Cursor AI Mastery
7/8
Lesson 7 15 min

Advanced Features

Explore Background Agents, BugBot automated PR review, Memories, Automations, model selection strategies, and Cursor's privacy and security controls.

Beyond the Basics

🔄 You’ve learned the core Cursor workflow through Lessons 2-6: Tab, Cmd+K, Chat, Agent, and Rules. These handle 90% of daily coding. But Cursor has a set of advanced features that transform how you work on larger projects and teams.

Background Agents

Regular agents work in your editor — you see them editing files in real time. Background Agents work somewhere else entirely.

How they work:

  1. You describe a task and launch a Background Agent
  2. Cursor provisions a remote environment in its cloud
  3. The agent clones your GitHub repository
  4. It works on a separate branch — your local code is untouched
  5. When done, it pushes changes you can review and merge

What this means practically: You assign a task, continue your own work, and come back later to review the results. Like sending an email to a colleague saying “Can you handle this?” — except the colleague is an AI that starts immediately.

Good tasks for Background Agents:

  • Writing tests for existing modules
  • Adding documentation to undocumented code
  • Migrating files from one format to another
  • Refactoring code that follows a clear pattern

Not great for Background Agents:

  • Tasks requiring real-time feedback or clarification
  • Complex architectural decisions where you want to guide each step
  • Changes that depend on work you’re currently doing

Background Agents are still in beta. Results vary — sometimes they nail it, sometimes they go off track. Always review the output.

BugBot: Automated PR Review

BugBot connects to your GitHub repository and automatically reviews pull requests.

What it does:

  • Triggers when a PR is updated
  • Inspects the code changes
  • Leaves comments about potential issues
  • Includes “Fix in Cursor” links that open the relevant code in your editor

What it catches:

  • Logic errors and edge cases
  • Missing error handling
  • Type safety issues
  • Inconsistencies with project patterns

BugBot isn’t a replacement for human code review. Think of it as a first pass that catches the obvious stuff so your human reviewers can focus on architecture and design decisions.

Memories

Memories let Cursor remember facts from your conversations and apply them to future sessions.

The problem they solve: You tell Cursor “We use Prisma for database access, not raw SQL” in one conversation. Next conversation, it suggests raw SQL queries. Without Memories, every conversation starts with a blank slate (apart from rules files).

How Memories work:

  • Cursor extracts useful facts from your conversations
  • These become persistent knowledge attached to your project
  • Future conversations reference this knowledge automatically
  • You can review and approve/delete memories in the editor

Examples of useful memories:

  • “This project uses pnpm, not npm”
  • “The team prefers React Query over SWR for data fetching”
  • “API endpoints follow /api/v2/{resource}/{id} convention”

Memories sit between rules (you write explicitly) and conversation context (temporary). They’re facts the AI learned by watching you work.

Quick Check: You have project rules AND memories that both mention testing conventions — but they slightly contradict each other. Which takes priority? Rules take priority. Rules are Layer 1 context (always active, explicitly written). Memories are automatically generated and can be wrong. If you notice a conflict, update the rule to be more specific or delete the incorrect memory. Rules are your authoritative source.

Automations

Automations are triggered agents — they launch automatically based on events.

Triggers include:

  • A new PR or commit in your repository
  • A Slack message matching a pattern
  • A timer (daily, weekly)
  • A change to a specific file or directory

Use cases:

  • Auto-generate changelog entries when code is merged
  • Run a code quality check on every new PR
  • Update documentation when API files change
  • Generate test stubs for new modules

Automations extend BugBot’s concept beyond PR review. Any repetitive task triggered by an event can potentially be automated.

Model Selection Strategy

Cursor gives you access to multiple AI models. Choosing the right one matters for both quality and cost.

The Auto option: Cursor’s default. It picks the model based on task complexity, current performance, and server reliability. Good enough for most users.

Manual selection by task type:

TaskRecommended ModelWhy
Tab completionCursor Tab (default)Custom model optimized for code prediction speed
Quick chat questionsClaude Sonnet or GPT-4oFast, accurate, cost-effective
Complex agent tasksClaude Sonnet 4.5Best reasoning for multi-step coding
Inline edits (Cmd+K)Claude Sonnet or GPT-4oGood balance of speed and quality
Deep reasoning/architectureClaude Opus or o1Maximum capability, highest credit cost

Using your own API keys: In Settings > Models > API Keys, you can add keys for OpenAI, Anthropic, Google, Azure, or AWS Bedrock. When using your own keys, requests go directly to the provider (not through Cursor’s servers), and you’re billed by the provider at their rates. Keys are stored locally on your machine.

Privacy and Security

Privacy Mode (Settings > General > Privacy):

  • No plaintext code stored on Cursor’s servers
  • Zero-data-retention agreements with AI providers
  • File paths obfuscated with client-side encryption
  • Available on all plans

.cursorignore (from Lesson 2):

  • Blocks specific files from being sent as AI context
  • Essential for credentials, API keys, secrets

SOC 2 Type II:

  • Cursor is SOC 2 Type II certified
  • Annual penetration testing by third parties
  • Report available at trust.cursor.com

Business tier enforcement:

  • Admins can enforce Privacy Mode org-wide
  • Compliance verified every 5 minutes
  • SAML 2.0 SSO for access control

Quick Check: Your company requires that code never leaves your servers. Can you use Cursor? With significant caveats. Privacy Mode prevents code from being stored, but it’s still sent to AI providers for processing. For zero-transmission requirements, you’d need to use Cursor with local models only (through custom API keys pointing to a self-hosted model) or use Cursor without AI features (which defeats the purpose). Most enterprises use Privacy Mode with a Business plan and consider the zero-retention agreements sufficient.

Key Takeaways

  • Background Agents work in Cursor’s cloud — they clone your repo, work on a branch, and push changes while you focus elsewhere
  • BugBot automatically reviews PRs, catching issues and linking to fixes — a useful first pass before human review
  • Memories let Cursor learn from conversations and apply knowledge to future sessions
  • Automations trigger agents based on events (PRs, Slack messages, timers)
  • Model selection affects both quality and credit cost — use Auto for convenience or pick manually for control
  • Privacy Mode + .cursorignore + SOC 2 certification provide layered security for sensitive code

Up Next

You’ve learned every major Cursor feature. In Lesson 8, you’ll put it all together: building a complete project workflow from scratch, combining Tab, Cmd+K, Chat, Agent, and Rules into a repeatable system you can use on any codebase.

Knowledge Check

1. What are Background Agents in Cursor?

2. How does Cursor's credit system affect model selection?

3. What does Privacy Mode guarantee about your code?

Answer all questions to check

Complete the quiz above first

Related Skills

AI Code Review Assistant