Cursor IDE Engineering Onboarding Guide · AI-Assisted Development Standards

Cursor Best Practices

Constel Global engineering standards for AI-assisted development using Cursor IDE. Covers setup, model selection, prompt engineering, Cursor Rules, security, and team expectations.

Version 1.0 · May 2026 Internal Use Only Constel Global Engineering
01 / Introduction

Introduction

Cursor IDE is an AI-native code editor built as a fork of Visual Studio Code. It integrates powerful large language models directly into the editing experience, enabling natural language interaction with your codebase.

The Right Mindset

AI proposes; you dispose. Treat AI as a talented junior colleague — capable and fast, but occasionally overconfident or incorrect. You are always accountable for what ships to production. Verify all outputs against requirements, security standards, and performance needs. Maintain code ownership — you are ultimately responsible for every line that ships.

Why Constel Global Uses Cursor
  • 2–5x faster feature implementation and bug fixing
  • Improved consistency across large codebases
  • Rapid test and documentation generation
  • Better onboarding for new team members
  • Enhanced ability to explore complex systems
Core Principles
  • Code ownership remains with the author and reviewers — not with the AI
  • All changes undergo the standard PR and review process
  • Prioritise clarity, simplicity, and maintainability over clever AI solutions
  • Share effective rules and prompt templates with the team
  • AI collaboration is a core engineering competency — continuously improve it

02 / IDE Overview

Cursor IDE Core UI

Editor Area

Standard VS Code editor enhanced with AI Tab completions and inline suggestions. Start typing and accept suggestions with Tab. Full VS Code compatibility — extensions, keybindings, settings.

Chat Panel Cmd/Ctrl + L

For questions, explanations, and lightweight tasks. Attach files with @filename to provide context. Best for focused Q&A, quick lookups, and understanding existing code.

Composer / Agent Mode Cmd/Ctrl + I

Multi-file editing agent capable of planning and executing complex changes across your codebase. Reviews diffs with you before applying. Use for feature implementation, refactoring, and generating boilerplate.

Inline Edit Mode Cmd/Ctrl + K

Precise, localised changes within or across selected code. Use for targeted refactors, renaming, or quick fixes without opening the full Chat panel.

Terminal Integration

The AI can run commands, interpret output, and iterate — closing the loop between code changes and their results. Use for running tests, checking logs, and debugging in context.

Key Capabilities
  • Context Awareness — auto-indexes workspace for semantic search
  • Codebase Indexing — fast local vector index for relevant retrieval
  • Multi-File Editing — Agent edits dozens of files with diff preview
  • MCP Tool Integration — connects to external services in real time

03 / Installation & Setup

Installation & Initial Setup

1
Download Cursor
From cursor.com (macOS, Windows, or Linux)
2
Sign in with SSO
Use your Constel Global SSO credentials — never a personal account on company devices
3
Clone repositories
Via Git or GitHub Desktop and open the project folder
4
Install recommended extensions
GitLens, Docker, Terraform, Prettier, ESLint, language packs for Python/TypeScript/Go
5
Configure Git & SSH
Set git config with your Constel Global email and name. Configure SSH keys.
6
Configure approved MCP servers
Add to .cursor/mcp.json or via Cursor Settings. Only approved Constel Global MCP servers.
7
Add Cursor Rules
Copy organisation Cursor Rules to .cursor/rules/. Verify indexing completes.
Security

Always verify that cloned repositories do not contain unapproved secrets before opening in Cursor. Close large node_modules folders or add them to .cursorignore to prevent slow indexing.

Python Setup

Use Ruff, Pylance, and Pyright. Configure settings.json for organisation-wide standards. Use Ruff for linting and formatting (replaces flake8 + black).

TypeScript / React Setup

ESLint + Prettier + Tailwind IntelliSense. Enable TypeScript strict mode. Configure Prettier for consistent formatting across the team.


04 / Models & Usage Guide

Model Selection Guide

Use Auto mode for most day-to-day work — it routes to the most suitable model based on task complexity. Only switch when you have a specific reason.

ModelBest ForStrengthsWeaknesses
Claude Opus / SonnetComplex reasoning, architecture, security reviewsSuperior code understanding, long coherent plans, fewer hallucinationsSlightly slower, higher cost
GPT-5.x familyGeneral coding, creative tasks, documentation, writing testsFast, strong generation, broad knowledgeCan be verbose or over-optimistic
Gemini modelsLong-context analysis (1M+ tokens), SQL/data tasksExcellent long context, strong on data-heavy tasks, multimodalWeaker on nuanced code style
Cursor Fast modelsQuick edits, inline Tab suggestionsVery fast, cost-effectiveLower reasoning depth
Reasoning modelsDebugging, optimisation, root cause analysisDeep step-by-step thinkingSlower response time

Task-Specific Recommendations

Use Claude for
  • Bug fixing and root cause analysis
  • Architecture discussions and design reviews
  • Refactoring for readability and correctness
  • Security reviews (with human oversight)
  • Understanding large, complex codebases
Use GPT-5.x for
  • Writing test suites (boilerplate generation)
  • Documentation and README writing
  • Creative or exploratory coding tasks
  • Infrastructure and DevOps scripts
When NOT to use AI
Avoid AI for
  • Highly sensitive security / compliance logic
  • Novel cryptographic implementations
  • Business-critical financial calculations without rigorous testing
  • Any area where you lack the domain expertise to validate the output

05 / MCP Integration

MCP — Model Context Protocol

MCP is an open standard that allows Cursor to securely connect to external tools, data sources, and services. Think of it as a standardised plugin system — "USB-C for AI agents" — that turns the AI from a static knowledge model into a dynamic agent.

What MCP Enables
  • Read the latest Jira / Linear ticket details directly in Composer
  • Query production database schemas before writing queries
  • Check CI status or deployment history without leaving the IDE
  • Pull architecture decision records from Confluence or Notion
  • Connect to GitHub for PR context and issue details
MCP Architecture
Cursor IDE (MCP Client) ↕ MCP Protocol MCP Servers (local or remote) ├── GitHub / GitLab ├── Jira / Linear ├── Database Query (Postgres) └── Custom Constel Global tools
Best Practices
  • Use only approved Constel Global MCP servers
  • Configure servers in .cursor/mcp.json or via Cursor Settings
  • Test integrations in a non-production workspace first
  • Review all tool permissions carefully — MCP calls require explicit user consent
  • Never connect MCP servers that can modify production systems without safeguards

06 / Cursor Rules

Cursor Rules

Cursor Rules are persistent, project-specific instructions stored in Markdown files that are automatically injected into every AI conversation and agent interaction. They are the primary mechanism for enforcing Constel Global engineering standards across all AI-assisted work.

Pro Tip

Well-written Rules dramatically reduce hallucinations and improve output consistency. Invest time here — it pays dividends on every AI interaction. Rules are committed to Git so the whole team benefits automatically.

FilePurpose
.cursor/rules/coding-standards.mdTypeScript strict mode, functional patterns, public API requirements
.cursor/rules/api-design.mdOpenAPI documentation expectations, REST conventions, versioning strategy
.cursor/rules/security.mdInput sanitisation, sensitive data handling, authentication patterns
.cursor/rules/testing.mdVitest/Jest conventions, minimum 80% coverage on new code, test naming
.cursor/rules/commit-conventions.mdConventional Commits format, branch naming strategy, PR template
Writing Effective Rules
  • Keep rules concise and actionable — use bullet points and code examples
  • Review and update rules during architecture reviews
  • Version rules with the codebase — commit to Git
  • Avoid verbose, contradictory, or micromanaging rules
  • Use Prettier/ESLint for style enforcement — not Cursor Rules
  • Project rules override global rules where they conflict
Gravity Labs Recommended Rules
  • Always use async/await patterns in FastAPI services
  • All endpoints must have Pydantic request/response models
  • Use structlog for all logging — JSON format required
  • No hardcoded secrets — always reference Key Vault or env vars
  • Every microservice must expose /health and /metrics endpoints
  • Use redis.asyncio client — never sync Redis in async FastAPI

07 / Prompt Engineering

Prompt Engineering Best Practices

Effective prompting is a core engineering skill in the AI era. A well-crafted prompt can be the difference between a useful, production-ready suggestion and a hallucinated dead-end.

Too Vague — Avoid
Fix this bug.

No context. No file references. No expected behaviour. The AI has nothing to work with and will guess.

Clear and Specific — Use This
The login endpoint returns 500 on invalid credentials. Analyse the stack trace in @auth.service.ts, identify the root cause following our error handling policy, and propose a fix with test cases. Use structured logging.

Reusable Prompt Templates

Debugging Template
Analyse this error: [paste error]. Relevant files: @auth.ts @database.ts Steps: 1. Reproduce mentally 2. Identify root cause 3. Suggest minimal fix 4. Provide test cases
Refactoring Template
Refactor the following code to improve readability and performance, adhering to our architecture guidelines in .cursor/rules/. Maintain exact functionality. Highlight any behaviour changes.
Architecture Template
Propose a solution for [requirement]. Consider: - Scalability to 25K concurrent users - Security per .cursor/rules/security.md - Multi-cloud portability - Existing patterns in @existing-service.ts
Test Generation Template
Generate unit tests for @auth.service.ts. Requirements: - Use Pytest + pytest-asyncio - Cover happy path + edge cases - Mock external dependencies - Minimum 80% coverage - Follow .cursor/rules/testing.md
Code Review Template
Review this PR diff for: 1. Security vulnerabilities 2. Performance issues 3. Adherence to .cursor/rules/ 4. Missing error handling 5. Test coverage gaps Flag any concerns with severity: critical / high / low
Gravity Labs Specific
Implement a FastAPI endpoint for [feature] following our microservice pattern. Requirements: - Async handlers only - Pydantic request/response models - structlog logging - Redis rate limiting - Health + metrics endpoints - Temporal workflow integration if long-running operation
Reducing Hallucinations

Provide concrete examples. Ensure Cursor Rules are up to date. Ask for step-by-step reasoning before generating code. Always validate the output against your tests and requirements. If the AI is consistently wrong, add a rule to .cursor/rules/ — it means the standard isn't captured yet.


08 / AI-Assisted Development Workflow

Feature Development Workflow

1
Review ticket requirements
Read the Jira ticket / requirements carefully before touching Cursor.
2
Pull ticket into Composer via MCP
Use MCP to pull the latest ticket details directly into Composer context.
3
Plan in Composer first
Ask: "Create an implementation plan for [feature]". Review the plan before proceeding.
4
Implement incrementally
Approve each Agent step individually. Never let the Agent run uninterrupted through a large change.
5
Generate and review tests
Use AI to generate test boilerplate, then review and enhance. Run the full test suite.
6
Local validation
Lint, run all tests, manual check. Never skip local validation.
7
Create PR with AI-assisted description
AI can draft the PR description. Always review before submitting — you own it.
Pair Programming Mode

Discuss architecture in Chat before coding in Composer. Practice prompt chaining — get a plan first, then execute step by step. This prevents the AI from going off-track on complex features.


09 / Code Review with AI

AI-Assisted Code Review

Using AI for Reviews
  • Use Chat to review your own diff before raising a PR — catch issues early
  • Ask for security review of authentication or data-handling code
  • Check for missing error handling or edge cases
  • Ask for performance analysis on database queries or hot paths
  • Human review is still required for all PRs — AI review is supplementary
Validating AI-Generated Code
  • Read it carefully line by line — never skim AI output
  • Run the full test suite after every significant change
  • Check edge cases the AI may have missed
  • Perform manual testing in the UI for frontend changes
  • Request a peer review before merging — code ownership is shared
  • For Gravity Labs: verify all FastAPI endpoints have Pydantic models and structlog

10 / Security Practices

Security Practices

Never Share with AI
  • API keys, tokens, passwords, or secrets of any kind
  • Personal or customer identifiable information (PII)
  • Confidential business logic or unreleased features
  • Production secrets or environment variables
  • Database connection strings with credentials
Secure Prompting
  • Describe problems abstractly — use anonymised or placeholder data
  • Use MCP for safe, structured data retrieval where possible
  • Review all tool permissions before granting access
  • Describe the issue without pasting actual production data
Pre-Merge Security Checklist
  • Does this change touch authentication or authorisation?
  • Are secrets or environment variables involved?
  • Does it process or store user data?
  • Does it make external service calls?
  • Has input validation been added for all user-supplied data?
  • Are rate limits in place for new endpoints?
Remember

AI tools may retain conversation history. Treat all inputs as potentially logged. Adhere to Constel Global security policy, SOC2 / GDPR requirements, and internal code review standards at all times.


11 / Git & SCM Best Practices

Git & Source Control

Branch Naming
feature/lab-provisioning-temporal bugfix/auth-token-refresh-race refactor/scoring-agent-keda chore/update-dependencies docs/cursor-rules-update
Conventional Commits
feat(auth): implement OAuth2 login flow fix(scoring): resolve race condition in cross-validator agent refactor(lab-service): extract temporal workflow into separate module chore(deps): upgrade FastAPI to 0.111 docs(api): update OpenAPI spec for v2
Safe Git Workflows
  • Commit frequently — small, focused commits are easier to review and revert
  • Prefer rebase over merge for feature branches
  • Always stash or branch before large Agent-driven operations
  • Use git worktree for parallel tasks
  • AI-generated commit messages are acceptable drafts — always review and edit

12 / Shortcuts & Productivity

Essential Shortcuts & Productivity Tips

ShortcutAction
TabAccept inline AI suggestion
Cmd / Ctrl + KInline edit (current selection or file)
Cmd / Ctrl + LOpen Chat panel
Cmd / Ctrl + IOpen Composer (Agent mode)
Cmd / Ctrl + Shift + LAdd current file to context
Cmd / Ctrl + Shift + IOpen Composer in new window
Workflow Tips
  • Use multiple Cursor windows or worktrees for parallel tasks
  • Master context management — be selective with @mentions to keep prompts focused
  • Combine AI with strong local testing habits
  • Discuss architecture in Chat before coding in Composer
  • Practice prompt chaining — get a plan first, then execute step by step
Cost Optimisation
  • Use Auto or fast models for simple edits and Tab completions
  • Reserve Claude Opus and reasoning models for complex architecture, root cause analysis, and security reviews
  • Close large folders (node_modules, .venv) via .cursorignore to keep indexing fast
  • Start a new conversation when context gets large — it improves quality and reduces cost

13 / Do's & Don'ts

Do's & Don'ts

Do
  • Verify every AI suggestion before committing
  • Use Cursor Rules to enforce team standards
  • Break tasks into small, verifiable steps
  • Run tests after every significant change
  • Document architectural decisions (ADRs)
  • Use MCP for dynamic context (Jira, DB schemas, CI)
  • Share effective rules and prompt templates with the team
  • Review AI-generated PR descriptions before submitting
  • Use @filename references to give the AI accurate context
Don't
  • Blindly accept large AI-generated refactors
  • Repeat the same instruction every prompt — put it in Rules
  • Paste secrets, API keys, or PII into prompts
  • Ship code without human review
  • Rely solely on AI for novel or security-critical algorithms
  • Ignore context limits and token usage — start a fresh chat when needed
  • Use AI for code you cannot fully understand and validate
  • Let the Agent run uninterrupted through a large change
  • Submit PRs without reading every line of the diff

14 / Quick Start Checklist

First Day Quick Start Checklist

Complete all items before starting your first real task.

Setup Tasks
DoneTask
Install latest Cursor and sign in with Constel Global SSO
Clone primary Gravity Labs repositories
Configure Git identity and SSH keys with Constel Global email
Install recommended extensions (GitLens, Docker, Terraform, Prettier, ESLint)
Configure approved MCP servers in .cursor/mcp.json
Add organisation Cursor Rules to .cursor/rules/
Verify workspace indexing completes successfully
Run the application locally with Docker Compose
Complete a sample task using Composer (Agent mode)
Review team coding standards and this guide fully
Introduce yourself in the engineering Slack channel
Reference Links

Official Cursor Documentation — cursor.com/docs  ·  MCP Documentation — modelcontextprotocol.io  ·  Constel Global Internal Wiki — (link in Slack pinned messages)