How to Get Audit Logs on Cursor Teams Without Upgrading to Enterprise

When feeding sensitive information to AI, audit logs that track “who submitted what, and when” are essential. However, Cursor’s Teams plan does not include audit logs. Cursor’s official documentation states that audit logs require an Enterprise subscription.

More importantly, even Enterprise audit logs only cover management events (logins, setting changes, etc.). Prompts sent to AI and generated code are not recorded. In other words, Enterprise audit logs alone are insufficient for the requirement of “recording when sensitive information was submitted to AI.”

This post explores how to build audit trails on the Teams plan.

What Enterprise Audit Logs Record

Before exploring workarounds, it helps to understand what the Enterprise plan’s audit logs actually capture.

Enterprise audit logs record 19 types of management events in a tamper-proof format. They can be viewed on the web dashboard and exported as CSV. SIEM / Webhook / S3 streaming is also supported, though it requires contacting Cursor via email.

Recorded events fall into these categories:

Category	Example events
Authentication	Login, logout
User management	Member add/remove, role changes
API key management	Key creation/deletion
Setting changes	Privacy Mode changes, team rule updates
Repository management	Block list changes

Enterprise audit logs are event logs that record “who performed which management action, when.” Prompts sent to AI and generated code content are not included. Cursor’s official documentation explicitly states that “agent responses and generated code content are not logged,” and recommends using Hooks for logging prompt and code data.

Feature Gap Between Teams and Enterprise

Based on Cursor’s pricing page, here is the feature gap around audit logging:

Feature	Teams	Enterprise
Audit logs (19 management event types)	❌	✅ (dashboard viewing, CSV export)
SIEM / Webhook / S3 streaming	❌	✅ (contact required)
SSO (SAML / OIDC)	✅	✅
SCIM provisioning	❌	✅
Organization-wide Privacy Mode	✅	✅
Usage analytics dashboard	✅	✅
AI Code Tracking API	❌	✅
Hooks (local configuration)	✅	✅
Hooks (cloud deployment)	❌	✅
Repository block list	✅	✅

Teams plan still provides SSO, Privacy Mode, usage analytics dashboard, and Hooks (local configuration).

Cursor Hooks Are the Core of Audit Logging

Cursor Hooks allow custom scripts to run at each stage of the agent execution loop. They are available on the Teams plan via local configuration files (.cursor/hooks.json) and can record prompt content and tool execution to external systems in real time.

Available Hooks

Hook name	Timing	Available data
`beforeSubmitPrompt`	Before prompt submission	Conversation ID, prompt text, attachments
`beforeShellExecution`	Before shell command execution	Command content, working directory
`beforeMCPExecution`	Before MCP tool call	Server name, tool name, input parameters
`beforeReadFile`	Before file content is sent to LLM	File path, content
`afterFileEdit`	After file edit	Full file content before and after
`stop`	When agent task completes	Session end information

beforeSubmitPrompt is currently observe-only (cannot block or modify prompts), but it fully serves the purpose of audit logging.

3-Tier Configuration

Hooks can be placed at three levels:

Level	Path	Use case
Project	`.cursor/hooks.json`	Repository-specific settings
User global	`~/.cursor/hooks.json`	User-wide settings
OS level	`/etc/cursor/hooks.json`	Organization-wide deployment via MDM

Cloud-based deployment is Enterprise-only, but MDM (macOS) or Group Policy (Windows) can deploy /etc/cursor/hooks.json to enforce uniform Hooks configuration across all machines.

Audit Log Script Example

Cursor’s official documentation provides an example audit.sh that appends JSON input to a file. Here is an example that sends logs to a central collection API:

// .cursor/hooks/audit-logger.ts
import { readFile } from "node:fs/promises";
 
async function main() {
  const input = JSON.parse(await readFile(0, "utf-8"));
 
  const logEntry = {
    timestamp: new Date().toISOString(),
    user: process.env.USER,
    event: input.event,
    payload: input,
  };
 
  try {
    await fetch("https://audit-api.example.com/v1/logs", {
      method: "POST",
      body: JSON.stringify(logEntry),
      headers: { "Content-Type": "application/json" },
    });
  } catch (e) {
    console.error("Audit log transmission failed", e);
  }
 
  process.stdout.write(JSON.stringify({ continue: true }));
}
 
main();

Hooks Ecosystem Partners

Cursor has announced official integrations with several partners:

Oasis Security: Access governance
MintMCP: MCP governance (SOC 2 Type II certified)
Semgrep: Vulnerability scanning for AI-generated code
1Password: JIT secret access

API Gateway Logging (Ask / Plan Mode Only)

Cursor’s settings (Settings > Models > Override OpenAI Base URL) allow specifying a custom API endpoint to route requests through a proxy that logs all traffic.

Here is a comparison of major tools:

Tool	Characteristics
LiteLLM Proxy	Open source. Virtual Keys for user identification. Log forwarding to Langfuse, Datadog, S3. Full prompt/response recording
Portkey	Virtual key management. Per-request metadata tagging. SOC 2, HIPAA, ISO 27001 compliant
Cloudflare AI Gateway	Few-click logging setup. S3 / Logpush for SIEM forwarding

However, this approach has a critical limitation:

Mode	Proxy logging	Hooks logging
Ask (Cmd+L)	✅	✅
Plan	✅	✅
Agent	❌	✅ (per action)
Tab completion	❌	❌

Override OpenAI Base URL only works for Ask and Plan modes. Agent mode requests do not pass through the proxy. API gateways should be positioned as a supplement to Hooks, not the primary mechanism.

Network-Level Approaches Are Impractical

TLS interception via mitmproxy frequently fails because Cursor is Electron-based and uses HTTP/2 with gRPC (Protocol Buffers). Enterprise proxies (Zscaler, Netskope, etc.) may also encounter HTTP/2 implementation issues. Network-level approaches should be considered supplementary at best.

Overall Architecture

flowchart LR
  DEV[Developer's Cursor] -->|Hooks| LOG[Log Collection API]
  DEV -->|SSO| IDP[IdP Audit Logs]
  DEV -->|Ask/Plan mode| GW[API Gateway]
  GW --> AI[AI Provider]
  ADMIN[Admin] -->|Admin API| USAGE[Usage Logs]
  LOG --> SIEM[SIEM / Log Platform]
  IDP --> SIEM
  GW --> SIEM
  USAGE --> SIEM

What Teams Plan Can Natively Provide

SSO (SAML / OIDC) Logs

SSO is available on the Teams plan. Capture sign-in/sign-out logs on the IdP side to establish an audit trail of “who logged into Cursor, when.”

Usage Analytics Dashboard and Admin API

The Teams plan management dashboard shows per-model, per-user usage. The Admin API also provides access to usage statistics. Periodic polling into SIEM enables anomalous usage pattern detection.

Note that this covers usage volume (model, token count, cost, etc.) but not prompt content.

Audit Log Comparison with Competing Tools

Here is how Cursor compares with other tools:

Tool	Audit log available from	AI operation content logging	Compliance certifications
Cursor	Enterprise (custom pricing)	❌ (management events only; use Hooks)	SOC 2 Type II
GitHub Copilot	Business ($19/mo) and up	❌ (management events only)	SOC 2
Windsurf	Enterprise	✅ (accepted suggestions and chat records)	SOC 2 Type II, FedRAMP High, HIPAA
Amazon Q Developer	Pro ($19/mo) and up	⚠️ (available with opt-in)	SOC 1/2/3, HIPAA, FedRAMP, ISO 27001

Most products’ audit logs focus on management events; prompt/response content is generally excluded. If native AI operation content logging is required, Windsurf Enterprise or Amazon Q Developer Pro are alternatives worth considering.

Phased Implementation Roadmap

Phase	Actions	Timeline
Short-term	Deploy Hooks for `beforeSubmitPrompt` / `beforeShellExecution` / `beforeMCPExecution` log collection. Enable SSO and capture IdP logs	Up to 4 weeks
Mid-term	Deploy Hooks configuration org-wide via MDM/EDR. Implement tamper detection and missing-log alerts. Feed Admin API usage stats into SIEM	1-3 months
Long-term	Evaluate Enterprise upgrade ROI. Based on requirements, upgrade to Enterprise, or migrate to Windsurf / Amazon Q Developer	3-6 months

Communicating to IT Department

Instead of Enterprise audit logs, the following compensating controls can provide equivalent or better coverage:

Cursor Hooks capture all operations including Agent mode, covering prompts, commands, and tool calls at a granularity that Enterprise audit logs cannot match
SSO logs provide authentication audit trails, available on Teams plan
API gateway records Ask / Plan mode communications with full prompt/response logging
AI Acceptable Use Policy defines data classification tiers and usage rules

Enterprise audit logs only record management events, not prompt content. A Hooks-based audit pipeline actually provides broader coverage for tracking “when sensitive information was submitted to AI.”

Conclusion

Building audit log capabilities on Cursor Teams requires custom construction centered on Hooks.

Enterprise audit logs are limited to 19 types of management events and do not record prompt or generated code content. This means that even on Enterprise, Hooks are still needed to track “sensitive information submitted to AI.” Building a Hooks-based audit pipeline on Teams is therefore a rational preparatory step even before an Enterprise migration.

Hooks (beforeSubmitPrompt, beforeShellExecution, beforeMCPExecution, etc.) to log all operations including Agent mode
API gateway (LiteLLM, Portkey, Cloudflare AI Gateway) to supplement with Ask / Plan mode communication logs
SSO logs + Admin API to secure authentication and usage audit trails

Since Hooks can be tampered with or disabled on client machines, designing for MDM/EDR deployment with tamper detection is important. Depending on audit requirements, consider upgrading to Enterprise or migrating to tools with more mature audit logging such as Windsurf Enterprise or Amazon Q Developer Pro.