Scoped .mdc Cursor Rules Shown to Produce Review-Ready Code Over Vague Prompts

·1 views

A developer writing for DEV Community argues that most AI coding rules fail because they are too vague to change model behavior in practice. The author found that rewriting Cursor rules to be specific, enforceable, and contextually scoped led to code that passed review on the first attempt. Cursor now uses .mdc files stored in .cursor/rules/ instead of a single .cursorrules file, allowing rules to load only when relevant via frontmatter fields like alwaysApply and globs. For example, React and TypeScript conventions can be scoped to .tsx and .ts files so they never interfere with backend or script contexts. The core insight is that concrete, checkable instructions such as 'validate all external input at the boundary' produce actionable output, while aspirational phrases like 'write clean code' do not.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

AOTrust Uses x402 and NEAR Blockchain to Notarize AI Agent Outputs for $0.01

A new notarization service called AOTrust allows developers to cryptographically prove that an AI agent produced a specific output at a given point in time. The system works by hashing the agent's artifact and submitting it to an API that charges a flat fee of $0.01 in USDC via the x402 payment protocol on Base Layer 2. No account, API key, or signup is required — payment is handled inline through an HTTP 402 response cycle using EIP-3009 authorization. The service returns a 239-byte Provenance Data Record (PDR) signed with Ed25519, which is then anchored to the NEAR blockchain via a Merkle root for tamper-evident timestamping. The entire notarization process completes in two to five seconds, and the PDR can be verified independently without making any additional API calls.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

AI Coding Agents Create New Supply Chain Attack Surface, Researchers Warn

Security researchers have demonstrated that malicious code hidden in GitHub repositories can evade static scanners, human reviewers, and AI coding agents, activating only during routine project setup. The threat exploits a fundamental design trait of agentic tools: their ability to autonomously clone repositories and execute code without explicit human approval at each step. Unlike traditional supply chain attacks that required a developer to overlook something suspicious, this vector simply relies on the agent performing its intended function. The core concern is not that AI is being manipulated or jailbroken, but that automated pipelines are being granted unconditional trust without adequate sandboxing or permission controls. Security experts urge teams to treat any automated pipeline that clones and executes external code with the same scrutiny applied to arbitrary code execution.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Docker Networking Explained: Bridge Networks, Host Mode, and Leaner Images

Docker assigns each container an IP address at creation, and by default uses a bridge network to enable host-to-container and container-to-container communication via port mapping. Unlike the default bridge network, a custom bridge network supports DNS-based name resolution, allowing containers to communicate using their names rather than IP addresses, which is better suited for production environments. Host network mode lets a container share the host's network stack directly without port mapping, though this is only fully supported on Linux. Port mapping with the -p flag remains the standard method for exposing containerized applications to the host machine. Multi-stage Docker builds help reduce final image size by copying only the necessary runtime artifacts, resulting in faster downloads, less storage use, and quicker container startup times.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Docker ARG, .dockerignore, and Volumes Explained for Developers

Docker's ARG directive allows developers to define build-time variables inside a Dockerfile that can be overridden during the image build using the --build-arg flag, but cannot be modified at container runtime. A .dockerignore file lets developers exclude unnecessary files and directories from the build context, reducing build size and improving speed. By default, data written inside a container is stored in a temporary writable layer and is lost when the container is deleted. Docker volumes solve this by persisting data independently of the container lifecycle, with two main types: bind mounts, which map a specific host directory to a container directory, and named volumes, which are fully managed by Docker and stored in a dedicated location on the host. Both volume types allow multiple containers to share data, and the stored data remains intact even after the associated container is removed.

0 comments Read more at DEV Community