Cursor hidden rules

Support Bug Reports
, ,
1

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Subject: Agent behavior regression — hidden instructions not in Rules UI

Cursor version: [from About Cursor]
OS: macOS 23.4.0
Account email: [your email]
Request ID: [from Copy Request ID]

After a recent update, Agent mode radically changed behavior — rewriting
files without permission, replacing bash with Python, running autonomously
despite Ask/teaching intent.

I checked Settings → Rules (User, Project, All) — the aggressive instructions
(e.g. “MUST run commands”, “MUST NOT give up”) do not appear there, but the
agent behaves as if they exist.

Please confirm:

  1. What instructions are injected beyond the Rules UI?
  2. Is there a setting to restore pre-update explain-first behavior?
  3. Why are product defaults labeled as user_rules?

[Attach screenshot of Rules UI + example of unwanted file rewrite]

Steps to Reproduce

Use cursor.

Expected Behavior

It needs to work like it did last week when it didn’t rewrite my scripts without permission and spin up agents to do things and not tell me what its doing. It should not have hidden rules i can’t edit directing it to do actions i specifically do NOT allow.

Screenshots / Screen Recordings

Screenshot 2026-05-21 at 9.35.49 AM.png
Screenshot 2026-05-21 at 9.35.49 AM.png798×259 10.4 KB

Operating System

MacOS

Version Information

Version: 3.1.17 (Universal)
VSCode Version: 1.105.1
Commit: fce1e9ab7844f9ea35793da01e634aa7e50bce90
Date: 2026-04-19T19:33:58.189Z
Layout: editor
Build Type: Stable
Release Track: Default
Electron: 39.8.1
Chromium: 142.0.7444.265
Node.js: 22.22.1
V8: 14.2.231.22-electron.0
OS: Darwin arm64 23.4.0

For AI issues: which model did you use?

composer 2.5

Additional Information

“What this proves
You are not imagining hidden instructions — large blocks arrive that are not in the Rules UI.
The “MUST run commands” text appears in multiple places — both <user_rules> and Shell tool description.
Ask mode is the only strong brake on edits/runs, and it’s per-session/per-turn, not a global “behave like last week” setting.
There is no single place in the UI that shows this full stack.
If you want to use this for Cursor support, the strongest evidence is: quote the <user_rules> block above and ask why it contains instructions you did not write and cannot see or delete in Settings → Rules.”

Does this stop you from using Cursor

Sometimes - I can sometimes use Cursor

6

What you’re seeing in that screenshot are tool descriptions and product-level system prompt defaults - the instructions that define how Agent mode works. They tell the model how to use its tools (Shell, file editing, etc.) and set behavioral expectations for the mode (act autonomously, execute rather than explain).

These aren’t “hidden rules” you’re missing. Settings → Rules shows rules you create. The instructions in your screenshot are built into Agent mode itself - they’re what makes it autonomous. The <user_rules> tag is a structural label for the model, not an indication that you wrote those rules.

To get explain-first behavior, use Ask mode. It won’t make edits or run commands without your approval. Switch modes in the dropdown at the top of the chat input.

You can also constrain Agent mode with your own rules. In Settings → Rules → User Rules, add something like “Always explain what you plan to do before making changes” - this shapes Agent mode’s behavior without switching modes entirely.