Bugbot is Cursor's automated code reviewer. It analyzes pull request diffs for logic errors, security issues, and edge cases — on GitHub, GitLab, and Bitbucket (including self-hosted). Reviews are powered by Composer 2.5 and typically complete in about 90 seconds.
cursor review or bugbot run on the PR/review, /review-bugbot, or /review-security in the editor; Bugbot syncs via patch IDs so already-reviewed code isn't re-billed on the PRFound a real bug? One click spawns a Cloud Agent to fix it — either on a new branch or pushed to the existing PR branch (up to 3 attempts).
| Layer | Mechanism |
|---|---|
| Team Rules | Dashboard-managed, apply across all repos |
| Repo rules | Learned from feedback + manual: comment @cursor remember [fact] on a PR |
| BUGBOT.md | .cursor/BUGBOT.md files — nest them in subdirectories for area-specific guidance |
Usage-based plans can tune effort levels (Default / High / Custom) to trade depth against cost, and Bugbot can call your MCP tools during review on Team/Enterprise plans.
/review locally before pushing, let Bugbot gate the PR in CI, and use Autofix for the mechanical fixes — human reviewers stay focused on design decisions.