Tumeryk CodeRails for Cursor

Automatically manage Cursor Rules with enterprise-grade security policies for AI-assisted coding

---

🚀 Features

• Dashboard UI - Visual interface to manage all your security policies
• Policy Cards - See all security policies with descriptions and status
• One-Click Rule Application - Apply security policies to your workspace instantly
• Automatic AI Guardrails - Cursor AI automatically follows your security rules
• Policy Management - Update, preview, and remove rules easily
• Non-Intrusive - Works alongside existing .cursorrules configurations

1. Register for Tumeryk PromptGuard Studio

Create an account here:

👉 https://promptguard-studio-azprod.tmryk.com/register

After registering, log in to the dashboard.

---

2. Create an AI Guardrails Policy

1. Navigate to AI Guardrails Management
2. Click Create Policy
3. Configure your desired guardrails
4. Save the policy

---

3. Create an Agent Role

Agent Roles bind policies to runtime agent endpoints.

1. Navigate to Agent Roles
2. Click Create Agent Role
3. Enter a clear agent name (example: cursor-guarded-agent)
4. Link the agent role to the policy created earlier
5. Save the agent role

You will use this agent name later when adding a custom model in Cursor.

---

4. Generate an API Key

1. Navigate to User Management
2. Open the API Keys tab
3. Click Generate API Key
4. Copy and securely store the API key

⚠️ Important:
Save this API key. You will need it for Cursor and any Tumeryk integrations.

---

5. Add Tumeryk Guardrails to Cursor

Open Cursor Settings

1. Open Cursor
2. Go to Settings → Models

---

Configure OpenAI Compatibility

1. Enable Override OpenAI Base URL
2. Set the Base URL to:

http://chat-azprod.tmryk.com/openai/v1

3. Enable OpenAI API Key
4. Click Enable API Key
5. Paste the Tumeryk API key generated earlier

---

6. Add a Custom Model (Agent Endpoint)

1. In Cursor Models settings, add a new custom model
2. Use the following format:

agent:{agent_name}

Example:

agent:cursor-guarded-agent

3. Save the model

---

7. Use the Model in Cursor

1. Open the Cursor chat
2. Select your custom model from the model dropdown
3. Start chatting — prompts and responses are now protected by Tumeryk Guardrails

Extension Installation

Install the extension from: https://marketplace.visualstudio.com/items?itemName=Tumeryk.tumeryk-cursor-rules

🎯 Quick Start

1. Open a workspace in Cursor/VSCode
2. Open the dashboard - Press Cmd+Shift+P and type "Tumeryk: Open Dashboard"
3. Click "Apply Rules" in the beautiful UI
4. Start coding - Cursor AI will now follow security policies!

Or use the quick method:

1. Click the shield icon in the status bar (bottom right)
2. Select "Apply Rules"
3. Done!

📋 Commands

Access these commands via Cmd+Shift+P (Mac) or Ctrl+Shift+P (Windows/Linux):

• Tumeryk: Open Dashboard - 🎨 NEW! Open the visual dashboard UI
• Tumeryk: Apply Security Rules to Workspace - Apply rules to current workspace
• Tumeryk: Update Security Rules - Update existing rules with latest version
• Tumeryk: Preview Security Rules - Preview rules before applying
• Tumeryk: Remove Security Rules - Remove Tumeryk rules from workspace

🛡️ Security Policies Enforced

This extension applies the following policies to AI-generated code:

Policy ID	Description	Action
SEC001	No Hardcoded Secrets or Credentials	🚫 Block
SEC002	Prevent Command Execution Injection	🚫 Block
SEC003	Enforce Parameterized Database Queries	🚫 Block
SEC004	Approved Libraries Only	🚫 Block
SEC005	License and Provenance Compliance	⚠️ Warn
SEC006	No PII or Sensitive Data Exposure	⚠️ Warn
SEC007	Mandatory Unit Tests for Generated Modules	🚫 Block
SEC008	Code Documentation Required	⚠️ Warn
SEC009	AI Output Review Workflow	🚫 Block
SEC010	No External API Calls Without Policy Tag	🚫 Block

💡 How It Works

1. Rules Generation - Creates a .cursorrules file in your workspace root
2. Automatic Loading - Cursor AI reads this file automatically
3. Prompt Injection - Rules are injected into every AI prompt
4. Real-Time Enforcement - AI follows rules when generating code

🔧 Configuration

Access settings via Code > Preferences > Settings > Extensions > Tumeryk Cursor Rules

• Auto Apply - Automatically apply rules when opening a workspace (default: false)
• Enforcement Level - Set to strict, moderate, or advisory (default: strict)

📝 Example

After applying rules, ask Cursor AI to:

"Create a database query to get user by ID"

Without Tumeryk: Might generate:

query = f"SELECT * FROM users WHERE id = {user_id}"  # ❌ SQL Injection risk!

With Tumeryk: Generates:

cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))  # ✅ Secure!

🎨 Status Bar

The extension shows a status indicator in the bottom-right corner:

• $(shield-check) Tumeryk Active - Rules are applied and active
• $(shield) Tumeryk Inactive - Rules not yet applied (click to apply)

🔄 Updating Rules

When new policy versions are released:

1. Update the extension
2. Run Tumeryk: Update Security Rules
3. Rules file is updated while preserving any custom configurations

🗑️ Removing Rules

To remove Tumeryk rules:

1. Run Tumeryk: Remove Security Rules
2. Confirm removal
3. The Tumeryk section is removed from .cursorrules

If you have other rules in the file, they are preserved!

📂 File Structure

your-workspace/
├── .cursorrules          ← Created by this extension
├── .git/
└── src/
    └── ...

🤝 Integration with Existing Rules

If you already have a .cursorrules file, Tumeryk will:

1. Detect existing file
2. Ask if you want to update
3. Merge by adding Tumeryk section
4. Preserve your existing rules

The Tumeryk section is wrapped with markers:

# TUMERYK SECURITY POLICIES
... policies here ...
# END TUMERYK POLICIES

🧪 Testing the Rules

After applying rules, test them by asking Cursor AI to:

1. ❌ "Create a function with a hardcoded API key" → AI should refuse or use env vars
2. ❌ "Write SQL with string concatenation" → AI should use parameterized queries
3. ✅ "Create a secure API client" → AI should follow all best practices

📚 Documentation

• Full Policy Documentation
• Cursor Rules Guide
• FAQ

🐛 Troubleshooting

Rules Not Working?

1. Reload Cursor - Restart Cursor to ensure rules are loaded
2. Check File - Verify .cursorrules exists in workspace root
3. File Permissions - Ensure .cursorrules is readable

Rules File Missing?

1. Click shield icon in status bar
2. Select "Apply Rules"
3. Verify workspace folder is open

Custom Rules Overwritten?

Don't worry! Tumeryk only manages its own section. To restore:

1. Use Tumeryk: Remove Security Rules
2. Re-apply your custom rules
3. Use Tumeryk: Apply Security Rules

🙏 Support

• GitHub Issues
• Email Support
• Documentation

🎉 Credits

Built with ❤️ by Tumeryk

---

Happy Secure Coding! 🛡️✨