Originally published at devtoolpicks.com
Two days after a Cursor agent wiped a production database in 9 seconds, Cursor released an SDK that lets everyone build their own agents. The timing is either bold or tone-deaf. Maybe both.
The Cursor SDK went into public beta on April 29, 2026. It's a TypeScript package (@cursor/sdk) that gives developers access to the same agent runtime that powers the Cursor desktop app, CLI, and web app. You can run agents locally on your machine or in Cursor's cloud, where each agent gets its own virtual machine with your repository already cloned.
The pitch: coding agents are evolving from interactive tools you talk to in an editor into programmatic infrastructure you embed in pipelines, automations, and products. Cursor wants to be the platform that powers all of it.
Here's what this actually means for indie hackers.
What the Cursor SDK Does
The SDK lets you create AI coding agents with a few lines of TypeScript. Install @cursor/sdk from npm, pass in an API key, pick a model, and point the agent at a codebase. That's it.
import { Agent } from "@cursor/sdk";
const agent = await Agent.create({
apiKey: process.env.CURSOR_API_KEY,
model: { id: "composer-2" },
local: { cwd: process.cwd() },
});
const run = await agent.prompt("Fix the failing tests");
for await (const event of run.stream()) {
if (event.type === "assistant") {
console.log(event.message);
}
}
The agent gets the full Cursor stack: codebase indexing with semantic search, MCP server connections for external tools and data sources, skills from your repo's .cursor/skills/ directory, and hooks for observing and controlling the agent loop.
You can run agents in two modes. Local mode runs on your machine against a local directory. Cloud mode runs on Cursor's infrastructure, where each agent gets a dedicated VM with your repo cloned. Cloud agents keep running even if your connection drops, which makes them suitable for longer tasks.
What You Can Build With It
The SDK unlocks use cases that weren't possible when agents only lived inside the editor.
CI/CD automation. Set up an agent that triggers when tests fail in your pipeline. The agent reads the failure logs, writes a fix, and opens a pull request. No human intervention needed for straightforward test failures.
Bug triage. Connect the SDK to your issue tracker. When a bug report comes in, an agent clones the repo, reproduces the issue, and either fixes it or adds diagnostic comments to the ticket with its findings.
Code review automation. Run an agent that reviews every PR against your team's coding standards, checks for security issues, and leaves inline comments. Not as a replacement for human review, but as a first pass that catches the obvious stuff.
Embedded agents in your product. If you're building a developer tool or SaaS product, you can embed Cursor agents directly into your product. Your users get AI coding assistance powered by the same engine as Cursor, without you building an agent from scratch.
Rippling, Notion, Faire, and C3 AI are already using the SDK in production. Cursor also published a public cookbook on GitHub with starter projects including a kanban board for managing cloud agents and a CLI tool for spinning up agents from a terminal.
The Pricing Question
This is where indie hackers need to pay attention. Cursor's SDK pricing is usage-based, and it depends on which model you choose.
The default model is Composer 2, Cursor's in-house coding model. It's significantly cheaper than frontier models. Routing simple tasks (linting, formatting, docs) to Composer 2 and complex tasks (architecture decisions, security reviews) to Claude Opus 4.7 or GPT-5.5 is the recommended approach for managing costs.
Cloud mode adds infrastructure costs on top of model costs since each agent gets its own VM. For indie hackers, local mode is the obvious starting point. Run agents on your own machine, pay only for model usage, and move to cloud mode when you need durability or parallelism.
Cursor hasn't published a simple pricing table for the SDK yet. The API key comes from your Cursor integrations dashboard, and usage is billed against your account. Check cursor.com/pricing for the latest specifics, because this is still public beta and pricing could change.
The Safety Question
This SDK launch happened two days after the PocketOS incident where a Cursor agent found a Railway API token and deleted a production database in 9 seconds. That's not a coincidence worth ignoring.
When agents run inside the Cursor editor, a human is watching. You see what the agent is doing. You can stop it. When agents run programmatically from a CI/CD pipeline or an automated workflow, nobody is watching. The agent makes decisions, runs commands, and modifies code without a human in the loop.
The SDK does include hooks that let you observe and control the agent loop. You can intercept actions before they execute, add approval gates for destructive operations, and log everything the agent does. But these are opt-in. If you don't set them up, the agent runs with whatever permissions you give it.
For indie hackers building with the SDK, the same rules from the PocketOS postmortem apply:
- Never give SDK agents production credentials
- Use read-only tokens for any external service connections
- Set up hooks that block destructive commands (delete, drop, rm -rf)
- Run agents in isolated environments (containers, separate VMs)
- Log everything the agent does for debugging and auditing
The power of programmatic agents is real. So is the risk. Build guardrails before you build features.
How It Compares to the Competition
The Cursor SDK enters a market with two other programmatic agent platforms: OpenAI's Codex CLI (open source, runs locally) and Anthropic's Claude Code (terminal-based agent with its own growing ecosystem).
Cursor's advantage is the harness. When you create an agent through the SDK, it doesn't just get a model. It gets codebase indexing, semantic search, MCP server support, skills, hooks, and subagent orchestration. Codex CLI and Claude Code are powerful but don't offer the same level of infrastructure around the agent.
The disadvantage is lock-in. The Cursor SDK ties you to Cursor's infrastructure and pricing. Codex CLI is open source and model-agnostic. Claude Code works with any Anthropic model through the API. If Cursor changes pricing or terms, you're rebuilding.
For indie hackers choosing between these: if you already use Cursor as your primary editor, the SDK is the natural choice because your agents inherit your existing Cursor configuration, skills, and rules. If you're not in the Cursor ecosystem, Codex CLI (free, open source) or Claude Code (Anthropic's agent with strong reasoning) are worth evaluating first.
Who Should Care About This
If you're building a developer tool or SaaS for developers: The SDK lets you add AI coding features to your product without building an agent from scratch. This is the highest-value use case for indie hackers. Instead of integrating raw LLM APIs and building all the tooling around them, you get a production-ready agent runtime.
If you're a solo founder doing repetitive coding tasks: Automating test fixes, code reviews, or documentation generation with programmatic agents could save you hours per week. Set up a simple script that runs overnight, and wake up to PRs ready for review.
If you're exploring agentic workflows for your team: The kanban board starter project in Cursor's cookbook is a good starting point. It shows how to manage multiple cloud agents, track their status, and preview their output.
If you're just building a SaaS and want to ship features: You probably don't need this yet. The SDK is infrastructure for building agent-powered products and workflows. If you're focused on shipping your core product, stick with Cursor's editor-based agents for your daily coding work. The SDK is for when you want agents running without you.
FAQ
Is the Cursor SDK free?
The SDK package itself is free to install (npm install @cursor/sdk). Usage is billed through your Cursor account based on model usage and cloud compute. Local mode uses your machine's resources, so you only pay for model inference. Cloud mode adds VM costs. Check cursor.com/pricing for current rates.
Can I use any model with the SDK?
The SDK supports multiple models including Composer 2 (Cursor's default, cheapest option), Claude Opus 4.7, and GPT-5.5. You pick the model per agent. For most automated tasks, Composer 2 is the cost-effective choice. Use frontier models only for tasks that require stronger reasoning.
Is it safe to run agents programmatically?
It can be, but only if you set up guardrails. The SDK includes hooks for intercepting and controlling agent actions. Without hooks, agents run with whatever permissions you give them. After the PocketOS incident, the answer is clear: never give programmatic agents access to production credentials, always use isolated environments, and log everything.
How does this compare to just using the Cursor editor?
The editor is for interactive coding where you're guiding the agent in real time. The SDK is for programmatic workflows where agents run without you, like CI/CD pipelines, automated bug triage, or embedded features in your product. Different use cases, not a replacement.
Do I need to be on a paid Cursor plan?
You need a Cursor API key, which requires a paid account. The SDK is available to all paid users in public beta. Free Cursor users don't have access to the API.
The Bottom Line
The Cursor SDK is a significant move. It turns Cursor from an AI-powered code editor into a platform for building agent-powered products and workflows. For indie hackers, the immediate value is automating repetitive development tasks (test fixes, code reviews, documentation) without building an agent stack from scratch.
But the PocketOS shadow is real. Two days before this launch, a Cursor agent demonstrated exactly how much damage an unsupervised agent can do. The SDK gives you the power to run agents without watching them. Use that power carefully.
Start with local mode. Add hooks for destructive operations. Keep production credentials far away from any agent. And build something useful with the time you save.
Top comments (0)