Cursor Changelog

The average review time for Bugbot is now ~90 seconds, down from ~5 minutes. Bugbot also finds 10% more bugs per review on average — 0.62, up from 0.56 — and costs ~22% less per run.

Bugbot is now over 3x faster, 22% cheaper, and finds 10% more bugs per review.

These performance gains are made possible by progress we've made training Composer 2.5, which now powers Bugbot. Bugbot respects model block lists, and speed and performance can vary depending on your configuration.

Run Bugbot before you push

You can now run Bugbot and Security Review with `/review` before pushing code. `/review` prompts you to choose which agents to run, or use `/review-bugbot` and `/review-security` directly.

`/review` also syncs with Bugbot on GitHub and GitLab. If you run `/review` and then open a PR with the same diff, Bugbot recognizes it, skips the review, and leaves a comment noting it has already reviewed that diff.

Available in Cursor 3.7+ and on cursor.com/agents, with support in CLI coming soon.

Only review what's new in your PR

You can now configure Bugbot to only review what's new since the last review, keeping feedback focused on your latest updates.

Learn more in our docs.

With Design Mode in the Cursor browser, you can click, draw, or describe changes by voice to help agents update your UI.

Multi-select elements

Click on two or more elements together in the browser. Cursor sees the selected elements, their code, the surrounding layout, and the visual relationships on the page.

Ask the agent to make one match the other, remove repeated content, or adjust a group of components at once.

Voice input

Narrate changes through the Design Mode overlay. The mic stays available while an agent is mid-run, so you can queue the next change by voice without waiting for the previous one to finish.

We've shipped a batch of new functionality across the TypeScript and Python SDKs. You can now choose how agent and run metadata is persisted, expose your own functions to the agent as tools, route local tool calls through auto-review, and nest subagents to any depth. This release also brings a set of reliability, performance, and platform fixes that make local and cloud SDK agents easier to run in production scripts, CI, and custom integrations.

Custom tools

You can now hand the local agent your own tools by passing function definitions through `local.customTools`, on `Agent.create()` or per `send()`. The SDK exposes them to the agent through a built-in MCP server called `custom-user-tools`, so the model calls your code through the same path and the same permission gate as any other MCP tool.

Before this, exposing a custom capability meant standing up your own stdio or remote HTTP MCP server and wiring it into the agent. Now a function definition is enough. Custom tools are also visible to every subagent of a parent agent, so a tool you define once is available throughout the whole run.

Auto-review

By default, a local SDK agent runs tool calls without asking for approval, since there's no human in the loop in a headless run. Set `local.autoReview` to route those calls through auto-review instead. A classifier decides which calls run automatically and which to hold back, rather than bypassing review entirely.

You steer that classifier with natural-language instructions in `permissions.json`. The `autoRun.allow_instructions` field describes call shapes to lean toward allowing, and `autoRun.block_instructions` describes the ones to hold for review. For example, you can allow read-only inspections of build artifacts while always pausing on destructive operations like deletes.

```jsonc { "autoRun": { "allow_instructions": [ "Read-only inspections of build artifacts under ./dist are fine." ], "block_instructions": [ "Always pause delete operations so I get a chance to review them." ] } } ```

JSONL and custom stores

Both SDKs persist agent and run metadata so you can resume an agent after a process restart. Until now, that store was SQLite. You can now opt into a JSONL store instead, which writes a plain, append-only file you can read, diff, and check into version control. Both `SqliteLocalAgentStore` and `JsonlLocalAgentStore` are exported directly.

If neither default fits your setup, implement the public `LocalAgentStore` interface and pass it through `local.store`. Build an in-memory store for ephemeral CI runs, or back persistence with Postgres when you want agent state to live next to the rest of your application data. The Python SDK exposes host, JSONL, and composed JSONL stores through the bridge.

Nested subagents

Subagents can now spawn their own subagents, and so on. A reviewer subagent can delegate to a test-writer, which can delegate further, with each level keeping its own prompt and model. There's nothing to turn on; a subagent session registers the executor it needs to call `Task`, so nesting works automatically for any agent that defines subagents.

Reliability, performance, and platform improvements

This release also includes a batch of quality-of-life fixes across both SDKs.

Reliability

• **Run correlation**: Every `send()` now carries a platform-generated `requestId`, exposed on `Run` and `RunResult` and persisted across the in-memory, SQLite, and JSONL stores. Tie a script or CI run to backend logs, analytics, and support threads without inferring it from `agentId`.
• **Reliable `wait()` on local runs**: Local runs no longer resolve `wait()` before the terminal result is written. Hydration keeps refreshing until the run reaches a final state, so automation reads a complete result.
• **Safe checkpoints on dispose**: Disposing a local agent no longer removes checkpoint data when a root reference is missing but checkpoint blobs still exist. The agent directory is only cleared when there's genuinely nothing left to keep.
• **Cloud streaming over HTTP/1.1**: Cloud agent sessions now stream correctly on HTTP/1.1 transports used by some proxies, older Node fetch stacks, and certain CI images. HTTP/2 behavior is unchanged.

Performance and packaging

• **Lighter import**: Importing `@cursor/sdk` no longer eagerly loads the full local agent stack. Cloud-only and type-only consumers skip the local runtime cost until the first local call, with no API change. The first local call pays a one-time import, then stays cached.
• **Self-contained TypeScript types**: Published `.d.ts` files no longer reference unpublished workspace packages. This fixes `TS2305` and `TS2307` errors under `skipLibCheck: false` and silent `any` on stream types like `TurnEndedUpdate`.
• **Bundled ripgrep**: Local shell runs use the bundled platform `rg` binary without modifying your global `PATH`. On Windows, prepending ripgrep no longer clobbers the `Path` variable.

Models

• **Composer 2 routes to Composer 2.5**: SDK clients still pinning retired `composer-2` slugs are routed to Composer 2.5 automatically, keeping fast variants intact, so older scripts keep running.

Python SDK

• **Workspace-scoped `list_runs`**: `Client`, `AsyncClient`, and `Agent.list_runs` take an optional `cwd`, and the bridge falls back to its launch workspace. This fixes spurious "agent not found" results when the bridge runs as a subprocess.
• **Clearer not-found errors**: Looking up an agent that isn't in the resolved workspace returns a clear not-found error instead of an opaque internal error.
• **0.1.6 release and analytics**: `cursor-sdk` 0.1.6 documents the Buildkite release path and labels SDK usage as `sdk-python-` for clearer analytics.

Run `npm install @cursor/sdk` or `pip install cursor-sdk` to upgrade. Scripts pinning `composer-2` move to Composer 2.5 automatically, and `requestId` is a safe addition to your run metadata schema. See the TypeScript and Python docs for full details.

With canvases, agents can create interactive artifacts like dashboards, reports, and internal tools that you can share with your team.

This release introduces Design Mode for faster canvas editing, new ways to understand context usage, and other quality-of-life improvements.

Design Mode in canvases

Design Mode is now available in canvases.

Select and annotate UI elements directly in a canvas to guide Cursor's edits, just as you would in the browser. Instead of describing the change in text, you can point to it, provide feedback, and iterate more quickly.

Context usage report in canvas

Cursor can now show your agent's context usage as an interactive report in a canvas.

The context explorer breaks down where tokens go across the system prompt, tool definitions, rules, skills, and more. Because it's a canvas, you can ask the agent follow-up questions, and it can customize the report to answer your specific questions.

Click the Debug with Agent button embedded in the canvas to ask Cursor to identify opportunities to reduce context usage in a new conversation.

Canvas Improvements (4)

• Shared canvases can now be opened full-screen in the browser, making them easier to present to others.
• Added the ability for agents to embed buttons in canvases that will run a specific prompt when clicked.
• Improved the agent's ability to fix canvas type errors.
• Improved component styling, and added more chart customization functionality.

Enterprise customers can now manage multiple Cursor teams from one place, with different security, governance, budget, and feature controls for each. These capabilities are now generally available to all Enterprise customers.

Cursor Enterprise organization architecture with organizations, teams, and groups

Organizations

An organization is the top-level container for your company's identity, administration, and membership. It gives admins one place to view and manage their entire Cursor setup, including a rollup of spend and token usage across every team.

Teams

Teams are the operating unit for a department, region, or subsidiary. This is what admins manage as their Cursor org today. We've moved that unit under an organization, so you can run multiple teams, each with its own security, governance, spend, and feature settings.

A user can belong to more than one team, with a different role in each. For current customers, your existing team is preserved and becomes the default home for login, routing, and creating new teams.

Groups

Groups are a lightweight collection of users that can sit across or within teams. They give cohorts of users separate model access, spend limits, and agent permissions without standing up a whole new team. When a user belongs to more than one team or group, the most permissive setting wins.

Learn more in our announcement post or docs.

Improvements (5)

• Multi-team support so users can be on multiple teams at once
• Organization-level IDP management
• Organization-level usage analytics, with drill downs to each team
• Admins can move users between teams through the dashboard, API, or CSV
• New users joining a team inherit settings and permissions automatically

Auto-review is a new run mode that allows Cursor to work for longer with fewer approval prompts and safer execution.

Auto-review applies to Shell, MCP, and Fetch tool calls. Allowlisted calls run immediately, and calls that can be sandboxed run in the sandbox. All other agent actions go to a classifier subagent that decides whether to allow the call, try a different approach, or ask for your approval.

Configure your run mode in **Settings > Cursor Settings > Agents > Run Mode**. You can also steer the classifier agent by giving it custom instructions.

Learn more in our docs.

You can now share canvases from Cursor with your team.

Canvases are interactive artifacts created by agents, like reports, dashboards, and custom interfaces. Instead of sharing a full chat thread, you can share a link to a live snapshot of a canvas for teammates to open in the browser.

View your team's shared canvases in the Cursor Dashboard with read-only access. Shared canvases are available on Pro, Teams, and Enterprise plans.

Learn more in our docs.

This release brings Cursor Automations to the Agents Window and introduces the ability to configure automations with multiple attached repos or no repos at all.

For the next 7 days, all agent runs for newly created automations are 50% off.

Automations in the Agents Window

Cursor Automations are now available in the Agents Window, in addition to cursor.com/automations. Create and manage your automations in the same workspace as your agents.

Multi-repo automations

A lot of engineering work spans more than one codebase. You can now attach multiple repos to an automation so agents reason across all required context and work across repos to deliver, test, and verify tasks.

No-repo automations

Many useful automations exist apart from code, where agents monitor your tools and act on key signals. You can now create automations without an attached repository.

We've added five new templates for no-repo automations to the Cursor Marketplace to help you get started:

• **Slack digest agent**: Summarizes unread DMs and key Slack channels every morning and prioritizes them by importance
• **Product analytics agent**: Delivers a weekly digest of key metrics from your data warehouse like Databricks
• **Product FAQ agent**: Watches a Slack channel for questions and writes a first response based on docs, codebase context, and past threads
• **Product finance agent**: Pulls financial data from a billing provider like Stripe for recurring revenue reports
• **Customer health agent**: Monitors key systems like Granola, Slack, and Databricks and flags accounts where health signals are shifting

Read our docs to learn more.

Cursor is now available in Jira.

Assign work items to Cursor, or mention `@Cursor` in a comment to kick off a cloud agent. Cursor uses the work item title, description, comments, and your team's repository settings to scope the task.

You can ask Cursor to fix bugs, add features, update tests, or investigate something described in the ticket. When the agent finishes, Jira shows completion updates and includes a link to the pull request.

Install the integration from Cursor integrations. You need Cursor admin access and Jira Commercial Cloud with Rovo enabled. Learn more in our docs.

Composer 2.5 is now available in Cursor.

It's a substantial improvement in intelligence and behavior over Composer 2. It is better at sustained work on long-running tasks, follows complex instructions more reliably, and is more pleasant to collaborate with.

Composer 2.5 benchmark results

• **Standard:** \$0.50/M input, \$2.50/M output tokens
• **Fast** (default): \$3.00/M input, \$15.00/M output tokens

Composer 2.5 includes double usage for the first week. See our model docs for full details.

Read more in our announcement.

This release introduces quality-of-life improvements to the Agents Window.

Full-screen tabs

Full screen maximizes the right panel so you can focus on a single tab.

Files, changes, canvases, PRs, browsers, and terminals can expand to fill the entire working area. This replaces the agent chat with a floating prompt bar.

Enter and exit full screen by clicking on the expand/contract button in the panel header, using the command palette, or pressing `Cmd/Ctrl+Shift+M`.

Compact chat responses

Compact chats give you a tighter view of your agent conversations so you can read threads more quickly without losing important context.

Customize tool call density to control how much of the agent's tool activity is shown in each response:

• Compact: shows concise results with minimal tool traces
• Balanced: includes important intermediate steps
• Detailed: provides near-complete step-by-step context

Improvements (8)

• Improved PR tabs by adding clearer review states, better reviewer/thread visibility, and more predictable PR tab actions.
• Improved long-chat scrolling to make it smoother, added better undo grouping in prompt input, and improved behavior while streaming.
• Added clearer status text for background/resumed tasks.
• Added cleaner environment/repo selection and better persistence when switching contexts.
• Improved MCP auth token lifecycle handling.
• Removed noisy in-app terminal notifications and improved shortcut behavior.
• Clarified model naming and selection behavior in the model picker and added stronger fallback handling.
• Improved search and navigation to make it faster and more reliable in large workspaces.

Bug Fixes (9)

• Fixed PR tab bugs affecting branch lookup, header state, and diff loading.
• Fixed background task reliability issues like resume failures, interrupt edge cases, and incorrect status scoping on resumed subagents.
• Fixed cloud agents bugs blocking setup, state merge/persistence bugs, and multi-repo identity issues.
• Fixed MCP/OAuth reliability bugs like transient 401/stale-token cases and large-token handling edge cases.
• Fixed edge cases around slash menu + approval regressions, ask-question flow issues, and paste-chunk handling.
• Fixed keyboard shortcuts bugs in modals, vim/emacs caret style leakage, and other key handling.
• Fixed hook invocation/path-length issues and Git prompt-related regressions.
• Fixed model-routing mismatches, proxy body normalization, and thought-chunk forwarding issues.
• Fixed webhook auth/hostname resolution, GHES installation persistence, and mirrored-repo behavior.

To take engineering tasks from start to finish, agents need a development environment similar to the setup on your laptop: cloned repositories, installed dependencies, credentials for internal toolchains, and access to build systems.

This release introduces new tools for teams to configure development environments for their agents. Cursor also can use these tools to set up and maintain environments for you. Together, this makes it easier for teams to run fleets of parallelized agents that handle tasks from end-to-end, inside development environments you fully control.

Multi-repo environments

Cloud agents and automations now support multi-repo environments, building off our work on multi-root workspaces. You can configure a single environment with all the repositories an agent needs for its work, with re-use across sessions.

Environment configuration as code

To make it easier to change, debug, and review environment definitions, we have improved Dockerfile-based configuration.

This includes support for build secrets, making it easy to securely access private package registries directly from your Dockerfiles. Build secrets are scoped to the build step and aren't passed to the running agent's environment.

We've also upgraded layer caching, so that only the updated layers of your image rebuild when you change the Dockerfile. Builds that hit the cache run 70% faster.

Improved agent-led environment setup

As Cursor configures your environment, it will ask you questions, flag missing credentials, and validate that your environment is set up properly.

Cursor will always show you the version of the environment your agent is running in. If your environment configuration fails, it will default to a base image with clear warning signs so that your cloud agents can keep running instead of immediately failing.

Environment governance and security controls

Every development environment now has its own version history that users can review and roll back. Admins can also restrict rollback permissions to admins only. An audit log captures every action team members take on environments, giving security teams full visibility into who changed what.

Egress and secrets can now be scoped at the development environment level. Secrets configured for one environment aren't accessible from any other.

Learn more about agent development environments in our announcement and docs.

Cursor is now available in Microsoft Teams.

Mention @Cursor in any Teams channel to delegate a task to a cloud agent or pull information from Cursor into Teams.

Cursor automatically picks the right repository and model based on your prompt and recent agent activity. It reads the entire thread for context before implementing a solution and creating a PR for your team to review.

Get started by installing the integration in the Cursor dashboard. Learn more in our docs.

Teams admins and Individual plan users can now customize the effort level Bugbot uses for its PR reviews, with three different configurations:

• **Default:** Bugbot continues to use the same effort level as it does today. Optimized for efficiency and speed.
• **High:** Bugbot spends more time reasoning. Reviews are more expensive and take longer, but Bugbot may find more bugs.
• **Custom:** Describe in natural language when Bugbot should use default or high effort. Cursor will dynamically set effort levels based on your instructions.

Customers must be on usage-based billing for Bugbot to customize effort levels. Learn more in our docs and go to your Bugbot dashboard to get started.

Bugbot improvements

• With default effort, Bugbot finds 0.7 bugs per run, on average. Over 79% of these bugs are resolved by users at merge time.
• With high effort, Bugbot finds 0.95 bugs per run, on average.

This release introduces a new PR review experience, faster execution on plans through parallel agents, and new quick-action pills for common workflows.

PR review

A new PR review experience is now available in Cursor 3. Take PRs from creation to merge all in one place.

• The Reviews tab now shows inline review threads and top-level PR comments.
• The Commits tab gives you a focused view of commit history for the PR.
• The Changes tab makes it easier to navigate larger PRs with a file tree and changes picker.

You can see useful context like reviewer status and pending review banners, and quick action pills allow you to take next steps faster.

Build in parallel from plans

Cursor can now execute on plans faster by multitasking across tasks instead of tackling them one at a time.

Click "Build in Parallel" to have it identify independent parts of your plan and run them simultaneously using async subagents. Cursor will keep dependent steps in order when needed.

Split changes into PRs

When multitasking in Cursor, you can now use a built-in quick action to split changes into PRs.

It will use chat context to identify logical slices, default to independent PRs unless dependencies are required, create a backup snapshot, and propose a split plan for your approval.

Pin skills as quick actions

You can now pin your most commonly used skills as quick-action pills for faster access.

Improvements (6)

• Added the ability to control Explore subagent behavior from settings: choose a specific model for Explore subagents to run on, inherit the same model as the parent agent, or disable Explore subagents altogether.
• Added support for general model names for subagent configuration (i.e., set `model: opus` to have subagents always use the newest Opus model).
• `/multitask` is now available in the editor for running async subagents to parallelize your requests instead of adding them to the queue.
• Improved prompt input undo grouping, so undo/redo feels more natural during edits.
• Improved long-chat handling and reduced jumpiness and other surprising behaviors.
• Made MCP connection behavior more predictable, and added explicit stale token cleanup on re-auth.

Bug Fixes (5)

• Fixed terminal interaction bugs in the agents window, including editing shortcut issues and approval/overlay edge cases.
• Fixed several slash menu and input-approval regressions.
• Fixed MCP auth edge cases, including transient 401 handling and stale credential behavior.
• Fixed multi-repo environment selection and cache issues.
• Fixed various cloud agent timing and hydration edge cases that could degrade reliability.

You can now see a breakdown of your agent's context usage.

Use these stats to diagnose context issues and improve your setup across rules, skills, MCPs, and subagents.

This release introduces updates for Enterprise admins: a new system for model controls, updated spend management, and more detail for usage analytics.

Model access controls

Admins can now set more granular allow or blocklists at the model and provider level. You can block entire providers or specific model configurations for speed and context window size.

Enterprises also have the option to block new providers or model versions by default.

Customers with existing blocklists will need to migrate to the new system by June 1st. Admins should go to their team model settings in the Cursor dashboard to get started.

Soft spend limits and intelligent alerts

Admins can now set soft limits instead of hard limits to avoid blocking users. Cursor can also monitor usage and sends automatic alerts to users reaching 50%, 80%, and 100% of their soft or hard limits.

This keeps users productive while giving admins and users visibility into consumption patterns.

Go to the spend management settings in the Cursor dashboard to get started.

Updated usage analytics tab

Admins can now filter usage by specific users, or break it down by product surface: clients, Cloud Agents, automations, Bugbot, and Security Review.

Go to the usage analytics tab in the Cursor dashboard to get started.

Admins can now create a team marketplace without connecting a repository first. Add, remove, and configure install behavior for first-party plugins directly in team marketplace settings.

Plugins bundle capabilities like MCP servers, skills, subagents, rules, and hooks that extend agents with custom functionality. Each plugin can be distributed in one of three ways:

1. Default Off: users can discover and opt in
2. Default On: users get the plugin installed by default, but can opt out
3. Required: users always have the plugin and cannot uninstall it

Get started in the Cursor dashboard.

Cursor Security Review is now in beta on Teams and Enterprise plans. You can run two types of always-on security agents: Security Reviewer and Vulnerability Scanner.

Security Reviewer

Security Reviewer checks every PR for security vulnerabilities, auth regressions, privacy and data-handling risks, agent tool auto-approvals, and prompt injection attacks. It will leave inline comments at the exact diff location with severity and remediation.

Security Reviewer leaving inline comments on a pull request diff.

Vulnerability Scanner

Vulnerability Scanner runs scheduled scans of your codebase to check for known vulnerabilities, outdated dependencies, and configuration issues. You can configure it to send updates of its findings in Slack.

Vulnerability Scanner findings and scheduled scans in Cursor.

---

Customize Cursor-managed security agents by adjusting triggers, adding your own instructions, giving them custom tooling, and choosing how outputs are shared. For example, you can plug in MCP servers for your existing SAST, SCA, and secrets scanners for Cursor to use as part of the review.

We're also continuously improving the runtime, harness, and models powering Cursor Security Review for a strong out-of-the-box experience.

Security agents draw from your existing usage pool. Admins can enable Security Review in the Cursor dashboard to get started.

We're introducing the Cursor SDK so you can build agents with the same runtime, harness, and models that power Cursor.

The agents that run in the Cursor desktop app, CLI, and web app are now accessible with a few lines of TypeScript. Run it on your machine or on Cursor's cloud against a dedicated VM, with any frontier model.

Run `npm install @cursor/sdk` to get started. You can also use Cursor's native `/sdk` skill to help you start building.

```jsx import { Agent } from "@cursor/sdk";

const agent = await Agent.create({ apiKey: process.env.CURSOR_API_KEY!, model: { id: "composer-2" }, local: { cwd: process.cwd() }, });

const run = await agent.send("Summarize what this repository does");

for await (const event of run.stream()) { console.log(event); } ```

We built a few sample projects that you can access from a public repo. Fork and extend them for your own use case.

The Cursor SDK is now available for all users in public beta and is billed based on standard, token-based consumption pricing. Learn more in our announcement and docs.

Updates to the Cloud Agents API

• Reworked the API around durable agents and per-prompt runs, so follow-ups, status, streaming, and cancellation are now run-scoped.
• Added first-class run streaming with SSE events, reconnect support via `Last-Event-ID`, and clearer terminal states.
• Added explicit agent lifecycle controls with archive, unarchive, and permanent delete.
• Standardized v1 response and error shapes, including structured error codes, `items` list responses, and separate `agent` / `run` objects.