Skip to main content

Configuration

Runtime configuration lives at .cursor/hooks/airs-config.json (project-level) or ~/.cursor/hooks/airs-config.json (global). The config loader searches in this order:

  1. CURSOR_PROJECT_DIR/.cursor/hooks/airs-config.json
  2. cwd/.cursor/hooks/airs-config.json
  3. ~/.cursor/hooks/airs-config.json (global fallback)
  4. cwd/airs-config.json (project root)

Full Config Example

{
"endpoint": "${PRISMA_AIRS_API_ENDPOINT}",
"apiKeyEnvVar": "PRISMA_AIRS_API_KEY",
"profiles": {
"prompt": "${PRISMA_AIRS_PROMPT_PROFILE}",
"response": "${PRISMA_AIRS_RESPONSE_PROFILE}",
"tool": "${PRISMA_AIRS_TOOL_PROFILE}"
},
"mode": "enforce",
"timeout_ms": 3000,
"retry": {
"enabled": true,
"max_attempts": 1,
"backoff_base_ms": 200
},
"logging": {
"path": "~/.cursor/hooks/airs-scan.log",
"include_content": false
},
"enforcement": {
"prompt_injection": "block",
"dlp": "block",
"malicious_code": "block",
"url_categorization": "block",
"toxicity": "block",
"custom_topic": "block"
},
"circuit_breaker": {
"enabled": true,
"failure_threshold": 5,
"cooldown_ms": 60000
},
"sanitize_mcp_output": false
}

sanitize_mcp_output (default false): in enforce mode, postToolUse replaces flagged MCP tool output with a redaction notice before it reaches the model. See Optional Hooks.

Modes

ModeBehavior
observeLog scan results, never block. Start here to audit before enforcing.
enforceBlock flagged prompts, MCP calls, and (if installed) optional-hook actions — shell commands, file reads, subagent spawns — based on enforcement actions.
bypassSkip scanning entirely. Useful for debugging.

Enforcement Actions

When mode is enforce, each detection service can be configured independently:

ActionBehavior
blockPrevent the prompt/response from passing through
maskReplace sensitive content and allow through (DLP)
allowLog the detection but allow through
Priority order

If multiple detection services trigger, the strictest action wins: block > mask > allow.

Environment Variable Resolution

Config values containing ${VAR_NAME} are resolved from environment variables at load time. If the variable is unset, defaults apply:

Config FieldEnv VarFallback
endpointPRISMA_AIRS_API_ENDPOINThttps://service.api.aisecurity.paloaltonetworks.com
profiles.promptPRISMA_AIRS_PROMPT_PROFILEPRISMA_AIRS_PROFILE_NAMECursor IDE - Hooks
profiles.responsePRISMA_AIRS_RESPONSE_PROFILEPRISMA_AIRS_PROFILE_NAMECursor IDE - Hooks
profiles.toolPRISMA_AIRS_TOOL_PROFILEPRISMA_AIRS_PROFILE_NAMECursor IDE - Hooks

Logging

Scan results are written as JSON Lines to the configured logging.path. Set include_content: true to include prompt/response text in logs (disabled by default for privacy).

Logs rotate automatically at 10MB, keeping the 5 most recent rotations.

Circuit Breaker

See Circuit Breaker for details on failure handling.