Cursor team workflows in a shared repo
From individual prompting to governed, repeatable, repository-grounded workflows.
From clever prompts to governed workflows
After this you can explain why Cursor adoption succeeds at the repo layer and fails at the prompt layer, in one sentence a VP will repeat.
One mental shift decides whether a real team gets value from Cursor.
A great prompt is a personal asset. A great workflow is an organizational one. Adoption stalls when it stays at the prompt layer and it pays off when it moves to the repo layer.
In a shared repo the problem isn't "how do I get the model to do something clever." It's "how do I get fifty people, each prompting differently, to produce changes that look like one disciplined engineer wrote them." That's a governance problem. Your impact is no longer the prompt in your head. It's the artifact checked into the tree.
Project RulesVersion-controlled instructions in the repo that every Cursor agent interaction inherits, so standards are encoded once. turn 50 prompters into one team.
Anything load-bearing about how we build here belongs in the repo, version-controlled and reviewable. Not in fifty private chat histories.
The progression every team walksad-hoc → governed
- 1Personal prompts. Each dev has their own habits. They live in one head and die when that person leaves. no team benefit for the team.
- 2Shared Project RulesVersion-controlled instructions in the repo that every Cursor agent interaction inherits, so standards are encoded once. / `AGENTS.md`. The conventions move into the repo and the model behaves consistently regardless of who's driving.
- 3Shared commands. Repeatable, named workflows (generate-test, scaffold-endpoint) so the how is encoded once instead of re-typed fifty times.
- 4Scoped context + ignore controls. You engineer what the agent can see and touch, so it pulls the right files and never the secrets.
- 5Plan-first, reviewable handoffs. The agent proposes, a human approves and the diff stays small enough to actually read.
Each step trades a little spontaneity for a lot of repeatability. The mature team treats its Cursor configuration the way it treats CI config or lint rules:
- It's part of the codebase.
- It goes through review.
- It's an ITGCIT General Controls. The baseline IT controls auditors check: who can change what, how changes get approved and how systems are run.-adjacent control surface rather than a sticky note.
"A prompt is a personal asset. A Project Rule is a team control. We don't scale prompting - we scale the rules that make everyone's prompting converge."
Takeaway. A prompt is a personal asset; a Project Rule is a team control. You scale the rules that make everyone's prompting converge, not the prompts.
Self-check
Encoding the rules close to the repo
After this you can place a given convention in the right layer (AGENTS.md, Project Rule, command or ignore) and justify the choice by proximity.
The governing principle is proximity. The closer a rule lives to the code it governs, the more reliably it's applied and the easier it is to review. Cursor gives you a layered set of places to put intent and a strong field engineer knows which layer each thing goes in.
- Layer
AGENTS.md(repo root)- What lives here
- High-level project context, architecture, how we build, where things live
- Scope
- Whole repo / default agent context
- Reviewable in PR?
- Yes
- Layer
- Project RulesVersion-controlled instructions in the repo that every Cursor agent interaction inherits, so standards are encoded once. (
.cursor/rules/) - What lives here
- Targeted, path-scoped conventions (e.g. "all API handlers do X")
- Scope
- Glob-scoped, auto-attached by file match
- Reviewable in PR?
- Yes
- Layer
- Shared commands
- What lives here
- Named, repeatable workflows the whole team invokes
- Scope
- Team-wide
- Reviewable in PR?
- Yes
- Layer
.cursorignore/ context scoping- What lives here
- What the agent must never index or touch (secrets, vendored code, generated dirs)
- Scope
- Indexing + agent reach
- Reviewable in PR?
- Yes
| Layer | What lives here | Scope | Reviewable in PR? |
|---|---|---|---|
AGENTS.md (repo root) | High-level project context, architecture, how we build, where things live | Whole repo / default agent context | Yes |
Project RulesVersion-controlled instructions in the repo that every Cursor agent interaction inherits, so standards are encoded once. (.cursor/rules/) | Targeted, path-scoped conventions (e.g. "all API handlers do X") | Glob-scoped, auto-attached by file match | Yes |
| Shared commands | Named, repeatable workflows the whole team invokes | Team-wide | Yes |
.cursorignore / context scoping | What the agent must never index or touch (secrets, vendored code, generated dirs) | Indexing + agent reach | Yes |
Everything here is a file in the tree. That's the point: it goes through the same review as any code change.
Interactive diagram. Tab through its regions; each focused region shows its detail in the panel below.
Scope narrows as a rule moves closer to the code: broad always-on AGENTS.md at the top, path-scoped Project Rules in the middle, .cursorignore subtracting reach at the bottom.
A rule that's too broad is worse than no rule. It fires on everything, so people learn to ignore it and talk over the model.
Prefer path-scoped Project RulesVersion-controlled instructions in the repo that every Cursor agent interaction inherits, so standards are encoded once. ("this applies to **/handlers/*.ts") over one giant always-on rule. Scope is what makes a rule precise enough to trust.
Project Rules vs AGENTS.md - when to use which
The orientation doc. "You are working in a payments monorepo. Services live in /services. We use X for Y."
Always-on, broad context. Think onboarding a new engineer in one page.
Surgical and conditional. Attach by glob so the rule only fires where it's relevant.
Use for enforceable conventions: error handling, logging, test structure, naming.
Worth saying in an interview: rules don't replace judgment, they encode defaults. The model still needs a good prompt. It now starts from your team's baseline instead of the internet's average, so fifty drifting styles collapse into one house style.
The actual file mechanics (so you're not hand-waving)where these live and how they fire
Be specific about creation paths and firing behavior - vagueness here is what makes a pitch feel theoretical. A Project Rule is created in Settings > Rules, Skills, and Sub Agents > project > Rules > New > Project rule, which writes a Markdown/MDC file under .cursor/rules with a header carrying its name, description and apply setting. There are four rule types, and the apply setting decides exactly when each one fires:
- Rule type
- Always Apply
- When it fires
- Attached to every single prompt
- Use it for
- One-sentence basics only (tech stack, what you're building, key constraints)
- Rule type
- Apply Intelligently
- When it fires
- Agent reads your description and pulls it in when it judges it relevant
- Use it for
- Conditional guidance (a skill is now usually the better tool here)
- Rule type
- Apply to Specific Files
- When it fires
- Auto-attached only when a file matching its glob (e.g.
**/handlers/*.ts) is touched - Use it for
- Path-scoped conventions - the workhorse
- Rule type
- Apply Manually
- When it fires
- Only when you
@-mention it while prompting - Use it for
- Large content like a full style guide, run as a post-feature audit
| Rule type | When it fires | Use it for |
|---|---|---|
| Always Apply | Attached to every single prompt | One-sentence basics only (tech stack, what you're building, key constraints) |
| Apply Intelligently | Agent reads your description and pulls it in when it judges it relevant | Conditional guidance (a skill is now usually the better tool here) |
| Apply to Specific Files | Auto-attached only when a file matching its glob (e.g. **/handlers/*.ts) is touched | Path-scoped conventions - the workhorse |
| Apply Manually | Only when you @-mention it while prompting | Large content like a full style guide, run as a post-feature audit |
All three layers (rules, commands, ignore) live under .cursor as files in the tree, so they pass through the same PR review as code.
Commands are the sibling primitive: reusable multi-step slash-prompts created in Settings > Rules, Skills, and Sub Agents > Commands > New, which writes a Markdown file in .cursor/commands. They shine for recurring multi-step jobs - run the test suite, fix compile errors, open a PR, spin up local servers, commit-and-push. A best-practice touch: tell the command how to respond (e.g. 'print the local URL and confirm the server is responding') to cut verbose replies.
Cramming directives into an always-apply rule degrades output - the model does best with the least to attend to, and a 300-line always-apply rule silently appends 'also do these 300 other things' to every prompt.
Build rules reactively: add a directive only after the model makes the same mistake more than a few times. Don't write 'just in case' rules and don't replace your linter with a rule (that just burns tokens injecting rule content into every call). For very large style guides, prefer a manual @-invoked rule run as a recurring audit over an always-on one.
Takeaway. The closer a rule lives to the code it governs, the more reliably it fires. Prefer path-scoped Project RulesVersion-controlled instructions in the repo that every Cursor agent interaction inherits, so standards are encoded once. over one giant always-on rule.
Self-check
QWhich is the better design for a convention like 'all HTTP handlers must validate input with our schema lib'?
Context strategy is an engineering problem
After this you can run the recall-then-precision funnel on a big repo and name which of the four context mechanisms does each job.
In a large repo, getting the right context into the agent is not a prompt-length contest. It's an information-retrieval design problem. Stuffing more text in feels productive and rarely is. The real skill is engineering what the model can find and reach.
Cursor gives you four distinct mechanisms that do different jobs. Confusing them is the most common reason teams get mediocre output on big codebases.
- Indexing + semantic search
- How the agent discovers relevant code you didn't name. Broad recall across the repo.
- @-mention exact files/symbols
- How you give precision: pin the exact files, docs or symbols that matter. High signal, no guessing.
- MCP connectors
- How you pull in out-of-repo context: Jira tickets, Confluence pages, design docs, observability. The work item, not just the code.
- .cursorignore / scoping
- How you subtract context: keep secrets, vendored trees and generated artifacts out of indexing and out of the agent's reach.
The recall-vs-precision pattern
Use search/indexing for recall when you don't yet know where the relevant code lives. Use @-mentions for precision once you do. The skilled workflow is a funnel:
- 1Let semantic search surface candidates.
- 2Pin the exact files with @-mention so the agent works from ground truth instead of a fuzzy memory.
MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. brings the intent (the Jira ticket, the acceptance criteria) alongside the code, so the agent solves the actual business problem rather than its guess of it.
"My prompt is too long" is almost never the real problem.
The real problem is usually retrieval: the agent indexed the wrong things, you never pinned the exact files or the ticket's intent never made it into context. Fix retrieval, not verbosity.
.cursorignore does more than cut noise. It's how you keep .env, key material and PIIPersonally Identifiable Information. Data that can identify a person (names, emails, SSNs); regulated and sensitive.-laden fixtures out of the index and away from the agent.
Pair it with the enterprise guardrails: model/MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs./repo allowlists, terminal sandboxing, Privacy ModeCursor's setting that routes requests under zero-data-retention terms so providers don't store or train on your code.. Context scoping belongs in your blast-radius story, not in the footnotes.
Why precision beats volume - the token rationale
There's a concrete reason @-mention precision wins over pasting more code. An @-mention guarantees the file lands in context instead of hoping semantic search surfaces it - the model reads the exact file, finds the definitions and returns ground truth. @ isn't limited to files: reference a doc, or even a past chat (which summarizes it and reads the transcript, so you inherit the summary without dragging all prior context forward).
And there is a cost lever underneath the proximity rule from the rules section: rules and skills count toward tokens, but only when invoked. A skill costs nothing until the agent chooses it; an always-apply rule rides along on every submission. So glob-scope rules to the files they govern (e.g. *.tsx components) and they only load when a matching file is touched - keeping always-true rules out of unrelated context. Since Cursor 2.4, the harness's dynamic context discoveryThe agent pulling only the relevant parts of files, tools and MCP servers into context as needed, instead of loading everything up front. does the same thing automatically: it pulls in only what it deems relevant rather than loading every file/tool/MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. output, which is part of how it cuts agent tokens by roughly 47% even on other providers' models.
Takeaway. On a large repo, output quality is a retrieval problem, not a prompt-length one. Let search surface candidates, then @-mention the exact files.
Self-check
Change-shaping: 'agent completed' is not 'ready to merge'
After this you can shape an agent's output into a mergeable change using small diffs, tests as targets, plan-first and the ownership rule.
The most dangerous moment in agent-driven development is the green checkmark. "The agent finished" only means it stopped. It tells you nothing about whether the change is correct, scoped or safe to merge. Shaping the change is where senior engineers earn their keep.
The discipline, in four habits
- Small diffs. A reviewable PR is one a human can actually hold in their head. A mega-rewrite PR isn't a productivity win. It's an un-reviewable liability with a huge blast radiusHow much breaks if a change goes wrong; the scope of potential damage..
- Tests as targets. Point the agent at a failing test or a clear acceptance criterion and let it work toward green. "Make this pass" beats "improve this" every time.
- Plan before implement. Have the agent produce a plan you can review before it touches code. Redirecting a plan costs a sentence. Unwinding 600 lines costs an afternoon.
- No mega-rewrite PR. Decompose. If the agent wants to touch thirty files, that's a signal to split the work rather than rubber-stamp it.
When they ask "how do you keep AI from making a mess of the codebase," lead with change-shaping.
Say: small diffs, plan-first, tests as targets and the ownership rule. That answer signals you've run agents on a real team with real reviewers, not just a toy repo.
The ownership rule (memorize this)
"Generated code is owned by the developer who submits it. The agent is a tool; the human is accountable. There is no 'the AI wrote it' defense in code review."
This single rule resolves most of the cultural anxiety around AI code. It does three things at once:
- Preserves separation of dutiesNo single person can author, approve and deploy the same change. The core control AI autonomy has to respect. (the author is still distinct from the reviewer).
- Keeps accountability with a named human.
- Turns AI-code-tracking and audit logs into evidence rather than surveillance.
Provenance stays visible and responsibility stays clear.
Takeaway. "Agent completed" is a stopping signal, not a merge signal. Generated code is owned by the human who submits it, full stop.
Self-check
The agent surface: autonomy needs matching guardrails
After this you can place each agent surface on the autonomy ladder and name the guardrail that has to scale up with it.
Cursor's agent surface is a ladder of increasing autonomy:
- Inline Tab completions.
- The in-IDE agent.
- The CLI agent.
- Cloud agents running in isolated cloud VMs.
- The SDK for programmatic automation.
The governing law: every step up in autonomy demands a step up in guardrails. Each rung gives the agent more blast radiusHow much breaks if a change goes wrong; the scope of potential damage. between human checkpoints and your controls have to cover that gap.
Interactive diagram. Step through it with the Next and Previous controls below, or Tab to a region to read its detail.
As you move from Tab to SDK, the human moves from in-the-loop to on-the-loop to out-of-the-loop. Each rung up requires the prior rung's controls plus new ones: sandboxing, allowlists, plan gates and audit.
- Surface
- Tab
- Autonomy
- Lowest - single suggestion
- Human posture
- In the loop, every keystroke
- Guardrail that must scale up
- Trivial; you accept/reject inline
- Surface
- IDE agent
- Autonomy
- Multi-file change in your session
- Human posture
- In the loop, reviews the diff
- Guardrail that must scale up
- Plan-first, scoped context, you watch it run
- Surface
- CLI (
/debug, 3.1+) - Autonomy
- Headless, scriptable in terminal
- Human posture
- On the loop
- Guardrail that must scale up
- Terminal sandboxing, command allowlists
- Surface
- Cloud agents (3.5+)
- Autonomy
- Isolated cloud VMs, parallel multi-repo, async report-back
- Human posture
- On/off the loop
- Guardrail that must scale up
- Repo/model/MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. allowlists, no standing prod creds, audit logs
- Surface
- SDK
- Autonomy
- Programmatic, fully automated
- Human posture
- Out of the loop at runtime
- Guardrail that must scale up
- Policy-as-code, hooks, ZDRZero Data Retention. A contractual guarantee that the model provider won't store your code or train on it./Privacy ModeCursor's setting that routes requests under zero-data-retention terms so providers don't store or train on your code., hard scoping
| Surface | Autonomy | Human posture | Guardrail that must scale up |
|---|---|---|---|
| Tab | Lowest - single suggestion | In the loop, every keystroke | Trivial; you accept/reject inline |
| IDE agent | Multi-file change in your session | In the loop, reviews the diff | Plan-first, scoped context, you watch it run |
CLI (/debug, 3.1+) | Headless, scriptable in terminal | On the loop | Terminal sandboxing, command allowlists |
| Cloud agents (3.5+) | Isolated cloud VMs, parallel multi-repo, async report-back | On/off the loop | Repo/model/MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. allowlists, no standing prod creds, audit logs |
| SDK | Programmatic, fully automated | Out of the loop at runtime | Policy-as-code, hooks, ZDRZero Data Retention. A contractual guarantee that the model provider won't store your code or train on it./Privacy ModeCursor's setting that routes requests under zero-data-retention terms so providers don't store or train on your code., hard scoping |
Cursor 3.1 (Apr 2026) added CLI /debug; 3.5 (May 2026) shipped Cloud Agents in isolated VMs plus Composer 2.5.
Autonomy and guardrails move together or you have a problem.
High autonomy with low control is how you get a 2 a.m. incident. Pile heavy control on a trivial task and you've just bought friction. The art is matching the rung to the risk tier of the work.
Match the rung to the risk tier
A typo fix in a docs file and a change to the payments authorization path are not the same risk tier and they shouldn't get the same autonomy. Low-risk, well-tested surfaces can run further up the ladder with a lighter touch. High-risk, regulated paths stay low on the ladder, gated by a reviewed plan, mandatory human review and tight allowlists. The cloud agents' isolation (separate VMs, no standing production credentials) is precisely what lets you grant autonomy without granting blast radiusHow much breaks if a change goes wrong; the scope of potential damage..
What each rung actually is
- Cloud agent
- Spins up a Cursor-managed VM with its own desktop + terminal, checks out the repo, implements the work and opens a PR - running while your laptop is closed. Same models + same harness = same quality. The VM is torn down after, so the codebase doesn't persist; no local RAM/disk, so you can run many at once.
- CLI
- Brings the full Cursor harnessCursor's hosted layer around each model (context selection, caching, retries) that makes the same model run better and cheaper than calling it directly. - all modes, all exposed models - to the terminal, so you can pipe agents into scripts, CI pipelines and headless automation beyond the GUI.
- Agent SDK
- Programmatic access via one runtime-agnostic interface (local / Cursor Cloud / self-hosted - you pass the runtime). Patterns:
agent.prompt(fire-and-forget), a durable agent, andagent.resumeto preserve context across surfaces; inject MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs./skills/hooks at runtime. It's a superset of a skill/command - it takes the agent anywhere.
Foreground (local) is for decisions: interactive, ambiguous, security-sensitive or steered work where you watch every step. Background (cloud) is for execution: clear goals and acceptance criteria.
The decision test: if the output is reviewable through an artifact (image, recording, logs, diffs), push it async; if it's fuzzier, stay foreground. Foreground = exploring an API, a spike, a UI tweak you watch. Background = a refactor, migrating a branch, a database migration.
Anti-pattern: spinning up a background agent with a one-sentence 'refactor the whole codebase' prompt. Background work needs heavy upfront structuring - pull the specific tickets via MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. first.
Zero-data-retention terms and Privacy ModeCursor's setting that routes requests under zero-data-retention terms so providers don't store or train on your code. are real enterprise controls. The catch: ZDRZero Data Retention. A contractual guarantee that the model provider won't store your code or train on it. does NOT apply when developers use their own API keys.
If a team routes the SDK or agents through personal keys, you've quietly stepped outside the guarantee. Make key management part of the autonomy conversation.
Takeaway. Every step up the autonomy ladder demands a matching step up in guardrails, sized to the work's risk tier.
Self-check
QWhat's the principle that governs how Cursor's agent surfaces (Tab → IDE → CLI → cloud → SDK) should be deployed on a team?
The four prompt patterns and the capability map
After this you can name the four prompt patterns and pitch Cursor as a capability × SDLC-phase grid instead of a feature list.
On a team, freeform prompting is noise. Most real work collapses into four repeatable intents and naming them is how you get juniors to operate like seniors. Teach these four and you've taught the workflow.
"Map how auth flows through this service. Don't change anything."
Pure recall and understanding. The agent reads; it does not write. Safe, fast, the right way to start in unfamiliar code.
"Propose a plan to add rate-limiting to these endpoints. Show me before you implement."
Output is a plan a human approves. Cheapest place to catch a wrong approach.
"Rename this symbol everywhere, change nothing else, keep tests green."
Tight scope, explicit invariants, a test target. Small diff by construction.
"Summarize this diff, flag risky areas, draft the PR description and test plan."
Turns the agent into a reviewer's assistant. Speeds the human checkpoint without removing it.
The capability × SDLC-phase one-pager
Don't talk to a VP of Engineering feature-by-feature. Give them a grid of which capability earns its keep in which phase of the SDLC. That's the artifact that turns a demo into a rollout plan.
- SDLC phase
- Understand / onboard
- Primary pattern
- Explore (read-only)
- Surface
- IDE agent + search
- Where the value lands
- Faster ramp, fewer 'where does X live' interrupts
- SDLC phase
- Design / shape
- Primary pattern
- Plan a reviewable change
- Surface
- IDE agent + MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. (Jira/Confluence)
- Where the value lands
- Catch wrong approaches before code exists
- SDLC phase
- Implement
- Primary pattern
- Constrain a refactor
- Surface
- IDE / CLI agent
- Where the value lands
- Small diffs, tests as targets, house-style by rules
- SDLC phase
- Review
- Primary pattern
- Prepare human review + BugbotCursor's automated PR reviewer that posts inline findings and can push fix commits from isolated VMs.
- Surface
- Cloud / CI
- Where the value lands
- BugbotCursor's automated PR reviewer that posts inline findings and can push fix commits from isolated VMs. average review time ~90 seconds; findings support, not replace, human review
- SDLC phase
- Operate / maintain
- Primary pattern
- Explore + constrained fix
- Surface
- Cloud agents (parallel multi-repo)
- Where the value lands
- Bulk migrations, dependency bumps, async report-back
| SDLC phase | Primary pattern | Surface | Where the value lands |
|---|---|---|---|
| Understand / onboard | Explore (read-only) | IDE agent + search | Faster ramp, fewer 'where does X live' interrupts |
| Design / shape | Plan a reviewable change | IDE agent + MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. (Jira/Confluence) | Catch wrong approaches before code exists |
| Implement | Constrain a refactor | IDE / CLI agent | Small diffs, tests as targets, house-style by rules |
| Review | Prepare human review + BugbotCursor's automated PR reviewer that posts inline findings and can push fix commits from isolated VMs. | Cloud / CI | BugbotCursor's automated PR reviewer that posts inline findings and can push fix commits from isolated VMs. average review time ~90 seconds; findings support, not replace, human review |
| Operate / maintain | Explore + constrained fix | Cloud agents (parallel multi-repo) | Bulk migrations, dependency bumps, async report-back |
Box's results show the throughput story: 85%+ daily active, 30–50% throughput gains, 80–90% less migration effort, +75% usage in 6 weeks through structured mentorship. The mentorship is what produced the curve.
If asked to 'roll Cursor out to a 200-person org,' draw the capability × phase grid and overlay the autonomy ladder.
Then close with governance: Project RulesVersion-controlled instructions in the repo that every Cursor agent interaction inherits, so standards are encoded once. and AGENTS.md as the house style, ignore/allowlists as the blast-radius control, the ownership rule as the cultural anchor. A grid plus a ladder plus governance is what an org hears as a rollout.
Takeaway. Most team work collapses into four patterns: explore, plan, constrain a refactor, prepare review. Pitch them as a capability × phase grid, which reads as a rollout.
Self-check
Skills and sub-agents: customization as a team control
After this you can choose between a rule, a skill and a sub-agent for a given team need and explain the action-vs-role distinction.
Rules encode what. The two newer primitives encode how and who: skills and sub-agents. On a team they matter because they're the same kind of repo artifact a rule is - reviewable, shareable, centrally pushable - not a clever trick living in one person's head.
Skills: agent-invoked, an open cross-tool standard
A skill packages a prompt plus a deterministic standard path (a markdown-backed SKILL.md with name, description and instructions) so the model doesn't re-think a fixed multi-step process every run. Skills are a new open standard supported across Cursor, Claude Code and Codex, and they're portable project-to-project. The non-obvious mechanic: a skill is not auto-loaded every chat. The agent reads its name/description and pulls it in only when it judges it relevant (progressive disclosureHow skills load: the agent boots knowing only each skill's name and description, then pulls a skill's full instructions into context only at the moment it decides to use it.). If a skill isn't firing, the fix is almost always a better description.
Cursor's own engineers run a de-slop skill consistently at generation time: it evaluates model-written code and strips typical AI slop - generic variable/function names, verbose comments, over-engineering, unnecessary abstraction, bad boilerplate - and standardizes style.
It's published on Cursor's public marketplace as a reusable skill. That's the concrete shape of 'customization as a team control': one team writes it, everyone (and every agent) pulls it in.
Sub-agents: parallel work with isolated context
Sub-agents (shipped in Cursor 2.5) let a parent agent spawn smaller agents that run simultaneously, each with its own contained context window - solving the old multi-tab collision problem where two agents editing the same file would stall. Each sub-agentA child agent a main agent spawns to work in parallel with its own context window, handing results back so the parent's context stays clean. writes its findings to a file; the parent reads the file and pulls only the relevant part into its own context. The payoff: agents run faster, fill the parent context more slowly, cost fewer tokens, and the model stays accurate longer. Three are built in - Explore (understand the codebase), Bash (terminal), Browser - and you can author custom ones.
Static content applied always or to a file set.
'Use Tailwind.' '100% test coverage.' Decided ahead of time, always enforced.
A single codified action the agent takes when relevant.
The de-slop pass; 'here's the design system and how to apply it.' Replaces apply-intelligently rules.
A persona the parent spawns for a job.
The test-writer, the technical-writer for docs, a devil's advocate. Give it a role + description.
"A rule is what we always do. A skill is how we do a specific thing. A sub-agentA child agent a main agent spawns to work in parallel with its own context window, handing results back so the parent's context stays clean. is who does it. All three live under .cursor, go through review and can be pushed to the whole org - so customization is a governed control surface, not tribal knowledge."
Heuristic for the parallelism question: if task B is unrelated to task A, start a new chat; if B and C both depend on A's output but are unrelated to each other, use sub-agents. And remember the cost note from the context section - all three primitives sit in the context window, so they count toward tokens only when actually invoked.
Takeaway. A skill is a codified action (a how); a sub-agentA child agent a main agent spawns to work in parallel with its own context window, handing results back so the parent's context stays clean. is a role (a persona). Both are version-controlled, shareable team controls - not personal tricks.
Self-check
QA team wants every PR's generated code automatically cleaned of AI slop, and separately wants a dedicated 'test writer' persona the main agent can hand work to. Which primitive is each?