Agent repeatedly ignores user rules and makes changes beyond explicit scope despite "Stop and Confirm Rule"

Support Bug Reports
1

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

The AI agent consistently violates user-defined rules in .cursorrules, specifically ignoring scope boundaries and the “Stop and Confirm Rule” (Section 2.1).

Pattern of behavior:

  1. User provides explicit rules saying “STOP and ask before making changes beyond explicit request”
  2. User gives scoped instruction (e.g., “change file X, DO NOT CHANGE ANYTHING ELSE”)
  3. Agent acknowledges the instruction
  4. Agent immediately violates scope by modifying multiple files without permission

This has happened at least twice in one session (documented in .cursor/note_of_shame.txt and note_of_shame_2.txt in my project).

The rules are clear and unambiguous:

  • Section 0: “Before making ANY code changes… STOP and ask for clarification”
  • Section 2.1: “STOP and ask: ‘I was about to [action]. Should I proceed…?’”
  • Section 11: “CURSOR MUST NOT PROCEED BY ITSELF” and “THIS STEP IS MANDATORY”

Yet the agent routinely proceeds with “helpful” extra changes without asking, completely undermining the user’s ability to control change scope.

Expected: Agent stops and asks for permission before any work beyond explicit scope
Actual: Agent makes unauthorized changes because they “seem related”

Steps to Reproduce

  1. Create a .cursorrules file with explicit scope boundaries (e.g., “Stop and Confirm Rule” - do not make changes beyond explicit request)
  2. Give the agent a specific, scoped instruction like “Fix only file X, DO NOT CHANGE ANYTHING ELSE”
  3. Observe that the agent will modify multiple files without asking for permission
  4. This pattern repeats across sessions despite “notes of shame” being written to the project

Reproducible consistently when:

  • User rules emphasize scope control
  • User gives explicit bounded instruction
  • Related work exists that the agent considers “helpful”

Expected Behavior

When user rules explicitly say “STOP and ask before making changes beyond explicit scope” and the user gives a bounded instruction, the agent should:

  1. Complete only the explicitly requested change
  2. Stop
  3. If it detects related work needed, ASK for permission before proceeding
  4. Never proceed with additional changes without explicit approval

The agent should treat scope boundaries as hard constraints, not suggestions.

Operating System

Linux

Current Cursor Version (Menu → About Cursor → Copy)

Version: 2.2.44
VSCode Version: 1.105.1
Commit: 20adc1003928b0f1b99305dbaf845656ff81f5d0
Date: 2025-12-24T21:41:47.598Z
Electron: 37.7.0
Chromium: 138.0.7204.251
Node.js: 22.20.0
V8: 13.8.258.32-electron.0
OS: Linux x64 6.8.0-90-generic

For AI issues: which model did you use?

Claude Sonnet 4.5

Does this stop you from using Cursor

Sometimes - I can sometimes use Cursor

Agents refusing to follow instructions
2

Hey, thanks for the report.

This is a known issue. The agent can sometimes go outside explicit instructions even with rules in .cursorrules. The team is working on improving scope and boundary adherence.

A few details that would help us pass this to engineering:

  1. Can you share the contents of your note_of_shame.txt files? Concrete examples help the team spot patterns.
  2. For one of the problematic sessions, please grab the Request ID: Chat context menu (top right) > Copy Request ID. This helps engineers find the relevant logs.
  3. Which model are you using? I saw Claude Sonnet 4.5 mentioned, but can you confirm whether it’s via Cursor or your own API key?

Workarounds for now, not perfect but may help:

  • Try shorter, more directive instructions instead of long rule sets
  • Explicitly list the allowed files, for example: “Modify ONLY file.ts. Do NOT touch any other files.”
  • The Review panel lets you reject unwanted changes before you apply them

Related discussion: Why the push for Agentic when models can barely follow a single simple instruction?

3

note_of_shame.txt (1.6 KB)

Request ID: bc2e8b85-2ea9-40f4-81b5-80eb661920c0
I was indeed using Claude Sonnet 4.5 via cursor (not private API key)

This issue has increased in severity in the past week or so. the agents seems to ignore most of the user rules, and even parts of the plan.