惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AWS News Blog
AWS News Blog
V
Vulnerabilities – Threatpost
D
Darknet – Hacking Tools, Hacker News & Cyber Security
量子位
博客园 - 叶小钗
AI
AI
T
Tor Project blog
Forbes - Security
Forbes - Security
W
WeLiveSecurity
博客园_首页
爱范儿
爱范儿
J
Java Code Geeks
B
Blog
G
GRAHAM CLULEY
aimingoo的专栏
aimingoo的专栏
Cloudbric
Cloudbric
C
CXSECURITY Database RSS Feed - CXSecurity.com
TaoSecurity Blog
TaoSecurity Blog
L
LINUX DO - 热门话题
阮一峰的网络日志
阮一峰的网络日志
有赞技术团队
有赞技术团队
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
Google DeepMind News
Google DeepMind News
H
Help Net Security
博客园 - 三生石上(FineUI控件)
C
Cisco Blogs
C
Cybersecurity and Infrastructure Security Agency CISA
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
P
Palo Alto Networks Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recent Commits to openclaw:main
Recent Commits to openclaw:main
博客园 - 司徒正美
The Last Watchdog
The Last Watchdog
Blog — PlanetScale
Blog — PlanetScale
T
The Blog of Author Tim Ferriss
S
Secure Thoughts
Spread Privacy
Spread Privacy
F
Fortinet All Blogs
月光博客
月光博客
大猫的无限游戏
大猫的无限游戏
S
SegmentFault 最新的问题
H
Hackread – Cybersecurity News, Data Breaches, AI and More
A
About on SuperTechFans
Security Latest
Security Latest
Webroot Blog
Webroot Blog
Scott Helme
Scott Helme
Hugging Face - Blog
Hugging Face - Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
The 10 Most Common Cursor Rules Mistakes and How to Fix Them
Olivia Craft · 2026-04-24 · via DEV Community

The 10 Most Common Cursor Rules Mistakes and How to Fix Them

You wrote the rule. You saved the file. You asked Cursor for code and it ignored you — gave you a class component when the rule says "use hooks," suggested moment when the rule says "use date-fns," wrote tests in unittest when the rule says "use pytest."

The rule isn't broken. The way you wrote it — or where you saved it, or how you scoped it, or what else is competing with it — is. Ten mistakes below that account for the vast majority of "my Cursor Rules don't work" complaints, each with the symptom, the cause, and the fix.


Mistake 1: The Rule Is Too Vague

Symptom: You wrote "write clean code," "use best practices," "handle errors properly." Cursor ignores the rule (or worse, interprets it any way it likes).

Cause: AI assistants need specifics. "Clean" is not a specification. "Best practices" in 2015 (callbacks, var) are not best practices in 2026.

Fix: Replace every adjective with a concrete requirement.

BAD:  Write clean async code.
GOOD: All I/O is async. Use async/await, not .then() chains.
      Every async function has a top-level try/catch or a named
      error-returning type. No `await` inside a for-loop when
      the iterations are independent — use Promise.all.

Enter fullscreen mode Exit fullscreen mode

If you can't write a failing test for the rule, it's too vague.


Mistake 2: No Context About the Project

Symptom: Cursor writes generic code that could belong in any project — doesn't use your auth helpers, your DB client, your logger.

Cause: Cursor doesn't know your project's conventions exist unless you tell it. Rules that describe what you want Cursor to do without what already exists in the codebase produce code that ignores your utilities.

Fix: Tell Cursor what's in the repo.

# Project context (read every session):
- DB client: `src/lib/db.ts` exports a singleton `db`.
- Logger: `src/lib/logger.ts`. Never use console.log.
- Auth: `requireUser(req)` in `src/lib/auth.ts` — throws on
  missing/invalid token.
- HTTP errors: use `src/lib/http-errors.ts` (NotFound, Forbidden, etc.)

Enter fullscreen mode Exit fullscreen mode

Now Cursor imports from the real modules instead of inventing createDbClient() every time.


Mistake 3: Conflicting Rules, No Priority

Symptom: One rule says "prefer functional components." Another says "use class components for error boundaries." Cursor picks randomly.

Cause: Rules in the same file with overlapping scope and no hierarchy. The AI honors whichever matched last or whichever is more specific in its own judgment.

Fix: Make the precedence explicit.

# Priority order (highest first):
1. Security rules — NEVER violated, even if other rules suggest otherwise.
2. Framework-version rules (React 18 only, no v19 features).
3. Style rules — follow unless a higher rule conflicts.

Error boundaries are the ONLY class-component exception.

Enter fullscreen mode Exit fullscreen mode

Ordering + an exception clause resolves the ambiguity.


Mistake 4: Rule in the Wrong File Location

Symptom: You put the rule in README.md, .cursorrc, cursor.config.js, or rules.md at the repo root. Cursor doesn't load it.

Cause: Cursor only reads from three specific locations:

~/.cursor/rules/*.mdc       # global, per user
.cursor/rules/*.mdc         # project, modular (recommended)
.cursorrules                # project, legacy single file

Enter fullscreen mode Exit fullscreen mode

Anywhere else is invisible.

Fix: Move the rule to .cursor/rules/<name>.mdc. Verify with the chat UI: after a request, Cursor shows "Rules applied: ..." — if your rule isn't listed, it isn't loaded.


Mistake 5: Stale Cache — Rules Not Reloading

Symptom: You edit a rule, save, ask Cursor for code, and it uses the old rule.

Cause: Cursor caches rules per session. Edits to .mdc files don't always hot-reload, especially if the file already had an active alwaysApply: true block.

Fix: Force a reload. In order of escalation:

1. Open a new chat (Cmd+N / Ctrl+N). Rules re-load per chat.
2. Reload the window (Cmd+Shift+P → "Developer: Reload Window").
3. Fully quit Cursor and reopen.
4. Confirm the rule fires — check the "Rules applied" badge in the
   response.

Enter fullscreen mode Exit fullscreen mode

If the rule still doesn't apply after a full restart, the rule file has a syntax error in the frontmatter (commonly: missing --- closing delimiter).


Mistake 6: No Scope — The Rule Fires Everywhere

Symptom: Your Python rule suggests Python idioms in TypeScript files. Your React rule fires in backend API code.

Cause: Missing globs in frontmatter, or alwaysApply: true on a rule that should be file-scoped.

Fix:

---
description: Python style (type hints, Ruff, pytest).
globs: ["**/*.py", "**/*.pyi"]
alwaysApply: false
---

Enter fullscreen mode Exit fullscreen mode

Global application is a deliberate choice, not a default. Rules that apply everywhere are security baselines and commit conventions — nothing else.


Mistake 7: Prompt-Style Instead of Rule-Style

Symptom: You wrote "You are an expert React developer. Please write clean, idiomatic React code using hooks and modern patterns." Cursor treats it as flavor text.

Cause: You wrote a system prompt, not a rule. Rules are declarative constraints, not role-play.

Fix: Rewrite as a list of constraints.

BAD:  You are an expert React developer. Use modern hooks.

GOOD: - Function components only. No class components except
        for ErrorBoundary.
      - State: useState for local, useReducer for complex, Zustand
        for cross-component. No Redux.
      - Data: TanStack Query v5 for server state. No SWR, no raw fetch
        in components.
      - Effects: useEffect only for subscriptions, timers, and DOM
        APIs. Never for data fetching.

Enter fullscreen mode Exit fullscreen mode

Each bullet is a testable constraint. The AI follows constraints far more reliably than it follows a persona.


Mistake 8: Hidden or Contradictory Global Rules

Symptom: The project rule says one thing, but Cursor does another. You can't figure out where the AI is getting the different idea.

Cause: A rule in ~/.cursor/rules/ (your global user rules) or a leftover legacy .cursorrules file at the root is silently overriding or conflicting with .cursor/rules/.

Fix: Audit every active rule:

# Global (just your machine)
ls ~/.cursor/rules/

# Project-modular
ls .cursor/rules/

# Project-legacy (delete if you have modular rules)
cat .cursorrules 2>/dev/null

# Inside a chat, ask Cursor: "List every rule currently in context
# and which file it came from."

Enter fullscreen mode Exit fullscreen mode

Delete legacy .cursorrules when you have .cursor/rules/. Move personal preferences out of global and into project rules if they affect code.


Mistake 9: Rules Too Long — The AI Skims

Symptom: You wrote a 3,000-word Markdown essay explaining why each rule exists. Cursor ignores the last half.

Cause: AI context windows are large but not infinite, and longer rules reduce the attention each sentence gets. A 3,000-word rule file competes with the code context itself.

Fix: Rule files are reference cards, not textbooks.

GOOD (short, direct, enforceable):
  - Use async/await, not .then().
  - No `any` types; use `unknown` and narrow.
  - Imports alphabetized; external before internal.

BAD (long, justifying, storytelling):
  - "We prefer async/await because back in 2017 our team
     adopted Promises and found that callback hell..."

Enter fullscreen mode Exit fullscreen mode

Keep rationale in a separate RATIONALE.md that humans read. The .mdc file is for the AI, and the AI wants the rule.


Mistake 10: No Versioning — Rules Drift With Dependencies

Symptom: The rule says "use Next.js App Router." Six months later you upgraded from Next 13 to Next 15, the Router API changed, and the rule's examples produce deprecated code.

Cause: Rules referenced "Next.js" without pinning a version. When you upgraded, nobody updated the rule.

Fix: Version every library-specific claim, and update the rule in the same PR as the upgrade.

---
description: Next.js 15 App Router rules. Update when upgrading.
last-verified: Next.js 15.1.2
---

- App Router only. `app/` directory. No `pages/`.
- Server Components by default; add `"use client"` only when needed.
- Use `next/navigation` (not `next/router`).
- Route handlers in `route.ts`, not `api/*.ts`.

Enter fullscreen mode Exit fullscreen mode

A dated, versioned rule tells the next contributor what the rule was tested against. An undated rule is a slow-motion bug.


The Quick Audit

Five minutes. Run through your rules and check each one:

[ ] Does it live in `.cursor/rules/*.mdc` (or `.cursorrules`)?
[ ] Does it have `globs` or an explicit "global" note?
[ ] Is it specific enough that you could write a failing test for it?
[ ] Does it pin library versions where relevant?
[ ] Is it under ~500 words?
[ ] Is it listed in "Rules applied" when you ask Cursor a question?
[ ] Are there no duplicates in `~/.cursor/rules/` or legacy `.cursorrules`?

Enter fullscreen mode Exit fullscreen mode

Most "Cursor Rules don't work" reports resolve once those seven boxes are ticked.


Want rules that don't have these mistakes?

We maintain a Cursor Rules pack with production-ready, scoped, versioned rules for Python, TypeScript, React, Next.js, Go, Rust, Docker, Kubernetes, Terraform, and more. Every rule is written to the standard above — short, specific, scoped, enforceable.

Get the Cursor Rules pack on Gumroad →