a classifier subagent.
- Release fact
- Shell, MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. and Fetch
- Why it matters
- Auto-review applies across local command, tool and fetch calls.
- Release fact
- Allowlisted calls
- Why it matters
- Known-safe call shapes can run immediately.
- Release fact
- Sandboxable calls
- Why it matters
- Calls that can be sandboxed run in the sandbox.
- Release fact
- Classifier subagent
- Why it matters
- Other actions are allowed, redirected or sent for human approval.
- Release fact
- Settings and instructions
- Why it matters
- Teams can configure run mode and steer the classifier with instructions.
| Release fact | Why it matters |
|---|---|
| Shell, MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. and Fetch | Auto-review applies across local command, tool and fetch calls. |
| Allowlisted calls | Known-safe call shapes can run immediately. |
| Sandboxable calls | Calls that can be sandboxed run in the sandbox. |
| Classifier subagent | Other actions are allowed, redirected or sent for human approval. |
| Settings and instructions | Teams can configure run mode and steer the classifier with instructions. |
As of June 23, 2026. See the linked Cursor sources for the latest details.
How should a team use Cursor Auto-review Run Mode?
- 1Start with the task risk, not with the desire to reduce prompts.
- 2Allowlist read-only or low-risk commands that are easy to audit.
- 3Keep destructive, external or production-impacting actions behind approval.
- 4Review whether auto-review changed the agent's actual behavior before scaling it.
Interactive diagram. Use Tab to move through hotspots or use the step controls when shown.
What should stay bounded?
Do not treat natural-language instructions as a hard security boundary.
Pair run mode with hooks, sandboxing and repo policy for high-risk actions.
Log the allowed and blocked cases so the policy can improve over time.
Frequently asked questions
Who is Cursor Auto-review Run Mode Guide for?
Developers, platform teams and security reviewers deciding how much autonomy Cursor agents should have.
What makes this page credible?
The guide cites Cursor's May 29, 2026 Auto-review Run Mode changelog and connects run modes to policy controls.
What should I do next?
Start with one real repo task, capture the prompt and review the result before scaling the workflow.
Sources & last verified
- Cursor changelog: Auto-review Run Mode
- Cursor changelog: SDK custom stores, tools and auto-review
- Cursor privacy and data governance
Cursor ships frequently. Facts verified against primary sources on June 23, 2026.