Why your Cursor rules are being silently ignored (and how to fix it)

The most frustrating thing about Cursor rules

You write a rule. You are confident it is correct. You open a chat. The AI ignores it completely and generates the exact pattern you told it not to.

No error. No warning. Just silence.

This happens to almost every developer who adopts .mdc rules, and it almost always comes down to four root causes.

Cause 1: Malformed YAML frontmatter (the silent killer)

This is the number 1 reason rules are ignored. If your frontmatter has any syntax error, Cursor silently skips the file. No warning, no log, nothing.

Wrong patterns that silently fail:

---
description: My rule
alwaysApply: true

Missing the closing ---. Rule is never loaded.

---
description: My rule
globs: src/**/*.ts
---

Glob must be an array. Rule is never loaded.

---
description: My rule
alwaysApply: True
---

YAML is case-sensitive. True is not true. Rule is never loaded.

Correct format:

---
description: What this rule prevents
globs: ["src/**/*.ts", "src/**/*.tsx"]
alwaysApply: false
---

Debug step: Open Cursor Settings and navigate to Rules. You should see your rule listed there. If it is missing, your frontmatter is broken.

Cause 2: You are using the old single-file format

The .cursorrules single file at the project root still works, but it conflicts unpredictably with the newer .cursor/rules/ directory format. If you have both, behavior is undefined.

Migrate fully to .cursor/rules/:

.cursor/
  rules/
    supabase-auth.mdc
    nextjs15-params.mdc
    project-context.mdc

Delete your old .cursorrules file entirely.

Cause 3: Too many rules with alwaysApply: true

Rules with alwaysApply: true load into every session and consume context window tokens whether the task needs them or not.

If you have 10+ rules all set to alwaysApply: true, you are burning a large portion of the context window before the conversation even starts. The model satisfies all of them simultaneously and produces average output that partially violates most of them.

The fix: only 1-2 rules should have alwaysApply: true. Everything else should be glob-targeted.

A well-structured system:

project-context.mdc      alwaysApply: true  (project identity only -- keep it tiny)
supabase-auth.mdc        globs: ["**/lib/supabase/**"]
nextjs15-params.mdc      globs: ["**/app/**/*.tsx"]
stripe-payments.mdc      globs: ["**/api/webhooks/**"]

Now only the relevant rules load for each file. Context is clean. Compliance improves.

Cause 4: Negative instructions vs. positive instructions

LLMs are trained to predict the next token. Negative instructions require the model to first imagine the bad pattern and then suppress it. This is harder than positive instructions.

Weak: "Never use getSession() on the server"

Strong: "Always use supabase.auth.getUser() for server-side auth. getUser() is the only method that verifies the JWT with the auth server."

For security-critical rules, use both: tell the model what to do AND explicitly ban the alternative.

Cause 5: The session is too long

LLMs lose track of early context in long chat sessions. A rule loaded at the start may be effectively forgotten after 10-15 turns.

Two fixes:

1. Start fresh sessions for new tasks. Do not continue a 20-turn session for a new feature.

2. Add rules as explicit references in your prompt: "Implement this following the auth patterns in supabase-auth-security.mdc."

The debugging checklist

When a rule is being ignored, run through this in order:

• Is the file in .cursor/rules/ (not .cursorrules)?
• Does the frontmatter have both opening and closing ---?
• Are glob patterns wrapped in an array ["..."]?
• Is alwaysApply lowercase true or false?
• Does the rule appear in Cursor Settings > Rules?
• Is the rule file under 150 lines?
• Is the rule phrased positively?
• Is this a fresh session?

What the Claude Code leak teaches us

The leaked Claude Code source code (March 31) revealed something relevant: even Anthropic's own production agent treats constraints as hints, not truth by default. It actively re-reads source files before acting because it knows its own memory is unreliable.

The lesson: rule enforcement is not a passive property of having a rule file. It requires the rule to be correctly formatted, the task to be scoped small enough that the rule stays in context, and explicit invocation for critical operations.

That is the same principle behind structuring rules as small, focused, glob-targeted files instead of one giant instruction document.

Next in this series: how to structure more than 20 rules without causing constraint drift.