惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
W
WeLiveSecurity
O
OpenAI News
N
News and Events Feed by Topic
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Webroot Blog
Webroot Blog
Google Online Security Blog
Google Online Security Blog
云风的 BLOG
云风的 BLOG
N
News | PayPal Newsroom
H
Hacker News: Front Page
博客园_首页
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The Last Watchdog
The Last Watchdog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
H
Heimdal Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Schneier on Security
宝玉的分享
宝玉的分享
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Y
Y Combinator Blog
Cyberwarzone
Cyberwarzone
Microsoft Security Blog
Microsoft Security Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
GbyAI
GbyAI
Cloudbric
Cloudbric
TaoSecurity Blog
TaoSecurity Blog
人人都是产品经理
人人都是产品经理
P
Palo Alto Networks Blog
M
MIT News - Artificial intelligence
G
GRAHAM CLULEY
C
Check Point Blog
Apple Machine Learning Research
Apple Machine Learning Research
Last Week in AI
Last Week in AI
T
Troy Hunt's Blog
L
Lohrmann on Cybersecurity
www.infosecurity-magazine.com
www.infosecurity-magazine.com
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
量子位
博客园 - 聂微东
S
Securelist
博客园 - 三生石上(FineUI控件)
F
Full Disclosure
G
Google Developers Blog
L
LINUX DO - 热门话题
P
Proofpoint News Feed
AI
AI
PCI Perspectives
PCI Perspectives

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Cursor as a shared environment for the customer and the developer
Nikita · 2026-05-13 · via DEV Community

Table of contents


Google poured $40 billion into Anthropic, Cursor "built" a browser with GPT-5.2, and I started writing code together with a customer.

Today I want to talk about a new experience in software development. Or rather, this story is more about organizing work and communication. The idea itself is fairly obvious given how quickly development is changing, but I still think it is useful to explain the technical details, describe the problems, and show the ways around them.

What if you showed the customer how to work with Cursor and use AI agents?

A client came to us who, like many people in recent years, is inspired by the AI revolution and wants to get as much value as possible from what neural networks can now offer. He has been building an offline real estate business for several years and is looking for ways to make life easier for his colleagues and counterparties through an online application. Our client had already gone through the classic development flow with a team of developers, and it did not produce the result he wanted. Then he tried no-code tools and AI tools for building an application from scratch. They give you quick prototypes and a strong start. They let a CEO validate a hypothesis very quickly and feel the interface with his own hands. But they have a ceiling. At some point, questions appear that can no longer be solved by dragging blocks around. This is where the engineering part has to enter the process: engineering support and engineering supervision.

One of the main problems in building business applications is that the client always knows how everything should work, but does not know how to implement it. The developer, on the other hand, has the implementation skills, but often has no real idea what the client actually wants. The result of this communication usually ends up scattered across separate documents or stored in someone's memory. Advanced LLMs do not really solve this problem either, because at minimum they are working with different context.


The first layer of the experiment is not code, but the environment

At the very beginning we decided not to take the simple route. The most obvious option would be to suggest that the client use an agent in Cursor to create tasks for developers. But why not go further and build a system that can operate as effectively as possible? The main question became this: how do we build a scalable environment where specialists with different profiles, the client's team, and AI agents work together in one flow without getting in each other's way? A system where every participant complements the work of the others instead of replacing it or breaking it.

Technically, but in plain terms, I built one connected setup: a shared project directory lives on a VDS, Cursor opens it through Remote SSH, each participant logs in as their own Linux user, and code, documentation, tasks, and supporting materials all live in one workspace. Order there is maintained by a combination of OS-level permissions, groups and ACLs, GitHub access boundaries, and the normal branch and pull request cycle.


SSH: first you need to agree where development actually lives

If we want all participants to work in the same context, a local folder on my computer is a poor candidate for the center of the system. So the basic idea is simple. There is a remote server. The project workspace lives there. Cursor connects to that server through Remote SSH. For the user, it feels almost like normal IDE work: you open Cursor, connect to the server, and see files, terminal, git, documentation, and tasks. But in reality, the code and the environment are not on the local machine; they are on the VDS.

There is an important organizational detail here. Cursor, as a product, lives on the user's side: each person has the app, an account, settings, models, and access to agents. In our case, on the client side, one corporate Cursor account (PRO+) is used by him and members of his team. Technically, this is convenient: people can connect from different devices and get a single entry point into the tool. On the development side, the approach is different. Each specialist has their own Cursor account and their own familiar settings. They connect to the project as professional development participants, not as users of the customer's corporate account.

Cursor with AI agents is an editor that can read the project, modify files, run commands, create new artifacts, and sometimes act with too much confidence. If several people connect to one workspace, and each of them can make changes to project files, there is an obvious risk that someone accidentally changes other people's files. That is why SSH access by itself does not solve the problem. After that, you still need to decide exactly where a person is allowed to go, what they can read, what they can edit, and which actions should be impossible for them even by accident.


Linux users and ACLs. Order should not depend on promises

The next layer is ordinary, boring, and very useful Linux mechanics. Every participant gets a separate user on the server. Then permissions are built at the OS level. If a user on the server is allowed to write a file, the agent in Cursor can potentially write it too. If not, the agent cannot magically bypass that.

For this kind of scenario, groups and ACLs are convenient. Groups give you a coarse model: for example, you can separate permissions for the development team and the client team. ACLs give you more precise control at the level of an individual user. In our project, for the most part, each employee got write access to their own repository and to the shared docs repository (.cursor), which contains a set of materials for AI agents. Other people's repositories are read-only. In practice, this is especially important because of agents. A person may not understand which files the agent is about to change. If permissions are configured correctly, some of those mistakes will be stopped not by human attentiveness, but by the file system.

At this design level, the first problem appears. Even if permissions are configured, people and AI still need to live somewhere inside the shared project context. You need a structure where it is clear where code lives, where documents live, where instructions live, where agent rules live, and where personal and shared tasks live. Otherwise, we simply have a server with folders, not a working environment. This is how the need to organize the workspace appears.


Workspace is not just a folder, but the shared context of the project

The concept of a "workspace" is easy to underestimate. It may look like just a directory opened in Cursor. But in this experiment, the workspace becomes a much more important entity. It includes the shared context:

  • Cursor commands, skills, and agents
  • application repositories
  • architecture documents
  • meeting materials
  • AI instructions and rules
  • task directories
  • solution drafts
  • review artifacts, and so on

This is the place where business context and technical context finally exist next to each other, in one structure available to both a human and an AI agent. In Cursor this is especially interesting, because part of AI behavior can be defined at the workspace level. The project can contain shared rules, commands, skills, subagents, and instructions that apply to everyone who opens that workspace. This starts to look less like a repository with code and more like a project operating system.

It is worth noting that Cursor provides two levels for this kind of configuration. The first is the workspace level, whose role I described above. The second is the user level. A specific person can have their own local Cursor settings, preferences, commands, or extensions. They live on that person's device and do not have to become shared project rules.

Unfortunately, the workspace does not solve all the original problems. In our setup, there is still a physical limitation. If two team members edit the same files on the server at the same time, they will get in each other's way. This is not Figma, where several cursors move around a design. A codebase and Markdown documents in a shared directory do not automatically become a convenient real-time collaborative environment. The same is true for two agents editing one file at the same time. One of them can overwrite the other's work. In other words, the workspace gives us shared context, but it does not remove the need to isolate changes. In other words, we ran into the next problem. And yes, of course, the most correct solution is GitHub.


GitHub. A shared workspace does not replace branches

A shared workspace solves the context problem, but it does not solve the problem of parallel development. In our project, GitHub brings the normal engineering model back, but in a new reading. A separate branch is created for each task, and changes live in isolation. The result is packaged as a pull request. CI and peer review check that it can be merged into the main branch, which remains an integration branch, not a sandbox for everyone at once.

In this model, participants can work in different ways. For example, the customer or someone on the customer's team works on the remote server through Cursor, because most likely this person is hearing about GitHub for the first time and is not required to know how to use it. A backend or frontend developer can work locally in their usual git flow. This is especially important when areas of responsibility overlap. If the customer uses AI to make a small interface change while a frontend developer is refactoring components in parallel, they should not work in the same working tree. One can use the remote workspace as the task and verification environment; the other can use a local branch and their own dev setup. GitHub will then reconcile the changes through a pull request, diff, review, and conflicts if there are any.


To sum up

As a result, we get the following model:

  • the workspace is needed for shared context and AI work
  • Linux permissions are needed so people and agents do not go where they should not
  • GitHub is needed so parallel changes do not turn into a fight over files
  • the PR is needed so engineering review remains a required layer before integration

Anticipating the questions of the reader who made it this far, I want to return to the role of the client and the members of his team. Even if he has Cursor, access to the workspace, and an AI agent, that is still not enough. He needs a clear scenario for working in a session with an AI agent. How to start a task, what to ask the agent, how to make the agent write a plan first, where to store the result, how not to work in dev, what to do with a pull request. Otherwise the whole setup will slide back into chaos, only now a more technological kind of chaos.

So the next step became an instruction for the customer to work with the AI agent. Not just a prompt like "do the task", but a full procedure: from checking git state and creating a branch to planning, implementation, tests, preview, and PR. That will be the topic of my next post. Spoiler: there is far more than one way to provide this kind of flow for agent work. Right now I am experimenting with subagents and skills in Cursor.