Skip to content
Book demo
Back to Learn

The Repo With 142k Stars Collecting Every AI Coding Tool's System Prompt

Jul 7, 2026
Ani Galstian
Ani Galstian
The Repo With 142k Stars Collecting Every AI Coding Tool's System Prompt

Three things worth knowing

  • The x1xhlol/system-prompts-and-models-of-ai-tools repo has 142k stars and 34.8k forks, cataloging leaked and published system prompts for more than 25 AI products, including Cursor, Windsurf, Devin, Claude Code, and Augment Code.
  • It's a reference library of production prompt patterns that shipped to millions of users, covering tool definitions, model pairings, and multiple prompt variants per tool.
  • The repo doubles as a security reminder: if your product's system prompt can be extracted and published here, it can also be used as a target for prompt injection and extraction attacks.

Most AI coding tools tell you what they can do. Very few tell you how they're actually instructed to do it. System prompts are the operating instructions behind agentic behavior: they define when a tool reads files, runs commands, edits code, or asks for confirmation before acting.

One repo has been collecting prompts for many of the tools your team is probably already using, and 142k developers have starred it.

The x1xhlol/system-prompts-and-models-of-ai-tools GitHub repository showing 142k stars, 34.8k forks, and 29 contributors, with the Cursor, Windsurf, and Devin AI directories visible.

What Happened

The x1xhlol/system-prompts-and-models-of-ai-tools repository, maintained by Lucas Valbuena (x1xhlol), collects system prompts, internal tool definitions, and model configurations for more than 25 AI products. The current directory covers Augment Code, Claude Code, Cluely, CodeBuddy, Comet Assistant, Cursor, Devin AI, Junie, Kiro, Leap.new, Manus, NotionAI, Orchids.app, Perplexity, Replit, Same.dev, Trae, Traycer AI, VSCode Agent, Warp.dev, Windsurf, Xcode, Z.ai Code, Dia, and v0.

It ships under a GPL-3.0 license and sits at 142k stars, 34.8k forks, and 29 contributors, with the most recent commit landing July 7, 2026. The repo is actively maintained, with recent additions including a Claude Fable 5 system prompt (June 2026) and Cursor's Agent Prompt 2.0 (November 2025).

Key Features

  • Full system prompts, not summaries: The Cursor folder includes the complete Agent Prompt 2.0 text. Cluely ships an Enterprise Prompt. Devin AI includes a separate DeepWiki prompt that covers how it reasons about repository documentation.
  • Tool definitions in JSON: Augment Code ships a gpt-5-tools.json file. Windsurf includes Tools Wave 11 definitions. These show the actual tool shapes agents are given, not just their prose instructions.
  • Model pairings where known: The Amp entry lists prompts for both Sonnet and GPT-5, which tells you something about which models each product is evaluating or shipping on.
  • Multiple variants per tool: Devin AI, Cursor, and others include more than one prompt file, covering different modes or product surfaces. That lets you compare how the same tool behaves differently across contexts.
  • Active additions: Claude Fable 5 landed last month. The README notes the latest update of 10/05/2026.

Why It Matters

System prompts define how agentic tools actually behave, not how their marketing describes them. Reading a tool's prompt tells you why Cursor handles file edits differently than Windsurf, or why Devin runs multi-step tasks with less confirmation than Claude Code. That's not something you can fully infer from behavior alone.

For prompt engineers, this is a reference library of patterns that shipped to millions of users and survived real-world usage. You can see how top tools structure tool-calling instructions, guardrails, and file-editing rules, which beats guessing from observed behavior.

The repo also includes a "Security Notice for AI Startups" pointing to ZeroLeaks, a service for identifying prompt injection and extraction risks. That section isn't incidental: if your product's system prompt ended up here, it can be studied for injection vectors just as easily as it can be studied for design patterns. The existence of this repo is itself a reason to audit your own prompt's attack surface.

Example Use Case

Say you're building an internal coding agent on top of Claude with a TypeScript backend. You want it to edit files safely and avoid destructive terminal commands without requiring a confirmation step on every action.

Instead of writing your tool-calling instructions from scratch, you open Cursor's Agent Prompt 2.0.txt and the VSCode Agent folder to see how each frames file edits and command execution. You note how they phrase "ask before running" rules and how they define the shape of an edit tool. You adapt those patterns into your own system prompt, then compare against Windsurf's Tools Wave 11 to see how a competing tool structures the same operations. The result is a prompt grounded in production examples rather than first principles and trial and error.

Competitive Context

The tools cataloged here fall into a few distinct camps. Cursor and Windsurf are IDE-centric agents that edit code within an editor context. Comparing their prompts reveals different philosophies on autonomy: Cursor's Agent Prompt 2.0 and Windsurf's tool wave definitions sit side by side in the repo for exactly that kind of direct comparison.

Open source
augmentcode/auggie250
Star on GitHub

Devin and Claude Code sit further toward full autonomy. Devin's DeepWiki prompt shows how it reasons over repository documentation during multi-step tasks. Claude Code operates from the terminal with direct access to files and Git.

Augment Code appears in the repo with its gpt-5-tools.json exposed, placing it alongside the others as a tool whose internal tool structure is now public. No individual vendor offers a side-by-side view of how competitors instruct their agents. This repo provides aggregation.

One thing to keep in mind: prompts here come from various dates. Cursor's Agent Prompt 2.0 is from November 2025. Treat every entry as a snapshot, not a current production version.

My Take

142k stars for what is essentially a public archive tells you how much demand there is to understand what's actually happening inside these tools, not just what their docs claim.

The dual utility is what makes it worth bookmarking: it's a design reference for anyone building agentic tools, and a security checklist for anyone who doesn't want their own tool showing up here next. Whether that combination is a feature or a cautionary tale probably depends on which side of the repo you're on.

[ Free report ]

The Agentic SDLC

How teams like Stripe, Ramp, and Uber move from solo coding agents to a coordinated, team-level system.

The Agentic SDLC report cover

Written by

Ani Galstian

Ani Galstian

Technical Writer

Ani writes about enterprise-scale AI coding tool evaluation, agentic development security, and the operational patterns that make AI agents reliable in production. His guides cover topics like AGENTS.md context files, spec-as-source-of-truth workflows, and how engineering teams should assess AI coding tools across dimensions like auditability and security compliance

Get Started

Give your codebase the agents it deserves

Install Augment to get started. Works with codebases of any size, from side projects to enterprise monorepos.