You gave Cursor a clear instruction: do not modify files in src/auth/ . Cursor opened src/auth/session.ts and rewrote the token refresh logic. No error. No warning. It simply decided that instruction did not apply to this particular edit. This is the most common source of broken Cursor Agent runs — and it is not a bug. It is by design. Why .cursorrules Has No Scope .cursorrules is a single global file. Every instruction in it applies to the entire project. When you write a rule like "do not touch the auth module", Cursor reads that as a preference, not a boundary. The model interprets it contextually. If the current task seems related to auth, the model may proceed anyway because it is trying to be helpful. There is no file-level or folder-level enforcement. The rule does not know what src/auth/ is. What Actually Works: Scoped .mdc Rules The proper system for scoped rules is .cursor/rules/*.mdc . Each file can be scoped with globs frontmatter.…