SurePath AI supports governance and access control for code copilot applications. These tools integrate directly into developer environments and enable AI-assisted coding through inline suggestions, chat interfaces, and code generation. Admins can apply the same policy-based controls to code copilots as they do for other generative AI services, including access control, request intercept, and user activity logging.
Code copilots differ from traditional web-based generative AI tools in their integration methods and traffic patterns. This document outlines the supported capabilities for each code copilot service and any specific configuration requirements needed to ensure proper interception and policy enforcement.
Supported code copilot services
SurePath AI currently supports three code copilot services with varying levels of intercept capability. The table below summarizes the supported features for each service.
Service | Access Control | Request Intercept | Additional Requirements |
Cursor | Supported | Supported | HTTP compatibility mode required for SASE integrations |
Github Copilot | Supported | Supported | None |
Claude Code | Supported | Supported | SASE connector with X-Authenticated-User or Connector authentication |
Sensitive Data detection is not currently enabled for code copilots but will be enabled in a future release.
Cursor
Cursor supports full access control with request intercept for both chat interactions and inline code suggestions. Admins can monitor and apply policy to developer prompts and conversations within the Cursor interface.
When using SASE connectors like Netskope, Zscaler, or Cloudflare, Cursor requires specific HTTP compatibility mode settings to ensure proper traffic interception. Without these settings, requests will fail to reach the SurePath AI platform. See the HTTP compatibility requirements for Cursor section below for configuration details.
Github Copilot
Github Copilot supports full access control with request intercept for both chat interactions and inline code suggestions. Admins can monitor and apply policy to developer prompts and conversations within supported development environments.
Github Copilot does not require any special HTTP compatibility configuration and works with all SurePath AI interception methods including TLS proxy, PAC file distribution, and SASE connector integration.
Claude Code
Claude Code supports access control and request intercept for chat interactions. The application communicates directly with the Anthropic API for inference, which means the Anthropic API service is part of the same service definition within SurePath AI.
Claude Code does not support PAC file configuration and can only be governed when using SASE connectors that support X-Authenticated-User header insertion or Connector authentication. This limitation means that organizations using TLS proxy or PAC file-based interception cannot apply policy to Claude Code traffic.
HTTP compatibility requirements for Cursor
Cursor requires specific HTTP compatibility mode settings when used with certain interception methods. These settings disable HTTP/2 and Server-Sent Events (SSE) to ensure proper traffic interception by the SurePath AI platform.
TLS proxy interception
Organizations using TLS proxy interception must configure Cursor to use HTTP/1.1 compatibility mode. Admins can deploy this configuration via MDM by distributing the appropriate Cursor settings file to managed devices.
SASE connector interception
The required HTTP compatibility mode varies depending on the SASE vendor being used to forward traffic to SurePath AI.
Netskope and Zscaler
Both Netskope and Zscaler require Cursor to operate in HTTP/1.1 compatibility mode. If this setting is not configured, Cursor traffic will fail to reach generative AI services.
Cloudflare
Cloudflare requires Cursor to operate in HTTP/1.1 compatibility mode. If this setting is not configured, Cursor traffic will fail to reach generative AI services.
Configuring Cursor HTTP compatibility mode
Admins can distribute Cursor HTTP compatibility settings through MDM solutions by updating the Cursor settings file on managed devices. The settings file location varies by operating system.
Settings file location
macOS
~/Library/Application Support/Cursor/User/settings.json
Windows
%APPDATA%\Code\User\settings.json
These files will most likely have existing user settings within them. It is recommended to update or insert the following settings into the existing settings.json file.
HTTP/1.1 compatibility mode
Organizations should distribute the following configuration to the settings file via MDM:
{
"cursor.general.disableHttp2": true
}Distributing settings via MDM
Organizations can use their MDM platform to create and distribute the settings file to managed devices. The file should be created or modified with the appropriate JSON configuration for the organization's interception method.
It is important to note that Cursor does not currently support enterprise policy configuration through their teams platform, so these settings must be distributed through operating system-level MDM tools rather than through Cursor's native management interface.
Verifying code copilot integration
After configuring any required HTTP compatibility settings and deploying SurePath AI interception, admins should verify that code copilot traffic is being properly intercepted and governed.
Admins can verify successful integration by checking the User Activity logs at https://admin.surepath.ai for requests originating from code copilot applications. Successful request intercepts will show the application name, user identity, and any policy actions that were applied to the request.
If code copilot requests are not appearing in the User Activity logs, verify that the required HTTP compatibility settings have been applied and that the SurePath AI integration is functioning correctly for other generative AI services. Organizations can use the Ready tool at https://ready.surepath.ai to confirm that endpoints are properly configured to route traffic through SurePath AI.