docs: add Cursor Cloud dev environment notes

[bgardiner]

What

Sets up the development environment for the Snyk CLI (hybrid TypeScript + Go) in Cursor Cloud and documents the non-obvious setup caveats discovered while doing so. The only code change is a new ## Cursor Cloud specific instructions section in AGENTS.md.

Environment setup performed

• npm upgraded to >=11.10 — .npmrc sets engine-strict=true and package.json requires npm ^11.10, but the base image ships npm 10.x, which makes npm install fail outright.
• Go toolchain — cliv2/go.mod pins a go version newer than the system go. GOTOOLCHAIN=auto downloads the pinned toolchain from proxy.golang.org automatically; no manual install needed.
• convco@0.6.2 installed via cargo (required by make build → release-scripts/next-version.sh). Newer convco needs a newer rustc than the image provides.

Startup update script: npm install.

Verified

Area	Command	Result
Lint (TS)	npm run lint	pass
Unit tests (TS)	npm run test:unit	1051/1076 pass (remainder need Snyk API token / blocked egress)
Tests (Go)	cd cliv2 && make test	pass except internal/proxy (blocked egress to downloads.snyk.io)
Build	make build BUILD_MODE=public	builds binary-releases/snyk-linux
Run / hello-world	print-graph acceptance test against the built binary	pass (real dependency-graph extraction end-to-end)

Notes for future agents (captured in AGENTS.md)

• Use BUILD_MODE=public (private modules need GitHub access this VM lacks).
• make build's license step fetches a go.dev license; egress is blocked, so pre-seed it from the local Go toolchain (cp "$(cd cliv2 && go env GOROOT)/LICENSE" cliv2/internal/embedded/_data/licenses/go.dev/LICENSE).
• TS unit tests need workspace packages built first (npm run build --workspaces).
• Direct snyk test invocations do an api.snyk.io preflight (blocked); use the acceptance fake-server harness for offline scanning smoke tests.

snyk_hello_world.log

_{To show artifacts inline, enable in settings.}

  

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[github-actions]

	Warnings
⚠️	Since the CLI is unifying on a standard and improved tooling, we're starting to migrate old-style imports and exports to ES6 ones. A file you've modified is using either module.exports or require(). If you can, please update them to ES6 import syntax and export syntax. Files found: AGENTS.md

Generated by 🚫 dangerJS against db5941f