Cursor Rules Template: Multi-Agent Customer Support with Cursor AI

Overview

Summary: This Cursor Rules Template configures a multi-agent customer support workflow for Cursor AI on a Python FastAPI stack with PostgreSQL, Redis, and OpenAI capabilities. It provides a clear orchestration between a TicketTriageAgent, KnowledgeRetrieverAgent, EscalationAgent, and QAReviewAgent. The goal is reliable ticket triage, accurate knowledge retrieval, safe escalation, and QA oversight with auditable outputs.

The Cursor rules configuration is designed to be copy-pasteable into a project root as a .cursorrules file. It defines roles, data contracts, and guardrails so the AI behaves predictably in production.

When to Use These Cursor Rules

• When building a customer support system that coordinates multiple agent roles (triage, retrieval, escalation, QA).
• When you need reproducible outputs with structured JSON and traceable decisions for every ticket.
• When using a Python FastAPI stack with PostgreSQL for ticket data and knowledge_base, plus Redis queues for asynchronous tasks.
• When you require strict security, auditing, and safe AI behaviors to avoid hallucinations and data leakage.
• When you want CI/CD-friendly testing and linting workflows with pytest and pre-commit tooling.

Copyable .cursorrules Configuration

framework: python-fastapi
context: |
  You are the orchestrator for a multi-agent customer support system using Cursor AI.
  You coordinate four agents: TicketTriageAgent, KnowledgeRetrieverAgent, EscalationAgent, and QAReviewAgent.
  You must produce structured outputs for downstream systems and respect security, data privacy, and auditability.

roles:
  - name: TicketTriageAgent
    goals:
      - Assess incoming tickets for intent and urgency
      - Classify topic (billing, tech support, account)
      - Route to knowledge base or escalate to human
  - name: KnowledgeRetrieverAgent
    goals:
      - Query PostgreSQL knowledge_base with semantic search
      - Return ranked articles with sources and confidence
      - Respect access control and content freshness
  - name: EscalationAgent
    goals:
      - Determine when to escalate to human agents
      - Queue tickets with priority and SLAs
      - Notify appropriate humans and logs
  - name: QAReviewAgent
    goals:
      - Review outputs for quality and accuracy
      - Flag hallucinations and propose corrections
      - Log QA findings for CI/CD

style:
  - language: python
  - standard: PEP8
  - docstrings: required
  - typing: strict

architecture:
  - root: /app
  - modules:
      - agents/
      - pipelines/
      - models/
      - routes/
      - config/
  - dependencies:
      - fastapi
      - sqlalchemy
      - asyncpg
      - pydantic

security:
  - authentication: OAuth2 with JWT
  - encryption: TLS in transit, at-rest encryption for DB
  - secrets: use environment variables and secret manager
  - auditing: enable request/response logging with redaction

database_orm:
  - orm: SQLAlchemy
  - db: PostgreSQL
  - knowledgeStore: PostgreSQL

testing:
  - unitTests: pytest
  - integrationTests: pytest-asyncio
  - linting: pre-commit, flake8, isort
  - ci: github-actions

antiPatterns:
  - Do not expose admin endpoints to public networks
  - Do not log secrets or tokens
  - Do not perform unbounded recursive calls
  - Do not bypass authentication checks
  - Do not mix business logic with API controller code

Recommended Project Structure

project/
├── app/
│   ├── agents/
│   │   ├── ticket_triage.py
│   │   ├── knowledge_retriever.py
│   │   ├── escalation.py
│   │   └── qa_review.py
│   ├── models/
│   │   ├── ticket.py
│   │   ├── knowledge_base.py
│   │   ├── user.py
│   │   └── agent_log.py
│   ├── pipelines/
│   │   ├── triage_pipeline.py
│   │   ├── retrieval_pipeline.py
│   │   └── escalation_pipeline.py
│   ├── api/
│   │   ├── main.py
│   │   └── routes/
│   │       └── tickets.py
│   ├── config/
│   │   └── settings.py
│   └── tests/
│       ├── test_ticket.py
│       └── test_qa.py
├── docker-compose.yml
└── requirements.txt

Core Engineering Principles

• Single-responsibility agents with clear interfaces
• Idempotent task processing and deterministic output contracts
• Explicit data contracts for messages, tickets, and knowledge responses
• End-to-end observability: traces, logs, metrics for each ticket
• Security by design: least privilege, audit trails, and secret management
• Testable: unit, integration, and end-to-end tests before deployment
• Config-driven behavior with safe defaults and predictable overrides
• Fail-fast and safe fallback paths for partial failures

Code Construction Rules

• Use Python 3.11+ with FastAPI as the web layer and SQLAlchemy for ORM
• Define Pydantic models for all inputs/outputs and enforce strict typing
• All AI prompts should be assembled from small, tested templates and versioned
• Keep knowledge_base interactions read-only for non-admin agents unless explicitly allowed
• Avoid global mutable state; use dependency injection and scoped sessions
• Do not perform raw SQL strings with user input; use parameterized queries
• All code paths must be asynchronous where IO-bound and supported by a task queue
• Document APIs and agent contracts with in-code docstrings and comments
• Do not bypass authentication for any route that touches tickets or knowledge

Security and Production Rules

• Enforce OAuth2 with short-lived JWTs for all agent requests
• Encrypt data at rest and in transit; rotate DB credentials regularly
• Audit all ticket decisions and knowledge fetches with immutable logs
• Implement RBAC: agents have scoped permissions; humans have broader access
• Validate inputs strictly; sanitize outputs from LLMs before storage or display
• Rate-limit external calls and monitor for abuse patterns
• Use feature flags to disable experimental behaviors in prod

Testing Checklist

• Unit tests for each agent function and data model
• Integration tests for ticket flow across triage, retrieval, escalation, and QA
• End-to-end tests simulating real tickets and KB lookups
• Static analysis: type checks, lint, and import sorting
• CI/CD: run tests, lint, and security checks on PR
• QA review of AI outputs in a staging environment

Common Mistakes to Avoid

• Overloading a single agent with too many responsibilities
• Hard-coding prompts or secrets in code or policies
• Unbounded retries or looped prompts causing runaway costs
• Skipping authentication for endpoints touching tickets and knowledge
• Ignoring data privacy when logging or auditing AI outputs

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

• SOC Alert Triage Cursor Rules Template
• Cursor Rules Template: GitHub PR Analysis, Security Checks, Test Suggestions, and Summary Comments
• Cursor Rules Template: Property Management SaaS Stack
• Cursor Rules Template: SOC 2 Cybersecurity Compliance Dashboard (FastAPI + PostgreSQL)

FAQ

What is a Cursor Rules Template for a multi-agent customer support system?

A Cursor Rules Template defines a structured, copyable set of Cursor AI instructions to coordinate multiple agents—here TicketTriageAgent, KnowledgeRetrieverAgent, EscalationAgent, and QAReviewAgent—for ticket triage, knowledge retrieval, escalation, and QA review within a Python/FastAPI stack.

Which stack targets this template?

This template targets a Python FastAPI stack with PostgreSQL for data storage, Redis for task queuing, and OpenAI-based Cursor AI prompts to orchestrate agents with clear data contracts and security guardrails.

How do I integrate knowledge retrieval into the pipeline?