Enterprise DNA

Omni by Enterprise DNA

Enterprise DNA Resources

Step-by-step how-tos. Practical AI operating-system thinking for owners, operators, and teams doing real work.

220k+

Data professionals

Omni

AI agents and apps

Audit

Map the manual work

Guide Intermediate General

Cursor Rules Tutorial: Setting Up .cursorrules

A practical walkthrough of Cursor Rules, .cursorrules setup, and how to use them to control AI behavior in your editor.

Sam McKay |
Cursor Rules Tutorial: Setting Up .cursorrules

What Cursor Rules Actually Is

Cursor Rules is a feature inside the Cursor editor that lets you write natural-language instructions which the AI model reads before generating code. The file itself, typically called .cursorrules, sits in the root of your project and acts as a persistent prompt. You describe the conventions, frameworks, and constraints you want the AI to follow, and the model uses those instructions as context for every interaction in that workspace.

Technically, the file is plain text. There is no schema, no JSON to validate, and no required structure. Cursor concatenates the contents of .cursorrules with the rest of the prompt context when it calls the underlying model. This means the quality of your output is directly tied to the quality of the instructions you write. Treat it like a system prompt that travels with the project.

The feature matters because large language models default to generic behavior. Without rules, the model picks the most popular framework, the most common naming pattern, and the most obvious architecture for whatever you ask. Rules let you override those defaults and steer the model toward the patterns your team or codebase actually uses.

A few things to know up front. Rules are scoped to the project. They are not global unless you put them somewhere central. The file is read on each request, so changes take effect immediately. There is no compile step, no server, and no authentication against an external service. The rules are part of your project the same way a README is, and you version control them the same way.

One subtle point that confuses people. Cursor also supports a “project-level” rules feature in the current version that lives in the settings panel rather than in a file. The two are related but not identical. The file-based .cursorrules is the one most teams standardize on because it lives in git and survives editor reinstalls.

Setup and Authentication

There is no separate authentication for Cursor Rules. You only need Cursor installed and a project open. The feature works with both the free and paid tiers, though the practical usefulness scales with the model you have access to. Stronger models obey longer and more nuanced rulesets.

Step one, install Cursor. Download it from cursor.com and run the installer. The editor is a fork of VS Code, so if you have used VS Code you already know the layout. Your existing extensions, themes, and keybindings will mostly come over through Cursor’s migration flow on first launch.

Step two, open or create the project where you want rules to apply. In the project root, create a file named .cursorrules. The leading dot is important. The file is hidden by default on most operating systems, so you may need to enable “show hidden files” in your file explorer or create it from the terminal.

From a terminal in the project root, the command is: touch .cursorrules

Open the file in Cursor and start typing instructions. There is no required header, no required format, and no required length. Cursor does publish community examples in their documentation, and those are worth skimming once you have a working file so you can see how other teams structure theirs.

Step three, verify the file is being read. Open the Cursor command palette and look for “Rules” related commands. In the current version of Cursor, you can also see the active rules by opening the AI panel and checking the context indicator at the bottom of the composer. If your rules appear in the listed context, the file is wired up correctly.

That is the entire setup. No API keys, no environment variables, no external dependencies. If you have Cursor installed and a project open, you can have a working ruleset in under a minute.

First Working Example

Start with a small Node.js project so the example stays concrete. Create a folder, run npm init -y, install TypeScript and Express, and add a .cursorrules file in the same directory.

For the first ruleset, keep it short. The goal is to see the model actually obey the instructions, not to write a comprehensive policy. A reasonable starting file might look like this.

You are working on a Node.js project using TypeScript and Express. Use ES module syntax, not CommonJS. Prefer functional components and async/await. Use snake_case for database columns and camelCase for JavaScript variables. Never use the any type. Always handle errors with try/catch in async functions. When generating tests, use Vitest, not Jest. Use 2-space indentation, single quotes, and trailing commas.

Save the file. Then open a new file called routes.ts and ask Cursor to “write a route that fetches a user by id from a Postgres database.”

Watch what the model produces. It should generate TypeScript with ES module imports, an async handler wrapped in try/catch, parameterized queries against Postgres, and Vitest tests if you ask for them. The output should have 2-space indentation, single quotes, and a strict type signature without any.

If it generates CommonJS or uses any, the rules file is either not being read or the wording is too vague for the model to parse reliably. Open the AI panel and confirm .cursorrules shows up in the context list. If it does, tighten the wording. The most common reason rules appear to “not work” is that the instructions are written as preferences rather than commands. “We prefer async/await” is weaker than “Always use async/await, never use .then() chains.” Specificity wins.

Once the output matches, you have a working baseline. Add one rule at a time from there. Watch the model obey the new rule. If it does not, sharpen the wording. This loop is the entire practice.

Key Settings That Matter

The file format is the first dial, and most people ignore it. Cursor Rules works best with imperative phrasing. “Use X” outperforms “We like X” outperforms “X is preferred.” Treat the file as instructions to a new hire, not a wishlist from a senior engineer. Concrete verbs produce concrete behavior.

Length is the second dial. There is a soft cap on how much context the model can see, and .cursorrules shares that budget with your code, your conversation, and any attached files. A ruleset in the range of a few hundred lines is typical for serious projects. Beyond that, you are likely crowding out useful context. If your rules feel long, split them into multiple files and reference them by path, or trim aggressively.

Hierarchy is the third dial. Cursor reads rules from the project root. If you have monorepo setups, you can place .cursorrules in subdirectories and they will apply in addition to the root rules. The deeper file takes precedence on overlapping instructions. This is useful when one service uses Python and another uses Go, and you want different rules per service without maintaining two parallel rulesets.

Specificity is the fourth dial. The most effective rules are concrete and falsifiable. “Write clean code” is useless. “Use 2-space indentation, single quotes, and trailing commas” is checkable. The model responds better to instructions that look like a linter config than instructions that look like a style guide. When in doubt, write the rule the way you would write a unit test for it.

Version control is the fifth dial. The .cursorrules file should live in your repo. Treat changes to it the same way you treat changes to your CI config or your package.json. If a teammate complains that the AI is “behaving weirdly,” check the git log for the rules file. It is often the cause.

The sixth dial is what you exclude. Negative instructions are often more powerful than positive ones. “Never use class components in React” is sharper than “prefer functional components.” Banning specific patterns removes ambiguity and gives the model a clear boundary. Lists of allowed libraries, patterns, and imports also help. Lists of “things to avoid” are usually more useful than lists of “things to use.”

The seventh dial is examples. A few short, canonical code snippets in the rules file can do more than paragraphs of prose. If your team has a preferred way to write a fetch wrapper, paste a 10-line example. The model will pattern-match against it. This is a cheap trick that very few teams use.

Where It Shines

Cursor Rules genuinely excels at enforcing codebase conventions that you are tired of repeating. Things like “use our internal error type,” “follow this import order,” or “match this directory structure.” Every team has these. Without rules, you spend tokens in every chat session re-explaining them, and the model only loosely follows them.

It also shines for monorepos where multiple services share an editor session. Drop a top-level ruleset for shared concerns like logging, error handling, and naming, and per-service rulesets for language-specific patterns. The model will use the right rules for the right files without you having to switch contexts manually.

A third area is onboarding. New engineers can read the .cursorrules file to understand the conventions before they write a line of code. It doubles as documentation, and unlike most documentation it is actually consulted on every keystroke because the AI reads it on every request.

A fourth area is teaching the model your testing philosophy. Rules around test coverage targets, mocking strategy, assertion style, and fixture conventions are usually scattered across READMEs and Confluence pages. Pulling them into a single file the AI reads is a small but real win for consistency.

A fifth area is keeping AI-generated code consistent with hand-written code. The single biggest complaint about AI coding assistants is inconsistency. The first request produces one style, the second produces a different one, and the diff is full of churn. Rules are the closest thing to a fix available without leaving the editor. They will not make the model perfect, but they tighten the variance considerably.

A sixth area is compliance. If you work in a regulated industry, rules are a reasonable place to encode “never hardcode secrets,” “always use parameterized queries,” and “never disable SSL verification.” These are the kinds of constraints that are easy to forget under deadline pressure, and the rules file will remind the model on every interaction.