Prisma AIRS Cursor Hooks
Real-time AI security scanning for the Cursor IDE
Prisma AIRS Cursor Hooks scans prompts, tool activity, file reads, and AI responses in the Cursor IDE in real-time via the Prisma AI Runtime Security (AIRS) Sync API. Blocks prompts, MCP tool calls — and optionally shell commands, file reads, and subagent spawns — before they execute, and audits AI responses and tool outputs for prompt injections, malicious code, sensitive data leakage, toxic content, and policy violations.
Install
npm install -g @cdot65/prisma-airs-cursor-hooks
How It Works
postToolUse and afterAgentResponse are observe-only
postToolUse and afterAgentResponse fire after content is already processed or displayed. They cannot block or retract content — they scan for audit, compliance, and security alerting. See Cursor Limitation.
Capabilities
- Prompt Scanning — Scans every prompt before it reaches the AI agent. Detects prompt injection, DLP violations, toxicity, and custom topic policy violations. → Detection Services
- Response & Code Auditing — Parses AI responses to extract code blocks separately. Natural language and code are scanned independently for audit and compliance. Observe-only — Cursor cannot block responses. → Code Extraction
- Tool & MCP Scanning — Scans MCP tool inputs before execution (
beforeMCPExecution, can block) and tool outputs after execution (postToolUse, observe-only — or replace flagged MCP output viasanitize_mcp_output). Routes by tool type: MCP →tool_event, Bash →response, Write/Edit → DLP scan. → Architecture - Optional Hooks — Six opt-in surfaces: shell command blocking (
beforeShellExecution), shell output DLP (afterShellExecution), file-read DLP gates for Agent and Tab (beforeReadFile/beforeTabFileRead), subagent task scanning (subagentStart), and MCP result auditing (afterMCPExecution). Install with--optional. → Optional Hooks - Enforce or Observe — Three modes:
observe(log only),enforce(block on detection),bypass(skip). Start in observe mode to audit, switch to enforce when ready. → Configuration - Fail-Open Design — Never blocks the developer on infrastructure failures. Circuit breaker pattern bypasses scanning after consecutive API failures with automatic recovery. → Circuit Breaker
Get Started
- Install — Install from npm, set environment variables, and register hooks in Cursor. → Installation
- Quick Start — Get scanning in under 5 minutes. → Quick Start
- Configure — Modes, enforcement actions, profiles, circuit breaker, and logging. → Configuration
- Architecture — Scanning flow, module design, and key decisions. → Architecture