Skip to main content

Prisma AIRS Cursor Hooks

Real-time AI security scanning for the Cursor IDE

npm CI License: MIT Node 18+


Prisma AIRS Cursor Hooks scans prompts, tool activity, file reads, and AI responses in the Cursor IDE in real-time via the Prisma AI Runtime Security (AIRS) Sync API. Blocks prompts, MCP tool calls — and optionally shell commands, file reads, and subagent spawns — before they execute, and audits AI responses and tool outputs for prompt injections, malicious code, sensitive data leakage, toxic content, and policy violations.


Install

npm install -g @cdot65/prisma-airs-cursor-hooks

How It Works

postToolUse and afterAgentResponse are observe-only

postToolUse and afterAgentResponse fire after content is already processed or displayed. They cannot block or retract content — they scan for audit, compliance, and security alerting. See Cursor Limitation.


Capabilities

  • Prompt Scanning — Scans every prompt before it reaches the AI agent. Detects prompt injection, DLP violations, toxicity, and custom topic policy violations. → Detection Services
  • Response & Code Auditing — Parses AI responses to extract code blocks separately. Natural language and code are scanned independently for audit and compliance. Observe-only — Cursor cannot block responses. → Code Extraction
  • Tool & MCP Scanning — Scans MCP tool inputs before execution (beforeMCPExecution, can block) and tool outputs after execution (postToolUse, observe-only — or replace flagged MCP output via sanitize_mcp_output). Routes by tool type: MCP → tool_event, Bash → response, Write/Edit → DLP scan. → Architecture
  • Optional Hooks — Six opt-in surfaces: shell command blocking (beforeShellExecution), shell output DLP (afterShellExecution), file-read DLP gates for Agent and Tab (beforeReadFile / beforeTabFileRead), subagent task scanning (subagentStart), and MCP result auditing (afterMCPExecution). Install with --optional. → Optional Hooks
  • Enforce or Observe — Three modes: observe (log only), enforce (block on detection), bypass (skip). Start in observe mode to audit, switch to enforce when ready. → Configuration
  • Fail-Open Design — Never blocks the developer on infrastructure failures. Circuit breaker pattern bypasses scanning after consecutive API failures with automatic recovery. → Circuit Breaker

Get Started

  • Install — Install from npm, set environment variables, and register hooks in Cursor. → Installation
  • Quick Start — Get scanning in under 5 minutes. → Quick Start
  • Configure — Modes, enforcement actions, profiles, circuit breaker, and logging. → Configuration
  • Architecture — Scanning flow, module design, and key decisions. → Architecture