Debugging & Troubleshooting Method
Reproduce, isolate, root-cause - out loud
A repeatable troubleshooting loop
After this you can apply a consistent method to any unfamiliar issue under interview pressure.
The technical screen isn't grading whether you already know the bug. It's grading whether you have a method that finds any bug, including ones nobody at Cursor has seen yet.
Cursor ships an AI-native editor whose behavior drifts as models and the product change weekly. A memorized fix for last month's indexing quirk is worthless this month. What survives is a loop you can run on a problem you've never met - and a Technical Support Engineer who runs that loop visibly is the one who gets the offer.
Carry one loop into the room and use it for everything. Here it is end to end.
- 1Clarify. Restate the issue in your own words and pin down what "working" would look like. Half of bad debugging is solving the wrong problem fast.
- 2Reproduce. Get the failure to happen on demand. No reliable repro, no confident fix.
- 3Isolate. Narrow the blast radiusHow much breaks if a change goes wrong; the scope of potential damage.. Change one variable at a time and binary-search the space.
- 4Hypothesize. State a specific, falsifiable guess: "I think the index never finished, so retrieval returns nothing."
- 5Test. Run the cheapest experiment that would prove the hypothesis wrong.
- 6Root-cause. Name the underlying cause, not the symptom the user reported.
- 7Resolve or escalate. Fix it, route it or hand Engineering a clean repro.
- 8Document. Leave a KB entry or runbook so the next person skips the search.
Interactive diagram. Tab through its regions; each focused region shows its detail in the panel below.
Walk it left to right; the gate is where you commit to a fix or hand it off.
Investigate in ask mode, not agent moderesearch without write access
Cursor's modes change which tools the AI can reach. Agent mode is the full suite - it writes code, edits files, moves them, runs the terminal. Ask modeA read-only mode for asking questions about a codebase without changing files; the safe way to explore unfamiliar or legacy code. strips all of that out and leaves you semantic search and codebase understanding. For support work you're mostly reading the product, not changing it, so ask mode is the efficient default. Pair it with a cost-effective model and you get the same answer without burning tokens or risking an edit you didn't want.
In agent mode, asking why the app loses clicks can backfire: the agent decides it knows the fix and quietly rewrites the code to debounce - even when the batching was intentional. Hit undo-all, then re-ask in ask mode so it only explains the problem instead of taking it upon itself to make the change it assumes you want.
“Whenever you're doing research we recommend using ask mode. We don't necessarily need to write code as much as we're just looking it up.”
Reproduce before you theorizethe step everyone wants to skip
An issue you can't reproduce is an issue you can only guess about. The pull is always to jump straight to a fix because you recognize the words. Resist it. A solid repro turns a vague "agent gives bad answers" into "on this 4-file repo, with this prompt, the agent ignores the open file 4 times out of 5" - and that sentence is most of the diagnosis.
One variable at a timebinary-search the problem space
When several things could be wrong, cut the space in half rather than poking at it. Bisect across whatever axis is cheapest to flip.
- Axis
- Version
- How to bisect
- Roll back to a prior Cursor build; test again
- What it rules in or out
- Regression introduced by an update
- Axis
- Extensions
- How to bisect
- Launch with extensions disabled, re-enable in halves
- What it rules in or out
- Third-party extension conflict
- Axis
- Model
- How to bisect
- Swap the selected model and rerun the same prompt
- What it rules in or out
- Model-specific quality or error
- Axis
- Workspace
- How to bisect
- Reproduce in a fresh minimal repo
- What it rules in or out
- Project size, rules or local config
- Axis
- Account
- How to bisect
- Try a second account or plan tier
- What it rules in or out
- Entitlement, billing or org policy
| Axis | How to bisect | What it rules in or out |
|---|---|---|
| Version | Roll back to a prior Cursor build; test again | Regression introduced by an update |
| Extensions | Launch with extensions disabled, re-enable in halves | Third-party extension conflict |
| Model | Swap the selected model and rerun the same prompt | Model-specific quality or error |
| Workspace | Reproduce in a fresh minimal repo | Project size, rules or local config |
| Account | Try a second account or plan tier | Entitlement, billing or org policy |
Flip exactly one column per test so the result actually means something.
Symptom is not root causethe distinction interviewers listen for
The user reports "autocomplete stopped working." That's the symptom. The root cause might be a corporate proxy returning 407 on the completions endpoint. Fix the proxy allowlist and the symptom evaporates; tell the user to restart Cursor and you've treated nothing. Always carry both in your head and say both out loud.
Announce your loop in the first 30 seconds. "Let me reproduce it first, then isolate, then I'll form a hypothesis I can test." It tells the interviewer you have a method before you've found anything - and it earns you patience while you work.
Silent debugging reads as luck. If you go quiet for two minutes and then announce the answer, the interviewer can't tell whether you reasoned to it or recognized it. Narrate the dead ends too - a discarded hypothesis is evidence of method.
“Before I fix anything I want a reliable repro, because I can't tell a fix from a coincidence without one. Then I'll change one thing at a time until the symptom and the cause line up.”
Takeaway. Carry one loop - clarify, reproduce, isolate, hypothesize, test, root-cause, resolve, document - and narrate it; the screen grades method and communication over the final answer.
Self-check
QIn a live debugging screen, why reproduce the issue before proposing a fix?
Asking the right questions first
After this you can gather the facts that collapse the search space before touching anything.
The fastest debuggers ask four sharp questions before they open a single log. The right facts can shrink "it's broken" down to a single suspect line.
On a real ticket you can't see the user's machine. In the interview you often get a terse prompt and an interviewer playing the user. Both reward the same instinct: pull the environment and the scope out first, because they cut the most branches.
Capture the environmentthe four facts that gate everything
- OS
- macOS, Windows or Linux - log paths, proxy behavior and keychain differ on each
- Cursor version
- Exact build; many issues are regressions tied to one update
- Plan / account
- Free, Pro, Business or Enterprise - entitlements and model access vary
- Network
- Corporate proxy, VPN or firewall in front of the completions and auth endpoints
Four answers here eliminate whole categories of cause.
Establish scope and timingone user or a fleet
- One user or many? A single user points at local config; a whole org points at policy, network or a server-side change.
- When did it start? A timestamp lets you correlate against a Cursor release, a model change or an internal incident.
- What changed right before? An update, a new extension, a fresh repo, a new VPN - recent changes are the prime suspects.
Get the exact error, not a paraphraseverbatim text is data
"It says something about a network error" and "Request failed: 429 Too Many Requests" lead to completely different fixes. Ask for a screenshot or copy-paste of the literal message and the exact steps that triggered it. A paraphrase has already thrown away the part you needed.
When a customer sends a screenshot, console log or error you don't recognize, don't try to decode it yourself first. Paste the image straight into the chat and ask the agent to explain what you're looking at. You can also use Cursor's in-app browser tool to grab a screenshot, which drops it into context immediately. Works for console output, a nuanced error string or a confusing UI state.
“You'd be surprised how effective that can be. Basically, just give the agent the chance to explain what it is you're looking at.”
Tag every fact: confirmed, assumed, unknownand chase the unknowns that matter
- Fact
- On Cursor 0.42 (user confirmed)
- Status
- Confirmed
- Next action
- Compare against 0.41 changelog
- Fact
- "Probably behind a proxy"
- Status
- Assumed
- Next action
- Ask directly; don't build on a guess
- Fact
- Whether SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool. token expired
- Status
- Unknown
- Next action
- Request auth log timestamps
| Fact | Status | Next action |
|---|---|---|
| On Cursor 0.42 (user confirmed) | Confirmed | Compare against 0.41 changelog |
| "Probably behind a proxy" | Assumed | Ask directly; don't build on a guess |
| Whether SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool. token expired | Unknown | Request auth log timestamps |
Saying which facts are guesses keeps you honest and is exactly the truth-seeking trait Anysphere screens for.
For enterprise users, ask about SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool./SAMLAn enterprise standard that powers single sign-on., privacy mode and admin policy up front. Privacy mode changes what gets indexed and sent; an org SSO config can break sign-in for everyone at once. Skip these and you'll debug a "bug" that's actually an admin setting.
When the interviewer hands you a thin scenario, your first move is questions, not actions. Ask OS, version, scope and the verbatim error before you touch anything. It shows you collapse the search space with facts instead of flailing at the keyboard.
Takeaway. Pull OS, version, plan, network, scope and the verbatim error first; tag each fact confirmed/assumed/unknown and for enterprise ask about SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool. and privacy mode before anything else.
Self-check
Reading logs, traces & diagnostics
After this you can pull signal from Cursor logs, stack traces and network captures.
Logs are where a vague complaint becomes a specific cause. The skill isn't reading every line - it's knowing where Cursor writes the signal and which line is the first one that's actually yours.
Cursor is a VS Code fork, so it inherits VS Code's diagnostic surfaces while adding its own. Know the three places it surfaces problems and how to reach them.
Help → Toggle Developer Tools
JS errors, renderer crashes, failed requests
Same DevTools you know from Chrome
Output panel, channel dropdown
Per-feature logs: indexing, extensions, agent
Command Palette → set log level to trace
Command Palette → Open Logs Folder
Persist across restarts for attaching to a ticket
Paths differ per OS (see below)
macOS: ~/Library/Application Support/Cursor/logs/ Windows: %APPDATA%\Cursor\logs\ Linux: ~/.config/Cursor/logs/
Read a stack trace from both endsfind the first line that's yours
Read top-down to see the frame that actually threw and bottom-up to see what triggered the chain. The line that matters is usually the first one that isn't framework or node_modules code - that's where your system meets the failure.
- 1Find the throwing frame. The top of the trace names the error and where it was raised.
- 2Walk down to the first non-framework line. Skip
node_modulesand runtime internals until you hit Cursor or extension code. - 3Read the message literally.
ENOTFOUND,EACCESand429each point at a different layer - DNS, permissions, rate limiting. - 4Tie it to a timestamp. Match the trace time against the user's report and any server-side signal.
Network and HAR capturesfor auth, model and connectivity failures
When the failure smells like the network - sign-in loops, model errors, dropped completions - capture the requests. The DevTools Network tab (or an exported HAR) shows the status codes that name the cause.
- Status
- 401 / 403
- Likely meaning
- Auth token invalid or rejected
- Where you'd look next
- SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool. config, expired session, privacy policy
- Status
- 407
- Likely meaning
- Proxy authentication required
- Where you'd look next
- Corporate proxy credentials and allowlist
- Status
- 429
- Likely meaning
- Rate limited
- Where you'd look next
- Plan tier, usage caps, retry behavior
- Status
- Timeout / ECONNRESET
- Likely meaning
- Connection blocked or dropped
- Where you'd look next
- Firewall, VPN, blocked endpoint
- Status
- TLS / cert error
- Likely meaning
- Interception or clock skew
- Where you'd look next
- Corporate MITM proxy, system time
| Status | Likely meaning | Where you'd look next |
|---|---|---|
| 401 / 403 | Auth token invalid or rejected | SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool. config, expired session, privacy policy |
| 407 | Proxy authentication required | Corporate proxy credentials and allowlist |
| 429 | Rate limited | Plan tier, usage caps, retry behavior |
| Timeout / ECONNRESET | Connection blocked or dropped | Firewall, VPN, blocked endpoint |
| TLS / cert error | Interception or clock skew | Corporate MITM proxy, system time |
A status code turns "the internet is broken" into a named, routable cause.
End with a one-line root causefor an audience that isn't an engineer
Raw logs don't close a ticket. Translation does. "Your VPN is blocking the model endpoint, so completions time out" is something a user and a manager can both act on. Compress the trace into one plain sentence that names the cause and the fix.
A log line that correlates isn't proof. Before you call it root cause, change that one thing and confirm the symptom disappears - and only that symptom. Correlation in a noisy log is how a wrong fix ships.
“The console shows repeated 407s on the completions endpoint, which means a proxy is rejecting the requests. In plain terms: your network is blocking Cursor's model calls. Allowlisting the endpoint should fix it and I'll confirm by watching those 407s clear.”
Takeaway. Know Cursor's three diagnostic surfaces, read traces to the first non-framework line, let HTTP status codes name network failures and compress the result into one sentence a non-engineer can act on.
Self-check
QSign-in fails and the Network tab shows repeated 407 responses. What's the most likely root cause?
Worked Cursor scenarios
After this you can rehearse end-to-end diagnosis on the issues most likely to appear.
These four scenarios cover most of what walks into a Cursor support queue. Rehearse them out loud so the loop is muscle memory before the screen, not something you assemble live.
This is the concept layer, so slow down before the drill. Name the mechanism first, then tie it to the role's daily decisions: what changes, what can fail and what proof would make a teammate trust the answer.
Each card runs the same loop and ends the same way: immediate user guidance, the root cause and whether you'd escalate. That ending is the part interviewers wait for.
Check network latency to the completions endpoint first.
Confirm which model is selected and whether indexing finished.
Watch for huge files blowing up the context window.
Root cause is usually latency or stale index, not the model itself.
Verify indexing completed - empty retrieval looks like a dumb agent.
Check rules, context and which model is in use.
Reproduce in a minimal repo to remove project noise.
Escalate only with the minimal repo plus the exact prompt.
Capture version, network and the verbatim error.
Check proxy/VPN, the SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool./SAMLAn enterprise standard that powers single sign-on. config and token or session state.
Look at privacy settings - they can gate the auth flow.
Org-wide failure escalates fast; one user is usually local.
Bisect extensions: disable all, re-enable in halves.
Check workspace size and whether a profile isolates it.
Read logs for the hot path or a runaway process.
A reproducible hang with a hot stack is a clean Eng escalation.
Interactive diagram. Tab through its regions; each focused region shows its detail in the panel below.
Every Cursor symptom lives in one of these four layers - name the layer out loud.
Walk one all the way through“agent gives bad answers”
- 1Clarify. "Bad" how - wrong code, ignoring files or refusing? Pin the exact behavior.
- 2Reproduce. Same repo, same prompt, repeated. Does it fail every time or intermittently?
- 3Isolate. Check the indexing indicator. Swap the model. Strip the repo down to the relevant files.
- 4Hypothesize. "Indexing never finished, so retrieval returns nothing and the agent answers blind."
- 5Test. Reindex, confirm completion, rerun the same prompt.
- 6Root-cause. Index stalled on a large or ignored directory - symptom was "dumb agent," cause was empty context.
- 7Resolve or escalate. If reindexing fixes it, write a KB note. If indexing stalls reproducibly, escalate with the repo and logs.
Each scenario is really "is this network, index, config or product?" Naming which of those four layers you're in, out loud, is what separates a methodical TSE from someone guessing. The user's words name a symptom; your job is to name the layer.
Close every scenario with the same three beats: what you'd tell the user right now, the root cause in one sentence and whether you'd escalate and why. Most candidates trail off after the diagnosis. Landing all three reads as someone who's actually closed tickets.
Takeaway. Sort every Cursor symptom into network, index, config or product, run the loop and close with user guidance + root cause + escalate-or-not.
Self-check
QA user says the agent "gives bad answers" on their large monorepo. Before blaming the model, what do you check first?
Knowing when to escalate
After this you can decide confidently between self-serve, fix-now and escalate-to-engineering.
Escalation is a judgment call the role tests directly. Escalate too early and you burn Engineering's time on something you hadn't isolated; too late and a fleet-wide outage festers in your queue.
There are three exits from a ticket. Knowing which one you're taking - and being able to defend it - is the whole skill.
- Exit
- Self-serve
- When it fits
- Known fix, config or user error
- What you owe
- A clear answer plus a KB link so the next user self-solves
- Exit
- Fix now
- When it fits
- You can resolve it inside support's reach
- What you owe
- The fix, confirmation it worked and a note if it's a pattern
- Exit
- Escalate to Eng
- When it fits
- Reproducible bug, root cause beyond config
- What you owe
- A report sharp enough that Eng can act without a back-and-forth
| Exit | When it fits | What you owe |
|---|---|---|
| Self-serve | Known fix, config or user error | A clear answer plus a KB link so the next user self-solves |
| Fix now | You can resolve it inside support's reach | The fix, confirmation it worked and a note if it's a pattern |
| Escalate to Eng | Reproducible bug, root cause beyond config | A report sharp enough that Eng can act without a back-and-forth |
Script the gap, but keep it smallthe "fix now" move that isn't a feature
Customers ask for things the dashboard doesn't surface - per-user clicks per day when only the combined total exists. That's a fix-now candidate, not an escalation. Check first whether an existing API already returns it. If not, write a small script (a third-party API in the mix is fine) to gather the data, one-off or recurring. A support engineer knows the platform well enough to scope this and babysit the agent through it.
The constraint is staying small. Don't let the agent stand up a whole new API or host a service on a cloud provider to answer one bespoke ask. If the request really needs that, it's a feature request - qualify it as one and route it, don't build it under a support ticket.
“They're able to babysit the agent. I don't want you to necessarily write a whole API, don't add a new service, don't host something on a cloud provider. Don't go crazy.”
What a good escalation containsthe anatomy Engineering will thank you for
- Minimal repro - the smallest steps or repo that trigger it reliably.
- Environment - OS, Cursor version, plan, network shape.
- Expected vs actual - what should happen and what does, stated plainly.
- Logs and captures - the relevant trace or HAR, not the whole dump.
- Impact and severity - who's affected, how many and whether they're blocked.
Triage severity by impact and breadthblocking vs cosmetic, one user vs a fleet
- Breadth ↓ / Impact →
- Whole org / fleet
- Blocking
- Sev 1 - escalate now
- Degraded
- Sev 2
- Cosmetic
- Sev 3
- Breadth ↓ / Impact →
- Several users
- Blocking
- Sev 2
- Degraded
- Sev 3
- Cosmetic
- Sev 4
- Breadth ↓ / Impact →
- One user
- Blocking
- Sev 3
- Degraded
- Sev 4
- Cosmetic
- Sev 4
| Breadth ↓ / Impact → | Blocking | Degraded | Cosmetic |
|---|---|---|---|
| Whole org / fleet | Sev 1 - escalate now | Sev 2 | Sev 3 |
| Several users | Sev 2 | Sev 3 | Sev 4 |
| One user | Sev 3 | Sev 4 | Sev 4 |
A blocking issue across a fleet jumps the queue; a cosmetic glitch for one user can wait. Say the severity out loud and why.
Interactive diagram. Tab through its regions; each focused region shows its detail in the panel below.
Impact rising, breadth widening - the top-right corner escalates now; the bottom-left can wait.
Don't escalate before you've isolatedthe line interviewers probe
"It's broken, please look" is not an escalation - it's handing your unfinished work to a busier team. Escalate when you have a reproducible bug with a root cause that lives beyond configuration and not a step sooner. The exception is breadth: a fleet-wide outage you can't immediately isolate still escalates on impact, with the honest note that root cause is still open.
Close the loopthe step that compounds
- 1Confirm the fix with the user, in their environment, not just in yours.
- 2Update the KB so the next instance is self-serve instead of a fresh investigation.
- 3Feed the signal back. If it's a recurring pattern, that's roadmap input Product wants - surface it, don't just close the ticket.
When asked "would you escalate this?", never answer with a flat yes or no. Answer with the bar: "I'd escalate once I have a reliable repro and a root cause beyond config - here's the repro and severity I'd attach." That shows you protect Engineering's time, which is exactly what a flat, talent-dense org is screening for.
Duplicate, vague escalations are how support loses Engineering's trust. Before you file, search for an existing report and dedupe. A sharp, deduplicated, well-scoped report is worth ten "hey can you look at this" pings.
Takeaway. Escalate only with a reproducible bug and a root cause beyond config, packaged as minimal-repro + environment + expected/actual + logs + severity - then close the loop and feed patterns back to Product.