Home / Integrations / Cursor

Cursor MCP setup: the complete config reference

Where Cursor’s MCP config lives, what goes in it, which transports it supports, and how to fix the common failures — plus how to put a policy gate in front of every tool call.

QUICK ANSWERQuick answer: project-level config in .cursor/mcp.json, global config in ~/.cursor/mcp.json. Top-level key is mcpServers.

Where Cursor keeps its MCP config.

ScopePathNotes
Project .cursor/mcp.json In the project root. Servers defined here load only in that project.
Global ~/.cursor/mcp.json In your home directory. Servers available in every project.

The Cursor CLI shares the same mcp.json files as the editor — one config covers both.

The config format, key by key.

Both files use the same shape: a top-level mcpServers object, one entry per server. Local servers declare a command; remote servers declare a url.

KeyWhat it does
command Executable to launch a local (stdio) server. Must be on PATH or a full path.
args Array of arguments passed to the command.
env Environment variables for the server process.
envFile Path to an env file — stdio servers only.
url Endpoint for a remote server. Cursor auto-detects streamable HTTP vs SSE from the endpoint.
headers HTTP headers sent with every request to a remote server — where auth tokens go.
auth Static OAuth client credentials (CLIENT_ID, optional CLIENT_SECRET and scopes) for providers without dynamic client registration.
.cursor/mcp.json
{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_..."
      }
    }
  }
}

REMOTE SERVER (HTTP):

.cursor/mcp.json
{
  "mcpServers": {
    "my-remote": {
      "url": "https://example.com/mcp",
      "headers": {
        "Authorization": "Bearer <token>"
      }
    }
  }
}

Cursor interpolates ${env:NAME}, ${userHome}, ${workspaceFolder} and ${pathSeparator} inside command, args, env, url and headers — useful for keeping tokens out of committed config.

What Cursor speaks.

TransportStatusHow to declare it
stdio Supported Declare command + args. Runs as a local child process.
Streamable HTTP Supported Declare url. Auto-detected. Supports OAuth.
SSE Supported Declare url pointing at an SSE endpoint. Auto-detected. Supports OAuth.

Adding a server, three ways.

01 Edit the config file

Create .cursor/mcp.json (project) or ~/.cursor/mcp.json (global) and add an entry under mcpServers. Cursor picks it up without a restart in most cases; toggle the server in settings if it doesn’t appear.

02 Settings UI

Open Cursor Settings (Cmd/Ctrl+Shift+J) → Tools & MCP. Add, enable, disable or toggle servers, and see each server’s tool count.

03 One-click install

The Cursor marketplace and “Add to Cursor” deeplink buttons install a server and run its OAuth flow in one step. Server authors generate the buttons from Cursor’s deeplink docs.

Check it's actually connected.

  1. Open Settings → Tools & MCP: a working server shows a toggle and a tool count.
  2. In chat, the server’s tools appear under Available Tools; the Agent picks them up automatically.
  3. For details on failures, open the Output panel (Cmd+Shift+U) and select MCP Logs — it shows initialisation, tool calls and errors.

When it doesn't work.

Server never starts — command not found

The command must be on PATH or given as a full path. GUI-launched apps don’t always inherit your shell PATH; which npx in a terminal gives you the absolute path to use.

Config edits not taking effect

Toggle the server off and on in Settings → Tools & MCP to reload it. For changes to a custom local server’s code, restart Cursor.

npm-based server stuck on an old version

Remove the server from settings, run npm cache clean --force, then re-add it — npx caches aggressively.

Server crashes or times out mid-session

The error surfaces in chat and the tool is marked failed; other servers are isolated and keep working. Retry the call, then check MCP Logs for the underlying error.

OAuth provider rejects the login

For providers without dynamic client registration, set static credentials in the auth block and whitelist Cursor’s fixed redirect URI: cursor://anysphere.cursor-mcp/oauth/callback.

Put a policy gate in front of it.

A standard MCP server in your Cursor config. Tool calls hit GitHub directly with no policy gate.

.cursor/mcp.json
{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_..."
      }
    }
  }
}

Register the GitHub MCP in PolicyLayer, mint a grant, point Cursor at the proxy URL. PolicyLayer evaluates every call against the grant’s policy before it reaches GitHub — and the token leaves your config.

.cursor/mcp.json
{
  "mcpServers": {
    "github": {
      "url": "https://proxy.policylayer.com/mcp/<server-uuid>/",
      "headers": {
        "Authorization": "Bearer <grant-token>"
      }
    }
  }
}

The <server-uuid> appears on each server's detail page. The <grant-token> shows once at mint time. See the Quick start for the full setup walk-through — and if you operate under SOC 2, HIPAA, GDPR or similar, the compliance hub maps how gateway-mediated MCP traffic evidences each framework.

What the gateway adds.

Rate limits
Cap tool calls per minute, hour, or day, per grant or shared across the team.
Access controls
Allow, deny, or conditionally gate any tool against the call's arguments.
Spend caps
Increment a counter by the call's amount; deny when the daily total exceeds your budget.
Audit logs
Every call records the grant, tool, argument keys, and the rule that decided.

A policy in practice.

Allow listing and issue creation. Deny merges into main. Deny everything else by default.

policy.json
{
  "version": "1",
  "default": "deny",
  "tools": {
    "list_repositories": {},
    "create_issue": {},
    "merge_pull_request": {
      "deny_if": [
        {
          "conditions": [
            { "path": "args.base", "op": "eq", "value": "main" }
          ]
        }
      ]
    }
  }
}

See Writing policies for the policy format, operators, and quota shapes.

Cursor MCP questions.

Where is the Cursor MCP config file?+

Project-level servers go in .cursor/mcp.json at the project root. Global servers go in ~/.cursor/mcp.json in your home directory. Both use the same mcpServers format, and the Cursor CLI reads the same files.

Does Cursor support remote MCP servers?+

Yes. Declare a url instead of a command and Cursor auto-detects streamable HTTP or SSE. Auth goes in the headers block, or in the auth block for OAuth providers with static client credentials.

Do I need to restart Cursor after editing mcp.json?+

Usually not — Cursor picks up config changes, and toggling the server off and on in Settings → Tools & MCP forces a reload. A full restart is only needed when the code of a custom local server changes.

How do I see why an MCP server is failing in Cursor?+

Open the Output panel (Cmd+Shift+U) and select MCP Logs. It shows server initialisation, every tool call, and errors. The settings page also shows whether the server loaded and how many tools it exposes.

Can I control which MCP tools Cursor is allowed to call?+

Cursor prompts for approval per tool by default, and Run Mode allowlists can auto-approve specific tools. For deterministic enforcement with audit logs — rules on tool arguments, rate limits, spend caps — route the server through a policy gateway like PolicyLayer.

Take your agents live. Without losing control.

Route your MCP traffic through PolicyLayer. Every tool call is checked against your policy before it runs: allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

Instant setup, no code required.

46,500+ MCP servers and 515,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.