Runtime behavioral monitoring for Cursor on developer workstations.
This package bridges Cursor transcripts (reasoning plane) to the EDAMAME Security system-plane observer, enabling two-plane divergence detection on developer machines.
This is a named Cursor integration for EDAMAME Security, not a separate EDAMAME product surface.
- Cursor produces session transcripts while you code.
- This package parses transcripts and forwards them to EDAMAME via MCP.
- EDAMAME evaluates behavioral intent against live system telemetry.
- Divergence verdicts surface through the control center or health checks.
EDAMAME's host-side transcript observer is the security control of record -- it runs divergence detection against Cursor as soon as Cursor is discovered on disk, with zero plugin installed, and a compromised agent cannot pause or silence it. This package is a cooperative enhancement: it adds off-host coverage (when Cursor runs where the host observer cannot read its transcripts -- remote box, SSH, container, CI, VM) and turnkey onboarding/UX (MCP discovery, pairing, in-agent posture/verdict views, health checks). It never provides -- and can never weaken -- the guarantee. See Observer vs plugin: the value boundary.
- Node.js 18+
- EDAMAME Security running on the same machine:
- macOS / Windows: EDAMAME Security app
- Linux: edamame_posture CLI
Install from the Cursor Marketplace:
- Open the marketplace panel in Cursor.
- Search for EDAMAME Security.
- Click Install.
The plugin automatically registers the MCP server, rules, skills, agents, and
commands. After installation, run edamame_cursor_control_center from Cursor
to pair with your local EDAMAME host.
For environments where the marketplace is not available, or when you want full control over the installation:
- Clone the repo and run the installer:
git clone https://github.com/edamametechnologies/edamame_cursor.git
cd edamame_cursor
bash setup/install.sh [/path/to/your/workspace]The workspace argument is optional. It seeds transcript_project_hints
and agent_instance_id. When omitted, the plugin monitors transcripts from
all workspaces. The install is global per-user -- no need to reinstall
when switching projects.
- Restart Cursor, then run
edamame_cursor_control_centerto pair with your local EDAMAME host.
The installer automatically registers the edamame MCP server entry in
Cursor's global configuration (~/.cursor/mcp.json). When installing via
the EDAMAME Security app or edamame-posture install-agent-plugin cursor, the same
automatic registration is performed by the provisioning engine. If Cursor's
global MCP config already contains other servers, they are preserved.
See Setup Guide for detailed config paths per platform.
- macOS / Windows: Start the EDAMAME Security app, enable MCP on port 3000. Primary: click "Request pairing from app" in the control center and approve in the app. Fallback: generate a PSK and paste it into the control center.
- Linux: Run
edamame-posture mcp-generate-pskthenedamame-posture mcp-start 3000 "<PSK>", and paste the PSK into the control center. Or runedamame_cursor_control_centerand use "Generate, start, and pair automatically".
Cursor does not inherit your shell's PATH. If node is installed via
Homebrew or nvm, Cursor may not find it. The manual installer resolves this
automatically (it writes the absolute node path into the rendered MCP
snippet). If you see this error after a Marketplace install, edit
~/.cursor/mcp.json and replace "command": "node" with the full path
(e.g. "/opt/homebrew/bin/node" on macOS with Homebrew).
bash setup/healthcheck.sh --strict --json| Component | Contents |
|---|---|
| MCP Server | stdio bridge forwarding EDAMAME tools (posture, divergence, sessions, remediation) to Cursor |
| Rules | Security-awareness guidance, EDAMAME integration patterns |
| Skills | Security posture assessment, divergence monitoring and diagnosis |
| Agents | Security-monitor agent for safety-aware coding |
| Commands | Health check, behavioral model export |
| Directory | Purpose |
|---|---|
.cursor-plugin/ |
Cursor plugin manifest |
.mcp.json |
Plugin MCP server definition |
rules/ |
Cursor rules (.mdc) for security-aware AI guidance |
skills/ |
Agent skills (security-posture, divergence-monitor) |
agents/ |
Custom agent definitions (security-monitor) |
commands/ |
Agent-executable commands (healthcheck, export-intent) |
assets/ |
Plugin logo and static assets |
bridge/ |
Local stdio MCP bridge, control center MCP App, forwarding surface |
adapters/ |
Cursor transcript parsing and RawReasoningSessionPayload assembly |
service/ |
Control center, extrapolator, posture facade, verdict reader, health checks |
setup/ |
Install, bundle, and health-check scripts plus config templates |
prompts/ |
Prompt contract used by EDAMAME-side raw-session ingest |
docs/ |
Architecture, setup, operator guidance, validation |
tests/ |
Unit tests and E2E intent injection |
- Setup Guide -- install, config paths, pairing, health checks
- Architecture -- component mapping and runtime flow
- Operator Guide -- day-to-day operations
- Worker-Monitor Pattern -- behavioral model lifecycle
- Validation -- test coverage and validation matrix
service/cursor_extrapolator.mjsforwards raw reasoning sessions to EDAMAME viaupsert_behavioral_model_from_raw_sessions.agent_typedefaults tocursor.agent_instance_idis stable per workstation/workspace unless overridden.- EDAMAME uses its configured LLM provider to convert raw transcripts into a contributor slice, then evaluates the merged model.
- Refresh is driven by the Cursor MCP lifecycle; no OS scheduler required.
node --test tests/*.test.mjsIntent injection E2E test: see E2E_TESTS.md for details.
bash tests/e2e_inject_intent.shThe full cross-agent E2E harness (intent + CVE/divergence) lives in agent_security/tests/e2e/.
| Repository | Purpose |
|---|---|
| edamame_openclaw | EDAMAME OpenClaw integration |
| edamame_claude_code | EDAMAME integration for Claude Code |
| edamame_claude_desktop | EDAMAME integration for Claude Desktop |
| edamame_codex | EDAMAME integration for Codex CLI |
| agent_security | Research paper: two-plane runtime security (arXiv preprint) |
| edamame_security | EDAMAME Security desktop/mobile app |
| edamame_posture | EDAMAME Posture CLI for CI/CD and servers |
| edamame_core_api | EDAMAME Core public API documentation |
| threatmodels | Public security benchmarks, policies, and threat models |
- edamame_claude_code (Claude Code): Easy install via Claude Code marketplace:
/plugin marketplace add edamametechnologies/edamame_claude_code /plugin install edamame@edamame-security
- edamame_openclaw (OpenClaw): See edamame_openclaw README for plugin bundle and Lima VM provisioning.
Apache License 2.0 -- see LICENSE.