Where does the bug appear (feature/product)?
Cursor IDE
Describe the Bug
Glob-scoped rules (globs: ["**/database/**"]) only activate when the user has matching files open in editor tabs. They do not activate when the AI reads or edits matching files via tool calls in agent mode. This means the AI misses domain-specific rules during autonomous work — the primary use case for agent mode.
Separately, there is no way to scope rules to MCP tool or CLI usage. Rules for Jira conventions, database query safety, or git workflows must be set to alwaysApply: true even though they’re only relevant when those tools are invoked. This wastes context window on every message.
Steps to Reproduce
- Create a rule with
globs: ["**/database/**"]andalwaysApply: false - Close all
database/**files in the editor - In agent mode, ask the AI to edit a database file (e.g., “add a column to the users table”)
- The AI edits database files but the rule never loads — it only checks editor tabs, not AI tool activity
For the MCP/CLI gap:
- Create a rule with Jira posting conventions and set
alwaysApply: true(no other option) - Have a conversation that never touches Jira
- The rule still loads every message, wasting tokens on irrelevant context
Expected Behavior
Rules should support triggers based on AI activity, not just editor state.
Proposed trigger types:
| Trigger | Fires when… |
|---|---|
globs + scope: editor_open |
User has matching files open (current behavior) |
globs + scope: ai_access |
AI reads/edits matching files via tool calls |
globs + scope: both |
Either trigger |
mcp_tools |
AI is about to call a matching MCP tool |
cli_patterns |
AI is about to run a matching shell command |
Example rule frontmatter:
---
description: Database conventions
triggerOn:
globs:
- "**/database/**"
mcp_tools:
- "sqlcl:*"
scope: ai_access
---
---
description: Jira comment formatting
triggerOn:
mcp_tools:
- "user-mcp-atlassian:jira_*"
cli_patterns:
- "curl*/atlassian.net/*"
---
The rule injection pipeline already knows which files the AI is accessing via tool calls. Extending the glob matcher to also check AI file access (not just editor tabs) would fix the primary issue. For tool-scoped rules, adding optional mcp_tools and cli_patterns triggers would let rules load only when the AI is about to call specific tools — a natural extension as MCP adoption grows.
Operating System
MacOS
Version Information
Version: 3.0.4 (Universal)
VSCode Version: 1.105.1
Commit: 63715ffc1807793ce209e935e5c3ab9b79fddc80
Date: 2026-04-02T09:36:23.265Z
Layout: editor
Build Type: Stable
Release Track: Default
Electron: 39.8.1
Chromium: 142.0.7444.265
Node.js: 22.22.1
V8: 14.2.231.22-electron.0
OS: Darwin arm64 25.2.0
Additional Information
This disproportionately affects teams using agent mode for multi-file implementation and teams with MCP integrations (Jira, database, cloud APIs). As agent mode becomes the primary workflow, rules scoped only to editor state become increasingly unreliable.
Our team converted all 6 glob-scoped rules (~395 lines) to alwaysApply pointer rules with on-demand reference file reads as a workaround, resulting in ~414 lines of always-loaded context. The ai_access file trigger alone would let us cut that significantly while making rules more reliable during autonomous work.
Does this stop you from using Cursor
No - Cursor works, but with this issue