Limit readable and editable scope
Block secret-bearing files and explicitly protect auth, billing, infrastructure, deployment, customer-data, and workflow paths before enabling broad repository access.
Treat repository instructions as untrusted
Docs, prompts, issues, logs, and comments can contain stale or malicious instructions. Require human review before Cursor treats repository text as operational guidance.
Create a verifiable baseline
CapitalGuard scores the current exposure surface, generates policy artifacts, and preserves a report that can be compared after permissions or repository structure change.
