Skip to content
LatchGate

Cursor

Connect Cursor to LatchGate so every tool call goes through the execution security kernel.

Prerequisites

Section titled “Prerequisites”
  • LatchGate running (latchgate up or production deployment)
  • latchgate-mcp binary on PATH (from GitHub Releases or brew install latchgate-ai/tap/latchgate)

Automatic setup

Section titled “Automatic setup”
Terminal window
latchgate-mcp install --ide cursor

This writes the MCP server entry to ~/.cursor/mcp.json. Restart Cursor to pick up the configuration.

Preview first without writing:

Terminal window
latchgate-mcp install --ide cursor --dry-run

Manual setup

Section titled “Manual setup”

Add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "latchgate": {
      "command": "/usr/local/bin/latchgate-mcp",
      "args": ["serve", "--gate-url", "http://localhost:3000"],
      "env": {
        "LATCHGATE_AGENT_ID": "cursor",
        "RUST_LOG": "warn"
      }
    }
  }
}

Adjust the binary path if installed elsewhere. Use which latchgate-mcp to find it.

End-to-end verification

Section titled “End-to-end verification”
  1. Start LatchGate: latchgate up
  2. Install config: latchgate-mcp install --ide cursor
  3. Restart Cursor.
  4. Open a project and ask the agent to perform an HTTP request.
  5. Verify the audit trail: latchgate audit --limit 5
  6. Confirm the full pipeline: lease => policy => WASM sandbox => receipt.

Production (UDS transport)

Section titled “Production (UDS transport)”

Replace --gate-url with UDS + public base URL for production:

{
  "mcpServers": {
    "latchgate": {
      "command": "/usr/local/bin/latchgate-mcp",
      "args": ["serve", "--public-base-url", "http://localhost:3000"],
      "env": {
        "LATCHGATE_AGENT_ID": "cursor",
        "RUST_LOG": "warn"
      }
    }
  }
}

For production hardening with UDS transport, see Deployment.