Configuration
Runtime configuration lives at .cursor/hooks/airs-config.json (project-level) or ~/.cursor/hooks/airs-config.json (global). The config loader searches in this order:
CURSOR_PROJECT_DIR/.cursor/hooks/airs-config.jsoncwd/.cursor/hooks/airs-config.json~/.cursor/hooks/airs-config.json(global fallback)cwd/airs-config.json(project root)
Full Config Example
{
"endpoint": "${PRISMA_AIRS_API_ENDPOINT}",
"apiKeyEnvVar": "PRISMA_AIRS_API_KEY",
"profiles": {
"prompt": "${PRISMA_AIRS_PROMPT_PROFILE}",
"response": "${PRISMA_AIRS_RESPONSE_PROFILE}",
"tool": "${PRISMA_AIRS_TOOL_PROFILE}"
},
"mode": "enforce",
"timeout_ms": 3000,
"retry": {
"enabled": true,
"max_attempts": 1,
"backoff_base_ms": 200
},
"logging": {
"path": "~/.cursor/hooks/airs-scan.log",
"include_content": false
},
"enforcement": {
"prompt_injection": "block",
"dlp": "block",
"malicious_code": "block",
"url_categorization": "block",
"toxicity": "block",
"custom_topic": "block"
},
"circuit_breaker": {
"enabled": true,
"failure_threshold": 5,
"cooldown_ms": 60000
},
"sanitize_mcp_output": false
}
sanitize_mcp_output (default false): in enforce mode, postToolUse replaces flagged MCP tool output with a redaction notice before it reaches the model. See Optional Hooks.
Modes
| Mode | Behavior |
|---|---|
observe | Log scan results, never block. Start here to audit before enforcing. |
enforce | Block flagged prompts, MCP calls, and (if installed) optional-hook actions — shell commands, file reads, subagent spawns — based on enforcement actions. |
bypass | Skip scanning entirely. Useful for debugging. |
Enforcement Actions
When mode is enforce, each detection service can be configured independently:
| Action | Behavior |
|---|---|
block | Prevent the prompt/response from passing through |
mask | Replace sensitive content and allow through (DLP) |
allow | Log the detection but allow through |
If multiple detection services trigger, the strictest action wins: block > mask > allow.
Environment Variable Resolution
Config values containing ${VAR_NAME} are resolved from environment variables at load time. If the variable is unset, defaults apply:
| Config Field | Env Var | Fallback |
|---|---|---|
endpoint | PRISMA_AIRS_API_ENDPOINT | https://service.api.aisecurity.paloaltonetworks.com |
profiles.prompt | PRISMA_AIRS_PROMPT_PROFILE | PRISMA_AIRS_PROFILE_NAME → Cursor IDE - Hooks |
profiles.response | PRISMA_AIRS_RESPONSE_PROFILE | PRISMA_AIRS_PROFILE_NAME → Cursor IDE - Hooks |
profiles.tool | PRISMA_AIRS_TOOL_PROFILE | PRISMA_AIRS_PROFILE_NAME → Cursor IDE - Hooks |
Logging
Scan results are written as JSON Lines to the configured logging.path. Set include_content: true to include prompt/response text in logs (disabled by default for privacy).
Logs rotate automatically at 10MB, keeping the 5 most recent rotations.
Circuit Breaker
See Circuit Breaker for details on failure handling.