Agents
Cursor Approval Agents: Auto-Approve PRs and Route Reviewers
Approval Agents run on top of your pull requests: they auto-approve a PR when your criteria are met, or assign reviewers when more review is needed. They weigh your custom instructions, repository APPROVAL_POLICY.md files, risk thresholds, and findings from Bugbot and Security Agents. Cursor is explicit that they do not replace a full code review, and they will not approve a PR that exceeds your risk threshold or has findings needing human review.
On this page
What do Cursor Approval Agents do?
An Approval Agent watches your pull requests and takes one of two primary actions, depending on whether the PR meets the criteria you set. You configure them in the Approval Agents dashboard.
Approves a PR when your approval criteria are met.
Also weighs applicable policy files, risk settings, AI reviewer findings, and the current review state.
Assigns reviewers when more review is needed.
Uses the same signals: criteria, policy files, risk settings, AI reviewer findings, and review state.
Cursor states plainly that Approval Agents do not replace a full code review. They decide whether an approval is safe from your instructions, policy files, AI findings, and risk thresholds; they do not read the diff with a human's judgment.
What signals does an Approval Agent use to decide?
Beyond your written criteria, the agent can pull in findings from Cursor's other review systems and classify the PR by risk. These signals act as gates: any one of them can stop an approval.
- BugbotCursor's automated PR reviewer that posts inline findings and can push fix commits from isolated VMs. Review Context uses Bugbot findings in the approval decision.
- Security Review Context uses Security Agent findings (Security Agents require a team or enterprise plan).
- Risk scoring classifies the PR; a maximum risk threshold sets the highest level the agent may approve.
If BugbotCursor's automated PR reviewer that posts inline findings and can push fix commits from isolated VMs. or Security Agents report findings that need human review, the Approval Agent will not approve the PR. Likewise, if a PR exceeds your configured maximum risk threshold, it will not be approved.
How do approval policy files work?
Approval Agents read policy files committed to your repository before deciding. For each changed file, the agent checks that file's directory and every ancestor directory for an exact filename match, and trusts only the exact basename.
APPROVAL_POLICY.md
Variants such as POLICY.md, approval_policy.md, APPROVAL_POLICY.md.bak, and team_APPROVAL_POLICY.md are ignored during directory policy discovery. The closest applicable APPROVAL_POLICY.md has the highest priority for files beneath it, and ancestor policies still apply unless a more specific policy conflicts. There is also an optional top-level routing file.
.cursor/approval-policies/ROUTING.md
Each ROUTING.md entry carries a product name, a boundary (a semantic boundary or an explicit path or glob), and policies pointers (file paths or semantic descriptions). If ROUTING.md is missing, directory-based discovery still runs, so missing routing does not weaken policy discovery.
What happens when policies conflict?
Applicable policy prompts override your generic approval criteria, risk thresholds, reviewer guidance, custom instructions, and the default review posture. When policies disagree, the agent follows the most specific one; if specificity is unclear, it follows the stricter instruction and avoids auto-approval.
If a PR changes an approval policy, a routing file, a routed policy file, or a reviewer-specific policy file, the agent does not use the changed content to relax review for that same PR. It uses the base-branch version when available, or requires human review when the base version cannot be determined.
How do you set up an Approval Agent?
You create and tune Approval Agents from the Approval Agents dashboard. New agents start with default pull request triggers and approval behavior; from there you configure when they run, which signals they trust, and what they are allowed to do.
- 1Create an agent: choose New Agent, or use the onboarding card to create a Pull Request Approver.
- 2Configure triggers: run on PR opened, PR pushed/updated, or PR commented (matching a regex), scoped to repositories or organizations.
- 3Configure review signals: enable BugbotCursor's automated PR reviewer that posts inline findings and can push fix commits from isolated VMs. Review Context, Security Review Context, Risk Score, and a maximum risk for approval as needed.
- 4Write a custom prompt with your team's approval criteria and the cases that require human review (policy files still take precedence).
- 5Configure tools and MCPs: enable at least one primary action, Approve PR or Request Reviewers, plus optional Slack or Microsoft Teams notifications and MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. servers.
- 6Save and enable the agent; you can enable or disable existing agents from the detail page.
Team members without admin permission can view Approval Agents but cannot edit them. If no custom prompt is set, the agent uses Cursor's default managed criteria.
Frequently asked questions
Do Cursor Approval Agents replace human code review?
No. Cursor states they do not replace a full code review. They decide whether an approval is safe from your criteria, policy files, AI findings, and risk thresholds, and they require human review when findings or risk demand it.
What file does an Approval Agent read for repository policy?
An exactly named APPROVAL_POLICY.md in a changed file's directory or any ancestor directory, plus an optional .cursor/approval-policies/ROUTING.md routing file. Misspelled or suffixed variants are ignored.
Can an Approval Agent approve a high-risk PR?
Only up to the maximum risk threshold you set. If a PR exceeds that threshold, or if Bugbot or Security Agents flag findings that need human review, the agent will not approve it.
Sources & last verified
Cursor ships frequently. Facts verified against primary sources on June 26, 2026.