# Code Agents ## Code Agents Code agents — Cursor and Claude Code, and similar AI-powered coding assistants — operate directly inside developer IDEs and workstations. They read and write files, execute shell commands, and interact with MCP servers. The attack surface is the local development environment, not a network endpoint. Highflame secures code agents through a **local daemon** that hooks into IDE and shell activity. It enforces policies in real time with no network round-trips and no gateway in the data path. Detection covers prompt injection, dangerous shell commands, credential file access, supply chain attacks via poisoned MCP tool descriptions, and more. Key characteristics: * **IDE-agnostic** — one daemon, universal hooks; works with Cursor and Claude Code * **No proxy or gateway required** — runs as a local system service, adding no latency to normal development workflows * **MCP scanning** — discovers and scans MCP servers configured in the IDE for tool poisoning, path traversal, injection vectors, and other MCP-specific vulnerabilities * **Full visibility** — code agent sessions, threats, and MCP usage appear in Highflame Studio and Observatory alongside gateway and browser activity **Start here:** [Code Agents → Quick Start](/code-agents/quick-start.md) For policies and threat response: [Code Agent Policies](/code-agents/setting-up-policies.md) · [Threat Response](/code-agents/threat-response.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.highflame.ai/getting-started/securing-agents/code-agents.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.