Ship AI Prompt Files for Cursor, Claude Code, Copilot
Compare CLAUDE.md, Cursor rules, Copilot instructions, and Windsurf rules. What goes in each prompt file for API consumers. By RoxyAPI.
TL;DR
- An AI prompt file is a project-root markdown file that teaches an AI coding tool how to use your API. Cursor, Claude Code, GitHub Copilot, and Windsurf each read a different file.
- Same job, four conventions:
CLAUDE.md,.cursor/rules/*.md,.github/copilot-instructions.md,.windsurf/rules/*.md. - For an API consumer, ship one prompt file per tool the team uses. Inside each: base URL, auth header, env var name, key boundary, schema source, gotchas.
- Drop in the astrology API and the AI tool writes the integration.
API providers shipping a developer kit in 2026 have a new artifact to maintain. Alongside the OpenAPI spec, the SDK, and the docs site, an AI coding tool now expects a project-root markdown file that explains the API in plain prose. Cursor reads .cursor/rules/. Claude Code reads CLAUDE.md. GitHub Copilot reads .github/copilot-instructions.md. Windsurf reads .windsurf/rules/. Same job, four conventions, and each one loads the file with different scoping and byte budgets. This guide compares the four formats, shows what an API consumer should put in each, and ends with a copy-paste pack for RoxyAPI.
What is an AI prompt file and why ship one for an API
An AI prompt file is a project-scoped markdown document that an AI coding tool loads automatically and treats as part of its system prompt. The file teaches the tool the rules of the codebase: which API to call, how to authenticate, what fields exist, and what mistakes to avoid. Without one, the AI hallucinates field names, leaks the API key into client code, and ignores the SDK.
Shipping a starter prompt file with an API is the same playbook other infrastructure providers use. Supabase publishes ai-prompts files at supabase.com/docs/guides/getting-started/ai-prompts. Stripe publishes its own. The pattern is consistent: copy-paste-ready text, one file per tool, server-side key boundary stated up front. For an API consumer, the prompt file is the difference between an AI that ships a working integration in one shot and an AI that needs three corrections before the auth header is right.
How CLAUDE.md, Cursor rules, Copilot instructions, and Windsurf rules differ
The four conventions agree on intent but disagree on file location, format, and load behaviour. CLAUDE.md sits in project root and Claude Code reads it on every session. Cursor stores rules in .cursor/rules/*.md and supports per-glob scoping so a TypeScript rule loads only on .ts files. GitHub Copilot reads .github/copilot-instructions.md repo-wide on every completion. Windsurf reads .windsurf/rules/*.md with the same per-file scoping pattern as Cursor.
| File | Tool | Location | Scoping | Auto-loads |
|---|---|---|---|---|
CLAUDE.md | Claude Code | Project root | Project-wide | Every session |
.cursor/rules/*.md | Cursor | .cursor/rules/ | Per-glob | When matching files open |
.github/copilot-instructions.md | GitHub Copilot | .github/ | Repo-wide | Every completion |
.windsurf/rules/*.md | Windsurf | .windsurf/rules/ | Per-glob | When matching files open |
The practical result: Cursor and Windsurf reward small focused rule files. Claude Code and Copilot reward one comprehensive file. An API provider shipping all four hands the same content in two layouts.
Ready to ship a working AI integration? Astrology API plus the prompt files below means a Cursor or Claude Code agent writes the integration in 30 minutes. See pricing.
What an API consumer should put in each prompt file
The prompt file is short by design. Five sections cover 90 percent of what an AI coding tool needs to ship a correct integration on the first try.
- Base URL. The canonical HTTPS host and version path.
https://roxyapi.com/api/v2. - Auth header and env var. Exact header name and the env var the agent should read.
X-API-Keyfromprocess.env.ROXY_API_KEY. - Key boundary. One sentence stating that the key never reaches client code. AI tools default to embedding keys in components without this rule.
- Schema source. Pointer to the OpenAPI spec or
llms.txtso the AI generates types instead of guessing field names.https://roxyapi.com/llms.txtfor endpoint discovery,https://roxyapi.com/api/v2/openapi.jsonfor type generation. - Gotcha list. Three to five known traps. Timezone format, decimal vs IANA offset, language query parameter, error response shape.
Never include the API key value in any prompt file. AI tools commit prompt files to git, paste them into shared sessions, and echo them in logs. Document the env-var name; never the key itself.
How to scope rules to the files that need them
Cursor and Windsurf load each rule file inside .cursor/rules/ or .windsurf/rules/ based on frontmatter that scopes it to a glob. A roxyapi-typescript.md rule with globs: ["**/*.ts", "**/*.tsx"] loads only when a TypeScript file is open. A roxyapi-python.md rule with globs: ["**/*.py"] loads only on Python files. The agent stays sharp because the system prompt does not balloon with rules that do not apply.
| Need | Cursor rule | Windsurf rule | CLAUDE.md | Copilot |
|---|---|---|---|---|
| TypeScript-only guidance | globs: ["**/*.ts"] | globs: ["**/*.ts"] | One file, all guidance | One file, all guidance |
| Python-only guidance | globs: ["**/*.py"] | globs: ["**/*.py"] | Same file | Same file |
| Cross-language | alwaysApply: true | alwaysApply: true | Default | Default |
Claude Code and Copilot do not glob-scope, so an API consumer puts language-agnostic guidance in CLAUDE.md and .github/copilot-instructions.md. If the project uses both Cursor and Claude Code, ship both layouts.
A copy-paste-ready RoxyAPI prompt-file pack
These are the actual files RoxyAPI customers paste into projects. Drop them in, change nothing, and the AI tool generates a working integration on the next prompt.
## RoxyAPI
- Base URL: https://roxyapi.com/api/v2
- Auth: X-API-Key header from env ROXY_API_KEY
- Endpoint reference: https://roxyapi.com/llms.txt
- SDK: npm install @roxyapi/sdk (TypeScript) or pip install roxy-sdk (Python)
Rules:
- Never expose ROXY_API_KEY in client-side code. Calls go through a server route or server action.
- Generate types from the OpenAPI spec. Never guess field names.
- Errors return { error, code }. No success wrapper.
- Timezone is decimal hours (5.5) or IANA (Asia/Kolkata). Prefer IANA for DST correctness.
- Multi-language: add ?lang=xx (supported: en, tr, de, es, hi, pt, fr, ru).---
description: RoxyAPI integration rules
globs: ["**/*.ts", "**/*.tsx", "**/*.js", "**/*.py"]
alwaysApply: false
---
When using RoxyAPI:
- Base URL: https://roxyapi.com/api/v2
- Auth: X-API-Key header from env ROXY_API_KEY (server-side only)
- Generate types: npx openapi-typescript https://roxyapi.com/api/v2/openapi.json
- SDK: npm install @roxyapi/sdk (TypeScript) or pip install roxy-sdk (Python)
- Errors: { error, code }
- Multi-language: ?lang=xx (en, tr, de, es, hi, pt, fr, ru)
Never put the API key in client components or commit it to the repo.# RoxyAPI integration
When working with RoxyAPI in this repo:
- Base URL: https://roxyapi.com/api/v2
- Auth: X-API-Key header, read from env ROXY_API_KEY
- Endpoint reference: https://roxyapi.com/llms.txt
- SDK: npm install @roxyapi/sdk (TypeScript) or pip install roxy-sdk (Python)
- Server-side only. Never expose the key to the browser.
- Errors return { error, code }, not a success wrapper.
- Multi-language: append ?lang=xx (en, tr, de, es, hi, pt, fr, ru).---
trigger: glob
globs: ["**/*.ts", "**/*.tsx", "**/*.js", "**/*.py"]
---
RoxyAPI usage:
- Base URL: https://roxyapi.com/api/v2
- Auth: X-API-Key header from ROXY_API_KEY (server-side only)
- llms.txt for endpoint discovery, OpenAPI spec for type generation
- Errors: { error, code }
- Multi-language: ?lang=xxThe same content, four layouts. RoxyAPI also ships an AGENTS.md file in the npm SDK and a public copy at https://roxyapi.com/AGENTS.md so an AI coding tool that reads AGENTS.md (Cursor, Codex, Aider, Windsurf) gets the same guidance with nothing else installed.
FAQ
Is CLAUDE.md the same as AGENTS.md?
Same idea, different reader sets. Both are project-root markdown files that an AI coding tool loads at the start of a session. CLAUDE.md is Anthropic-specific and read by Claude Code. AGENTS.md is the open cross-vendor standard governed by the Agentic AI Foundation, read by 18+ tools including OpenAI Codex, Cursor, Windsurf, Continue, Amp, Warp, and Goose. The common workaround for projects that need both is to write AGENTS.md and symlink CLAUDE.md to it.
Do AI prompt files affect SEO or AI search citation?
Indirectly. A high-quality prompt file means more developers ship working integrations, which means more code on GitHub that names the API and the canonical paths. That feeds the AI training corpus and crawler indexing. Direct citation runs through llms.txt and the documentation site.
How big should a prompt file be?
Under 200 lines. AI tools include the file in every system prompt, and long files crowd out the user message and the codebase context the tool needs to do its job. RoxyAPI keeps the canonical CLAUDE.md snippet under 10 lines and the AGENTS.md playbook around 120.
What if the team uses Cursor and Claude Code together?
Ship both layouts. The two files duplicate maybe 80 percent of the content but each tool reads its own conventions. A monorepo with .cursor/rules/roxyapi.md and CLAUDE.md covers both audiences without conflict.
Where does the API key go in a prompt file?
Nowhere. The prompt file documents the env-var name (ROXY_API_KEY) and states that the value lives in the host environment. AI tools commit prompt files to git and echo them in logs, so the key value never appears in the file itself.
Conclusion
Ship the four prompt files alongside the OpenAPI spec and the SDK. The Cursor integration guide and the Claude Code integration guide walk the per-tool setup, and the full app-build prompt library lives at /docs/prompts.