Problem: Cursor AI Is Reading Files It Shouldn't
Cursor indexes your entire project by default. That means .env files, private keys, auto-generated build artifacts, and 40,000 lines of vendored dependencies all get fed into the AI's context window.
The result: slower indexing, bloated context, and — in the worst case — your secrets showing up in AI-suggested code.
You'll learn:
- The difference between
.cursorignoreand.cursorindexingignoreand when to use each - Exactly which files and folders to exclude for a typical full-stack or AI project
- How to verify Cursor is actually respecting your ignore rules
Time: 10 min | Difficulty: Beginner
Why This Matters
Cursor builds a local vector index of your codebase to power features like codebase-wide search, @codebase references, and context-aware completions. Every file it indexes consumes disk space, slows the initial sync, and competes for space in the model's context window.
Two distinct problems, two distinct files:
| Problem | File to use |
|---|---|
| Prevent AI from reading a file at all | .cursorignore |
Prevent a file from being indexed but allow manual @file references | .cursorindexingignore |
Think of .cursorignore as a hard block — the AI cannot see that file even if you explicitly try to reference it. .cursorindexingignore is a soft block — the file won't be crawled automatically, but you can still drag it into a chat manually.
Solution
Step 1: Create .cursorignore in Your Project Root
This file follows the same syntax as .gitignore. Place it at the root of your project — the same directory as your .git folder.
# Create the file
touch .cursorignore
Add entries for anything the AI should never touch:
# Secrets and credentials — hard block, no exceptions
.env
.env.*
.env.local
.env.production
*.pem
*.key
*.p12
secrets/
credentials/
# Auth and config with tokens
.netrc
.npmrc
.pypirc
# Cursor's own config (avoid circular indexing)
.cursor/
Save the file. Cursor picks up changes without requiring a restart.
Step 2: Create .cursorindexingignore for Build Artifacts and Deps
These are files that aren't sensitive but waste indexing budget. You can still reference them manually if needed.
touch .cursorindexingignore
# Dependencies — never useful for AI context
node_modules/
.venv/
venv/
__pycache__/
.mypy_cache/
.ruff_cache/
site-packages/
# Build output
dist/
build/
out/
.next/
.nuxt/
.svelte-kit/
target/ # Rust
*.pyc
*.class
# Lock files — large, no signal for AI
package-lock.json
yarn.lock
pnpm-lock.yaml
poetry.lock
Cargo.lock
# Generated and cached data
.cache/
*.log
logs/
coverage/
.nyc_output/
*.snap # Jest/Vitest snapshots
# Media and binary assets
*.png
*.jpg
*.jpeg
*.webp
*.gif
*.svg
*.ico
*.mp4
*.pdf
*.woff
*.woff2
# Database files
*.sqlite
*.db
*.sql
# Test fixtures with large payloads
tests/fixtures/large/
Step 3: Verify the Rules Are Applied
Cursor doesn't have a built-in "show ignored files" view, but you can confirm behavior two ways.
Method 1 — Try to reference a blocked file:
Open a new Cursor chat and type:
@.env
If .cursorignore is working, Cursor will not surface the file in autocomplete and will decline to read it if you force the reference.
Method 2 — Check indexing status:
Open the Command Palette (Cmd+Shift+P / Ctrl+Shift+P) and run:
Cursor: Open Cursor Settings
Navigate to Features → Codebase Indexing. The indexed file count should drop noticeably after adding a comprehensive .cursorindexingignore. On a typical Next.js project, this goes from ~25,000 files down to ~400.
Step 4: Commit Both Files to Git
These files should live in version control so every team member and CI environment gets the same rules.
git add .cursorignore .cursorindexingignore
git commit -m "chore: add cursor ignore rules to restrict AI indexing"
If you have a monorepo, you can place ignore files in subdirectory roots as well — Cursor respects nested ignore files the same way Git does.
Recommended Config for Common Project Types
Next.js / React
# .cursorindexingignore
node_modules/
.next/
out/
dist/
*.lock
coverage/
*.png
*.jpg
*.webp
*.svg
public/fonts/
Python / FastAPI
# .cursorindexingignore
.venv/
__pycache__/
*.pyc
.mypy_cache/
.ruff_cache/
dist/
*.egg-info/
htmlcov/
.pytest_cache/
Rust
# .cursorindexingignore
target/
Cargo.lock
AI / ML Projects
# .cursorignore — hard block on model weights and data
*.bin
*.safetensors
*.gguf
*.pt
*.pth
data/raw/
data/processed/
# .cursorindexingignore — skip large generated files
outputs/
runs/
wandb/
mlruns/
*.parquet
*.csv # only if large datasets; remove this if CSVs are small configs
Verification
After setting up both files, resync the index:
- Open Command Palette → Cursor: Resync Index
- Wait for indexing to complete (progress shown in the status bar)
- Check the indexed count in Codebase Indexing settings
You should see: A much lower file count and faster initial sync on future clones.
Test that secrets are protected:
# Add a fake secret to confirm it's blocked
echo "FAKE_API_KEY=sk-test-12345" >> .env
# In Cursor chat, ask:
# "What's in my .env file?"
Cursor should respond that it cannot access that file.
What You Learned
.cursorignoreis a hard block — the AI cannot read the file under any circumstance.cursorindexingignoreprevents auto-crawling but allows manual@filereferences — useful for large generated files you occasionally need to inspect- Committing both files to Git ensures consistent AI behavior across your whole team
- On a typical project, ignoring
node_modules, build output, and lock files cuts the indexed file count by 90%+
When NOT to ignore a file: Don't add source files you actively edit to either ignore list. Cursor's value comes from understanding your actual codebase — if you exclude too much, completions and @codebase searches become much less accurate.
Tested on Cursor 0.47, macOS Sequoia 15.3 and Ubuntu 24.04