Metadata-Version: 2.4
Name: cursor-secret-scan
Version: 0.1.12
Summary: Secret scanning CLI for Cursor (depends on claude-secret-scan core)
Author-email: MintMCP <support@mintmcp.com>
License: Apache-2.0
Project-URL: Homepage, https://github.com/mintmcp/agent-security
Project-URL: Issues, https://github.com/mintmcp/agent-security/issues
Project-URL: Source, https://github.com/mintmcp/agent-security
Keywords: secrets,security,cursor,hooks,agent-security
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.7
Description-Content-Type: text/markdown
Requires-Dist: claude-secret-scan==0.1.12

Cursor Secret Scan
==================

Secret scanning CLI for Cursor. Blocks or warns on common credentials (cloud, source control, payment, collaboration) using zero dependencies and local regex matching. Thin wrapper that depends on `claude-secret-scan`.

![Cursor Secret Scan demo](https://github.com/mintmcp/agent-security/raw/main/assets/Cursor-Secret-Scan.gif)

Install
- pipx (recommended):
  - `pipx install cursor-secret-scan`
- pip (user):
  - `python3 -m pip install --user cursor-secret-scan`

Hook Setup (Cursor)
Add to `~/.cursor/hooks.json`:

```
{
  "version": 1,
  "hooks": {
    "beforeReadFile": [{"command": "cursor-secret-scan --mode=pre"}],
    "beforeSubmitPrompt": [{"command": "cursor-secret-scan --mode=pre"}]
  }
}
```

CLI Usage
- Pre mode (blocks on detection):
  - `echo '{"hook_event_name":"beforeSubmitPrompt","prompt":"hello"}' | cursor-secret-scan --mode=pre`
- Post mode (warns on detection):
  - `echo '{"hook_event_name":"afterShellExecution","stdout":"OPENAI_API_KEY=...T3BlbkFJ..."}' | cursor-secret-scan --mode=post`

How It Works
- Uses the same core regex-based scanner as `claude-secret-scan`.
- Reads only from hook JSON input or file paths provided by the hook.
- Binary-aware scanning with size limits; local-only execution.

Notes
- Pre hooks block; post hooks print warnings.
- Regex detection is best-effort. Rotate any real secrets immediately.

Links
- Source, docs, and examples: https://github.com/mintmcp/agent-security
