Skip to content

devopscaptain/cursor-files

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.cursor
.cursor
 
 
docs
docs
 
 
.DS_Store
.DS_Store
 
 
README.md
README.md
 
 

Repository files navigation

Cursor Agent Config — Platform & DevOps Engineers

Companion repository for the blog series "Cursor Agent for Platform & DevOps Engineers". Contains the .cursor/ configuration files that wire Cursor's AI agent to live infrastructure systems via the Model Context Protocol (MCP).

Blog series: Part 1 · Part 2

What's Inside

cursor-files/
├── README.md                                      # This file — setup and usage guide
├── .cursor/
│   ├── mcp.json                                   # MCP server connections (GitHub, Kubernetes, Terraform, AWS)
│   └── rules                                      # Standing agent instructions and platform standards
└── docs/
    └── agent/
        ├── INFRA_OVERVIEW.md                      # Infrastructure context document for the agent
        └── tasks/
            ├── new-service-onboarding.md          # Scaffold Terraform, Kubernetes, and CI/CD for a new service
            ├── environment-drift-check.md          # Audit staging vs prod across Terraform, k8s, and GitHub
            ├── harden-deployments.md              # Apply security context defaults to all Deployments
            └── rotate-credentials.md              # Find and replace hardcoded credentials org-wide

File Descriptions

File Purpose
.cursor/mcp.json Wires Cursor to four MCP servers — commit this to share the setup with your whole team
.cursor/rules Standing instructions: naming conventions, security standards, Terraform constraints, CI/CD rules, and MCP read-only boundaries
docs/agent/INFRA_OVERVIEW.md Teaches the agent your repo layout, environment topology, module conventions, and known gotchas
docs/agent/tasks/new-service-onboarding.md Full pre-flight + scaffolding playbook for onboarding a new service end-to-end
docs/agent/tasks/environment-drift-check.md Read-only audit that compares staging vs prod and produces a labelled drift report
docs/agent/tasks/harden-deployments.md Audits Deployments for missing security context fields, applies defaults, flags exceptions
docs/agent/tasks/rotate-credentials.md Org-wide credential audit, replacement, and zero-residual verification before revocation

Prerequisites

Tool Version Purpose
Cursor 0.40+ AI editor with MCP support
Docker 27+ Runs the GitHub MCP server
Node.js 18+ Required by npx (Kubernetes MCP server)
uv / uvx latest Runs Terraform and AWS Cost MCP servers
kubectl 1.28+ Kubernetes CLI, must be configured with cluster access
terraform 1.6+ Terraform CLI (used by MCP server for plan reads)
AWS CLI 2.x AWS credentials and profile configuration

Accounts & Access

  • GitHub Personal Access Token (PAT) with scopes: repo, read:org, read:user
  • AWS IAM profile with read-only permissions: ReadOnlyAccess or a custom policy covering Cost Explorer, EC2, S3, RDS
  • kubeconfig pointing to your target cluster(s) with at least view ClusterRole

Setup

1. Clone the repository

git clone https://github.com/ashishkasaudhan/cursor-files.git
cd cursor-files

2. Set environment variables

Add the following to your shell profile (~/.zshrc or ~/.bashrc):

export GITHUB_PAT="ghp_your_token_here"
export AWS_READONLY_PROFILE="readonly"          # profile name in ~/.aws/credentials
export AWS_REGION="us-east-1"
export TERRAFORM_WORKSPACE_DIR="/path/to/your/terraform/repo"

Reload your shell:

source ~/.zshrc

3. Install MCP server dependencies

GitHub MCP server (Docker image):

docker pull ghcr.io/github/github-mcp-server

Kubernetes MCP server (npx, no install needed — runs on first use):

npx -y @modelcontextprotocol/server-kubernetes --version

Terraform + AWS Cost MCP servers (uvx):

# Install uv if not already installed
curl -LsSf https://astral.sh/uv/install.sh | sh

# Verify uvx works
uvx mcp-server-terraform --version
uvx awslabs.cost-analysis-mcp-server --version

4. Verify kubectl access

kubectl get nodes
kubectl get namespaces

5. Open the repository in Cursor

cursor .

Cursor automatically detects .cursor/mcp.json and loads all four MCP servers on startup. You should see the MCP tools listed in the agent panel.

Usage

Starting the agent

Open Cursor's agent panel (Cmd+L on Mac, Ctrl+L on Windows/Linux), switch to Agent mode, and start with a task prompt. The agent will autonomously select which MCP tools to invoke.

Using the Task Library

The docs/agent/tasks/ directory contains reusable task prompts. To run one, tell the agent:

Run the <task-file-name> task for <scope>.
Example: Run the environment-drift-check task scoped to team payments.
Example: Run the new-service-onboarding task for service order-processor owned by team payments.
Example: Run the harden-deployments task for namespace data-prod.
Example: Run the rotate-credentials task for AWS access key AKIAIOSFODNN7EXAMPLE.

The agent reads the task file, follows the steps autonomously, and asks for confirmation at any decision point before making changes.

Ad-hoc example prompts

Incident investigation

We have pod restarts in the payments-prod namespace since ~14:00 UTC.
Correlate recent GitHub merges, Kubernetes events, and any Terraform changes
in the last 4 hours and give me a probable root cause with a timeline.

Pre-change safety check

I'm about to modify the aws-rds-postgres Terraform module.
Check for any open PRs touching the same module, current resource counts
in staging and prod, and flag any conflicts I should know about.

Release readiness gate

We're targeting a prod release for the v2.4.0 milestone.
Verify all milestone PRs are merged, staging deployments are healthy,
no pods are in a restart loop, and the Terraform plan is clean.

AWS cost anomaly

Identify any AWS service cost increases greater than 20% week-over-week,
list orphaned resources with zero utilization, and rank the top 5
savings opportunities.

Dependency audit

We're deprecating the base image "platform/ubuntu-base:20.04".
Search all repositories for references, identify running pods using it,
and flag any open PRs that add new references before we proceed.

MCP Tools — Read-Only Boundary

All MCP servers are configured with read-only credentials. The agent can observe infrastructure state but cannot mutate it. Write operations must flow through existing pipelines:

Change type Pipeline
Infrastructure Terraform CI/CD
Kubernetes workloads ArgoCD GitOps
Code changes GitHub Pull Requests

Sharing with Your Team

Commit .cursor/mcp.json and .cursor/rules to your infrastructure repository. Every team member who opens the repo in Cursor gets the same MCP servers and agent behavior automatically — no per-person setup beyond credentials.

Troubleshooting

MCP server not loading

  • Run docker ps to confirm Docker is running (required for GitHub server)
  • Check that environment variables are exported in the shell that launches Cursor
  • Restart Cursor after changing mcp.json

GitHub MCP returns no results

  • Verify your PAT has repo and read:org scopes
  • Confirm the token is not expired: curl -H "Authorization: token $GITHUB_PAT" https://api.github.com/user

Kubernetes MCP returns no clusters

  • Run kubectl config current-context to confirm a context is active
  • Ensure KUBECONFIG points to a valid config file if using a non-default path

AWS Cost MCP returns empty data

  • Cost Explorer data has a 24-hour lag; same-day changes won't appear
  • Confirm the IAM profile has ce:GetCostAndUsage permission

License

MIT

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors