{"id":50888610,"url":"https://github.com/qualifire-dev/rogue-plugin-cursor","last_synced_at":"2026-06-15T19:30:26.072Z","repository":{"id":360488230,"uuid":"1250126410","full_name":"qualifire-dev/rogue-plugin-cursor","owner":"qualifire-dev","description":"Rogue Security AIDR plugin for Cursor","archived":false,"fork":false,"pushed_at":"2026-06-03T14:38:50.000Z","size":122,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-03T15:05:09.552Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qualifire-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-05-26T10:29:35.000Z","updated_at":"2026-06-01T08:33:22.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/qualifire-dev/rogue-plugin-cursor","commit_stats":null,"previous_names":["qualifire-dev/rogue-plugin-cursor"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/qualifire-dev/rogue-plugin-cursor","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qualifire-dev%2Frogue-plugin-cursor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qualifire-dev%2Frogue-plugin-cursor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qualifire-dev%2Frogue-plugin-cursor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qualifire-dev%2Frogue-plugin-cursor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qualifire-dev","download_url":"https://codeload.github.com/qualifire-dev/rogue-plugin-cursor/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qualifire-dev%2Frogue-plugin-cursor/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34377872,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-15T02:00:07.085Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-15T19:30:25.388Z","updated_at":"2026-06-15T19:30:26.064Z","avatar_url":"https://github.com/qualifire-dev.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Rogue Security — Cursor Plugin\n\nReal-time AI agent detection and response (AIDR) for [Cursor](https://cursor.com).\nObserves every prompt, tool call, shell command, MCP invocation, file read, and\nsubagent — flags prompt injections, secret exfiltration, and destructive\noperations before they reach production.\n\n## Install\n\n**macOS / Linux:**\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/qualifire-dev/rogue-plugin-cursor/main/install.sh | bash\n```\n\n**Windows** (PowerShell 5.1+, run as your normal user):\n\n```powershell\niwr -useb https://raw.githubusercontent.com/qualifire-dev/rogue-plugin-cursor/main/install.ps1 | iex\n```\n\nPass credentials via environment variables before the one-liner when running non-interactively:\n\n```powershell\n$env:ROGUE_API_KEY='rsk_xxx'; $env:ROGUE_ACTOR_EMAIL='you@co.com'; iwr -useb https://raw.githubusercontent.com/qualifire-dev/rogue-plugin-cursor/main/install.ps1 | iex\n```\n\nThe installer drops the plugin into `~/.cursor/plugins/local/rogue/`, writes\ncredentials to `~/.rogue-env`, and prepares hooks for the next Cursor restart.\n\nGet an API key at \u003chttps://app.rogue.security/settings/api-keys\u003e.\n\n## What it ships\n\n```\n.cursor-plugin/marketplace.json   — marketplace manifest\nplugins/rogue/\n  .cursor-plugin/plugin.json      — plugin manifest\n  hooks/hooks.json                — every Cursor agent event wired\n  scripts/hook.sh                 — POSIX-sh + curl dispatcher (macOS/Linux/WSL)\n  scripts/hook.ps1                — PowerShell dispatcher (native Windows)\n  scripts/setup.sh                — credential storage helper (macOS/Linux)\n  scripts/setup.ps1               — credential storage helper (Windows)\n  commands/setup.md               — /rogue:setup\n  commands/status.md              — /rogue:status\n```\n\n## Hooks covered\n\n`sessionStart`, `sessionEnd`, `beforeSubmitPrompt`, `preToolUse`, `postToolUse`,\n`postToolUseFailure`, `beforeShellExecution`, `afterShellExecution`,\n`beforeMCPExecution`, `afterMCPExecution`, `beforeReadFile`, `afterFileEdit`,\n`afterAgentResponse`, `afterAgentThought`, `subagentStart`, `subagentStop`,\n`stop`, `preCompact`.\n\nAll hooks POST to `https://api.rogue.security/api/v1/hooks/cursor` (configurable\nvia `ROGUE_BASE_URL`).\n\n## Block UX\n\nBlock UX is decided entirely by the server based on your org's Rogue Security\nconfiguration — the plugin has no client-side policy flags.\n\n- **Tool calls** (`preToolUse`, `beforeShellExecution`, `beforeMCPExecution`):\n  server returns `permission: ask` or `permission: deny`. `ask` renders as\n  Cursor's native confirmation prompt; `deny` hard-blocks with a chat message.\n- **Prompts** (`beforeSubmitPrompt`): server returns `continue: false` + a\n  message shown in the chat (Cursor doesn't support ask on prompts).\n- **File reads / subagent starts**: server returns `permission: deny` with a\n  chat message.\n\n## Configuration\n\n| Variable | Default | Purpose |\n|---|---|---|\n| `ROGUE_API_KEY` | — | Required. From \u003chttps://app.rogue.security/settings/api-keys\u003e. |\n| `ROGUE_ACTOR_EMAIL` | git config | Sent as `x-rogue-actor-email` header. |\n| `ROGUE_ACTOR_NAME`  | git config | Sent as `x-rogue-actor-name`. |\n| `ROGUE_BASE_URL` | `https://api.rogue.security` | API base URL. |\n| `ROGUE_PLUGIN_VERSION` | (unpinned) | Pin the one-line install to a release tag (e.g. `v1.0.0`). |\n\nCredentials live in `~/.rogue-env` (mode 600), shared with the Claude plugin.\nSystem-wide MDM can use `/etc/rogue/env`.\n\n## False positive escape hatch\n\nPrepend `rgx!` to any prompt to allow it through and mark the previous\ndetection as a false positive in your dashboard. Per-prompt only.\n\n## Dashboard\n\n\u003chttps://app.rogue.security/aidr\u003e\n\n## Requirements\n\n- Cursor v2026.x with plugin support\n- **macOS / Linux:** POSIX `sh` and `curl` on PATH (both are present by default). No other tools are required — the dispatcher relays the backend response to Cursor verbatim (a 200 from the Rogue API is always valid JSON, and Cursor ignores — and logs — any unparseable hook output).\n- **Windows:** PowerShell 5.1+ (built in); `tar` (ships with Windows 10 1803+, used by the installer).\n\n## License\n\nProprietary. © Qualifire, Inc.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqualifire-dev%2Frogue-plugin-cursor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqualifire-dev%2Frogue-plugin-cursor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqualifire-dev%2Frogue-plugin-cursor/lists"}