Integrate and deployAI coding assistants

Integrate Unleash with Cursor

View as Markdown

The Unleash MCP server connects Cursor to your Unleash instance, enabling AI-assisted feature flag management. You can evaluate code changes, create flags, generate wrapping code, manage rollouts, and clean up flags from within Cursor’s AI-first development environment.

Cursor supports MCP across two interfaces:

  • Cursor IDE — The primary interface, an AI-first code editor with Agent mode, Rules, Hooks, Skills, and Plugins
  • Cursor CLI — Terminal-based agent access via the agent command

Cursor’s IDE-native primitives create a layered automation system for feature flags: Rules encode your team’s conventions, Hooks validate MCP operations before they execute, Skills orchestrate multi-step workflows, and Plugins bundle everything for team distribution.

Prerequisites

Before you begin, make sure you have the following:

  • Node.js 18 or later: The MCP server is distributed as an npm package
  • Cursor: IDE or CLI installed
  • An Unleash instance: Cloud or self-hosted, with API access enabled
  • A personal access token (PAT): With permissions to create and manage feature flags

Install the MCP server

The Unleash MCP server runs as a local stdio process. Configuration differs between the IDE and CLI, but both use the same npm package and credentials.

First, create a credentials file:

$mkdir -p ~/.unleash
$cat > ~/.unleash/mcp.env << 'EOF'
$UNLEASH_BASE_URL=https://your-instance.getunleash.io/api
$UNLEASH_PAT=your-personal-access-token
$UNLEASH_DEFAULT_PROJECT=default
$EOF
$chmod 600 ~/.unleash/mcp.env
VariableDescriptionRequired
UNLEASH_BASE_URLYour Unleash instance API URL. Include /api at the end.Yes
UNLEASH_PATA personal access token with flag creation permissions.Yes
UNLEASH_DEFAULT_PROJECTThe default project for flag operations. If omitted, you must specify projectId in each tool call.No

Now configure your preferred interface:

Requirements: Cursor installed.

You can add the Unleash MCP server with a one-click install from cursor.directory or by creating the configuration file manually.

The Unleash MCP server is listed on cursor.directory.

Click Add to Cursor on the listing page, or open this link directly.

Cursor opens and pre-fills the MCP server configuration. The installer prompts you for your UNLEASH_BASE_URL and UNLEASH_PAT values.

The one-click flow writes credentials directly into .cursor/mcp.json. This is fine for personal use, but for team projects you should replace the inline values with an envFile reference so the configuration file is safe to commit. See the “Create file manually” tab for details.

Configuration scopes:

LocationScopeUse case
.cursor/mcp.json (project root)ProjectTeam-shared, version controlled
~/.cursor/mcp.jsonGlobalPersonal settings across all projects

Both are merged; project takes precedence on conflict. For team collaboration, use the project-level file.

Cursor uses its own .cursor/mcp.json location with the "mcpServers" root key. This differs from VS Code’s .vscode/mcp.json with a "servers" root key. If you are migrating from VS Code, update the file location and root key.

Tool reference

The Unleash MCP server exposes nine tools. The following table summarizes each tool and when to use it.

ToolDescriptionWhen to use
evaluate_changeAnalyzes a code change and determines whether it should be behind a feature flag.Before implementing risky changes
detect_flagSearches for existing flags that match a description to prevent duplicates.Before creating new flags
create_flagCreates a new feature flag with proper naming, typing, and metadata.When no suitable flag exists
wrap_changeGenerates framework-specific code to guard a feature behind a flag.After creating a flag
get_flag_stateReturns the current state, strategies, and metadata for a flag.Debugging, status checks
set_flag_rolloutConfigures rollout percentages and activation strategies.Gradual releases
toggle_flag_environmentEnables or disables a flag in a specific environment.Testing, staged rollouts
remove_flag_strategyDeletes a rollout strategy from a flag.Simplifying flag configuration
cleanup_flagReturns file locations and instructions for removing a flag after rollout.After full rollout

Workflows

The Unleash MCP server supports three core workflows: evaluate and wrap code in feature flags, manage rollouts across environments, and clean up after rollout. Cursor adds a fourth workflow unique to its architecture: Rules-guided flag evaluation.

Evaluate and wrap code in feature flags

Use this workflow when implementing a change that might affect production stability, such as a payment integration, authentication flow, or external API call.

1

Evaluate the change

Tell the agent what you are working on:

Evaluate whether the Stripe payment integration should be behind a feature flag.
The change modifies the checkout service and handles credit card processing.

The agent calls evaluate_change and returns a recommendation with a suggested flag name.

2

Check for duplicates

The agent automatically calls detect_flag to search for existing flags. If a suitable flag exists, the agent suggests reusing it instead of creating a duplicate.

3

Create the flag

If no suitable flag exists:

Create a release flag for the Stripe payment integration.

The agent calls create_flag with the appropriate name, type, and description. The flag is created in Unleash, disabled by default.

4

Wrap the code

Generate framework-specific guard code:

Wrap the Stripe checkout handler with the stripe-payment-integration flag.
This is a Node.js Express application.

The agent calls wrap_change and returns code like this:

checkout.js
1const { isEnabled } = require('unleash-client');
2
3app.post('/checkout', async (req, res) => {
4  const context = { userId: req.user.id };
5
6  if (isEnabled('stripe-payment-integration', context)) {
7    // New Stripe payment flow
8    const result = await stripeService.processPayment(req.body);
9    return res.json(result);
10  } else {
11    // Existing payment flow
12    const result = await legacyPaymentService.process(req.body);
13    return res.json(result);
14  }
15});

Rules-guided flag evaluation

Use this workflow to automate flag evaluation based on encoded policies. When a glob-scoped Rule targets a high-risk directory, the agent evaluates risk without the developer explicitly asking.

1

Create a Rule

Create a glob-scoped Rule targeting your high-risk domain (see Rule templates below for a complete example):

All changes in the payments domain require feature flags. No exceptions.
Evaluate risk with evaluate_change before writing implementation code.

Save as .cursor/rules/payments-flags.mdc with a glob pattern like src/payments/**/*.ts.

2

The Rule triggers automatically

When the agent works with files matching the glob pattern, the Rule loads into context. Following the Rule’s instructions, the agent calls evaluate_change with the change description.

3

Create and wrap in one flow

If a flag is needed, the agent calls detect_flag, create_flag, and wrap_change as part of the same implementation. The flag is in place before the task is complete.

Rules-guided evaluation catches risk during implementation rather than during code review. The flag becomes part of the development flow, not an afterthought.

Manage rollouts across environments

Use this workflow to enable a flag in staging for testing while keeping it disabled in production.

What is the current state and rollout strategies for stripe-payment-integration?

The agent calls get_flag_state and returns the flag metadata, enabled environments, and active strategies.

AI assistants can make mistakes and toggle the wrong flag. Enable change requests on production environments to require human approval before changes take effect. See the MCP server documentation for details.

Clean up after rollout

Use this workflow when a feature has been fully rolled out and the flag is no longer needed.

Clean up the stripe-payment-integration flag. The feature is fully rolled out.

The agent calls cleanup_flag and returns:

  • All files and line numbers where the flag is used
  • Which code path to preserve (the “enabled” branch)
  • Suggestions for tests to run after removal

Review the list, remove the conditional branches, and delete the flag from Unleash.

Feature flags should be temporary. Regularly clean up flags after successful rollouts to prevent technical debt.

Rule templates

Cursor Rules encode your team’s FeatureOps policies, so the agent considers feature flags automatically. Store them in .cursor/rules/ as .mdc files with YAML frontmatter.

For more details on Rules, see the Cursor Rules documentation.

Always Apply: universal conventions

This Rule loads into every agent session. Use it for organization-wide flag standards.

.cursor/rules/feature-flags.mdc
1---
2description: "Feature flag conventions for all code changes"
3alwaysApply: true
4---
5
6# Feature Flag Conventions
7
8When making changes to this codebase, follow these feature flag practices:
9
101. **Always evaluate risk**: Before implementing high-risk changes (payments,
11   authentication, data migrations, external integrations), use the Unleash MCP
12   server to evaluate whether a feature flag is needed.
13
142. **Naming conventions**: Use the format `{domain}-{feature}-{variant}`.
15   Examples: `checkout-stripe-integration`, `auth-sso-google`, `api-rate-limiting`.
16
173. **Flag types**:
18   - `release`: For gradual feature rollouts
19   - `experiment`: For A/B tests and experiments
20   - `operational`: For system behavior toggles
21   - `kill-switch`: For emergency shutdowns
22   - `permission`: For role-based access
23
244. **Prefer reuse**: Before creating a new flag, check if a similar flag already
25   exists using the detect_flag tool.
26
275. **Clean up after rollout**: Once a feature is fully released (100% rollout for
28   2+ weeks), use cleanup_flag to remove dead code.
29
30## Unleash MCP Server
31
32This project uses the Unleash MCP server for feature flag management. Configuration
33is in `.cursor/mcp.json`. Credentials are sourced from environment variables.
34
35Available tools: evaluate_change, detect_flag, create_flag, wrap_change,
36get_flag_state, set_flag_rollout, toggle_flag_environment, remove_flag_strategy,
37cleanup_flag.

Glob-scoped: domain-specific policies

This Rule loads only when the agent works with files matching the glob pattern. Use it for high-risk domains that always require flags.

.cursor/rules/payments-flags.mdc
1---
2description: "Payment domain requires feature flags for all changes"
3alwaysApply: false
4globs: ["src/payments/**/*.ts", "src/payments/**/*.tsx"]
5---
6
7# Payments Domain — Feature Flag Policy
8
9All changes in the payments domain require feature flags. No exceptions.
10
11- Use `kill-switch` type for external payment provider integrations
12  (Stripe, PayPal, etc.)
13- Use `release` type for internal payment logic changes
14- Naming: `payments-{feature}-{variant}`
15  (e.g., `payments-stripe-checkout`, `payments-refund-v2`)
16- Always include a fallback path for external provider calls
17- Evaluate risk with evaluate_change before writing implementation code

Apply Intelligently: rollout guidance

This Rule loads automatically when the agent detects the conversation is about rollout strategies.

.cursor/rules/rollout-guidance.mdc
1---
2description: "Guidance for configuring feature flag rollout strategies. Use when
3  setting up rollouts, configuring milestones, or discussing gradual releases."
4alwaysApply: false
5---
6
7# Rollout Strategy Defaults
8
9When setting up rollouts with set_flag_rollout, use these defaults unless
10specified otherwise:
11
12- Start at 10% rollout
13- Wait 24 hours before advancing
14- Pause if error rate exceeds 1% or p95 latency increases by more than 20%
15
16## Standard milestones
17
18| Milestone | Percentage | Hold period | Advance condition |
19|-----------|-----------|-------------|-------------------|
20| Canary | 10% | 24 hours | Error rate < 1%, latency stable |
21| Beta | 50% | 48 hours | Error rate < 0.5%, no regressions |
22| GA | 100% | — | All metrics healthy for 48 hours |
23
24## Cleanup cadence
25
26Run cleanup_flag weekly for flags that have been at 100% for more than 14 days.

Hook examples

Hooks automate validation and auditing of MCP operations. Store them in .cursor/hooks.json at your project root.

For more details on hooks, see the Cursor Hooks documentation.

Validate flag naming before creation

This hook fires before any Unleash MCP tool call. If the tool is create_flag, it checks the flag name against your naming convention and blocks requests that violate it.

.cursor/hooks.json
1{
2  "version": 1,
3  "hooks": {
4    "beforeMCPExecution": [
5      {
6        "command": ".cursor/hooks/validate-flag-name.sh",
7        "matcher": "MCP:unleash",
8        "timeout": 10,
9        "failClosed": true
10      }
11    ]
12  }
13}
.cursor/hooks/validate-flag-name.sh
$#!/bin/bash
$input=$(cat)
$tool_name=$(echo "$input" | jq -r '.tool_name // empty')
$
$if [[ "$tool_name" == "create_flag" ]]; then
$  flag_name=$(echo "$input" | jq -r '.tool_input' | jq -r '.name // empty')
$  # Check naming convention: {domain}-{feature}-{variant}
$  if [[ ! "$flag_name" =~ ^[a-z]+-[a-z]+-[a-z]+$ ]]; then
$    cat << EOF
${
>  "permission": "deny",
>  "agent_message": "Flag name '$flag_name' does not follow the naming convention {domain}-{feature}-{variant}. Please use lowercase with hyphens."
>}
$EOF
$    exit 0
$  fi
$fi
$
$echo '{"permission": "allow"}'

Hooks can return allow, deny, or ask to control flow. They default to fail-open but can be configured with failClosed: true for strict enforcement. Enterprise teams can distribute hooks via the web dashboard; they sync to all team members automatically.

Audit all MCP operations

This hook fires after every Unleash MCP tool call and logs the operation for audit purposes.

.cursor/hooks.json (add to afterMCPExecution)
1{
2  "version": 1,
3  "hooks": {
4    "afterMCPExecution": [
5      {
6        "command": ".cursor/hooks/audit-mcp.sh",
7        "matcher": "MCP:unleash"
8      }
9    ]
10  }
11}
.cursor/hooks/audit-mcp.sh
$#!/bin/bash
$input=$(cat)
$timestamp=$(date '+%Y-%m-%d %H:%M:%S')
$mkdir -p .cursor/hooks/logs
$echo "[$timestamp] $(echo "$input" | jq -c '{tool: .tool_name, duration: .duration}')" >> .cursor/hooks/logs/mcp-audit.log
$exit 0

Unleash plugin

A plugin bundles MCP tools, Rules, Skills, and Hooks into a single installable package. The Unleash plugin is the recommended way to distribute the integration across teams and projects.

Directory structure

unleash-featureops/
├── .cursor-plugin/
│   └── plugin.json
├── rules/
│   ├── feature-flag-conventions.mdc
│   ├── payments-flags.mdc
│   └── rollout-guidance.mdc
├── skills/
│   └── evaluate-and-flag/
│       └── SKILL.md
├── hooks.json
└── mcp.json

plugin.json

.cursor-plugin/plugin.json
1{
2  "name": "unleash-featureops",
3  "description": "Automate feature flag management with Unleash. Evaluate code changes for risk, create flags with consistent naming, generate SDK wrapping code, manage rollouts, and clean up stale flags.",
4  "version": "1.0.0",
5  "author": {
6    "name": "Unleash"
7  }
8}

SKILL.md

Skills are invoked with /skill-name in chat or discovered automatically by the agent when the context is relevant.

skills/evaluate-and-flag/SKILL.md
1# Evaluate and Flag
2
3Evaluate whether current changes need a feature flag, then create and wrap it.
4
5## Steps
6
71. Use `evaluate_change` to assess the risk of the current changes
82. If a flag is needed, use `detect_flag` to check for existing similar flags
93. If no suitable flag exists, use `create_flag` with the recommended name and type
104. Use `wrap_change` to generate framework-specific guard code
115. Suggest a rollout strategy based on the change's risk level

mcp.json

mcp.json
1{
2  "mcpServers": {
3    "unleash": {
4      "command": "npx",
5      "args": ["-y", "@unleash/mcp@latest", "--log-level", "error"],
6      "envFile": "~/.unleash/mcp.env"
7    }
8  }
9}

Install the plugin

  • From Team Marketplace: Admin imports the GitHub repository via Dashboard > Settings > Plugins. Set as required for automatic installation across the team.
  • Local testing: Symlink to ~/.cursor/plugins/local/unleash-featureops:
$ln -s /path/to/unleash-featureops ~/.cursor/plugins/local/unleash-featureops

For more details on creating and distributing plugins, see the Cursor Plugins documentation.

Prompt patterns

The following prompt patterns help you use the MCP tools effectively.

Intent: Determine if a change requires a feature flag, then create and wrap it.

Prompt:

Evaluate whether the [description of change] should be behind a feature flag.
The change modifies [component/service].

Expected behavior: The agent calls evaluate_change, then detect_flag, create_flag, and wrap_change as needed.

Intent: Avoid duplicate flags when similar functionality exists.

Prompt:

Before creating a new flag for [feature], check if a similar flag already exists
and suggest reusing it if appropriate.

Expected behavior: The agent calls detect_flag and presents matches with confidence levels.

Intent: Enable, disable, or query a flag in a specific environment.

Prompts:

Enable [flagName] in the staging environment.
What is the current state and rollout strategies for [flagName]?

Expected behavior: The agent calls toggle_flag_environment or get_flag_state.

Intent: Safely remove flagged code and delete unused flags.

Prompts:

Clean up the [flagName] flag now that the feature has fully shipped.
Clean up the [flagName] flag after the A/B testing experiment, only keep [variant].

Expected behavior: The agent calls cleanup_flag and provides removal instructions.

Intent: Automatically evaluate code changes based on encoded policies.

Trigger: A glob-scoped Rule (e.g., targeting src/payments/**) loads when the agent works with matching files.

Expected behavior: The Rule instructs the agent to call evaluate_change whenever it modifies files in the target domain. If a flag is needed, the agent notifies you and offers to create it.

Intent: Run a multi-step FeatureOps workflow using a skill.

Prompt:

/evaluate-and-flag

Expected behavior: The skill orchestrates the full workflow: evaluate the current changes, check for duplicates, create the flag if needed, wrap the code, and suggest a rollout strategy. Each step calls the appropriate MCP tool.

Intent: Evaluate and flag changes from the terminal.

Prompts:

$# Interactive
$agent "Evaluate whether the Stripe integration should be behind a feature flag"
$
$# Non-interactive
$agent -p "Check if any changes in this branch should be feature flagged" --output-format text
$
$# Cloud handoff
$agent -c "Add feature flags to all payment endpoints and open a PR"

Expected behavior: The CLI agent uses the same MCP tools as the IDE. In non-interactive mode (-p), the agent outputs results and exits.

Enterprise governance

Cursor provides enterprise controls relevant to MCP server deployment.

  • MCP server trust management — Enterprise admins can whitelist or blocklist specific MCP servers at the organization level. Ensure the Unleash MCP server is on the whitelist.
  • Privacy mode — Enforces zero data retention with AI providers. Enabled by default for team members. Does not affect MCP server communication, which goes directly to your Unleash instance.
  • Team Rules — Organization-wide Rules with enforcement toggles. Prevent developers from disabling mandatory FeatureOps policies.
  • Team hooks — Enterprise-distributed hooks that sync to team members every 30 minutes via the web dashboard. Use these for MCP validation and audit logging.
  • Agent sandbox — Enforceable org-wide on Enterprise plans. Controls what the agent can execute autonomously.
  • Audit logs — Track administrative actions including MCP-related operations.
  • SSO/SCIM — SAML/OIDC authentication and automated user provisioning.

For MCP server governance, commit .cursor/mcp.json and .cursor/hooks.json to version control. This ensures all team members use the same MCP servers with the same validation rules.

Use tool approval prompts for write operations like create_flag and toggle_flag_environment. Auto-run is appropriate for read-only operations like get_flag_state, detect_flag, and evaluate_change.

Troubleshooting

  • Check .cursor/mcp.json for syntax errors
  • Verify the file is at the project root under .cursor/
  • Open Settings > Features > Model Context Protocol and toggle the server on
  • Restart Cursor after making changes
  • Check MCP logs via Output panel > “MCP Logs”
  • Cursor uses ${env:NAME} syntax (not ${NAME} or ${VAR})
  • Restart your terminal and IDE after modifying your shell profile
  • Verify variables are exported: echo $UNLEASH_BASE_URL
  • If using envFile, verify the file path is correct and the file exists
  • Confirm your Unleash PAT is valid and has not expired
  • Check that the PAT has permissions to create and manage feature flags
  • Verify that UNLEASH_BASE_URL includes /api at the end
  • Test directly: curl -H "Authorization: $UNLEASH_PAT" "$UNLEASH_BASE_URL/admin/projects"
  • Verify .cursor/hooks.json exists and contains valid JSON
  • Check that the matcher pattern matches the expected tool (e.g., MCP:unleash)
  • Ensure hook scripts are executable: chmod +x .cursor/hooks/validate-flag-name.sh
  • View hook output in the Hooks output channel

Local servers using npx require Node.js 18+. Verify with node --version. If Node.js is installed but not found by Cursor, check that the IDE inherits your shell PATH.

By default, the agent requests approval before executing MCP tools. Configure auto-run in Settings or use ~/.cursor/permissions.json for granular control. In the CLI, use --approve-mcps.

agent mcp list may show “not loaded (needs approval)” even after running agent mcp enable. This is expected. MCP servers are lazy-loaded and only start when an agent session begins. Start an interactive session with agent --approve-mcps to auto-approve, or approve the server when prompted during your first session. Once approved, subsequent sessions load the server automatically.

Cloud Agents access MCP servers configured for the team. Ensure the Unleash MCP server is configured at the team level and credentials are set in the Cloud Agent Secrets tab.

Use envFile for simplicity. Use ${env:NAME} interpolation if you need per-variable control or mixing environment sources. Don’t use both for the same variable.

Best practices

Follow these guidelines for effective feature flag management with Cursor.

Keep humans in the loop

While the MCP server can automate flag creation, high-risk changes should involve human review. Use tool approval prompts for flag creation, rollout plans, and cleanup decisions.

Define naming conventions

Establish organization-wide standards for flag names (e.g., domain-feature-variant) and types. Encode these in Rules so the agent applies them automatically.

Prevent duplication

Always use detect_flag before creating new flags. This keeps naming consistent and reduces fragmentation across services.

Keep flags temporary

Feature flags should be removed after successful rollouts. Use cleanup_flag regularly to prevent technical debt.

Use project scope for teams

Configure MCP servers at project scope (.cursor/mcp.json) and commit to version control. All team members get the same configuration.

Encode policies in Rules

Write your feature flag guidelines in Rules with appropriate application modes. The agent reads these Rules and applies the guidance automatically based on context.