Anand Chowdhary
/notes/2025

AGENTS.md standard

August 22, 2025
468 words
Reply on X
View on GitHub

We finally have a standard! Repos declare agent intent: drop an AGENTS.md at the root and pair it with MCP. That turns prompt glue into config and policy you can move across IDEs and runtimes. Less guesswork. More contracts.

On the ground, Jules looks for AGENTS.md at repo root to steer setup, tests, and PR manners. Amp reads AGENTS.md with overrides up the tree, even at ~/.config/AGENTS.md, so you get one source of truth instead of five files that nobody reads.

Cursor still ships its own .cursor rules and the old .cursorrules but works with this new spec. In parallel, MCP is the tool bridge that clients and servers speak across desktops, IDEs, and even the OS. Net result: instructions live in the repo and capabilities come through MCP, not hidden per tool prompts.

What is actually new: We now have explicit, versioned agent policy next to code. An agent can derive build, test, and PR workflows from the repo, which makes runs reproducible and reviews predictable.

What is incremental: We already had CLAUDE.md and Cursor rules. This mostly standardizes naming and scoping. I like that my team can pin policy in Git instead of pastebin prompts.

Trade offs still exist: Free text Markdown has no schema and weak validation. Treat it as untrusted or you will get burned in supply chains. Monorepos need clear precedence. Naming is split too. Jules and Codex lean to AGENTS.md. Amp popularized AGENT.md. Cursor remains rule file native. A lightweight community spec is forming, but it is early.

Zooming out, AGENTS.md gives you behavior and MCP gives you IO. Add hosted context services and you can get the same agent run on a laptop and in CI. I want that. My laptop lies less when the repo carries its own policy.

This is the shift from prompt craft to agent ops. Signed configs, capability registries, and audit trails become day one concerns. Expect tighter PR templates enforced by agents, less benchmark drift when repos ship their own protocol, and fewer per tool adapters as teams expose context over MCP.

Next up?

  1. One filename and clear precedence in monorepos and vendored trees.
  2. A small machine-readable core for commands, tests, and linters without losing Markdown ergonomics.
  3. Security model. Treat AGENTS.md as untrusted input. Scope capabilities, use MCP allow lists, and sign configs.
  4. Interop. How does AGENTS.md plus MCP play with portable agent state like .af and IDE native rules.

Where should we set the minimum core? Who owns precedence in multi-repo setups? Do we need a signing story in the spec or in tooling?

My take: Start small. Add AGENTS.md to one repo, wire a single MCP server, and measure drift across laptop and CI. If the results match, keep going. If not, write it down. That is the contract.