What the installer writes
| File | What |
|---|---|
~/.cursor/mcp.json → mcpServers.zeropath | ZeroPath MCP server (all projects) |
~/.cursor/hooks.json → hooks.stop | Observational stop hook: scans the uncommitted diff when the agent finishes, logs findings to ~/.zeropath/logs/ |
~/.zeropath/bin/zeropath-cursor-rules | Helper to install the project rule (below) |
The project rule (run once per project)
Cursor loads agent rules from<project>/.cursor/rules/, and global “User
Rules” are only editable through the GUI — so the rule must be installed per
project:
.cursor/rules/zeropath.mdc (alwaysApply: true), which tells
Cursor’s agent to submit its diff to asyncCodeScans.submit with task context
in additionalContext, and to fix critical/high findings before declaring a
task done. Commit the file if you want the whole team to get the behavior.
Manual MCP setup
In~/.cursor/mcp.json (or per-project .cursor/mcp.json):
Hook caveats
Cursor’s hooks (~/.cursor/hooks.json) are a beta feature and their stop
event cannot block the agent — so on Cursor the stop hook is monitoring-only:
it scans the uncommitted diff and writes the report to ~/.zeropath/logs/.
Deterministic enforcement on Cursor therefore comes from the project rule +
MCP path, and from ZeroPath PR scanning downstream. If your Cursor version
predates hooks support, the entry in hooks.json is simply ignored.
Verify
- Settings → MCP:
zeropathlisted with its tools after a restart. - Ask the agent to “scan my uncommitted changes with ZeroPath” and confirm it
calls the
asyncCodeScans.*tools. - After an agent session that changed code, check
~/.zeropath/logs/for ascan-cursor-stop-*.jsonreport.