FOR CURSOR PROJECTS

Cursor wrote your code. Did it write the legal layer too?

Comply Code is the compliance scanner Cursor doesn’t ship with. Paste your deployed URL or wire us up as an MCP server — your agent runs the audit and applies the fixes.

Three things Cursor doesn’t check by default.

  1. ADA / WCAG demand-letter risk. Cursor will happily generate <input placeholder="Email"> without a <label>. This is the #1 pattern cited in 2025 ADA demand letters.
  2. GDPR pre-consent tracking. When Cursor wires up analytics (Posthog, GA4, Mixpanel), it does so without a consent gate. Pixels fire on first render — GDPR Art. 4(11) violation if your traffic includes EU users.
  3. AI code provenance. Cursor’s output may include copyleft-licensed code from its training data. Comply Code fingerprints your deployed bundle against a copyleft NPM corpus and flags contamination.
MCP integration — 8 lines

Drop this into your Cursor MCP settings and call comply-code.scan(url) from any chat:

{
  "mcpServers": {
    "comply-code": {
      "command": "npx",
      "args": ["-y", "@comply-code/mcp"],
      "env": { "CC_API_KEY": "cck_live_…" }
    }
  }
}

Cursor-specific questions.

Can I run Comply Code from inside Cursor?

Yes. Comply Code exposes 5 MCP tools (scan, list_findings, get_fix, re_scan, diff_audit). Add one block to your Cursor MCP settings and your agent can scan, fetch a fix prompt, apply it, and verify — all in a single chat session.

Will Cursor apply the fix prompts correctly?

Our fix prompts are framework-aware. When we detect your project is Next.js (App Router or Pages), Vite + React, Remix, or SvelteKit, we emit before/after code in that framework's idioms. Cursor reads these and applies them directly — paste-ready, with the right import paths and conventions.

Cursor sometimes generates accessible code already. Why do I still get findings?

Cursor + Claude write generally-good code when prompted carefully, but accessibility is rarely the explicit prompt. Default UI patterns (`<input placeholder>` without label, low-contrast brand colours, `<div onClick>` buttons) survive long enough to ship. Comply Code finds them in the deployed bundle, not in the source — so we catch what made it to production.

How do I scan a Cursor project that's only running locally?

Comply Code scans live URLs. Deploy your project to a preview environment first (Vercel preview, Cloudflare Pages, Netlify, or any public URL). Then paste that URL into Comply Code. For server-rendered apps, make sure auth-gated pages have a public sample route we can crawl.

What about IP / copyleft on a Cursor-generated codebase?

Cursor's underlying models (Claude, GPT-4) were trained on large amounts of public code including some copyleft sources. Whether your generated code inherits those obligations is unsettled law (Doe v. GitHub is the active case). Comply Code's bundle-fingerprint matcher catches the most concrete signal — known copyleft packages appearing in your deployed bundle — and is the foundation of the Acquisition Pack diligence report.

Audit your Cursor project in 60 seconds.

Or wire us up as an MCP server and let Cursor run the audit itself.

Run a free audit →