Skip to content
Cavaridge Docs

Connect Cavaridge to Cursor

Cursor’s MCP support lives in ~/.cursor/mcp.json. Cavaridge’s per-product servers register the same way as any other MCP server.

Prerequisites

Section titled “Prerequisites”
  • Cursor with MCP enabled (Settings → Features → Model Context Protocol)
  • Cavaridge tenant + account

Configure

Section titled “Configure”

Open ~/.cursor/mcp.json (create it if missing). Add an entry per Cavaridge product surface you want:

{
  "mcpServers": {
    "cavaridge-aegis": {
      "url": "https://mcp.cavaridge.app/aegis",
      "auth": {
        "type": "oauth2_pkce",
        "authorize_url": "https://auth.cavaridge.app/oauth/authorize",
        "token_url": "https://auth.cavaridge.app/oauth/token",
        "scopes": ["aegis.scans.read"]
      }
    },
    "cavaridge-forge": {
      "url": "https://mcp.cavaridge.app/forge",
      "auth": {
        "type": "oauth2_pkce",
        "authorize_url": "https://auth.cavaridge.app/oauth/authorize",
        "token_url": "https://auth.cavaridge.app/oauth/token",
        "scopes": ["forge.chat.read", "forge.chat.write"]
      }
    }
  }
}

Restart Cursor. Open the MCP panel; you’ll see the Cavaridge servers listed with their tool catalogs. Cursor walks you through OAuth on first use.

Verify

Section titled “Verify”

Open Cursor’s chat. Ask:

Search my AEGIS findings for high-severity issues

Cursor calls aegis.list_findings({ severity: "high" }) and returns the results inline. The full tool catalog is visible in the MCP panel — you can drag tools into your prompt context to scope a specific session.

Tips

Section titled “Tips”
  • Pin the scope set per server tightly. Cursor invokes tools more freely than Claude/ChatGPT; tighter scopes mean less surface for unintended side-effects.
  • Use the forge.chat.read-only set for code-review sessions; you rarely need write scopes from inside an editor.

Where to manage connections

Section titled “Where to manage connections”
  • api.cavaridge.app/mcp — audit + revoke
  • Tool catalogs: GET https://mcp.cavaridge.app/{product}/list_tools

Trust contract

Section titled “Trust contract”

Same as the other clients. Every call audit-logged. Destructive tools require confirmation. Cursor surfaces the confirmation prompt inside the chat — you click through to proceed.