Custom Tools and Auto Review
Programmatic agents can call your tools, so tool design is product design.
Use the right surface
After this you can pick SDK custom tools for the right job and define done.
Done means you can add tools without handing the agent unlimited application power.

The same agent loop can run in a terminal, script, CI job or SDK-backed internal tool.
Use SDK custom tools when an SDK agent needs to call a product-specific function or review its own generated diff. Keep the boundary narrow.
Start small. Name the job, attach the context that proves the point and decide what evidence would make the output trustworthy.
Read the loop before touching the controls. The first beat frames the work, the second uses Cursor, the third checks the result and the fourth leaves a handoff someone else can inspect.
Interactive diagram. Tab through its regions; each focused region shows its detail in the panel below.
Run this loop in a real repo.
- Entry point
- local.customTools, custom-user-tools MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. and local.autoReview
- Source
- June 2026 SDK changelog and SDK docs
Use the source as the product reference.
Ask Cursor for an output you can inspect.
If the output cannot be checked, narrow the task before you continue.
A good run leaves a file, setting, screenshot, command result or written claim you can verify.
Takeaway. Done means you can add tools without handing the agent unlimited application power.
Self-check
QWhen should you reach for SDK custom tools?
Run it
After this you can do the task with clear scope and one proof point.
Treat this as a short practice loop, not a product tour. The task should be small enough that you can inspect the result without trusting the summary.
- 1Define one tool around one product action.
- 2Validate inputs and outputs as if the agent were an untrusted caller.
- 3Use local.autoReview so local tool calls pass through a classifier instead of silently bypassing review.
- 4Log tool calls and failures for debugging.
The exercise is complete only when the proof matches the requested outcome. If the proof is weak, reduce the scope or fix the context instead of adding more instructions.
Keep the task small enough to review.
The agent cannot mutate unrelated systems.
Takeaway. Stop when you have proof: Tool schemas are narrow and explicit..
Self-check
QWhich habit makes this workflow safe to use on a real project?
Check it
After this you can find the first failed check before changing tools.
Verification decides the next move.
Interactive diagram. Tab through its regions; each focused region shows its detail in the panel below.
Pick a row to see what to look for.
Use the first failure signal as the next prompt. Broad retries usually make the run noisier; a narrow retry gives Cursor a concrete repair target.
No proof means more checking.
Use a real repo or admin setting. Save the prompt, context and proof.
Takeaway. If it fails, find the first failed check.
Self-check
QThe workflow failed. What is the best first move?