Stow.How to Connect Cursor to Stow (MCP Setup Guide)
AI AgentsApril 19, 20264 min read

How to Connect Cursor to Stow (MCP Setup Guide)

Cursor is already one of the most capable AI coding environments. Connect it to Stow and every tool your agent touches is logged, permissioned, and under your control.

Cursor

Cursor gives you an AI pair programmer that can read your codebase, write code, and execute commands. Connecting it to Stow means every tool that AI touches — GitHub, Vercel, Neon, Slack — goes through a policy and audit layer you control.

This guide walks through the exact steps to connect Cursor to Stow via MCP. It takes about five minutes and gives you full visibility into everything your Cursor agent does across connected services.

How the Architecture Works

Once connected, Cursor routes all tool requests through Stow before they reach your services:

CursorStowYour Services

Every action Cursor's AI takes against a connected service — reading a file on Drive, posting a Slack message, triggering a Vercel deploy — passes through Stow's Risk Engine and Policy Engine first. If it's outside your permissions, it's blocked. Either way, it's logged.

Step 1: Create an Agent in Stow

Before configuring Cursor, you need a Stow agent to represent it:

  • Log into your Stow dashboard and navigate to AI Agents
  • Click + Add Agent
  • Give it a name (e.g., "Cursor") and select the Cursor icon
  • Click Create Agent

You'll be taken to the Agent Configuration page. Click New Client Secret to generate your credentials. You'll see your Agent ID and Client Secret — keep this tab open for the next step.

Important: Copy your Client Secret now. It's only shown once and disappears after you navigate away. Your Agent ID is always available on the configuration page.

Step 2: Open MCP Settings in Cursor

  • Open Cursor and press Cmd/Ctrl + Shift + J to open Settings
  • Navigate to Tools & MCP in the sidebar
  • Under Installed MCP Servers, click + New MCP Server
  • Cursor will open your MCP configuration JSON file

Step 3: Add Stow to Your MCP Config

Select the format that matches your current config file:

Blank File

Starting fresh — no other MCP servers

Existing File

Already have other MCP servers configured

If your file is blank, paste the full JSON block:

{
  "mcpServers": {
    "stow": {
      "type": "sse",
      "url": "https://mcp.stowprotect.com/sse?agent_id=YOUR_AGENT_ID&agent_secret=YOUR_SECRET"
    }
  }
}

If you have an existing file, add just the "stow" block inside your existing mcpServers object:

"stow": {
  "type": "sse",
  "url": "https://mcp.stowprotect.com/sse?agent_id=YOUR_AGENT_ID&agent_secret=YOUR_SECRET"
},

Replace YOUR_AGENT_ID and YOUR_SECRET with the credentials from your Stow dashboard. Save the file.

Note: Cursor uses SSE with your agent credentials embedded in the URL. This is different from Claude Desktop, which connects via OAuth. Don't use the OAuth URL format here.

Step 4: Verify the Connection

Back in Cursor, the Stow MCP server should now appear in your Installed MCP Servers list. To confirm it's working:

  • Open a Cursor chat session
  • Ask: "What tools do you have access to via Stow?"
  • Cursor should list the tools from your connected Stow services

In your Stow dashboard, navigate to Activity Logs. You should see the initial connection request logged with a executed status and your agent's network fingerprint recorded as the Security Baseline.

What You Can Do Now

With Cursor connected to Stow, try prompts like:

"Push this fix to a new branch on GitHub"
"Deploy the current build to my Vercel project"
"Create a Neon branch for this feature"
"Post the build status update to #engineering"

Every one of these goes through your Stow permission policy. Actions you've allowed execute immediately. Actions you've set to Approval Required pause in your dashboard until you confirm. Actions outside your policy are blocked outright.

Security Baseline: What Happens on First Connect

The first time Cursor connects to Stow, the Risk Engine captures your network fingerprint — IP address, ASN, and geographic region. This becomes the Security Baseline for this agent. Every subsequent request is compared against it.

IP Address

Your current external IP, captured on first connect.

ASN / ISP

Your internet service provider's network identifier.

Geographic Region

Country and region derived from the network signal.

If Cursor's requests ever come from a different ISP or country — which can happen if someone else gets hold of your credentials — the Risk Engine blocks them. Rotating your agent secret in the Stow dashboard resets the baseline when you legitimately change locations.

Cursor + Stow = Controlled AI

Every tool call logged. Every permission enforced. Set it up in five minutes.

S

Stow Security Team

April 19, 2026