Cursor Best Practices
Constel Global engineering standards for AI-assisted development using Cursor IDE. Covers setup, model selection, prompt engineering, Cursor Rules, security, and team expectations.
Introduction
Cursor IDE is an AI-native code editor built as a fork of Visual Studio Code. It integrates powerful large language models directly into the editing experience, enabling natural language interaction with your codebase.
AI proposes; you dispose. Treat AI as a talented junior colleague — capable and fast, but occasionally overconfident or incorrect. You are always accountable for what ships to production. Verify all outputs against requirements, security standards, and performance needs. Maintain code ownership — you are ultimately responsible for every line that ships.
- 2–5x faster feature implementation and bug fixing
- Improved consistency across large codebases
- Rapid test and documentation generation
- Better onboarding for new team members
- Enhanced ability to explore complex systems
- Code ownership remains with the author and reviewers — not with the AI
- All changes undergo the standard PR and review process
- Prioritise clarity, simplicity, and maintainability over clever AI solutions
- Share effective rules and prompt templates with the team
- AI collaboration is a core engineering competency — continuously improve it
Cursor IDE Core UI
Standard VS Code editor enhanced with AI Tab completions and inline suggestions. Start typing and accept suggestions with Tab. Full VS Code compatibility — extensions, keybindings, settings.
For questions, explanations, and lightweight tasks. Attach files with @filename to provide context. Best for focused Q&A, quick lookups, and understanding existing code.
Multi-file editing agent capable of planning and executing complex changes across your codebase. Reviews diffs with you before applying. Use for feature implementation, refactoring, and generating boilerplate.
Precise, localised changes within or across selected code. Use for targeted refactors, renaming, or quick fixes without opening the full Chat panel.
The AI can run commands, interpret output, and iterate — closing the loop between code changes and their results. Use for running tests, checking logs, and debugging in context.
- Context Awareness — auto-indexes workspace for semantic search
- Codebase Indexing — fast local vector index for relevant retrieval
- Multi-File Editing — Agent edits dozens of files with diff preview
- MCP Tool Integration — connects to external services in real time
Installation & Initial Setup
.cursor/mcp.json or via Cursor Settings. Only approved Constel Global MCP servers..cursor/rules/. Verify indexing completes.Always verify that cloned repositories do not contain unapproved secrets before opening in Cursor. Close large node_modules folders or add them to .cursorignore to prevent slow indexing.
Use Ruff, Pylance, and Pyright. Configure settings.json for organisation-wide standards. Use Ruff for linting and formatting (replaces flake8 + black).
ESLint + Prettier + Tailwind IntelliSense. Enable TypeScript strict mode. Configure Prettier for consistent formatting across the team.
Model Selection Guide
Use Auto mode for most day-to-day work — it routes to the most suitable model based on task complexity. Only switch when you have a specific reason.
| Model | Best For | Strengths | Weaknesses |
|---|---|---|---|
| Claude Opus / Sonnet | Complex reasoning, architecture, security reviews | Superior code understanding, long coherent plans, fewer hallucinations | Slightly slower, higher cost |
| GPT-5.x family | General coding, creative tasks, documentation, writing tests | Fast, strong generation, broad knowledge | Can be verbose or over-optimistic |
| Gemini models | Long-context analysis (1M+ tokens), SQL/data tasks | Excellent long context, strong on data-heavy tasks, multimodal | Weaker on nuanced code style |
| Cursor Fast models | Quick edits, inline Tab suggestions | Very fast, cost-effective | Lower reasoning depth |
| Reasoning models | Debugging, optimisation, root cause analysis | Deep step-by-step thinking | Slower response time |
Task-Specific Recommendations
- Bug fixing and root cause analysis
- Architecture discussions and design reviews
- Refactoring for readability and correctness
- Security reviews (with human oversight)
- Understanding large, complex codebases
- Writing test suites (boilerplate generation)
- Documentation and README writing
- Creative or exploratory coding tasks
- Infrastructure and DevOps scripts
- Highly sensitive security / compliance logic
- Novel cryptographic implementations
- Business-critical financial calculations without rigorous testing
- Any area where you lack the domain expertise to validate the output
MCP — Model Context Protocol
MCP is an open standard that allows Cursor to securely connect to external tools, data sources, and services. Think of it as a standardised plugin system — "USB-C for AI agents" — that turns the AI from a static knowledge model into a dynamic agent.
- Read the latest Jira / Linear ticket details directly in Composer
- Query production database schemas before writing queries
- Check CI status or deployment history without leaving the IDE
- Pull architecture decision records from Confluence or Notion
- Connect to GitHub for PR context and issue details
- Use only approved Constel Global MCP servers
- Configure servers in
.cursor/mcp.jsonor via Cursor Settings - Test integrations in a non-production workspace first
- Review all tool permissions carefully — MCP calls require explicit user consent
- Never connect MCP servers that can modify production systems without safeguards
Cursor Rules
Cursor Rules are persistent, project-specific instructions stored in Markdown files that are automatically injected into every AI conversation and agent interaction. They are the primary mechanism for enforcing Constel Global engineering standards across all AI-assisted work.
Well-written Rules dramatically reduce hallucinations and improve output consistency. Invest time here — it pays dividends on every AI interaction. Rules are committed to Git so the whole team benefits automatically.
| File | Purpose |
|---|---|
.cursor/rules/coding-standards.md | TypeScript strict mode, functional patterns, public API requirements |
.cursor/rules/api-design.md | OpenAPI documentation expectations, REST conventions, versioning strategy |
.cursor/rules/security.md | Input sanitisation, sensitive data handling, authentication patterns |
.cursor/rules/testing.md | Vitest/Jest conventions, minimum 80% coverage on new code, test naming |
.cursor/rules/commit-conventions.md | Conventional Commits format, branch naming strategy, PR template |
- Keep rules concise and actionable — use bullet points and code examples
- Review and update rules during architecture reviews
- Version rules with the codebase — commit to Git
- Avoid verbose, contradictory, or micromanaging rules
- Use Prettier/ESLint for style enforcement — not Cursor Rules
- Project rules override global rules where they conflict
- Always use async/await patterns in FastAPI services
- All endpoints must have Pydantic request/response models
- Use structlog for all logging — JSON format required
- No hardcoded secrets — always reference Key Vault or env vars
- Every microservice must expose
/healthand/metricsendpoints - Use
redis.asyncioclient — never sync Redis in async FastAPI
Prompt Engineering Best Practices
Effective prompting is a core engineering skill in the AI era. A well-crafted prompt can be the difference between a useful, production-ready suggestion and a hallucinated dead-end.
No context. No file references. No expected behaviour. The AI has nothing to work with and will guess.
Reusable Prompt Templates
Provide concrete examples. Ensure Cursor Rules are up to date. Ask for step-by-step reasoning before generating code. Always validate the output against your tests and requirements. If the AI is consistently wrong, add a rule to .cursor/rules/ — it means the standard isn't captured yet.
Feature Development Workflow
Discuss architecture in Chat before coding in Composer. Practice prompt chaining — get a plan first, then execute step by step. This prevents the AI from going off-track on complex features.
AI-Assisted Code Review
- Use Chat to review your own diff before raising a PR — catch issues early
- Ask for security review of authentication or data-handling code
- Check for missing error handling or edge cases
- Ask for performance analysis on database queries or hot paths
- Human review is still required for all PRs — AI review is supplementary
- Read it carefully line by line — never skim AI output
- Run the full test suite after every significant change
- Check edge cases the AI may have missed
- Perform manual testing in the UI for frontend changes
- Request a peer review before merging — code ownership is shared
- For Gravity Labs: verify all FastAPI endpoints have Pydantic models and structlog
Security Practices
- API keys, tokens, passwords, or secrets of any kind
- Personal or customer identifiable information (PII)
- Confidential business logic or unreleased features
- Production secrets or environment variables
- Database connection strings with credentials
- Describe problems abstractly — use anonymised or placeholder data
- Use MCP for safe, structured data retrieval where possible
- Review all tool permissions before granting access
- Describe the issue without pasting actual production data
- Does this change touch authentication or authorisation?
- Are secrets or environment variables involved?
- Does it process or store user data?
- Does it make external service calls?
- Has input validation been added for all user-supplied data?
- Are rate limits in place for new endpoints?
AI tools may retain conversation history. Treat all inputs as potentially logged. Adhere to Constel Global security policy, SOC2 / GDPR requirements, and internal code review standards at all times.
Git & Source Control
- Commit frequently — small, focused commits are easier to review and revert
- Prefer rebase over merge for feature branches
- Always stash or branch before large Agent-driven operations
- Use
git worktreefor parallel tasks - AI-generated commit messages are acceptable drafts — always review and edit
Essential Shortcuts & Productivity Tips
| Shortcut | Action |
|---|---|
| Tab | Accept inline AI suggestion |
| Cmd / Ctrl + K | Inline edit (current selection or file) |
| Cmd / Ctrl + L | Open Chat panel |
| Cmd / Ctrl + I | Open Composer (Agent mode) |
| Cmd / Ctrl + Shift + L | Add current file to context |
| Cmd / Ctrl + Shift + I | Open Composer in new window |
- Use multiple Cursor windows or worktrees for parallel tasks
- Master context management — be selective with
@mentionsto keep prompts focused - Combine AI with strong local testing habits
- Discuss architecture in Chat before coding in Composer
- Practice prompt chaining — get a plan first, then execute step by step
- Use Auto or fast models for simple edits and Tab completions
- Reserve Claude Opus and reasoning models for complex architecture, root cause analysis, and security reviews
- Close large folders (node_modules, .venv) via
.cursorignoreto keep indexing fast - Start a new conversation when context gets large — it improves quality and reduces cost
Do's & Don'ts
- Verify every AI suggestion before committing
- Use Cursor Rules to enforce team standards
- Break tasks into small, verifiable steps
- Run tests after every significant change
- Document architectural decisions (ADRs)
- Use MCP for dynamic context (Jira, DB schemas, CI)
- Share effective rules and prompt templates with the team
- Review AI-generated PR descriptions before submitting
- Use
@filenamereferences to give the AI accurate context
- Blindly accept large AI-generated refactors
- Repeat the same instruction every prompt — put it in Rules
- Paste secrets, API keys, or PII into prompts
- Ship code without human review
- Rely solely on AI for novel or security-critical algorithms
- Ignore context limits and token usage — start a fresh chat when needed
- Use AI for code you cannot fully understand and validate
- Let the Agent run uninterrupted through a large change
- Submit PRs without reading every line of the diff
First Day Quick Start Checklist
Complete all items before starting your first real task.
| Done | Task |
|---|---|
| ☐ | Install latest Cursor and sign in with Constel Global SSO |
| ☐ | Clone primary Gravity Labs repositories |
| ☐ | Configure Git identity and SSH keys with Constel Global email |
| ☐ | Install recommended extensions (GitLens, Docker, Terraform, Prettier, ESLint) |
| ☐ | Configure approved MCP servers in .cursor/mcp.json |
| ☐ | Add organisation Cursor Rules to .cursor/rules/ |
| ☐ | Verify workspace indexing completes successfully |
| ☐ | Run the application locally with Docker Compose |
| ☐ | Complete a sample task using Composer (Agent mode) |
| ☐ | Review team coding standards and this guide fully |
| ☐ | Introduce yourself in the engineering Slack channel |
Official Cursor Documentation — cursor.com/docs · MCP Documentation — modelcontextprotocol.io · Constel Global Internal Wiki — (link in Slack pinned messages)