Open a project in Claude Code, Cursor, or Copilot and type your first prompt.
Before your request even reaches the model, the tool may already have loaded CLAUDE.md, AGENTS.md, .cursorrules, Copilot instructions, imported rule files, and scattered project notes.
So before you tell the agent what to do, the repository has already told it how to behave. That's usually fine. It's how these tools are meant to work.
...but it also makes the instruction layer easy to set and forget. That invisible context can run to thousands of tokens, and none of it shows up in the message you just typed.
So when an agent ignores a rule, the obvious conclusion is that the model failed. But what if the rule is buried under a few thousand tokens of instructions? Or the same policy lives in three files for three different tools, and the copies no longer agree?
I wanted to know how large that invisible layer had become in real projects. So I scanned 100 popular open-source repositories.
72 had AI instruction files. The median adopter carried 2,269 tokens of always-loaded instructions across the AI tools configured in the repository. One carried more than 29,000.
But the most interesting number wasn't the largest file. Of the 54 repos with multiple instruction files, 28 had rules duplicated across files.
The invisible prompt wasn't just growing. It was forking.
The layer we rarely diff
AI instruction files are behavioral configuration. They change how an agent writes code, runs tests, structures commits, and names files. They live in Git, but we rarely give them the same discipline as the code around them. No size budget, no review that treats a rule change as a behavior change, no check that the copies agree.
They grow a section at a time. Rules get copied between tools. Old guidance outlives the project decision that motivated it. And that costs you twice:
- Context. Always-loaded instructions occupy part of the effective context before your task, your code, or your error output even arrives.
- Attention. The one rule that matters has to compete with a few thousand tokens of other instructions and boilerplate.
And the whole thing is invisible. Most people have never seen their config layer as a single number.
What 100 real repos look like
I ran a linter over the AI configuration of 100 well-known open-source projects. It's a hand-picked list, deliberately skewed toward AI-native tooling (SDKs, agents, frameworks). Read this as "what popular, AI-forward projects look like," not a random sample of GitHub. The list is public if you want to reproduce it.
A few things stood out:
- Nearly three-quarters ship AI instruction files. 72% had at least one. In this AI-forward sample, that makes instruction files common rather than exceptional, and over half (54%) carried more than one.
- The median adopter carried 2,269 tokens of always-loaded instructions across the AI tools configured in the repository.
-
The heavy adopters carried a lot. Counting only always-loaded content (the rules set to load automatically, with path-scoped and on-demand files excluded),
clinetops the sample at 29,197 tokens across 19 detected instruction files.coderreaches 23,870 with 7 detected instruction files plus imports, andbuncarries 9,084, almost all of it in a singleCLAUDE.md. That's an order of magnitude past the median. -
Half carried config for two or more tools side by side:
CLAUDE.md,AGENTS.md, and Cursor rules in the same tree. Among the 54 repos with multiple instruction files, 28 had rules duplicated across files.
What the numbers do (and don't) mean
The footprint counts only always-loaded rules. I excluded files a tool attaches only for certain paths or pulls in on demand. That's why microsoft/vscode, with 34 instruction files, contributes only ~2,600 always-on tokens rather than the ~30,000 you'd get by adding every file it ships.
The combined footprint also sums the configurations for the different AI tools detected in the repository. Claude Code loads Claude's applicable instructions, Cursor loads Cursor's. The total shows how much always-on AI policy the repository is maintaining across its tools, not what one assistant necessarily reads in a single request.
Multiple instruction files are not automatically a problem, but they create opportunities for the same guidance to be copied between tools. A real example: documenso keeps a block of coding rules in both .cursorrules and AGENTS.md: four exact duplicates and two near-matches. One identical rule in both files says: "never use 1 line if statements." Today that's harmless. But the policy now has two sources of truth. The day someone refines the rule in one file and forgets the other, the copies can diverge without anyone noticing. Multiply that across a 250-line file maintained in parallel for three tools, and drift stops being hypothetical.
I also excluded MCP overhead because the meaningful context cost comes from runtime tool schemas, not the static config file itself.
What I built
I turned the linter into a small VS Code extension, ContextGuard, that gives this layer the visibility we already expect from code:
- A status-bar counter for your combined instruction footprint (the always-loaded tokens summed across your tools), with an estimated monthly cost on hover.
- A preview of the detected instruction context, in load order, with imports expanded, always-loaded rules separated from scoped/on-demand ones, and secrets redacted.
-
Warnings for oversized files, repeated rules within a file, broken
@importreferences, and secret-like values that need review.
A per-assistant view, showing what each tool actually loads in a single request, is on the roadmap.
It's free, local-first, and deterministic. Every finding is tied to a file and line, there are no AI calls, and nothing leaves your machine. No telemetry.
Sometimes the model really does ignore a perfectly clear instruction. But sometimes we've handed it a few thousand tokens of accumulated policy, copied the important rule into three places, and then expected it to know which sentence mattered most.
If instruction files can change an agent's behavior, they are part of the software. I think we should start treating them that way: review them, keep an eye on their size, and avoid maintaining three slightly different copies of the same rule.
Before blaming the agent, inspect the prompt you didn't type.
โ ContextGuard on the VS Code Marketplace ยท the repo list I scanned
How many AI instruction files are sitting in your main repo, and when did anyone last review them together?





Top comments (0)