Secure Your Data With Cursor
Cursor's Agent can call MCP tools, so it reaches well beyond your repo into email, Drive, calendars, and tickets. Add PortEden as a remote MCP server and Cursor reads those sources with PII redaction, least-privilege scope, and a full audit log, with no raw tokens in your editor.
Add to ~/.cursor/mcp.json · 5-minute setup · Free to start
What Cursor's Agent Reaches by Default
- Cursor's Agent calls MCP tools on your behalf. Cursor's own docs warn that MCP servers can access external services and execute code on your behalf, and a typical email or drive server hands the Agent broad, un-redacted access.
- Wiring a raw Gmail or Microsoft OAuth token (or a provider API key) into a local mcp.json or env var puts a long-lived credential on your machine, and for project configs, potentially in your repo.
- Cursor's Privacy Mode and zero-retention agreements cover the code and prompts sent to the model provider. They do not govern what a third-party tool does with the data it returns. That layer is on you.
- There is no built-in, exportable record of which message, file, or ticket the Agent opened through a tool, or what it received back.
Cursor With PortEden: What You Get
A Remote MCP Server, Same Firewall as Claude and ChatGPT
Connection: Remote MCP server in ~/.cursor/mcp.json (or project .cursor/mcp.json)
Email (Gmail + Outlook)
The Agent searches and reads mail through PortEden, redacted and audited. Send and reply stay scoped to what the token allows.
Google Drive + Docs
File search and read with file-level rules. Downloads return links, never raw bytes.
Google Calendar
Events and free/busy with attendee redaction, so scheduling context never leaks full attendee data.
Slack, Notion, tickets
Pull a thread, a doc, or an issue into the Agent's context through PortEden's MCP servers, with the same controls.
- Cursor supports remote MCP servers via a url plus headers in ~/.cursor/mcp.json (global) or .cursor/mcp.json (project), and supports OAuth for remote servers.
- Add PortEden's remote endpoints (mcp.porteden.com/email, /calendar, /drive). The Agent discovers the tools and, by Cursor's default, asks for approval before using them.
- Cursor caps how many tools the Agent sees at once, so a focused, token-scoped tool set matters. PortEden exposes a small set per token rather than dozens.
- Cursor's Privacy Mode governs model-provider traffic, not tool data. PortEden is the control layer for what flows through the tools.
- The provider OAuth token never enters your editor. Cursor holds only a PortEden key or OAuth session.
Add PortEden to Cursor in Three Steps
Connect a source in PortEden
Sign in to PortEden and connect Gmail, Outlook, Drive, or Calendar. PortEden holds the OAuth token and gives you a scoped MCP endpoint.
Add it to mcp.json
Add a remote server entry to ~/.cursor/mcp.json (global) or .cursor/mcp.json (project) with PortEden's url and an auth header or OAuth. Enable it in Settings, Features, Model Context Protocol.
Scope it and use it
Set the token's scope and redaction in PortEden, then ask the Agent to work across your data. Approve the tool calls; every call is redacted and logged.
Five-Minute Setup. Free While You Test.
Connect a data source, plug Cursor into PortEden, and put Cursor to work on the data your team actually needs to handle.
Frequently Asked Questions
Does Cursor support MCP servers?
Does Cursor or its model see my raw OAuth token?
Cursor already has Privacy Mode, so why add PortEden?
Can the Agent send email or delete files?
What does PortEden see of my Cursor session?
Should I use the global or the project config?
How do I revoke access?
What does it cost?
Keep Exploring
Get More From Cursor With PortEden
Five-minute setup. Free tier for solo licensed practitioners. Same AI you already use — now ready for the work your team actually needs to do.
Rolling out to a whole team? Talk to sales →