Cursor · 2026-05-13 · major
Cursor Cloud Agents Get Real Dev Environments — Multi-Repo Workspaces, Auto-Generated Dockerfiles, Build Secrets, and 70% Faster Cached Builds With Audit-Logged Rollbacks
Cursor turned Cloud Agents into governed dev environments: multi-repo workspaces, Dockerfile-as-code with build secrets, agent-led credential setup, 70% faster cached rebuilds, version history with admin-restricted rollback, and per-environment audit logs.
Cloud Agents now ship with the same kind of provisioning, secrets, and audit controls platform teams expect from CI — and they can span multiple repos at once.
Key specs
| Cached build speedup | 70% |
|---|---|
| Repos per env | multi |
What is it?
A platform-team-flavored upgrade to Cursor's Cloud Agents (the cloud sibling of the local Cursor IDE agent). One environment can now bundle several repositories, a Dockerfile, build secrets, and the credentials an agent needs to actually run, then be reused across sessions. The blog post is co-authored by Samantha Whitmore, David Wetterau, and Nick Bradford from the Cloud Agents team.
How does it work?
Environments are configured as code through Dockerfiles, with build secrets scoped to the build step only so they never leak into the running agent process. For teams that don't want to hand-write Dockerfiles, Cursor's new auto-config inspects repos and produces an editable Dockerfile (private beta for Enterprise). Layer caching was rebuilt so cached layers rebuild 70% faster after Dockerfile edits. During setup the agent itself walks the user through prompts, flags missing credentials, validates the environment, and falls back to a base image with a warning if something is mis-configured. On the governance side, every environment carries its own version history, admins can restrict rollback to themselves, every member action is captured in an audit log, and secrets are scoped per environment with no cross-environment access. Egress restrictions and allowlists are exposed at the environment level.
Why does it matter?
Before this drop, Cursor's Cloud Agents were powerful but opaque to security and platform teams — credentials lived in ad-hoc places, builds were slow on cache misses, and there was no per-environment audit trail. By matching the Dockerfile + secrets + audit-log model that Buildkite-class CI tools already provide, Cursor removes the main blockers enterprise security teams were raising for production rollout. Amplitude's Steven Cheng called out multi-repo support specifically: 'an agent can investigate a reported issue, figure out which repos it touches, and open a PR.'
Who is it for?
Platform engineers, security reviewers, and large eng teams deploying Cursor Cloud Agents at scale
Try it
https://cursor.com/docs/cloud-agent/setup