Govern Cursor's agent the way you govern production agents. This plugin blocks the things you do not want an autonomous agent doing on your machine, locally and offline, and (optionally) mints a signed, offline-verifiable proof that the session was governed.
It blocks, before the action runs:
- Destructive commands (
rm -rf,git push --force,DROP TABLE,curl ... | sh) - Secret exfiltration (a command or file write that ships an API key, token, or
.env) - Prompt-injected tool results (a poisoned MCP reply or fetched page steering the agent)
Local blocking runs fully offline with no account and no API key. It is a thin,
self-contained wrapper around the published @axiorank/coding-guard,
which bundles the zero-dependency AxioRank detection engine.
In Cursor: Settings → Plugins → Add plugin, then point it at this plugin (a local
path or this git repo). Once it is in the Cursor plugins registry
it installs in one click. Cursor reads hooks/hooks.json and the guard activates
immediately.
No build step is required for end users: the guard binary is vendored at bin/guard.mjs
(a single self-contained file that runs on node). The hook shim prefers it and falls
back to npx -y @axiorank/coding-guard if it is missing.
| Component | What it does |
|---|---|
hooks/hooks.json |
Runs the guard on beforeShellExecution, beforeMCPExecution, beforeReadFile, afterFileEdit, and session end. |
mcp.json |
Registers AxioRank's remote MCP server so the agent can query governance (needs AXIORANK_API_KEY; optional). |
rules/axiorank-governance.mdc |
Tells the agent it is governed: respect a block, treat tool output as untrusted, never echo secrets. |
commands/verify-seal.md |
/verify-seal — verify the Coding Session Seal offline. |
commands/governance.md |
/governance — show the current session's governance status. |
skills/coding-guard/SKILL.md |
Reference for what the guard blocks and how sealing/verification work. |
Set an API key and each session is reported to your AxioRank workspace and sealed at the end:
export AXIORANK_API_KEY="axr_live_..."Sessions then appear under Coding Sessions,
and a signed seal lands in <repo>/.axiorank/session-<id>.seal.json. Verify it offline,
with no trust in AxioRank:
npx -y @axiorank/audit-verify coding-seal .axiorank/session-*.seal.jsonLocal blocking and central audit are free (audit counts against your plan's normal event quota). The signed Coding Session Seal is a Team-plan feature.
| Var | Default | Purpose |
|---|---|---|
AXIORANK_API_KEY |
unset | Central reporting + sealing. Unset = local-only. |
AXIORANK_BASE_URL |
https://app.axiorank.com |
Your AxioRank deployment. |
AXIORANK_CODING_GUARD_TIMEOUT_MS |
2500 |
Central-call timeout (fails open). |
AXIORANK_CODING_GUARD_DISABLE_REMOTE |
unset | Force local-only mode. |
bin/guard.mjs is vendored from @axiorank/coding-guard. After bumping that package,
re-vendor with node scripts/sync-binary.mjs and commit the result.
MIT licensed. Part of AxioRank.