Cursor Product Mastery
Know the product cold - Agent, Tab, Rules, MCP, context
The core surfaces: Tab, Agent, Ask
After this you can explain Cursor's primary interaction modes and when each wins
An SA who fumbles the difference between Tab, Agent and Ask loses the room in the first ten minutes, because the room is full of engineers who already use one of them daily.
Cursor is not one feature with a chat box bolted on. It is three distinct interaction surfaces, each with its own latency budget, its own trust model and its own place in a developer's hands. Conflating them is the most common reason a rollout stalls: the team tries to do everything through Agent, gets burned by an over-eager edit and quietly retreats to plain autocomplete.
Your job is to make the boundaries crisp. When you can name the right surface for a given moment faster than the senior engineer in the room, you have earned the credibility to advise on the harder stuff.
Next-edit prediction: multi-line and cross-file completions that anticipate the change you're already making.
The everyday speed layer. Zero ceremony, sub-second, fires as you type.
Wins when a developer knows exactly what they want and just wants the keystrokes back.
Multi-step, multi-file autonomous edits driven by natural-language intent. Plans, reads the codebase, runs commands, applies a diff you review.
The headline AI-native workflow and the thing CTOs have heard about.
Wins on a real task with a verifiable end state: a refactor, a failing test, a ticket.
Question-answering and exploration over the codebase with no edits applied.
The understand-before-you-touch surface. Read-only by design.
Wins for onboarding, code archaeology and why does this work this way?
Choosing the surface in a real workflowthe distinction you'll teach a hundred times
The decision is mostly about how much you already know and how much you trust the change to land unsupervised. A developer who knows the exact edit reaches for Tab. A developer who knows the goal but not the path reaches for Agent. A developer who doesn't yet understand the terrain reaches for Ask.
- Situation
- You're mid-edit and the next few lines are obvious
- Reach for
- Tab
- Why
- Fastest path; you stay in flow and review inline
- Situation
- A ticket says "add rate limiting to the upload endpoint"
- Reach for
- Agent
- Why
- Multi-file work with a checkable end state
- Situation
- New hire trying to find where auth is enforced
- Reach for
- Ask
- Why
- Exploration without risk of an accidental edit
- Situation
- A flaky test you don't understand yet
- Reach for
- Ask, then Agent
- Why
- Diagnose first, then let Agent attempt the fix
- Situation
- A sweeping rename across the repo
- Reach for
- Agent
- Why
- Cross-file consistency is exactly its strength
| Situation | Reach for | Why |
|---|---|---|
| You're mid-edit and the next few lines are obvious | Tab | Fastest path; you stay in flow and review inline |
| A ticket says "add rate limiting to the upload endpoint" | Agent | Multi-file work with a checkable end state |
| New hire trying to find where auth is enforced | Ask | Exploration without risk of an accidental edit |
| A flaky test you don't understand yet | Ask, then Agent | Diagnose first, then let Agent attempt the fix |
| A sweeping rename across the repo | Agent | Cross-file consistency is exactly its strength |
The same task can move between surfaces as understanding grows.
In the live-demo round, narrate the surface choice out loud before you act: "This is a known edit, so I'll let Tab carry it," then later "This one I don't know the shape of, so I'm handing it to Agent."
That narration is the signal the panel is grading. It shows you teach the judgment, not just the keystrokes, which is what enablement actually is.
Demo moments that land
Toy snippets kill credibility. A scaffolded todo app proves nothing to a staff engineer who maintains a 400k-line monolith. The Agent demo that wins shows a real refactor in a repo that looks like the customer's world: extract a tangled function, thread a new parameter through five call sites, watch the agent run the test suite and self-correct on a failure.
Don't pitch Agent as a replacement for the developer's judgment. The skeptical senior hears "the AI writes the code" and shuts down.
Frame it as "the developer states intent, reviews the diff and stays the author of record." The human approval gate is the part that makes Agent safe to roll out.
Interactive diagram. Tab through its regions; each focused region shows its detail in the panel below.
Same feature, two framings; the right one keeps the senior engineer in the room.
Tab, Agent and Ask are the trio - but the surface map is much bigger nowdon't get caught describing last year's Cursor
The Tab/Agent/Ask story is correct but dated if you stop there. A year ago Cursor's core was just three things: Tab, codebase indexing and chat. It now ships constantly. The most current framing from the field team is that Cursor is an end-to-end SDLC control plane, not an editor: the same agent loop reaches across desktop, the agent window, web, mobile, the terminal, JetBrains and the cloud. An SA who still pitches "AI VS Code" is selling the 2024 product.
Cursor 3Cursor's agent-forward interface (also called the agent window or Glass), built to run and supervise many agents at once rather than edit one file. - internally called Glass or "the agent's window" - is an agent-forward interface redesigned from the ground up to manage many parallel agents rather than edit one file. It sits one abstraction level above the editor: it shows every workspace across local and cloud, multiple repos and archived/active agents at once.
The driving rationale is the line to quote: as models improved, the team "needed to focus less and less on the output of the model and more and more on the outcome." You can still toggle back to the classic editor view (explorer left, code center, terminal bottom, agent pane right) - code and terminal are never hidden.
The other correction to make crisp: the mode dropdown changes the toolset, not the model. Picking Agent, Plan, Debug or Ask gives the same underlying model a different set of tools. New users assume "Ask modeA read-only mode for asking questions about a codebase without changing files; the safe way to explore unfamiliar or legacy code. = a weaker model"; it's the same model with a read-only toolset. Get this right and you'll save the room a recurring confusion.
- Mode
- Agent (default)
- What the toolset can do
- Everything: write code, run the terminal, make plans and to-dos
- When it wins
- A real task with a verifiable end state
- Mode
- Plan
- What the toolset can do
- Researches the whole indexed codebase and outputs only an editable plan - no edits until you switch to Agent
- When it wins
- Scoping a non-trivial change before any code is written
- Mode
- Debug
- What the toolset can do
- Walks you through reproduction, adds instrumentation, watches terminal/debug logs
- When it wins
- Diagnosing a symptom like "my search bar isn't working" (distinct from BugBot, which is PR review)
- Mode
- Ask
- What the toolset can do
- Read-only Q&A over the codebase; output stays in chat
- When it wins
- Onboarding to a new or legacy repo; non-technical users
| Mode | What the toolset can do | When it wins |
|---|---|---|
| Agent (default) | Everything: write code, run the terminal, make plans and to-dos | A real task with a verifiable end state |
| Plan | Researches the whole indexed codebase and outputs only an editable plan - no edits until you switch to Agent | Scoping a non-trivial change before any code is written |
| Debug | Walks you through reproduction, adds instrumentation, watches terminal/debug logs | Diagnosing a symptom like "my search bar isn't working" (distinct from BugBot, which is PR review) |
| Ask | Read-only Q&A over the codebase; output stays in chat | Onboarding to a new or legacy repo; non-technical users |
Same model in each row - the mode is the toolset, not a different brain.
Tab is Cursor's original signature feature - it put Cursor on the map - but the world has moved to agents: Cursor now sees roughly 2x as many agent users as Tab users, and ~15x agent-use growth across customers over the past year.
Use that stat to steer where a team invests learning effort: Tab is still the everyday speed layer, but the durable value (and the thing a CTO has heard about) lives in Agent and the async surfaces.
- Desktop IDE / editor view
- The classic editor; Tab, inline edit and the agent pane
- Agent window (Cursor 3 / Glass)
- The agent-forward default; manage many local and cloud agents at once
- Web + mobile / PWA
- Run Cursor as a PWA on a phone; kick off and review agents away from the laptop
- CLI
- The full harness in the terminal, pipeable into any workflow or CI
- JetBrains (IntelliJ / PyCharm)
- Cursor's agent loop inside JetBrains IDEs via the ACPAgent Client Protocol. An open standard that lets any IDE host any coding agent; Cursor uses it to run inside JetBrains/IntelliJ and Android Studio. partnership
- Cloud agents, BugBot, Agent SDK
- Async agents on their own VMs, AI PR review, and programmatic agent access
You don't demo all of these - but naming them is what separates "editor" from "SDLC platform" in the buyer's head.
Takeaway. Tab is the speed layer, Agent is the intent-to-diff layer and Ask is the understand-first layer; the SA's value is teaching engineers to pick the right one by reflex. Modern Cursor is an end-to-end SDLC platform (Glass agent window, CLI, JetBrains, cloud), and the four modes change the toolset, not the model.
Self-check
QA senior engineer says: "I tried Cursor, let the agent loose on a ticket and it made a mess across six files. Not for me." Which surface would you steer them toward first and how do you reframe Agent?
Context engineering: indexing, @-references, context window
After this you can explain how Cursor builds context and why that determines output quality
The single biggest determinant of whether a team loves or abandons Cursor is not the model. It is the context the model receives.
Every response Agent or Ask produces is grounded in a slice of the codebase assembled at that moment. Get that slice right and the output looks like it was written by someone who knows the repo. Get it wrong and you get confident, plausible, completely off-base code. The team blames "the AI," but the failure was upstream.
How Cursor assembles context
- 1Codebase indexing. Cursor computes embeddings of your repository so it can retrieve semantically relevant files for a given prompt, rather than relying on whatever happens to be open. This is the retrieval layer that grounds responses in your code.
- 2Implicit context. The currently open file, the selection, recently viewed files and linter errors get pulled in automatically. Useful, but never assume it's enough for a non-trivial task.
- 3Explicit context via @-symbols. You hand the model exactly what it needs:
@files,@folders,@docsand@web. This is the lever a skilled user pulls constantly. - 4The context window. Everything assembled has to fit a finite budget. Stuffing in ten irrelevant files crowds out the two that mattered, so curation beats volume.
Interactive diagram. Tab through its regions; each focused region shows its detail in the panel below.
Retrieval and your @-curation feed one finite budget; the window is the gate everything must fit through.
- @files
- Pin a specific file the model must consider, e.g. the interface a change must conform to
- @folders
- Scope the model to a subsystem without naming every file
- @docs
- Bring in indexed external/library docs so the model uses the real API, not a hallucinated one
- @web
- Pull live information for things outside the codebase, like a changelog or RFCRequest for Comments. A written design proposal circulated for feedback before anything gets built.
Curating these is a learned skill and it's the skill that separates a power user from a tourist.
The model can only reason over what it can see. Ask it to "add a field to the user model" with no context and it invents a plausible model that doesn't match yours.
Hand it @models/user.ts plus the migration folder and the same prompt produces a change that fits your schema, your naming and your conventions.
This is why context management is where most failed AI-tool rollouts actually fail. Teams expect telepathy, get confident wrong answers and conclude the tool is hype. The fix is rarely a different model. It's a workflow habit.
Coaching context as a habit
- Teach the reflex "before I prompt, what does the model need to see?" Make it the first beat of every Agent task, not an afterthought when output disappoints.
- Standardize
@docsfor the team's core libraries during enablement, so nobody fights a model that's guessing at an API surface. - Show the failure on purpose: run a vague prompt, let it produce nonsense, then add two
@filesand rerun. The before/after is more convincing than any slide.
"Cursor is only as good as what it can see. Most teams that say 'it doesn't understand our codebase' are giving it nothing to work with. Ten minutes on context habits usually does more for satisfaction than switching models ever will."
The mechanics behind the habits (and the numbers that sell them)what to know cold when an engineer challenges you
Senior engineers will press on how indexing works, especially on the security angle. Here's the precise mechanic: on first open Cursor chunks the repo into functions/pieces and generates vector embeddings; the embeddings are hashed and stored, but the raw code is held only ephemerally and then deleted - the only long-term store is the vector DB. At prompt time, semantic search pulls the most relevant chunks into context. The .cursorignore file lists files Cursor should never index or view, which is the control surface for sensitive code.
Other tools lean on grep (substring search), which is slow and degrades on a large production codebase. Because Cursor indexes the whole repo into a vector DB, it understands what you semantically mean and stays fast - even an ambiguous prompt like "change the button to blue" returns an applicable result.
This is the differentiator that lets cloud agents work in very large repos: the field team demos it on Grafana - roughly 2M+ lines and 30,000 files - where substring search stalls.
On @-mentions, sharpen the contrast you teach: tagging the exact file with @ guarantees that file lands in context, rather than hoping semantic search retrieves it. Asking "what color is the badge?" forces the agent to search the whole app; @badge.tsx plus "what's the hex for the badge background?" makes it read one file and return the right answer. @ isn't limited to files either - you can reference a past chat, which summarizes it and reads the transcript, so a new agent inherits the summary without carrying all prior context forward.
Output quality drops steeply as the window fills - presenters converge on staying under ~60-65%, and several move on at ~50%. A bottom-right indicator shows fullness and its makeup; if you're already 50% full before sending a prompt, you likely have too many MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs./tool integrations loaded.
Past the limit Cursor runs compaction (compressing prior context), which can behave like not having that context at all - while you still pay for all the tokens. The fix is to start a fresh agent per new topic, not to keep one mega-chat alive.
When a buyer assumes Cursor just forwards prompts to model providers, correct it: there's deep proprietary cloud infrastructure - the Cursor harnessCursor's hosted layer around each model (context selection, caching, retries) that makes the same model run better and cheaper than calling it directly. - doing optimization, context enrichment, caching and compaction around the model, tuned per frontier model.
The proof point to quote: combined with dynamic context discoveryThe agent pulling only the relevant parts of files, tools and MCP servers into context as needed, instead of loading everything up front. (the agent pulls in only what it deems relevant rather than loading everything), the harness reduces agent tokens by ~47% even when running another vendor's model - and independent analysis shows the same model performs better in Cursor's harness than elsewhere.
The SE's own superpower: your product's codebase as supercharged docsthe one habit field engineers report using all day
The highest-leverage move an SE makes with their own seat: connect Cursor to the foundational repositories of the product you sell (within your version-control access) and ask the actual codebase natural-language questions. How does this service work. How does indexing turn code into vector embeddings, and what are the embedding sizes. Was this path deprecated, is it behind a feature flag, where does it live. You're not reading docs that lag the code. You're reading the code.
That's what lets you answer the specific RFP and security questions authoritatively instead of promising a follow-up: what's the data-retention behavior, does customer data ever leave the cloud environment, is this control configurable. Keep the repo open all day, even during calls, so the answer is one prompt away.
"This is like the most supercharged docs you could possibly think of. I use this all day every day."
Takeaway. Indexing retrieves, @-symbols curate and the context window caps; teach "what does the model need to see?" as a reflex and most adoption complaints disappear.
Self-check
Rules, .cursorrules and standardization
After this you can use Rules to encode org standards and make adoption consistent
Rules are the SA's single most impactful lever, because they turn tribal knowledge that lives in three senior engineers' heads into a standard the model follows for everyone.
Left to defaults, every developer gets slightly different output: different patterns, different libraries, different opinions on error handling. That variance is fine for one person experimenting. Across a 300-engineer org it's chaos and it's the thing a VP of Engineering worries about when they hear "we're rolling out AI coding."
Rules are how you answer that worry. They are persistent instructions that get injected into the model's context so its behavior conforms to your conventions, your stack and your guardrails.
The shape of Rules
- Scope
- Project RulesVersion-controlled instructions in the repo that every Cursor agent interaction inherits, so standards are encoded once.
- Lives where
- In the repo (versioned, reviewable)
- Use it for
- Stack conventions, architecture boundaries, the team's house style
- Scope
- User Rules
- Lives where
- Per-developer settings
- Use it for
- Personal preferences that shouldn't be forced on the team
- Scope
- .cursorrules (legacy)
- Lives where
- Single file at repo root
- Use it for
- Older single-file form; modern setups favor structured project rules
| Scope | Lives where | Use it for |
|---|---|---|
| Project RulesVersion-controlled instructions in the repo that every Cursor agent interaction inherits, so standards are encoded once. | In the repo (versioned, reviewable) | Stack conventions, architecture boundaries, the team's house style |
| User Rules | Per-developer settings | Personal preferences that shouldn't be forced on the team |
| .cursorrules (legacy) | Single file at repo root | Older single-file form; modern setups favor structured project rules |
Project Rules being versioned in the repo is the key property: they review and ship like code.
Because Project RulesVersion-controlled instructions in the repo that every Cursor agent interaction inherits, so standards are encoded once. live in the repository, they go through pull-request review like any other change. A new convention gets proposed, debated, merged and from that moment every Agent run in the repo respects it. That is org-wide consistency without a single all-hands.
# .cursor/rules/api-conventions.md - Use the existing `Result<T, E>` type for fallible functions; never throw across module boundaries. - All new HTTP handlers go in `src/api/` and must register in `src/api/router.ts`. - Database access only through the repository layer in `src/db/repos/`; no raw SQL in handlers. - Prefer `zod` schemas for request validation; reuse schemas from `src/schemas/` when one exists.
Good rules vs. bloated rules
Concise and specific: "use the repository layer for DB access" beats a paragraph of philosophy.
Testable: you could check whether the model followed it.
Scoped to what actually causes inconsistency, not every preference imaginable.
A 600-line file restating the whole style guide; the signal drowns and output degrades.
Vague aspirations like "write clean, maintainable code" that give the model nothing to act on.
Contradictory rules accreted over a year that nobody pruned.
More rules is not better. Every rule spends context budget and competes with the actual task; a bloated file makes output worse, not safer.
Treat the rules file like code you maintain: prune dead rules, keep each one earning its place.
Why this drives expansion
Standardized Rules are how you go from one happy team to a happy org. A pilot team builds a strong rules set, it gets battle-tested and you template it for the next team's stack. New teams inherit a known-good baseline instead of rediscovering the same lessons. That repeatable pattern is exactly the land-and-expand motion an SA owns.
In the demo, edit a rules file live and rerun the same Agent prompt. The output visibly changes to honor the new convention.
That one moment makes the abstract concrete and shows the panel you can teach the most important enablement concept in the product.
The four rule types and exactly when each firesthe most-asked topic in the field - know it cold
"Scope" (project vs user vs legacy) is one axis, but the axis engineers actually ask about is firing: when does a given rule get injected? There are four types, set in each rule's header. You create them via Settings > Rules, Skills, and Sub Agents > project > Rules > New, which writes an .mdc (Markdown) file under .cursor/rules with a header carrying name, description and apply setting.
- Rule type
- Always Apply
- When it fires
- Attached to every single prompt
- Use it for
- The basics: tech stack, what you're building, a few hard constraints
- Rule type
- Apply Intelligently
- When it fires
- Agent reads your description and invokes it when it judges it relevant
- Use it for
- Conditional guidance the model should pull in by topic
- Rule type
- Apply to Specific Files
- When it fires
- Only when a file matching the glob (e.g.
*.tsx) is touched - Use it for
- Subsystem conventions, kept out of unrelated context
- Rule type
- Apply Manually
- When it fires
- Only when you
@-mention it while prompting - Use it for
- Heavy content like a full style guide, run as an on-demand audit
| Rule type | When it fires | Use it for |
|---|---|---|
| Always Apply | Attached to every single prompt | The basics: tech stack, what you're building, a few hard constraints |
| Apply Intelligently | Agent reads your description and invokes it when it judges it relevant | Conditional guidance the model should pull in by topic |
| Apply to Specific Files | Only when a file matching the glob (e.g. *.tsx) is touched | Subsystem conventions, kept out of unrelated context |
| Apply Manually | Only when you @-mention it while prompting | Heavy content like a full style guide, run as an on-demand audit |
Glob-scoping is also a token lever: a file-scoped rule never loads on unrelated work.
The dominant rules anti-pattern: cramming directives into an always-apply rule. The model does best with the least to attend to, and an always-apply rule with 300 directives silently appends "also do these 300 other things" to every prompt - so output gets worse, not safer.
Build rules reactively, not preventively: keep always-apply to stack/constraints, and add a directive only after the model makes the same mistake a few times. Don't write "just in case" rules and don't replace your linter with a rule - that just burns tokens injecting rule content into every call. As models improved, best practice loosened: today they need fewer behavioral instructions than they did 18-24 months ago.
A manually-applied rule is also the cleanest demo of instructed behavior across parallel agents. Write a small Markdown rule with one directive - "keep it simple," or a strict code-reviewing directive - then @-tag it into just one chat. That agent becomes a code-reviewing agent; the agent next to it, untagged, doesn't inherit the rule at all.
Narrate it: "This agent will keep it simple. This one won't have that rule applied. So I can dictate the behavior of one agent through project rules that are applied manually." One window becomes a planning agent, another a reviewer, another a plain prompter - each shaped by which rule you tagged, not by a global setting.
Rules vs. Skills vs. Commandsthe primitive engineers most often blur
Rules are no longer the only standardization primitive, and an SA who can't draw the line loses credibility with a platform team. The clean framing: a rule is more a "what" (use Tailwind; 100% test coverage); a skill is more a "how" (here's the design system and how to apply it). Skills are an open cross-tool standard - supported across Cursor, Claude Code and Codex - that the agent auto-discovers from a name/description and invokes only when relevant (progressive disclosureHow skills load: the agent boots knowing only each skill's name and description, then pulls a skill's full instructions into context only at the moment it decides to use it.: if a skill isn't firing, the fix is usually a better description). Commands are explicit slash-triggered workflows.
Static content, applied always or to a file glob.
Decided ahead of time, always enforced when in scope.
Best kept to one-sentence always-apply basics (e.g. "never leave AI slop comments").
Dynamic capability the agent discovers and invokes when relevant.
The more capable replacement for "apply intelligently" rules - the agent is trained to invoke them more reliably and they can hold templates/workflows.
A native Cursor skill even converts an old rule into a skill.
An explicit workflow triggered by a forward slash.
For recurring multi-step jobs you launch on demand.
All three live under .cursor and ride in the context window, so all three count toward tokens.
Distribution scopes - the governance backbonehow a standard actually reaches the whole org
Versioned Project RulesVersion-controlled instructions in the repo that every Cursor agent interaction inherits, so standards are encoded once. answer one team's consistency; an org needs distribution. Rules, skills, commands and hooks apply at three scopes: user-level (only you), repo-level (committed, anyone with repo access) and team/org level via Teams Marketplaces - org-wide configs with sub-team variants (one set for the design team, another for backend infra). Admins can push skills, hooks and MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. integrations centrally to the whole team.
.cursor is git-ignored by default - you unignore what you want committed. To keep a personal rule set private, create it in the rules directory and add it to .gitignore.
Before org-level rules existed (and still in use): keep a shared rules repo and add it as a root folder via a multi-root workspace, so several repos inherit one known-good baseline.
Takeaway. Project RulesVersion-controlled instructions in the repo that every Cursor agent interaction inherits, so standards are encoded once. versioned in the repo turn tribal knowledge into machine-enforced standards; keep them concise and testable and template a known-good set to accelerate team-to-org expansion. Know the four firing types, build rules reactively (the '300 other things' trap), reach for skills as the better 'apply intelligently', and distribute org-wide via Teams Marketplaces.
Self-check
QWhy are Project RulesVersion-controlled instructions in the repo that every Cursor agent interaction inherits, so standards are encoded once. (versioned in the repo) a stronger standardization lever than asking each developer to maintain their own User Rules?
MCP & integrations
After this you can explain Model Context Protocol and connecting Cursor to internal systems
MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. is the difference between an agent that knows your code and an agent that knows your company.
Model Context Protocol is an open standard for connecting Cursor to external tools, data and context sources. Instead of the agent being boxed inside the repository, MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. servers let it reach your ticketing system, your internal docs, your observability stack and proprietary services. The protocol being open matters: it means integrations aren't a closed marketplace you wait on, they're something the customer's platform team can build for their own systems.
Enterprise use cases that move the needle
Wire in internal design docs and runbooks so the agent answers with the company's actual decisions, not generic patterns.
Connect a service catalog so it knows which internal library to use instead of inventing one.
Pull a ticket straight from the issue tracker so an Agent run starts from the real requirement.
Query observability or logs so a fix is grounded in the actual error, not a guess.
Generic AI assistance is a commodity. An agent fluent in this company's internal context is not.
Every MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. server a customer builds deepens the integration, raises switching cost and opens a new expansion conversation. MCP is both a moat and a land-and-expand engine.
Governance when MCP touches sensitive systems
The moment an MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. server can read a production database or a customer-data API, security has a legitimate seat at the table. You don't wave this away. You scope it.
- Treat each MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. server as a new integration point with its own access scope; least-privilege beats "give it everything and see."
- Be explicit about what data flows where, especially when a server reaches systems with regulated or customer data.
- Align MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. rollout with the same review process the customer uses for any internal tool that touches sensitive systems and bring security in early rather than retrofitting approval.
- Distinguish read-only context servers from action-taking servers; the risk profile and the approval bar differ sharply.
Specific admin controls and the exact security posture for MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. in a given Cursor deployment evolve; confirm the current capabilities rather than asserting from memory.
In an interview, it reads as senior to say "here's how I'd scope and govern this and here's what I'd confirm with your security team" instead of overclaiming.
Scoping an MCP integration in a rollout plan
- 1Pick a painful, bounded use case. One integration that removes real friction beats five speculative ones. "Pull the ticket into the agent" is a strong first target.
- 2Map the data path. What does the server read, what does it write, where does that data go, who approves it.
- 3Get security in the room early. Scope access to least-privilege and align with their existing internal-tool review.
- 4Pilot with one team, measure, then template. Prove value on a small surface, capture the setup and reuse it as you expand to the next team.
Named integrations that move the needlestop demoing MCP conceptually - name the servers
The most common MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. demo failure is abstraction: "you can connect your tools." Be concrete. The framing that lands is MCP as the "connective tissue" layer that keeps everything inside Cursor so engineers stop swapping tools, losing flow state and burning mental bandwidth across many sources of truth. Then show a real server doing real work.
The headline use case: with the Atlassian MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. connected, an engineer typed only "implement GRAPH-59" - the agent recognized it as a Jira ticket, pulled the full issue details, made a plan and built the feature. The ticket is the brief.
The Linear MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. does the same shape of work: ask "what's the project description for bookmarks?" without opening Linear, and use it for bug-dedup (check whether a bug already exists, else create a ticket). This is the beat that turns a conceptual MCP demo into a workflow a platform lead can picture on Monday.
- Atlassian (Jira) / Linear
- Ticket-as-brief: "implement GRAPH-59" pulls full issue details, plans and builds; bug-dedup and project lookups
- Databricks (read-only SQL)
- The agent can fetch data but never drop prod tables - the canonical least-privilege example
- Notion / Datadog
- Log every PR an approver automation handles for audit; fetch incident logs during triage
- Slack / your own functions
- Notifications aren't Slack-only; any MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. (or a custom email function) can be wired into the loop
Plugins pre-package these so nobody hand-edits MCP JSON - one Atlassian plugin install can bring several skills plus the MCP server.
There's a failure mode beyond "no tools found": loading every tool of an MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. server can blow up the context window. If MCP is eating context (you're already half-full before prompting), audit installed integrations and trim to what the workflow actually uses.
This is also why dynamic context discoveryThe agent pulling only the relevant parts of files, tools and MCP servers into context as needed, instead of loading everything up front. matters - the agent pulls only relevant tool output into the window rather than loading all of it.
Takeaway. MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. connects the agent to the company's own tools and docs, turning generic assistance into org-aware impact; scope each server least-privilege, bring security in early and template a proven integration to drive expansion. Name real servers (Atlassian/Linear ticket-as-brief, read-only Databricks) and watch for context bloat.
Self-check
Models, modes and judgment
After this you can advise on model selection and on rejecting bad AI output
Cursor explicitly prizes the judgment to reject bad AI output and an SA who can't teach that judgment is selling autocomplete with a bigger marketing budget.
Model selection comes up in every demo and most discoveries and the honest answer is that it's a trade-off, not a leaderboard. Faster models keep you in flow and cost less per call. More capable models reason through harder, multi-step work but cost more and run slower. Auto-selection routes the task to a reasonable default so most developers don't have to think about it.
- You optimize for
- Flow and quick edits
- Lean toward
- A fast model
- Real cost
- May stumble on genuinely hard, multi-file reasoning
- You optimize for
- Hard refactors and tricky bugs
- Lean toward
- A more capable model
- Real cost
- Slower and more expensive per task
- You optimize for
- Not having to choose
- Lean toward
- Auto-selection
- Real cost
- Less control on the rare task where the choice matters
| You optimize for | Lean toward | Real cost |
|---|---|---|
| Flow and quick edits | A fast model | May stumble on genuinely hard, multi-file reasoning |
| Hard refactors and tricky bugs | A more capable model | Slower and more expensive per task |
| Not having to choose | Auto-selection | Less control on the rare task where the choice matters |
Capabilities and names change; teach the trade-off, then confirm the current model lineup.
The exact models, prices and Auto behavior shift over time. Coach the trade-off framework and check the current lineup before quoting specifics.
Reasoning from the trade-off reads as more credible than reciting a list that may be stale by the interview.
The decision tree the field team actually usesAuto first, then thinking vs non-thinking, then traits
When an engineer asks "which model should I pick?", don't hand them a leaderboard - hand them an order of operations. Auto modeA router that reads your prompt and picks a model for you, defaulting to Composer; you steer it with cues like "quickly" or "carefully". is the daily driver: a managed Cursor service that dispatches your prompt to a short list of frontier code models based on which have open capacity at the time, prioritizing runtime speed. It offboards model selection entirely. You only turn Auto off when you need a specific model's characteristics for the task in front of you.
"Typically I'm going to use auto mode as my daily driver. It dispatches your prompt to a short list of frontier large language models based on models that have open capacity at the time."
- 1Start with Auto. Let Cursor route the task. For most everyday work the choice doesn't matter enough to spend attention on it.
- 2Turn Auto off only for a reason. You want a named model's specific traits - then decide thinking vs non-thinking.
- 3Thinking vs non-thinking first. Reach for a thinking modelA reasoning model (shown with a brain icon in Cursor's picker) that spends extra compute before answering; reach for it on complex, nuanced work and a standard model for fast, simple tasks. on plans, complex environments and security/codebase scans: slower but smartest. It's overkill for simple tasks.
- 4Then weigh traits. A frontier model like GPT-5.x can be verbose and overthink trivial tasks, but it's excellent at writing documentation and clear natural-language explanations. Match the trait to the job.
Interactive widget. Tab through its controls; the result updates in the panel below as you change them.
Plan with a thinker, execute with a fast model.
Auto handles the default; the decision tree only matters when you deliberately override it for a model's traits.
Agent autonomy vs. manual control
More autonomy is appropriate when the task has a verifiable end state and a cheap rollback: a feature branch, a test suite that will catch regressions, a diff a human approves before merge. It's risky when the blast radiusHow much breaks if a change goes wrong; the scope of potential damage. is large, the change is hard to verify or the work touches something that's expensive to get wrong. The skill is matching autonomy to reversibility.
- High autonomy fits
- Scoped task, tests in place, isolated branch, human reviews the diff before merge
- Dial it back when
- Large blast radiusHow much breaks if a change goes wrong; the scope of potential damage., hard-to-verify change, touches production-critical or regulated paths
Interactive diagram. Tab through its regions; each focused region shows its detail in the panel below.
Autonomy should track reversibility: the safer the change is to undo, the more rope the agent gets.
The judgment Cursor actually hires for
Cursor bans AI in its own technical screens because it treats coding-without-AI as a clean read on whether you can evaluate code rather than just produce it. That tells you what the culture values: the engineer who reads a suggestion, spots that it's subtly wrong and rejects it is worth more than one who pastes raw output and ships. The whole product thesis assumes a human with taste stays in the loop.
"The win isn't accepting more AI code. It's accepting the right AI code faster and rejecting the rest with confidence. The developer is still the author; the agent just drafts faster than they can type."
Teaching trust-but-verify during enablement
- Make review non-negotiable: every Agent diff gets read before it's accepted, exactly as a human PR would.
- Normalize rejection. Show the team a wrong-but-plausible suggestion in a session and reject it out loud, so they learn rejection is the skill, not a failure of the tool.
- Connect model behavior to outcomes they care about: faster drafts only help if review load stays sane and incident risk doesn't creep up.
- Model behavior
- Output quality and fit to conventions
- Outcome the buyer tracks
- Review load and PR cycle time
- Model behavior
- Appropriate autonomy
- Outcome the buyer tracks
- Incident risk and rollback frequency
- Model behavior
- Good context and rules
- Outcome the buyer tracks
- Developer satisfaction and seat utilization
| Model behavior | Outcome the buyer tracks |
|---|---|
| Output quality and fit to conventions | Review load and PR cycle time |
| Appropriate autonomy | Incident risk and rollback frequency |
| Good context and rules | Developer satisfaction and seat utilization |
Tie every model conversation back to a metric the economic buyer already watches.
When the demo agent produces something subtly wrong, don't hide it. Catch it, explain why it's wrong and reject it.
That moment proves the judgment Cursor screens for and is far more persuasive than a flawless rehearsed run that looks too good to be real.
Takeaway. Model choice is a speed/cost/capability trade-off best taught as a framework, autonomy should match reversibility and the judgment to reject bad output is the skill Cursor's culture prizes most.
Self-check
QDuring your demo, the agent produces code that looks reasonable but is subtly wrong. What do you do and why does it matter for this role?
The demo walkthrough: a runnable spine
After this you can run a concrete end-to-end demo that proves judgment, not just speed
A great demo is a spine, not a script: plan first, let the model surface a discrepancy, verify in the browser and hand back proof. The four beats below survive an unexpected codebase and let you narrate judgment at every step.
The single biggest workshop recommendation across Cursor's own field sessions is the same one that makes a demo land: start in Plan modeA mode that makes no edits: it researches the codebase and produces an editable plan you review before any code changes.. It's the antidote to the "agent went rogue across six files" story, and it's where you can show thinking out loud before any code is written.
- 1Beat 1 - Plan modeA mode that makes no edits: it researches the codebase and produces an editable plan you review before any code changes.. Switch to Plan mode and give the goal. It makes no edits: it researches the whole indexed codebase, follows existing paradigms and outputs a hyperlinked Markdown plan (scope, implementation, tests, concrete to-dos, often a data-flow diagram). Editing the plan costs zero tokens, so you converse or edit the Markdown directly - and teammates can sign off before execution.
- 2Beat 2 - Surface a discrepancy. Let Plan modeA mode that makes no edits: it researches the codebase and produces an editable plan you review before any code changes. ask its clarifying questions instead of rushing past them. This is the moment that wins skeptics.
- 3Beat 3 - Execute, then verify in the browser. Switch to Agent to run the to-dos, then open the built-in browser, give a plain-language directive and watch the change render while Cursor surgically edits only the necessary files.
- 4Beat 4 - Hand back proof. Show artifacts: the agent self-tests, records a video and screenshots and can upload the walkthrough straight to the PR.
In a real session, a PRDProduct Requirements Document. The spec describing what to build and why. said to "use authenticated users," but the agent saw no authentication in the app - so it paused and asked how to handle the gap (build full auth now, or ship a local-first V1?). Reframe clarifying questions as a feature, not friction: the gap-catching is a key reason planning works.
Tee it up by handing Plan modeA mode that makes no edits: it researches the codebase and produces an editable plan you review before any code changes. a deliberately under-specified prompt, then narrate: "Notice it didn't guess - it found the contradiction and asked. That's the judgment we're rolling out, not a tool that fills in blanks silently."
Generating the plan with a frontier/thinking modelA reasoning model (shown with a brain icon in Cursor's picker) that spends extra compute before answering; reach for it on complex, nuanced work and a standard model for fast, simple tasks. is cheap because the expensive model only reasons about the approach - it doesn't output all the code. Then a faster, cheaper coding model executes the to-dos. "Since we did the plan, we were token efficient; we did not have to output all the code, just reason about it."
Credibility support to cite: a University of Chicago study found more experienced developers are more likely to plan before generating, especially with AI tools - so plan-first isn't a beginner crutch, it's what strong engineers already do.
The built-in browser is a full browser inside the editor: open any URL, render your running app, and say something like "increase the heading padding on the overview page" - then watch it render while only the necessary files change. Three sub-agents back this: explore, bash and browser.
Artifacts are the proof layer: a cloud agent navigates its own virtual desktop, tests the change, records a video and screenshots, and on completion returns the walk-through plus type-checks and test results - uploadable directly to the PR. The routing rule: if the output is reviewable via an artifact, push it async; if it's fuzzier, stay foreground.
Two opening moves before the spinehow field engineers set up a demo that fits the prospect
The four beats assume you already have a repo that looks like the customer's world. Field engineers don't keep a shelf of pre-baked templates. They build the environment live. Open a brand-new Cursor window on a totally blank editor, then prompt the agent to populate a repo tailored to the prospect's exact scenario - a COBOL codebase to refactor, a service that mirrors their stack. Describe the environment, why it's set up that way and the workflow it should facilitate, and you get a runnable repo in minutes instead of hand-wiring dependencies for days. Pre-baked demos become fully bespoke demos, built per call.
"Now I can just prompt Cursor to build me out a repository that can facilitate a certain outcome."
The second opening move proves comprehension of a complex or legacy codebase, which is the exact fear in a modernization conversation. After a high-level analysis, prompt the agent: "build me an architecture diagram written in Mermaid and saved to a Markdown file." The agent broadly scans the repo and produces a visual asset. Preview it in Cursor's Markdown preview with ⌘⇧V and you get a clean visual breakdown that proves Cursor actually understands the dependencies. The same ⌘⇧V trick renders any generated demo narrative or plan nicely.
It answers the legacy buyer's unspoken question - "can this thing even understand our mess?" - with a diagram drawn from their actual repo, not a slide.
Pair it with the codebase-as-docs habit: scan, diagram, then ask the codebase pointed questions live. That sequence reads as mastery, not a rehearsed script.
Tie the spine back to the role: the demo isn't proving Cursor types fast. It's proving the workflow you'll coach - plan, interrogate, verify, prove - which is exactly the trust-but-verify discipline that makes a rollout safe.
Takeaway. Run the demo as a four-beat spine - Plan modeA mode that makes no edits: it researches the codebase and produces an editable plan you review before any code changes., a surfaced discrepancy, browser verification, artifacts as proof - so you demonstrate judgment and a coachable workflow rather than raw speed. Plan-first is token-efficient and is what experienced developers already do.
Self-check
QWhy open your demo in Plan modeA mode that makes no edits: it researches the codebase and produces an editable plan you review before any code changes. rather than letting Agent execute immediately, and what's the one moment you most want to provoke?