动手 · 终端把它变成能干活的环境Hands On · The Terminal Makes It an Environment That Acts.
一个能写代码的聊天框,和一个能在你机器上跑命令的环境,是两回事。Cursor 的集成终端让 agent 真的动手:装依赖、跑脚本、批量改文件、清一批数据。这一步也是它能干非编码活的关键 —— 凡是命令行能做的,它都能替你做。这一章讲哪些活该交给它的终端,哪些你该自己盯着,以及 auto-run 那条线划在哪。A chat box that writes code and an environment that runs commands on your machine are two different things. Cursor's integrated terminal lets the agent actually act: install dependencies, run scripts, batch-edit files, clean a pile of data. This is also the hinge for non-code work — anything a command line can do, it can do for you. Which work belongs in its terminal, which you should watch, and where to draw the auto-run line.
一个能写代码的聊天框,和一个能在你机器上跑命令的环境,是两回事。Cursor 的集成终端让 agent 真的动手:装依赖、跑脚本、批量改文件、清一批数据。A chat box that writes code and an environment that runs commands on your machine are two different things. Cursor's integrated terminal lets the agent actually act: install dependencies, run scripts, batch-edit files, clean a pile of data.这一步也是它能干非编码活的关键 —— 凡是命令行能做的,它都够得着。编辑器层让它改文本,终端层让它对结果动手;少了终端,它就退回成一个「会写、不会做」的助手。这一章讲哪些活该交给它的终端、哪些你该自己盯着,以及 auto-run 那条线划在哪。This step is also the hinge for its non-code work — anything a command line can do is within reach. The editor layer lets it change text; the terminal layer lets it act on the result. Without the terminal it falls back to an assistant that 'writes but doesn't do.' This chapter covers which work belongs in its terminal, which you should watch, and where to draw the auto-run line.
— I
能跑命令,才算能干活Running Commands Is What 'Doing' Means.
会建议的工具很多,能动手的才算一个环境。Plenty of tools advise; only one that acts counts as an environment.Agent 执行终端命令并读回输出 —— 装、跑、测、build 在同一个窗口里闭合,跑错了它看着报错自己改。1注 1Note 1Cursor Docs · Terminal —— Agent 可执行终端命令并读回输出;沙箱在受限环境里跑命令、阻断未授权的文件访问与网络活动,何时直接跑、何时问你由 Run Mode 决定。截至 2026-07-10。Cursor Docs · Terminal — the Agent can execute terminal commands and read the output back; the sandbox runs commands in a restricted environment blocking unauthorized file and network access, and your Run Mode decides what runs directly and what asks first. As of 2026-07-10.这就是它比纯聊天多出来的那一截:聊天告诉你「跑 npm test」,Cursor 跑给你看、再读结果接着干。它默认运行在受限环境里:命令限制在工作区内、阻断未授权的文件访问与网络活动,是个有护栏的沙地,不是直接拿你整台机器开闸。The Agent executes terminal commands and reads the output back — install, run, test, build all close inside one window, and on a failure it reads the error and fixes itself.1注 1Note 1Cursor Docs · Terminal —— Agent 可执行终端命令并读回输出;沙箱在受限环境里跑命令、阻断未授权的文件访问与网络活动,何时直接跑、何时问你由 Run Mode 决定。截至 2026-07-10。Cursor Docs · Terminal — the Agent can execute terminal commands and read the output back; the sandbox runs commands in a restricted environment blocking unauthorized file and network access, and your Run Mode decides what runs directly and what asks first. As of 2026-07-10. That's the stretch it has over plain chat: chat tells you to 'run npm test,' Cursor runs it, reads the result, and keeps going. It runs in a restricted environment by default: commands confined to the workspace, unauthorized file and network access blocked — a fenced sandbox, not the whole machine thrown open.这条「能动手」的能力,正是元工具论点的支点。它不止把代码写对,它把「让代码跑起来、让一批文件变成你要的样子、让一份数据清成你要的格式」这类需要执行的活揽了进来。下面两节,一节讲怎么放手、一节讲放到哪儿为止。This 'can act' capability is the pivot of the meta-tool claim. It doesn't only get the code right — it takes on the work that needs executing: making code run, turning a batch of files into what you want, cleaning data into the format you need. The next two sections cover how to let go, and how far.
— II
auto-run 那条线:省审批,别全放The Auto-Run Line: Fewer Prompts, Don't Open It All.
让它自动跑读类命令,给写和删留一道闸。Let it auto-run the read-only commands; keep a gate on writes and deletes.在 Settings > Agents > Approvals & Execution 里选 Run Mode,管 shell、MCP、Fetch 各类调用何时直接跑、何时问你;Auto-review(3.6 起的推荐默认)放行 allowlist 内的、能沙箱的命令进沙箱、其余交分类器判断。2注 2Note 2Cursor Docs · Run Modes —— 在 Settings > Agents > Approvals & Execution 选模式:Auto-review(推荐)放行 allowlist 内的调用、能沙箱的 shell 命令进沙箱、其余交分类器审;Allowlist 只放白名单;Run Everything 全放。allow / block 规则可用自然语言写进 permissions.json(用户级 ~/.cursor/ 或项目级 .cursor/)。截至 2026-07-10。Cursor Docs · Run Modes — pick a mode at Settings > Agents > Approvals & Execution: Auto-review (recommended) runs allowlisted calls, sandboxes shell commands when it can, and sends the rest to a classifier; Allowlist runs only your list; Run Everything runs it all. Allow / block rules are plain-English instructions in permissions.json (user-level ~/.cursor/ or project-level .cursor/). As of 2026-07-10.你的规矩可以用自然语言写进 permissions.json —— 一句「所有 AWS CLI 命令都要先过我」就够,甚至让 agent 替你写。但 Cursor 自己把这些防护称为「尽力护栏,不是硬安全边界」,分类器会犯错3注 3Note 3Cursor Docs · Agent Security / Run Modes —— Auto-review 自 3.6(2026-05-29)起是推荐默认;官方将 Run Modes 称为「best-effort guardrails rather than a hard security boundary」,并明说「Auto-review is not a security boundary」—— 分类器会犯错。.cursorignore 用来挡 agent 对指定文件的访问。截至 2026-07-10。Cursor Docs · Agent Security / Run Modes — Auto-review has been the recommended default since 3.6 (2026-05-29); Cursor calls Run Modes 'best-effort guardrails rather than a hard security boundary' and states plainly that 'Auto-review is not a security boundary' — the classifier can make mistakes. Use .cursorignore to block agent access to specific files. As of 2026-07-10. —— 省事归省事,别一键全放。Under Settings > Agents > Approvals & Execution you pick a Run Mode governing when shell, MCP, and Fetch calls run directly and when they ask; Auto-review (the recommended default since 3.6) runs allowlisted calls, sandboxes the commands it can, and sends the rest through a classifier.2注 2Note 2Cursor Docs · Run Modes —— 在 Settings > Agents > Approvals & Execution 选模式:Auto-review(推荐)放行 allowlist 内的调用、能沙箱的 shell 命令进沙箱、其余交分类器审;Allowlist 只放白名单;Run Everything 全放。allow / block 规则可用自然语言写进 permissions.json(用户级 ~/.cursor/ 或项目级 .cursor/)。截至 2026-07-10。Cursor Docs · Run Modes — pick a mode at Settings > Agents > Approvals & Execution: Auto-review (recommended) runs allowlisted calls, sandboxes shell commands when it can, and sends the rest to a classifier; Allowlist runs only your list; Run Everything runs it all. Allow / block rules are plain-English instructions in permissions.json (user-level ~/.cursor/ or project-level .cursor/). As of 2026-07-10. Your own rules go into permissions.json in plain English — one line like 'every AWS CLI command goes through approval first' is enough, and you can even have the agent write it. But Cursor itself calls these 'best-effort guardrails, not a hard security boundary,' and the classifier can make mistakes3注 3Note 3Cursor Docs · Agent Security / Run Modes —— Auto-review 自 3.6(2026-05-29)起是推荐默认;官方将 Run Modes 称为「best-effort guardrails rather than a hard security boundary」,并明说「Auto-review is not a security boundary」—— 分类器会犯错。.cursorignore 用来挡 agent 对指定文件的访问。截至 2026-07-10。Cursor Docs · Agent Security / Run Modes — Auto-review has been the recommended default since 3.6 (2026-05-29); Cursor calls Run Modes 'best-effort guardrails rather than a hard security boundary' and states plainly that 'Auto-review is not a security boundary' — the classifier can make mistakes. Use .cursorignore to block agent access to specific files. As of 2026-07-10. — handy, but don't open it all with one switch.尺子:可逆、限在工作区内的命令(读文件、跑测试、查状态),放手让它跑;不可逆或要出网的(rm、数据库迁移、git push、装全局包、调外部 API),留一道人工闸。自动化省的是你点「同意」的次数,省不了你为一条破坏性命令负的责。真要让它完全无人值守地连跑,放进一个沙箱 / VM,别直接对着你的主仓库。The ruler: reversible, workspace-confined commands (read files, run tests, check status), let it run; irreversible or outbound ones (rm, database migrations, git push, global installs, external API calls), keep a manual gate. Automation saves you clicking 'approve,' not the responsibility you carry for a destructive command. If you really want it running fully unattended, put it in a sandbox / VM — not pointed straight at your main repo.
提示词PromptCursor Agent
终端任务安全约束:
- 工作目录限制在 <path>
- 先 dry-run / list,不直接写入
- 禁止:rm -rf、sudo、git push、生产数据库、读取 .env*
- 每条会写文件的命令先解释影响范围,等我批准
- 完成后输出:执行过的命令、生成/修改的文件、回滚办法。Terminal task safety constraints:
- Limit working directory to <path>
- Dry-run / list first; do not write immediately
- Forbidden: rm -rf, sudo, git push, production databases, reading .env*
- Explain the impact of every write command before approval
- Finish with commands run, files created/changed, and rollback path.
终端任务安全约束:
- 工作目录限制在 ./data/invoices
- 先 dry-run / list,不直接写入
- 禁止:rm -rf、sudo、git push、生产数据库、读取 .env*
- 每条会写文件的命令先解释影响范围,等我批准
- 完成后输出:执行过的命令、生成/修改的文件、回滚办法。Terminal task safety constraints:
- Limit working directory to ./data/invoices
- Dry-run / list first; do not write immediately
- Forbidden: rm -rf, sudo, git push, production databases, reading .env*
- Explain the impact of every write command before approval
- Finish with commands run, files created/changed, and rollback path.
命令是否限制在当前 workspace 或明确子目录?Is the command confined to the current workspace or named subdirectory?
有没有 dry-run、备份、git diff 或临时输出目录?Is there a dry-run, backup, git diff, or temporary output directory?
有没有出网、读密钥、写生产、删文件、改权限?Does it access network, read secrets, write production, delete files, or change permissions?
失败后能不能回滚?不能回滚就不要自动跑。Can it roll back after failure? If not, do not auto-run it.
不要让 Agent 自动跑:`rm -rf`、`sudo`、`chmod -R`、`chown -R`。Do not let Agent auto-run: `rm -rf`, `sudo`, `chmod -R`, `chown -R`.
不要让 Agent 自动跑:生产数据库迁移、线上写入脚本、云资源删除。Do not let Agent auto-run: production migrations, live write scripts, cloud-resource deletion.
不要让 Agent 自动跑:`git push --force`、发布、部署、真实付款、发邮件。Do not let Agent auto-run: `git push --force`, release, deploy, real payment, sending email.
不要让 Agent 自动读取:`.env*`、私钥、密码库、未授权客户数据。Do not let Agent auto-read: `.env*`, private keys, password stores, unauthorized customer data.
— III
终端是非编码活的入口The Terminal Is the Gateway to Non-Code Work.
凡是命令行能做的,它都能替你做 —— 这就把它从「写代码」推到了「干电脑上的活」。Anything a command line can do, it can do for you — and that pushes it from 'writing code' to 'doing a machine's work.'一旦接受「描述结果、它在终端里跑出来」这个模式,非编码的活就涌进来了:批量重命名、转换格式几百个文件;用 python / pandas / csvkit 清洗、合并、去重一堆数据;从一批文档里抽字段、统计、归档。你不必会这些命令 —— 你说要什么结果,它写命令、它跑、读输出再修。这一类「机械但繁琐」的活,是 Cursor 当工作台最立竿见影的地方(第 9 章会把这条线铺满)。Once you accept the pattern 'describe the outcome, it runs it in the terminal,' non-code work floods in: batch-rename and convert hundreds of files; clean, merge, and dedupe a pile of data with python / pandas / csvkit; extract fields, tally, and archive from a batch of documents. You needn't know the commands — you state the outcome, it writes them, runs them, reads output, fixes. This 'mechanical but tedious' work is where Cursor-as-workbench pays off fastest (Chapter 9 fills this line out).诚实的边界:要反复看图调参的交互式数据探索,一个 notebook 更直接;要它操作没有命令行接口、纯 GUI 的软件,它碰不到 —— 那是 Computer Use,第 10 章那条线。终端能覆盖的是「命令行说得清」的活,覆盖不了「只能用鼠标点」的活。The honest boundary: for interactive data exploration with repeated plotting and tuning, a notebook is more direct; for operating software with no command-line interface, purely GUI, it can't reach — that's Computer Use, the line in Chapter 10. The terminal covers work 'a command line can express,' not work 'only a mouse can do.'
首选:Agent 能读 diff 和输出继续改Best: Agent reads diff/output and keeps editing
可用,但缺少同一份代码上下文Works, but lacks the same code context
批量文件处理、数据清洗Batch files, clean data
适合一次性、项目内、可 review 的批处理Good for one-off, project-local, reviewable batches
适合长期 shell workflow 和反复命令流Good for durable shell workflows and repeated command flows
系统层运维、跨项目命令System ops, cross-project commands
只在需要项目上下文时用Use only when project context matters
更顺:终端原生、shell 状态清楚Smoother: terminal-native with clearer shell state
高风险命令High-risk commands
保留人工审批,别全自动Keep manual approval; do not fully automate
你自己手动跑更可控Manual execution is usually more controlled
挑一件你平时在别的 app 里做、或纯手工做的杂活,交给它的终端:Pick a chore you normally do in another app or by hand, and give it to the terminal:
01
选一件命令行能做的非编码杂活Pick a non-code chore a command line could do
例如把一个文件夹里几十个文件批量改名 / 转格式,或把几份 CSV 合并去重。For example, batch-rename or convert dozens of files in a folder, or merge and dedupe several CSVs.
02
只描述结果,让 agent 在集成终端里做Describe only the outcome, let the agent do it in the integrated terminal
不写命令,看它写什么命令、怎么跑、读输出后怎么改。Don't write the commands; watch what it writes, how it runs them, and how it adjusts after reading output.
03
记下你放行了哪些、拦下了哪些Note what you let through and what you stopped
哪些命令你放心 auto-run,哪一条你按了停。这条线就是你之后配 Run Mode 的依据。Which commands you were fine auto-running, and the one you hit stop on. That line is how you'll configure Run Mode later.
会建议的很多,
能动手的才算环境.
Plenty of things advise;
only one that acts is an environment.
Aklman Library
— 讨论Discussion
讨论Discussion.
评论区初始化中…Initializing comments…
01 / 01
没有匹配结果No matches.
换个关键词,或按 Esc 回到页面Try another keyword, or press Esc to return