AGENTS.md Rules for a Next.js SaaS App
A drop-in AGENTS.md that keeps AI coding agents on-stack and on-convention in a Next.js SaaS codebase.
CursorClaude CodeCodex Next.jsTypeScriptTailwind
Drop this in your repo root as AGENTS.md. Most agents (Codex, Cursor, Claude
Code) read it automatically and treat it as project rules.
AGENTS.md
# Project Rules
## Stack- Next.js (App Router) + TypeScript (strict).- Tailwind CSS v4. No CSS-in-JS.- PostgreSQL via the existing db client in `src/lib/db.ts`.
## Hard rules- Never add a dependency without listing it and why first.- Server Components by default. Only add `"use client"` when you need state, effects, or browser APIs — and keep those components small.- All env vars go through `src/lib/env.ts` (zod-validated). Never read `process.env` directly in app code.- Never put secrets or server-only code in a Client Component.
## Conventions- Co-locate route code under `app/`. Shared logic lives in `src/lib/`.- Use the existing UI primitives in `src/components/ui/` before adding new ones.- Write the diff and wait for approval before editing more than 3 files.
## Definition of done- `bun run typecheck` and `bun run lint` pass.- No new `any`. No unused exports.Why these rules
- “Server Components by default” is the single biggest quality lever in App Router projects — see the related failure pattern on server-in-client code.
- Centralised env validation stops the most common class of AI mistakes:
silently reading an undefined
process.envvalue.
Good fit
- Mid-size Next.js SaaS apps with an established convention set.
Not a fit
- Greenfield prototypes where you want the agent to move fast and loose.