Merge pull request docker#24932 from dvdksn/sbx/cursor

sbx/cursor

Author: dvdksn

content/manuals/ai/sandboxes/agents/_index.md

@@ -3,7 +3,7 @@ title: Supported agents
 linkTitle: Agents
 weight: 30
 description: AI coding agents supported by Docker Sandboxes.
-keywords: docker sandboxes, ai agents, claude code, codex, gemini
+keywords: docker sandboxes, ai agents, claude code, codex, cursor, gemini
 ---
 
 {{< summary-bar feature_name="Docker Sandboxes sbx" >}}
@@ -13,6 +13,7 @@ Docker Sandboxes runs the following agents out of the box:
 - [Claude Code](claude-code/)
 - [Codex](codex/)
 - [Copilot](copilot/)
+- [Cursor](cursor/)
 - [Droid](droid/)
 - [Gemini](gemini/)
 - [Kiro](kiro/)

content/manuals/ai/sandboxes/agents/cursor.md

@@ -0,0 +1,79 @@
+---
+title: Cursor
+weight: 33
+description: |
+  Use Cursor in Docker Sandboxes with API key or proxy-managed OAuth
+  authentication.
+keywords: docker sandboxes, cursor, cursor agent, ai agent, sbx
+---
+
+{{< summary-bar feature_name="Docker Sandboxes sbx" >}}
+
+This guide covers authentication, configuration, and usage of Cursor in a
+sandboxed environment.
+
+Official documentation: [Cursor CLI](https://cursor.com/cli)
+
+## Quick start
+
+Create a sandbox and run Cursor for a project directory:
+
+```console
+$ sbx run cursor ~/my-project
+```
+
+The workspace parameter is optional and defaults to the current directory:
+
+```console
+$ cd ~/my-project
+$ sbx run cursor
+```
+
+## Authentication
+
+Cursor supports two authentication methods: an API key or OAuth.
+
+**API key**: Store your Cursor API key using
+[stored secrets](../security/credentials.md#stored-secrets):
+
+```console
+$ sbx secret set -g cursor
+```
+
+Alternatively, export the `CURSOR_API_KEY` environment variable in your shell
+before running the sandbox. See
+[Credentials](../security/credentials.md) for details on both methods.
+
+**OAuth**: If no API key is set, Cursor prompts you to sign in interactively
+on first run. The proxy intercepts the token exchange with
+`api2.cursor.sh/auth/poll`, so credentials are managed by the host and aren't
+stored inside the sandbox.
+
+## Configuration
+
+Sandboxes don't pick up user-level configuration from your host, such as
+`~/.cursor`. Only project-level configuration in the working directory is
+available inside the sandbox. See
+[Why doesn't the sandbox use my user-level agent configuration?](../faq.md#why-doesnt-the-sandbox-use-my-user-level-agent-configuration)
+for workarounds.
+
+Cursor reads `AGENTS.md` from the workspace for agent-specific instructions.
+
+The sandbox runs Cursor in YOLO mode by default, which executes commands
+without approval prompts. Pass additional `cursor-agent` CLI options after
+`--`:
+
+```console
+$ sbx run cursor --name <sandbox-name> -- <cursor-options>
+```
+
+## Base image
+
+Template: `docker/sandbox-templates:cursor-agent-docker`
+
+Preconfigured to run in YOLO mode with HTTP/1.1 and server-sent events for
+agent traffic so requests flow through the host proxy. Authentication state
+is persisted across sandbox restarts.
+
+See [Customize](../customize/) to pre-install tools or customize this
+environment.

content/manuals/ai/sandboxes/customize/kits.md

@@ -577,8 +577,9 @@ When a kit doesn't behave as expected, start with the network policy log
 and direct inspection inside the sandbox:
 
 - `sbx policy log` shows every outbound request the sandbox proxy saw,
-  the rule it matched, and how it was forwarded (`forward-bypass`,
-  `forward`, `block`). Use it to diagnose install-time download failures,
+  the rule it matched, extra context when available, and its `PROXY`
+  value, such as `forward`, `forward-bypass`, `transparent`, or
+  `browser-open`. Use it to diagnose install-time download failures,
   blocked domains, and unexpected TLS interception. If downloads fail or
   arrive corrupted after you add `serviceDomains`, check whether the
   service mapping is too broad. Map only the hosts that need credential

content/manuals/ai/sandboxes/customize/templates.md

@@ -44,6 +44,7 @@ CLI, and common development tools like Node.js, Python, Go, and Java.
 | `claude-code-minimal` | Claude Code with a minimal toolset (no Node.js, Python, Go, or Java) |
 | `codex`               | [OpenAI Codex](https://github.com/openai/codex)                      |
 | `copilot`             | [GitHub Copilot](https://github.com/github/copilot-cli)              |
+| `cursor-agent`        | [Cursor](https://cursor.com/cli)                                     |
 | `docker-agent`        | [Docker Agent](https://github.com/docker/docker-agent)               |
 | `droid`               | [Droid](https://www.factory.ai)                                      |
 | `gemini`              | [Gemini CLI](https://github.com/google-gemini/gemini-cli)            |

content/manuals/ai/sandboxes/security/policy.md

@@ -166,22 +166,28 @@ Use `sbx policy log` to see which hosts your sandboxes have contacted:
 ```console
 $ sbx policy log
 Blocked requests:
-SANDBOX      TYPE     HOST                   PROXY        RULE       LAST SEEN        COUNT
-my-sandbox   network  blocked.example.com    transparent  policykit  10:15:25 29-Jan  1
+SANDBOX      TYPE     HOST                   PROXY        RULE            REASON         LAST SEEN        COUNT
+my-sandbox   network  blocked.example.com    transparent  domain-blocked  default-deny   10:15:25 29-Jan  1
 
 Allowed requests:
-SANDBOX      TYPE     HOST                   PROXY        RULE       LAST SEEN        COUNT
-my-sandbox   network  api.anthropic.com      forward      policykit  10:15:23 29-Jan  42
-my-sandbox   network  registry.npmjs.org     transparent  policykit  10:15:20 29-Jan  18
+SANDBOX      TYPE     HOST                   PROXY          RULE             REASON   LAST SEEN        COUNT
+my-sandbox   network  api.anthropic.com      forward        domain-allowed            10:15:23 29-Jan  42
+my-sandbox   network  registry.npmjs.org     forward-bypass domain-allowed            10:15:20 29-Jan  18
+my-sandbox   network  app.example.com        browser-open                             10:15:10 29-Jan  1
 ```
 
 The **PROXY** column shows how the request left the sandbox:
 
-| Value         | Description                                                                                                    |
-| ------------- | -------------------------------------------------------------------------------------------------------------- |
-| `forward`     | Routed through the forward proxy. Supports [credential injection](credentials.md).                             |
-| `transparent` | Intercepted by the transparent proxy. Policy is enforced but credential injection is not available.            |
-| `network`     | Non-HTTP traffic (raw TCP, UDP, ICMP). TCP can be allowed with a policy rule; UDP and ICMP are always blocked. |
+| Value            | Description                                                                                                    |
+| ---------------- | -------------------------------------------------------------------------------------------------------------- |
+| `forward`        | Routed through the forward proxy. Supports [credential injection](credentials.md).                             |
+| `forward-bypass` | Routed through the forward proxy without credential injection.                                                 |
+| `transparent`    | Intercepted by the transparent proxy. Policy is enforced but credential injection is not available.            |
+| `network`        | Non-HTTP traffic (raw TCP, UDP, ICMP). TCP can be allowed with a policy rule; UDP and ICMP are always blocked. |
+| `browser-open`   | A sandbox process requested opening a URL in the host browser. Policy is enforced before opening the URL.      |
+
+The **RULE** column identifies the policy rule that matched the request. The
+**REASON** column includes extra context when the daemon records one.
 
 Filter by sandbox name by passing it as an argument:
 

data/sbx_cli/sbx_create.yaml

@@ -57,6 +57,7 @@ see_also:
     - sbx create claude - Create a sandbox for claude
     - sbx create codex - Create a sandbox for codex
     - sbx create copilot - Create a sandbox for copilot
+    - sbx create cursor - Create a sandbox for cursor
     - sbx create docker-agent - Create a sandbox for docker-agent
     - sbx create droid - Create a sandbox for droid
     - sbx create gemini - Create a sandbox for gemini

data/sbx_cli/sbx_create_cursor.yaml

@@ -0,0 +1,57 @@
+name: sbx create cursor
+synopsis: Create a sandbox for cursor
+description: |-
+    Create a sandbox with access to a host workspace for cursor.
+
+    The workspace path is required and will be mounted inside the sandbox at the
+    same path as on the host. Additional workspaces can be provided as extra
+    arguments. Append ":ro" to mount them read-only.
+
+    Use "sbx run SANDBOX" to attach to the agent after creation.
+usage: sbx create cursor PATH [PATH...] [flags]
+options:
+    - name: help
+      shorthand: h
+      default_value: "false"
+      usage: help for cursor
+inherited_options:
+    - name: branch
+      usage: Create a Git worktree on the given branch
+    - name: cpus
+      default_value: "0"
+      usage: |
+        Number of CPUs to allocate to the sandbox (0 = auto: N-1 host CPUs, min 1)
+    - name: debug
+      shorthand: D
+      default_value: "false"
+      usage: Enable debug logging
+    - name: kit
+      default_value: '[]'
+      usage: |
+        Kit reference (directory, ZIP, or OCI). Can be specified multiple times
+    - name: memory
+      shorthand: m
+      usage: |
+        Memory limit in binary units (e.g., 1024m, 8g). Default: 50% of host memory, max 32 GiB
+    - name: name
+      usage: |
+        Name for the sandbox (default: <agent>-<workdir>, letters, numbers, hyphens, periods, plus signs and minus signs only)
+    - name: quiet
+      shorthand: q
+      default_value: "false"
+      usage: Suppress verbose output
+    - name: template
+      shorthand: t
+      usage: |
+        Container image to use for the sandbox (default: agent-specific image)
+example: |4-
+      # Create in the current directory
+      sbx create cursor .
+
+      # Create with a specific path
+      sbx create cursor /path/to/project
+
+      # Create with additional read-only workspaces
+      sbx create cursor . /path/to/docs:ro
+see_also:
+    - sbx create - Create a sandbox for an agent

data/sbx_cli/sbx_run.yaml

@@ -8,7 +8,7 @@ description: |-
 
     To create a sandbox without attaching, use "sbx create" instead.
 
-    Available agents: claude, codex, copilot, docker-agent, droid, gemini, kiro, opencode, shell
+    Available agents: claude, codex, copilot, cursor, docker-agent, droid, gemini, kiro, opencode, shell
 usage: sbx run [flags] SANDBOX | AGENT [PATH...] [-- AGENT_ARGS...]
 options:
     - name: branch

data/sbx_cli/sbx_secret_set.yaml

@@ -3,7 +3,7 @@ synopsis: Create or update a secret
 description: |-
     Create or update a secret for a service.
 
-    Available services: anthropic, aws, droid, github, google, groq, mistral, nebius, openai, xai
+    Available services: anthropic, aws, cursor, droid, github, google, groq, mistral, nebius, openai, xai
 
     When no arguments are provided, an interactive prompt guides you through
     scope and service selection.