https://github.com/qualifire-dev/rogue-plugin-cursor

Rogue Security AIDR plugin for Cursor
https://github.com/qualifire-dev/rogue-plugin-cursor

Last synced: 6 days ago
JSON representation

Rogue Security AIDR plugin for Cursor

• Host: GitHub
• URL: https://github.com/qualifire-dev/rogue-plugin-cursor
• Owner: qualifire-dev
• License: other
• Created: 2026-05-26T10:29:35.000Z (26 days ago)
• Default Branch: main
• Last Pushed: 2026-06-03T14:38:50.000Z (18 days ago)
• Last Synced: 2026-06-03T15:05:09.552Z (18 days ago)
• Language: Shell
• Size: 119 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Agents: AGENTS.md

Awesome Lists containing this project

README

          
# Rogue Security — Cursor Plugin

Real-time AI agent detection and response (AIDR) for [Cursor](https://cursor.com).

Observes every prompt, tool call, shell command, MCP invocation, file read, and

subagent — flags prompt injections, secret exfiltration, and destructive

operations before they reach production.

## Install

**macOS / Linux:**

```bash

curl -fsSL https://raw.githubusercontent.com/qualifire-dev/rogue-plugin-cursor/main/install.sh | bash

```

**Windows** (PowerShell 5.1+, run as your normal user):

```powershell

iwr -useb https://raw.githubusercontent.com/qualifire-dev/rogue-plugin-cursor/main/install.ps1 | iex

```

Pass credentials via environment variables before the one-liner when running non-interactively:

```powershell

$env:ROGUE_API_KEY='rsk_xxx'; $env:ROGUE_ACTOR_EMAIL='you@co.com'; iwr -useb https://raw.githubusercontent.com/qualifire-dev/rogue-plugin-cursor/main/install.ps1 | iex

```

The installer drops the plugin into `~/.cursor/plugins/local/rogue/`, writes

credentials to `~/.rogue-env`, and prepares hooks for the next Cursor restart.

Get an API key at .

## What it ships

```

.cursor-plugin/marketplace.json   — marketplace manifest

plugins/rogue/

  .cursor-plugin/plugin.json      — plugin manifest

  hooks/hooks.json                — every Cursor agent event wired

  scripts/hook.sh                 — POSIX-sh + curl dispatcher (macOS/Linux/WSL)

  scripts/hook.ps1                — PowerShell dispatcher (native Windows)

  scripts/setup.sh                — credential storage helper (macOS/Linux)

  scripts/setup.ps1               — credential storage helper (Windows)

  commands/setup.md               — /rogue:setup

  commands/status.md              — /rogue:status

```

## Hooks covered

`sessionStart`, `sessionEnd`, `beforeSubmitPrompt`, `preToolUse`, `postToolUse`,

`postToolUseFailure`, `beforeShellExecution`, `afterShellExecution`,

`beforeMCPExecution`, `afterMCPExecution`, `beforeReadFile`, `afterFileEdit`,

`afterAgentResponse`, `afterAgentThought`, `subagentStart`, `subagentStop`,

`stop`, `preCompact`.

All hooks POST to `https://api.rogue.security/api/v1/hooks/cursor` (configurable

via `ROGUE_BASE_URL`).

## Block UX

Block UX is decided entirely by the server based on your org's Rogue Security

configuration — the plugin has no client-side policy flags.

- **Tool calls** (`preToolUse`, `beforeShellExecution`, `beforeMCPExecution`):

  server returns `permission: ask` or `permission: deny`. `ask` renders as

  Cursor's native confirmation prompt; `deny` hard-blocks with a chat message.

- **Prompts** (`beforeSubmitPrompt`): server returns `continue: false` + a

  message shown in the chat (Cursor doesn't support ask on prompts).

- **File reads / subagent starts**: server returns `permission: deny` with a

  chat message.

## Configuration

| Variable | Default | Purpose |

|---|---|---|

| `ROGUE_API_KEY` | — | Required. From . |

| `ROGUE_ACTOR_EMAIL` | git config | Sent as `x-rogue-actor-email` header. |

| `ROGUE_ACTOR_NAME`  | git config | Sent as `x-rogue-actor-name`. |

| `ROGUE_BASE_URL` | `https://api.rogue.security` | API base URL. |

| `ROGUE_PLUGIN_VERSION` | (unpinned) | Pin the one-line install to a release tag (e.g. `v1.0.0`). |

Credentials live in `~/.rogue-env` (mode 600), shared with the Claude plugin.

System-wide MDM can use `/etc/rogue/env`.

## False positive escape hatch

Prepend `rgx!` to any prompt to allow it through and mark the previous

detection as a false positive in your dashboard. Per-prompt only.

## Dashboard

## Requirements

- Cursor v2026.x with plugin support

- **macOS / Linux:** POSIX `sh` and `curl` on PATH (both are present by default). No other tools are required — the dispatcher relays the backend response to Cursor verbatim (a 200 from the Rogue API is always valid JSON, and Cursor ignores — and logs — any unparseable hook output).

- **Windows:** PowerShell 5.1+ (built in); `tar` (ships with Windows 10 1803+, used by the installer).

## License

Proprietary. © Qualifire, Inc.