Integration Guide
clavitor + Cursor
Cursor's Agent mode runs shell commands and HTTP calls from inside the editor. Point it at the Clavitor CLI for named credentials and the Clavitor proxy for transparent API auth — keys never enter the editor's memory or your conversation history.
What Cursor's agent sees
Shared fields
The agent reads these via the integrated terminal to deploy, authenticate, and call APIs.
- API keys (Anthropic, OpenAI, GitHub, AWS, Stripe...)
- SSH host credentials
- Database connection strings
- TOTP seeds — live 2FA codes on demand
- Service account passwords
What the agent never sees
Personal fields
Encrypted client-side with your fingerprint, face, or security key. The server stores ciphertext. No key, no access.
- Credit card numbers & CVV
- Passport & government IDs
- Recovery codes & seed phrases
- Social security numbers
- Bank account details
No MCP. The proxy and CLI do the work instead.
Cursor supports MCP for tool calls — but Clavitor deliberately doesn't ship an MCP server. MCP exposes enumeration (list, search, browse) to the agent; the agent surface is capability only, never enumeration. The CLI fetches what the agent has been named to and nothing else. The proxy injects credentials into outbound requests without the agent seeing them at all.
This is an architectural choice, not a missing integration. The next two patterns cover everything Cursor needs.
Setup
Launch Cursor from a terminal so it inherits your HTTPS_PROXY and PATH. On macOS, GUI launches from Finder skip your shell rc files — use cursor . from a terminal, or set the proxy via a LaunchAgent for persistence.
1. Create an agent
Open your vault → Agents → Create. Name it "Cursor" and choose which entries it can access. Copy the setup token.
2. Initialize the CLI
$ echo "$CLAVITOR_TOKEN" | clavitor-cli init
3. Launch Cursor with the proxy active
$ export HTTPS_PROXY=http://localhost:1983 $ cursor .
Pattern 1 — Named lookups via the integrated terminal
Cursor's agent can call any shell command. When it needs one specific value, it shells out:
# In a script Cursor's agent generated:
key=$(clavitor-cli get "Anthropic API" --field key)
curl -H "x-api-key: $key" https://api.anthropic.com/v1/messages -d '{...}'The variable lives for one statement. The agent doesn't see key between assignment and use — and the credential never appears in chat history because Cursor doesn't echo expanded values back into the conversation.
For multi-credential config files, use render:
$ clavitor-cli render app.config.json | myapp --config -
Pattern 2 — Transparent injection via the proxy
With HTTPS_PROXY set, the agent writes a reference, the proxy resolves it on the wire. The secret never enters the agent's memory or the conversation:
# Cursor's agent runs this verbatim curl -H "Authorization: Bearer clavitor://OpenAI/key" \ https://api.openai.com/v1/models
The agent sees clavitor://OpenAI/key in its own command history. The wire request leaves with the real sk-... value in the Authorization header. Log scrapers, crash dumps, and cursor history are clean.
This is the right pattern when:
- The agent is generating ad-hoc curl/HTTP calls during a session
- A tool the agent invokes makes HTTPS calls of its own
- You want secrets out of the conversation context window entirely
Cursor CLI (agent mode from a script)
Cursor 1.x ships a separate CLI for headless agent runs. Same HTTPS_PROXY rule applies — set it in the shell before invocation:
$ export HTTPS_PROXY=http://localhost:1983 $ cursor-agent "deploy the latest tag to staging" --workspace ~/dev/myapp
For long-running jobs, the agent token's IP whitelist locks credential reads to the host where the agent runs. Run elsewhere, the vault refuses.
Every access is logged
The audit log records which agent accessed which credential, when, and from where. Cursor agent activity is tagged distinctly from human activity.
# TIME ACTION ENTRY ACTOR 2026-03-08 10:23:14 read anthropic cli:cursor 2026-03-08 10:23:15 read openai proxy:cursor 2026-03-08 11:45:02 read github-deploy cli:cursor 2026-03-08 14:12:33 render - cli:cursor