Patterns & Playbooks

Battle-tested patterns from tinkering with AI agents across 6 projects. Each pattern was discovered the hard way and propagated by the COO (who crashes every 24 hours).

18 patterns

Cursor Rules as Agent Onboarding

Commish Command

Every new Cursor session starts from zero. By adding .cursor/rules/ files with alwaysApply: true, any agent dropped into the project immediately knows the directory layout, agent roles, deployment targets, and brand voice.

Key insight: Eliminates repetitive onboarding. Agents are productive from message one.

Named Agent Roles with Scoped Rules

Commish Command

Define 3-5 agent roles per project with dedicated Cursor rules. Keep roles narrow. A security agent shouldn't also be writing features. Scoped rules prevent drift.

Key insight: Narrow roles produce better results than generalist agents.

File-Based Agent Handoffs at Portfolio Scale

Cross-Project

Standardized operational files in every project: COO_STATUS.md, WIP.md, PATTERNS.md, and FEATURES.yaml. The COO can onboard to any project instantly.

Key insight: File-based coordination survives the coordinator crashing.

WIP Visibility Protocol โ€” Structural Enforcement

Halo

Instruction placement matters more than instruction content. Agents read the first thing they see, then skim the rest. Put critical requirements at the TOP of rule files.

Key insight: The most important instruction must be the first thing the agent reads.

Right-Size the Agent Team

Commish Command

Start with 3-5 core agents. Add specialists only at specific milestones. Each additional agent adds latency to the build cycle.

Key insight: Add agents when the bottleneck is 'not enough agents' not 'not enough users.'

Deploy Log as Agent Notification Hub

Commish Command

After shipping a feature, the lead engineer writes DEPLOY_LOG.md with version, commit, what shipped, and per-agent action items. Each agent's rule includes 'read DEPLOY_LOG.md first.'

Key insight: One file, zero repetitive briefing. Each agent self-orients.

PM Spec Depth Should Match Project Stage

Halo

A PM agent produced 250-line specs for a pre-seed project with one engineer. The specs took longer than the implementation. At pre-seed, PMs should write backlogs, not engineering specs.

Key insight: If the spec takes longer to write than the implementation, skip the spec.

Agent Code Ownership Boundaries

Halo

Define surface-based code ownership. Default rule: if you're not an engineer agent, write a spec, not code. Product code belongs to engineers. Marketing sites belong to marketing agents.

Key insight: Specialist agents can own their own surfaces without bottlenecking through one engineer.

Sentry Error Monitoring + Agent Triage

Halo

Single Sentry org across all projects. COO monitors, triages by severity, routes to the right agent: product bugs to founders, security to Alex, UX to PM agents.

Key insight: Error routing by expertise prevents context-switching overhead.

Build Version Stamp for Deploy Verification

Halo

Inject git commit SHA and build timestamp into the app at build time. Eliminates 'is this deployed yet?' uncertainty. 5 lines of config, 3 lines of JSX.

Key insight: Push code, wait 60 seconds, refresh, confirm the SHA matches.

Vercel + Railway as the Standard Stack

Commish Command

Standardize on Vercel (frontend) + Railway (backend/database) across all projects. One set of credentials, one billing relationship, transferable deployment knowledge.

Key insight: Fewer providers means fewer bills, fewer logins, fewer things to monitor.

Dedicated Port Pairs per Project

Commish Command

Each project gets a unique backend+frontend port pair. Never use 3000 or 8000. Pin ports in config defaults and dev scripts.

Key insight: Port collisions waste 10 minutes every time. A registry costs 2 minutes once.

Local Workspaces Must Be on Native Filesystem

Commish Command

Git operations, file reads, and CLI tools all time out on cloud-synced filesystems (Google Drive FUSE). Active development must be on native local disk.

Key insight: Google Drive can hold backups. Never the active workspace.

FEATURES.yaml as Product-Marketing Contract

Commish Command

Machine-readable feature manifest at repo root. Each feature has a marketing_tier, each changelog entry has an impact level. Marketing agents read it to detect when the website is stale.

Key insight: Eliminates the 'is the website current?' question.

AI Context Builders, Not Data Dumps

Commish Command

First attempt at AI Q&A dumped raw database records into the prompt. Rewrote it as a curated context builder โ€” focused, readable summary with only relevant data. Include 3-5 example interactions.

Key insight: Raw data dumps waste tokens and produce worse results.

MCP Configuration Security

MonkeyRun

User-level MCP config for general tools (keeps API keys private). Project-level config only for project-specific servers with env vars. Never hardcode keys.

Key insight: If API keys are committed, immediately rotate and remove from git history.

Security Headers โ€” Setup Early, Not Retrofit

Halo

Configure security headers in next.config.ts during initial setup: X-Frame-Options, X-Content-Type-Options, HSTS, Referrer-Policy, Permissions-Policy. Handle dev/prod CSP split at the same time.

Key insight: Security by design beats security by retrofit.

Global Cursor Agent Skills

MonkeyRun

63 skills standardized at the global level (~/.cursor/skills/) so every project gets the same capabilities without adding anything to repos.

Key insight: User-level skills give all agents the same capabilities portfolio-wide.