export const meta = {
title: "Bugbot",
description: "Automatically fix bugs and linter errors with Bugbot's background assistance. Configure automatic fixes and understand how it improves code quality."
};
# Bugbot
Bugbot reviews pull requests and identifies bugs, security issues, and code quality problems.
Bugbot includes a free tier: every user gets a limited number of free PR reviews each month. When you reach the limit, reviews pause until your next billing cycle. You can upgrade anytime to a 14‑day free Pro trial for unlimited reviews (subject to standard abuse guardrails).
## How it works
Bugbot analyzes PR diffs and leaves comments with explanations and fix suggestions. It runs automatically on each PR update or manually when triggered.
- Runs **automatic reviews** on every PR update
- **Manual trigger** by commenting `cursor review` or `bugbot run` on any PR
- **Fix in Cursor** links open issues directly in Cursor
- **Fix in Web** links open issues directly in [cursor.com/agents](https://cursor.com/agents)
## Setup
Requires Cursor admin access and GitHub org admin access.
1. Go to [cursor.com/dashboard](https://cursor.com/dashboard?tab=bugbot)
2. Navigate to the Bugbot tab
3. Click `Connect GitHub` (or `Manage Connections` if already connected)
4. Follow the GitHub installation flow
5. Return to the dashboard to enable Bugbot on specific repositories
## Configuration
### Repository settings
Enable or disable Bugbot per repository from your installations list. Bugbot runs only on PRs you author.
### Personal settings
- Run **only when mentioned** by commenting `cursor review` or `bugbot run`
- Run **only once** per PR, skipping subsequent commits
### Repository settings
Team admins can enable Bugbot per repository, configure allow/deny lists for reviewers, and set:
- Run **only once** per PR per installation, skipping subsequent commits
- **Disable inline reviews** to prevent Bugbot from leaving comments directly on code lines
Bugbot runs for all contributors to enabled repositories, regardless of team membership.
### Personal settings
Team members can override settings for their own PRs:
- Run **only when mentioned** by commenting `cursor review` or `bugbot run`
- Run **only once** per PR, skipping subsequent commits
- **Enable reviews on draft PRs** to include draft pull requests in automatic reviews
### Analytics
## Rules
Create `.cursor/BUGBOT.md` files to provide project-specific context for reviews. Bugbot always includes the root `.cursor/BUGBOT.md` file and any additional files found while traversing upward from changed files.
```bash
project/
.cursor/BUGBOT.md # Always included (project-wide rules)
backend/
.cursor/BUGBOT.md # Included when reviewing backend files
api/
.cursor/BUGBOT.md # Included when reviewing API files
frontend/
.cursor/BUGBOT.md # Included when reviewing frontend files
```
### Team rules
Team admins can create rules from the [Bugbot dashboard](https://cursor.com/dashboard?tab=bugbot) that apply to all repositories in the team. These rules are available to every enabled repository, making it easy to enforce organization-wide standards.
### Examples
```text
If any changed file contains the string pattern /\beval\s*\(|\bexec\s*\(/i, then:
- Add a blocking Bug with title "Dangerous dynamic execution" and body:
"Usage of eval/exec was found. Replace with safe alternatives or justify with a detailed comment and tests."
- Assign the Bug to the PR author.
- Apply label "security".
```
```text
If the PR modifies dependency files (package.json, pnpm-lock.yaml, yarn.lock, requirements.txt, go.mod, Cargo.toml), then:
- Run the built-in License Scan.
- If any new or upgraded dependency has license in {GPL-2.0, GPL-3.0, AGPL-3.0}, then:
- Add a blocking Bug titled "Disallowed license detected"
- Include the offending package names, versions, and licenses in the Bug body
- Apply labels "compliance" and "security"
```
```text
For files matching **/*.{js,jsx,ts,tsx} in React projects:
If a changed file contains /componentWillMount\s*\(/, then:
- Add a blocking Bug titled "Deprecated React lifecycle method"
- Body: "Replace componentWillMount with constructor or useEffect. See React docs."
- Suggest an autofix snippet that migrates side effects to useEffect.
```
```text
If the PR modifies files in {server/**, api/**, backend/**} and there are no changes in {**/*.test.*, **/__tests__/**, tests/**}, then:
- Add a blocking Bug titled "Missing tests for backend changes"
- Body: "This PR modifies backend code but includes no accompanying tests. Please add or update tests."
- Apply label "quality"
```
```text
If any changed file contains /(?:^|\s)(TODO|FIXME)(?:\s*:|\s+)/, then:
- Add a non-blocking Bug titled "TODO/FIXME comment found"
- Body: "Replace TODO/FIXME with a tracked issue reference, e.g., `TODO(#1234): ...`, or remove it."
- If the TODO already references an issue pattern /#\d+|[A-Z]+-\d+/, mark the Bug as resolved automatically.
```
## Pricing
Bugbot offers two tiers: **Free** and **Pro**.
### Free tier
Every user gets a limited number of free PR reviews each month. For teams, each team member gets their own free reviews. When you reach the limit, reviews pause until your next billing cycle. You can upgrade anytime to the 14‑day free Pro trial for unlimited reviews.
### Pro tier
### Flat rate
$40 per month for unlimited Bugbot reviews on up to 200 PRs per month across all repositories.
### Getting started
Subscribe through your account settings.
### Per-user billing
Teams pay $40 per user per month for unlimited reviews.
We count a user as someone who authored PRs reviewed by Bugbot in a month.
All licenses are relinquished at the start of each billing cycle, and will be assigned out on a first-come, first-served basis. If a user doesn't author any PRs reviewed by Bugbot in a month, the seat can be used by another user.
### Seat limits
Team admins can set maximum Bugbot seats per month to control costs.
### Getting started
Subscribe through your team dashboard to enable billing.
### Abuse guardrails
In order to prevent abuse, we have a pooled cap of 200 pull requests per month for every Bugbot license. If you need more than 200 pull requests per month, please contact us at [hi@cursor.com](mailto:hi@cursor.com) and we'll be happy to help you out.
For example, if your team has 100 users, your organization will initially be able to review 20,000 pull requests per month. If you reach that limit naturally, please reach out to us and we'll be happy to increase the limit.
## Troubleshooting
If Bugbot isn't working:
1. **Enable verbose mode** by commenting `cursor review verbose=true` or `bugbot run verbose=true` for detailed logs and request ID
2. **Check permissions** to verify Bugbot has repository access
3. **Verify installation** to confirm the GitHub app is installed and enabled
Include the request ID from verbose mode when reporting issues.
## FAQ
Yes, Bugbot follows the same privacy compliance as Cursor and processes data identically to other Cursor requests.
When you reach your monthly free tier limit, Bugbot reviews pause until your next billing cycle. You can upgrade to the 14‑day free Pro trial for unlimited reviews (subject to standard abuse guardrails).