Skip to main content

AI Coding Agents

AI coding agents operate autonomously — reading files, running commands, and making multi-file changes. Because they take more independent action than chat-based assistants, embedding security prompts into their configuration is especially important.

Claude Code

Claude Code is Anthropic's CLI-based coding agent. It reads project instructions from CLAUDE.md files at multiple levels.

Setup with CLAUDE.md

Create a CLAUDE.md file in your project root and paste the security prompt:

# In your project root
cat > CLAUDE.md << 'EOF'
# Security Instructions

[Paste the full Manicode security prompt here]
EOF

Claude Code loads CLAUDE.md automatically when it starts a session in that directory.

Instruction Hierarchy

Claude Code supports CLAUDE.md at multiple levels, loaded in order:

File locationScope
~/.claude/CLAUDE.mdGlobal — applies to all projects for this user
CLAUDE.md (project root)Project — applies to all sessions in this repo
CLAUDE.md (subdirectory)Directory — applies when working in that subtree

For security prompts, the project root is the best location. This ensures the prompt applies to every coding session without polluting global configuration.

Tips

  • Claude Code's CLAUDE.md supports Markdown — you can organize the prompt with headers for readability
  • The agent reads the full file on every session start, so updates take effect immediately
  • Combine with a .claude/settings.json to set additional project-level constraints

OpenAI Codex

Codex is OpenAI's cloud-based coding agent. It reads project instructions from a AGENTS.md file and supports system prompt configuration.

Setup with AGENTS.md

Create an AGENTS.md file in your project root:

cat > AGENTS.md << 'EOF'
# Security Instructions

[Paste the full Manicode security prompt here]
EOF

Codex reads AGENTS.md when it starts a task in your repository.

Setup via System Prompt

You can also set a system prompt when launching Codex tasks through the API or CLI:

codex --system-prompt "$(cat path/to/security-prompt.md)" "Implement the login endpoint"

Tips

  • Codex operates in a sandboxed cloud environment — the AGENTS.md file must be committed to the repository
  • For teams, commit the file so every developer gets the same security baseline
  • Codex supports multiple AGENTS.md files in subdirectories for scoped instructions

Cursor Agent Mode

Cursor has an Agent mode that can make multi-file changes autonomously.

Setup with Project Rules

  1. Create a .cursor/rules/ directory in your project root
  2. Add a rule file (e.g., .cursor/rules/security.mdc):
---
description: Security rules for all code generation
globs: *
alwaysApply: true
---

[Paste the full Manicode security prompt here]

Tips

  • Rules with alwaysApply: true are included in every Agent interaction
  • Use globs to scope rules to specific file types (e.g., *.py for Python-only rules)
  • Cursor Agent reads rules before executing multi-step plans, so security guidance influences the entire workflow

Aider

Aider is an open-source AI pair programming tool that works from the terminal.

Setup with Configuration

Create a .aider.conf.yml file in your project root:

read:
  - path/to/security-prompt.md

Or pass the prompt at launch:

aider --read path/to/security-prompt.md

Setup with Convention Files

Aider also reads CONVENTIONS.md automatically if present in the project root:

cp path/to/security-prompt.md CONVENTIONS.md

Tips

  • The --read flag loads files as read-only context, which is ideal for security prompts
  • Aider supports multiple --read files, so you can layer a framework prompt with a validation prompt
  • Works with Claude, GPT, Gemini, and other model backends

Windsurf (Cascade)

Windsurf is an AI-powered IDE with an agentic coding mode called Cascade.

Setup with Rules

Create a .windsurfrules file in your project root:

cat > .windsurfrules << 'EOF'
[Paste the full Manicode security prompt here]
EOF

Cascade reads this file automatically for every interaction in the project.

Tips

  • The .windsurfrules file is loaded as persistent context for all Cascade operations
  • Commit the file to version control so the team shares the same security baseline
  • Windsurf also supports global rules in its settings for cross-project security defaults

Amazon Q Developer CLI

Amazon Q Developer has a CLI agent mode that supports project-level instructions.

Setup

Create a .amazonq/rules/ directory in your project root and add a rule file:

.amazonq/rules/security.md

Paste the full Manicode security prompt into this file. Amazon Q Developer reads all files in the rules/ directory as persistent context.

General Pattern for Coding Agents

Most AI coding agents follow one of two patterns:

PatternExamplesHow to configure
Markdown file in repoClaude Code (CLAUDE.md), Codex (AGENTS.md), Aider (CONVENTIONS.md), Windsurf (.windsurfrules)Create the file with the prompt content
Rules directoryCursor (.cursor/rules/), Amazon Q (.amazonq/rules/)Add a rule file in the directory

In either case:

  1. Paste the full security prompt into the designated file
  2. Commit the file to version control
  3. The agent reads it automatically on every session
  4. Updates take effect on the next session start