# Endor Labs Agent Kit Cursor SDK Version: `2.1.0` This package runs Endor Labs Agent Kit workflows through Cursor's Python SDK. Use it for automation, CI, backend services, orchestration, and scripted local or cloud runs. Use the root Cursor plugin package when the customer wants interactive Cursor IDE agents. ## Quick Start ```bash cd cursor-sdk uv pip install -r requirements.txt export CURSOR_API_KEY="crsr_..." python run_cursor_agent.py endor-agent-kit-setup-agent --workspace /path/to/repo \ "Check Endor Agent Kit readiness. Do not run scans." ``` If `uv` is unavailable, use: ```bash python3 -m pip install -r requirements.txt ``` ## Run A Local Agent ```bash python run_cursor_agent.py endor-probe-droid-agent \ --workspace /path/to/repo \ "Explain what evidence you need to assess GitHub onboarding gaps. Keep it read-only." ``` ## Run A Cloud Agent ```bash python run_cursor_agent.py endor-sca-remediation-agent \ --mode cloud \ --repo-url https://github.com/your-org/your-repo \ --ref main \ "Prepare a remediation plan only. Do not edit files or open a PR." ``` Cloud SDK agents appear in Cursor Web or the Cursor agents window under `Filter > Source > SDK`. ## Included Agents | Agent | Safety | Recipe | Use it when... | | --- | --- | --- | --- | | `endor-agent-kit-setup-agent` | read-only | `endor-agent-kit-setup` | Check Cursor SDK, Endor Agent Kit, endorctl, gh, auth, namespace, and workflow readiness before live Endor work. | | `endor-ai-sast-triage-agent` | mutating | `ai-sast-triage` | Parse Endor AI SAST findings, use exploit reproduction and remediation guidance as patch context, fetch source at the pinned commit, and open change requests when requested. | | `endor-cicd-posture-agent` | read-only | `cicd-posture` | Use this agent when the user wants a read-only CI/CD and supply chain posture assessment for an Endor namespace, GitHub organization, repository set, or current repository. The agent combines existing Endor SCPM, CI/CD, GitHub Actions, and supply-chain findings with read-only GitHub configuration evidence and optional local CI file inspection, then returns deterministic scores, critical overrides, evidence queries, and data gaps without mutating Endor, GitHub, or repository state. | | `endor-dependency-decision-helper-agent` | read-only | `dependency-decision-helper` | Use this agent when the user asks whether to add, upgrade, or use a specific package version. Examples: "Is lodash 4.17.20 safe?", "Should I use requests 2.28.0?", "Check log4j-core 2.14.1 before I add it." Returns a dependency verdict with evidence, conditions, alternatives, and any data gaps. | | `endor-troubleshooter-agent` | read-only | `endor-troubleshooter` | Use this agent when the user needs help diagnosing and fixing Endor Labs errors, warnings, missing integrations, scan failures, slow scans, or unhealthy configuration. Endor Troubleshooter gathers the smallest useful read-only Endor evidence, classifies the issue across scan, integration, authentication, dependency resolution, container, reachability, policy, and workflow lanes, then returns low-friction repair guidance without mutating Endor, source-provider, or repository state. | | `endor-findings-browser-agent` | read-only | `findings-browser` | Use this agent when the user wants to browse, filter, summarize, or inspect existing Endor Labs findings. Findings Browser uses read-only Endor evidence to list matching findings, explain applied filters, surface pagination and truncation limits, and identify data gaps without starting new scans or performing remediation actions. | | `endor-malware-response-agent` | read-only | `malware-response` | Use this agent when a customer needs rapid read-only response to a software supply-chain malware incident. It gathers or ingests current malware intelligence, normalizes affected package and version evidence, and correlates that evidence against Endor Labs tenant package inventory across a namespace and child namespaces. It reports confirmed exposure, possible exposure, unaffected scope, indicators of compromise, remediation guidance, and future action contracts without mutating Endor Labs or source systems. | | `endor-package-risk-summary-agent` | read-only | `package-risk-summary` | Use this agent when the user wants a concise risk profile for a specific package version without asking for a yes/no dependency decision. Examples: "Summarize npm lodash 4.17.20 risk", "Give me the risk picture for log4j-core 2.14.1", "What should I know about this package version before I review it?" Returns an evidence-backed package risk summary with vulnerabilities, malware or typosquat signals, package scores, license notes, recommended next checks, and any data gaps. | | `endor-probe-droid-agent` | read-only | `probe-droid` | Use this agent when the user wants to assess GitHub repository onboarding gaps for Endor Labs monitored-branch coverage. Probe Droid compares github.com organization or repository inventory with Endor project, GitHub App, package, scan, scan profile, package manager integration, dependency resolution, and reachability evidence, then returns human-readable setup actions without mutating source, GitHub, or Endor state. | | `endor-remediation-planner-agent` | read-only | `remediation-planner` | Preview safe remediation options without opening PRs. | | `endor-repository-dependency-reviewer-agent` | read-only | `repository-dependency-reviewer` | Use this agent inside a source repository when the user wants a read-only dependency risk review based on local manifests. It inspects dependency files, resolves exact package coordinates when possible, checks those coordinates with Endor MCP tools, and reports risky dependencies, unresolved versions, recommended next checks, and data gaps. | | `endor-sca-remediation-agent` | mutating | `sca-remediation` | Plan and remediate dependency vulnerabilities with Endor SCA findings, VersionUpgrade/UIA evidence, separate low-risk PR lanes, deterministic risk decisions, local validation, and approved PR/MR creation. | | `endor-upgrade-impact-analysis-agent` | read-only | `upgrade-impact-analysis` | Use this agent when the user asks for Endor Labs Upgrade Impact Analysis: safe upgrade paths, upgrade risk, findings fixed or introduced, Code Impact Analysis, breaking changes, manifest targeting, or whether a dependency upgrade should happen now. The artifact queries Endor's read-only VersionUpgrade workflow through documented Endor API or endorctl paths. | | `endor-vulnerability-explainer-agent` | read-only | `vulnerability-explainer` | Use this agent when the user asks what a specific vulnerability means and how to reason about it. Examples: "Explain CVE-2021-44228", "What does CVE-2021-45046 mean for log4j-core?", "Summarize this Endor vulnerability and tell me what to do next." Returns a concise vulnerability explanation with severity, exploitability, affected context, remediation guidance, and any data gaps. | ## Files - `run_cursor_agent.py`: Python launcher for local or cloud Cursor SDK runs. - `agent_definitions.json`: machine-readable agent map consumed by the launcher. - `agents/*.md`: generated prompt files sourced from Agent Kit recipes. - `requirements.txt`: Cursor Python SDK dependency. ## Safety - Setup is readiness guidance only; it must not run `endorctl scan` or `endorctl host-check`. - Mutating agents still require separate approval for file edits, branch pushes, PR/MR creation, comments, tickets, and Endor policy writes. - Do not paste Cursor, Endor, source-provider, or package-registry secrets into prompts. - Generated prompt files are source-owned by `endor-labs-agent-kit`; edit recipes and regenerate instead of hand-editing SDK outputs. ## References - Cursor Python SDK docs: https://cursor.com/docs/sdk/python.md - Cursor Cookbook: https://github.com/cursor/cookbook - Public distribution mirror: https://github.com/endorlabs/ai-plugins