Cursor Security & Compliance

Ofofo

Mohan Gandhi's Profile Image

by Mohan Gandhi

MIT

Enforces security baselines, installs Cursor rules, and provides SOC 2 compliance features including audit trails, evidence collection, compliance reporting, and violation detection

Overview
Changes

Cursor Security & Compliance Extension

Ofofo

Cursor Marketplace

License

MIT

A comprehensive VS Code/Cursor extension that enforces security baselines, installs Cursor rules programmatically, and provides SOC 2 compliance features including audit trails, evidence collection, compliance reporting, and violation detection.

Features

Security Baseline Enforcement

Automatically enforces critical security settings:

  • Workspace Trust: Prevents RCE from malicious repositories
  • Auto-Run (YOLO) Mode: Disabled by default to prevent command injection
  • MCP Tool Protection: Blocks AI from connecting to external tools
  • Dotfile Protection: Prevents modification of configuration files
  • File Deletion Protection: Adds friction against destructive actions
  • Telemetry: Minimizes data exposure

Cursor Rules Installation

  • Automatically installs bundled security and compliance rules
  • Creates custom rules programmatically
  • Validates rule format and structure
  • Tracks rule installations in audit trail

SOC 2 Compliance Features

Audit Trail

  • Logs all security setting changes with timestamps
  • Tracks rule installations and removals
  • Records evidence collection events
  • Stores in .cursor/compliance/audit-trail.jsonl

Evidence Collection

  • Collects security settings snapshots
  • Maps to SOC 2 Trust Services Criteria:
  • Security (CC6): Access controls, security settings
  • Change Management (CC3): Settings changes, rule installations
  • Confidentiality: Privacy mode, .cursorignore usage
  • Processing Integrity: Rule enforcement, validation logs
  • Availability: Extension health, monitoring status
  • Stores timestamped evidence in .cursor/compliance/evidence/

Compliance Reporting

  • Generates compliance reports in JSON or Markdown format
  • Shows current security posture
  • Lists compliant/non-compliant settings
  • Includes recent audit events and violations
  • Stores reports in .cursor/compliance/reports/

Violation Detection

  • Monitors for compliance violations
  • Alerts on critical/high severity issues
  • Logs violations to audit trail
  • Provides quick fix actions

Installation

OpenVSX (Cursor Marketplace)

For Cursor IDE users, install from OpenVSX:

  • Open Cursor IDE
  • Go to Extensions (Ctrl+Shift+X / Cmd+Shift+X)
  • Search for “Cursor Security & Compliance”
  • Click Install

OpenVSX Link

OpenVSX - Cursor Security & Compliance

Manual Installation (VSIX)

  • Download the .vsix file from the https://ofofo.ai/cursor-plugin page
  • In VS Code/Cursor, press Ctrl+Shift+P (Cmd+Shift+P on Mac)
  • Type “Extensions: Install from VSIX…”
  • Select the downloaded .vsix file
  • Reload the window when prompted

Usage

Getting Started

Automatic Setup

On first activation, the extension automatically:

  • Installs bundled security and compliance rules to .cursor/rules/
  • Performs an initial security baseline compliance check
  • Sets up audit trail logging

Status Bar

A status bar indicator shows your current compliance status. Click it to run a compliance check.

Commands

Access commands via Command Palette (Ctrl+Shift+P / Cmd+Shift+P):

Security: Apply Hardened Security Baseline

Enforces all security settings

  • Automatically configures writable settings
  • Provides manual verification instructions for Cursor-specific settings
  • Logs all changes to audit trail

Security: Install Cursor Rules

Installs bundled security and compliance rules

  • Shows count of newly installed vs. existing rules
  • Validates rule format before installation

Compliance: Collect Evidence

Collects current compliance evidence snapshot

  • Creates timestamped evidence file in .cursor/compliance/evidence/
  • Maps evidence to SOC 2 Trust Services Criteria

Compliance: Generate Report

Generates compliance report (JSON or Markdown)

  • Interactive format selection
  • Shows current security posture with compliant/non-compliant settings
  • Includes recent audit events and violations
  • Quick actions: Open Report, Copy to Clipboard, Open Reports Folder

Compliance: Check for Violations

Checks for compliance violations

  • Scans for critical/high severity issues
  • Shows notification with violation count and quick actions
  • Updates status bar indicator

Compliance: Open Latest Report

Opens the most recent compliance report

Rules: Create Custom Rule

Creates a new Cursor rule interactively

  • Guides you through rule creation with prompts
  • Validates rule format and structure

Configuration

Extension settings in VS Code/Cursor settings:

{
 "cursor-security.baseline.security.workspace.trust.enabled": true,
 "cursor-security.baseline.useYoloMode": false,
 "cursor-security.baseline.yoloMcpToolsDisabled": true,
 "cursor-security.baseline.yoloDotFilesDisabled": true,
 "cursor-security.baseline.yoloDeleteFileDisabled": true,
 "cursor-security.baseline.telemetry.telemetryLevel": "off",
 "cursor-security.compliance.enableAudit": true,
 "cursor-security.compliance.evidenceInterval": 86400000,
 "cursor-security.rules.autoInstall": true
}

Copy

Note: Cursor-specific settings like useYoloMode cannot be programmatically read or written via the standard VS Code API. They must be configured manually in Cursor Settings.

Compliance Data Storage

All compliance data is stored in .cursor/compliance/ within your workspace:

.cursor/compliance/
├── audit-trail.jsonl          # Line-delimited audit logs
├── evidence/
│   ├── 2025-01-15T10-30-00Z.json  # Timestamped snapshots
│   └── ...
├── reports/
│   ├── compliance-2025-01-15.md
│   └── ...
└── violations/
   └── violations.jsonl

Copy

This directory should be version-controlled in Git to maintain an immutable audit trail.

SOC 2 Criteria Mapping

SOC 2 Criteria Evidence Source
Security (CC6) Security settings state, access controls
Change Management (CC3) Audit trail of all changes
Confidentiality Privacy mode status, .cursorignore usage
Processing Integrity Rule enforcement, validation logs
Availability Extension health, monitoring status

Know Limitations

  • Cursor-Specific Settings
    Some Cursor settings (e.g., useYoloMode, telemetry.telemetryLevel) cannot be read or written via the VS Code API. The extension provides manual verification instructions for these settings.
  • Large Audit Logs
    For very large audit log files (>10,000 lines), only the most recent events are included in reports for performance reasons.

About Plugin

Version

1.0.3

Version Alias

Latest

Targeted Platforms

Universal

Works with

VS Code (^1.75.0)

Size

175.12 KB

Downloads

130

Download Plugin

Categories

Security
Other

Tags

Audit
Baseline
Compliance
Cursor
Evidence
Hardening
Rules
Security
SOC 2

Support

Reach out at online@ofofo.ai or Github Issues

Changelog

No changelog available

A flag of USA

Middletown

Ofofo Inc. 651 N Broad St,Middletown, DE 19709, USA

A flag of India

Bengaluru

Ofofo Pvt. Ltd. 18/20, 1st Flr, Clayworks Create, BLR 560076, IND

A flag of italy

Milan

Ofofo Inc. S.R.LLargo Augusto 3,Milan 20122, Italy

Privacy PolicyTerms of ServiceReturn Policy