Cursor Integration
Configure Cursor to use MCP Shield as your governed MCP gateway. All AI-assisted coding requests will be routed through MCP Shield for policy enforcement and audit logging.
All MCP calls from Cursor are governed by your organization's policies.
Every tool invocation is logged with context for audit and analytics.
One-time setup. All approved MCPs work seamlessly through Cursor.
Quick Setup
Generate a Cursor configuration
Use the CLI or dashboard to generate a ready-to-use configuration:
mcp-shield config generate --client cursorOpen Cursor Settings
In Cursor, go to Settings → MCP Servers or press Cmd/Ctrl + ,
Add MCP Shield configuration
Paste the following configuration into your MCP servers config:
{
"mcpServers": {
"mcp-shield": {
"url": "https://gateway.mcpshield.com/mcp",
"headers": {
"Authorization": "Bearer ${MCP_SHIELD_TOKEN}"
}
}
}
}Set your token
Add your MCP Shield token to your environment:
export MCP_SHIELD_TOKEN=mcp_live_xxxxxxxxxxxxxxxxTip: Add this to your .zshrc or .bashrc for persistence.
Done! Start using governed MCPs
Restart Cursor. All your approved MCPs are now available through MCP Shield.
One-Command Setup
The CLI can automatically configure Cursor for you:
# Auto-configure Cursor with MCP Shield
mcp-shield config install --client cursor
# This will:
# 1. Detect your Cursor installation
# 2. Generate the MCP configuration
# 3. Add it to your Cursor settings
# 4. Prompt you to set the tokenHow It Works
1. Cursor sends MCP requests to MCP Shield instead of directly to providers.
2. MCP Shield authenticates the request using your token.
3. Policies are evaluated against the request context.
4. If approved, MCP Shield forwards the request to the provider using secure credentials.
5. The response is logged and returned to Cursor.
Accessing Multiple MCPs
MCP Shield exposes all your approved provider MCPs through a single gateway. You don't need to configure each provider separately in Cursor.
// Available through MCP Shield (if connected and approved):
- GitHub: search_repos, create_issue, create_pull_request
- Vercel: list_projects, get_deployment, view_logs
- Supabase: query_database, list_tables, run_migration
- Figma: get_file, export_assets, get_comments
- Context7: search_docs, get_library_docsConnect providers in the MCP Shield dashboard to make them available in Cursor.
Policy Behavior in Cursor
Requests that match an allow policy proceed normally. Cursor receives the response from the provider MCP.
Requests that match a deny policy return an error response with the denial reason and policy name. Cursor will display this to the user.
{
"error": "policy_denied",
"reason": "Creating issues in production repos requires approval",
"policy": "prod-write-approval",
"recommendations": [
"Use the staging repository instead",
"Request approval from a security reviewer"
]
}Troubleshooting
1. Make sure you restarted Cursor after adding the configuration.
2. Check that your MCP_SHIELD_TOKEN environment variable is set.
3. Verify the configuration JSON is valid (no trailing commas).
1. Verify your token is valid: mcp-shield tokens verify
2. Check the token hasn't expired in the dashboard.
3. Ensure the token has the required scopes for the MCP you're using.
1. Connect the provider in the MCP Shield dashboard.
2. Verify the provider connection is healthy (not expired).
3. Check that your user role has access to the provider MCP.