A GitHub repo exposes the system prompts of 28 AI coding tools: why developers are reading the source code of their assistants

I keep watching developers evaluate AI coding tools the wrong way. They read the marketing page, watch the demo, try the free tier for ten minutes, and pick one. What they almost never do is read the actual system prompt, even though that's the document that defines how the agent behaves.

A single repo on GitHub has made that easier. The star count says a lot of developers have figured this out.

What Happened

x1xhlol/system-prompts-and-models-of-ai-tools hit 138K stars and 34.4K forks with 28 contributors. The most recent README update landed two days ago. The latest content update was the v0 prompt refresh on May 10, 2026.

What I'd flag from the repo state:

• The directory list reads like a competitive map of the AI coding tool market: Cursor, Windsurf, Devin AI, Augment Code, Claude Code (under Anthropic), Replit, v0, Lovable, Trae, Junie, Kiro, Qoder, Same.dev, Leap.new, Warp.dev, VSCode Agent, Xcode, Comet Assistant, Manus, and Cluely. Open Source prompts get their own folder.
• The Cursor directory contains both the original Agent Prompt and Agent Prompt 2.0, dated November 2025. That gives you version history, not just a snapshot.
• Windsurf ships its Tools Wave 11 file as actual JSON tool definitions. The schemas are the real documentation.
• The Anthropic directory has a Claude Sonnet 4.6.txt file. Even Anthropic's prompts aren't exempt.
• The repo is GPL-3.0 licensed. That matters: anything derived from these prompts inherits the same license terms.

Key Features

• Full prompt text for 28 named tools: every major AI coding assistant has its system prompt sitting in a plain text file. The comparison is one diff command away.
• Tool definitions alongside prompts: several tools (Windsurf, Leap.new, Augment Code, Emergent, Traycer AI, v0) include the JSON tool schemas. That's how you understand what an agent can and can't do at the API level.
• Version history for major tools: Cursor has Agent Prompt and Agent Prompt 2.0. Windsurf has Tools Wave 11. v0 has frequent updates. You can read how these prompts have evolved over time.
• Open Source prompts directory: prompts from open-source projects collected alongside the commercial ones. Useful when you want to compare a paid tool to a community alternative.
• GPL-3.0 license: the licensing choice is the practical detail most people miss. If you're building on top of any of this, the license inherits.
• Active maintenance: the v0 directory got refreshed two weeks ago. This is not a snapshot from a year ago that has gone stale.

Why It Matters

A few patterns I'm seeing more broadly line up with this:

• System prompts are becoming the real product spec. Marketing pages describe what a tool wants to do. The system prompt describes what it actually does. Developers who care about behavior have started reading prompts before they read docs.
• Prompt extraction is now an assumed capability. The repo's maintainer flags it directly: exposed prompts and models become targets. If you're shipping an AI product, your prompt is attack surface, full stop.
• The tool definition format is the real moat. Most tools have similar-sounding prompts. The JSON tool schemas (Windsurf's Wave 11, Augment Code's gpt-5-tools.json) reveal which file operations, search strategies, and recovery paths each agent actually has. That's where the real product differences live.

For teams choosing between AI coding tools, reading the prompts is the highest-signal evaluation you can do without paying for licenses.

Example Use Case

A team is migrating from Windsurf to Cursor and wants to know whether their workflow patterns will survive the switch.

They open Cursor Prompts/Agent Prompt 2.0.txt next to Windsurf/Tools Wave 11.txt. The Cursor file tells them how the agent is instructed to handle multi-file edits and what it's told to prioritize. The Windsurf JSON specifies the exact tool schemas, the parameter names, and the operations the agent has access to.

In under an hour, the team has a clear picture of which behaviors will translate, which ones won't, and which workflows they'll need to rebuild. No trial signup, no demo session, no sales call.

This is the workflow I'd demo to any tech lead doing AI tool evaluation. The prompts are the spec.

Competitive Context

A few things stand out when you look at how tools show up in this repo:

• Cursor and Windsurf have the most detailed footprints: Multiple prompt versions and full tool schemas make these the tools developers compare line by line.
• Devin AI's DeepWiki prompt is the interesting one: Devin ships a separate prompt for its DeepWiki feature. That tells you Devin treats different agent modes as fully separate prompts, not one big system prompt with conditional logic.
• The smaller tools matter for evaluation breadth: Kiro, Trae, CodeBuddy, and Qoder all appear with full prompts. If you're exploring beyond the top three names, this is the only place where you can compare them all without signing up for each one.
• The Anthropic and Augment Code entries are worth a closer read: Both ship configuration files alongside the prompt text. That hints at how each company structures the agent versus the model.

The presence (or absence) of frequent updates is its own signal. v0 gets refreshed often. Some tools haven't seen a prompt update in months. That tells you something about how active each team is on the agent layer specifically.

My Take

What I keep coming back to: the existence of this repo at 138K stars is the real story. Developers have collectively decided that prompts are public information, that AI tools should be evaluated by reading their actual instructions, and that the marketing layer is now optional.

If you're building an AI coding tool, your prompt is going to leak. That's not a hypothetical. The interesting question is what you do about it. There are two paths: invest heavily in prompt obfuscation and hope you stay ahead, or accept that the prompt is the user-facing artifact and write it as documentation people will read.

I'm curious which way the next generation of tools goes. If a major vendor voluntarily publishes its system prompt, it changes the overall market posture. If vendors keep treating prompts as trade secrets, repos like this one will keep doing the publishing for them.