YouTube Deep SummaryYouTube Deep Summary

Star Extract content that makes a tangible impact on your life

Video thumbnail

The $10B System Prompts Behind Cursor AI and Others Just Leaked…

AI LABS • 2025-04-29 • 6:54 minutes • YouTube

🤖 AI-Generated Summary:

Inside the AI Coding Agents Leak: What We Learned About Windsurf, Cursor, Manis, and More

Recently, a surprising leak revealed the system prompts, models, and tools behind several popular AI coding platforms, including Cursor, Windsurf, Replet, Manis, as well as some open-source tools like Bolt and Rue Code. These leaks provide unprecedented insight into how these AI agents operate under the hood, shedding light on differences in capabilities, design philosophies, and technical implementations. Here’s a deep dive into some of the most interesting findings and what they mean for developers and AI enthusiasts alike.

Windsurf vs Cursor: The Ultimate Showdown

One of the most hotly debated questions in AI coding assistance has been which tool is better: Windsurf or Cursor? Thanks to the leaked system prompts, we now have a clear answer — Windsurf’s AI agent, Cascade, is the superior platform by a significant margin.

Why Windsurf’s Cascade Outshines Cursor:

  • Richer Toolset: Cascade comes packed with built-in apps that keep you inside the IDE, unlike Cursor, which forces you to leave the environment frequently. For example, Cascade’s live browser preview lets you see your front-end code running directly within Windsurf, speeding up development dramatically.

  • One-Click Deployment: Windsurf partners with Netlify for seamless deployment, allowing developers to push their projects live with a single click.

  • Advanced Project Navigation: Cascade features superior search methods and an enhanced file system browser, making it easier to find and manage your code compared to Cursor.

  • Persistent Memory: Unlike Cursor, which resets memory every time you reopen a project, Cascade remembers user preferences, code snippets, API keys, and milestones. Its memory CRUD system and automatic retrieval based on semantic matching mean you can pick up exactly where you left off—even after a week-long break.

  • Asynchronous Orchestration: Cascade multitasks by running commands in the background while editing code, whereas Cursor follows a synchronous, step-by-step approach. This allows for more efficient workflows and faster iteration.

These features combined make Windsurf’s Cascade a powerhouse for AI-assisted coding, providing a more integrated, efficient, and intelligent development experience.

Manis: The Virtual Engineer with Sandbox Control

Another fascinating revelation came from the Manis AI agent’s leaked prompts. Manis operates in a fully sandboxed Ubuntu environment with pseudo-root rights, giving it significant autonomy and control over its workspace. It can install packages, run servers, expose ports to the internet, and even deploy static sites or Next.js applications.

Key Highlights of Manis:

  • Six-Layer Agent Loop Architecture: Manis processes user commands through a cycle of analyzing, tool selection, observation, planning, and execution, all while updating its internal knowledge base.

  • Native Browser Interaction: It doesn’t rely on traditional automation tools like Selenium. Instead, it interacts with browsers as a human would—clicking, typing, scrolling, and executing JavaScript natively.

  • Modular Design: This helps reduce hallucinations (AI errors) and improves reliability.

  • Built-In Prompting Guide and Guardrails: Manis can self-correct or ask for user input if stuck, and it is restricted to operate only inside its sandbox without accessing external accounts.

Manis essentially acts as a fully-fledged virtual engineer capable of handling complex development tasks end-to-end.

Replet: Front-End Focus with Specialized Tools

The leak also shed light on Replet, which has strict limitations such as forbidding Docker or external virtual environments. Instead, it uses a proprietary “ripple” environment to maintain tighter control.

Noteworthy Features of Replet:

  • 17 Specialized Tools: Including a VNC window application feedback tool for testing GUI applications in a virtual desktop environment.

  • Autoconfigured Workflows: Automatically prompts users for API keys or other inputs to prevent errors from propagating.

  • Exceptional Front-End Development: Particularly after integrating with Shad CN UI, Replet excels at building front ends with fewer errors thanks to its built-in feedback loops that verify code correctness after each iteration.

  • Database Safety Nets: Built-in restrictions protect your data by ensuring safe database interactions.

Replet’s approach makes it a strong choice for front-end development with robust error prevention mechanisms.

Exploring Open-Source Tools: Bolt and Rue Code

The leaks also included open-source AI coding tools like Bolt and Rue Code. While the repositories are large and complex, there’s an efficient technique to understand them: convert the repo or relevant folders into LLM-readable text. This method structures the code and prompts in a way that large language models can easily digest, enabling you to query and comprehend the inner workings without manually sifting through thousands of files.

For example, extracting just the “cursor” folder and feeding it to an LLM like ChatGPT (even the free tier) can yield valuable insights, thanks to a manageable token count (~7,000 tokens).

Final Thoughts

This leak has provided a rare glimpse into the inner mechanisms of some of the most advanced AI coding assistants available today. From Windsurf’s powerful multitasking and persistent memory, to Manis’ virtual engineer sandbox, and Replet’s specialized front-end tools, each platform brings unique strengths to the table.

For developers and AI enthusiasts, these insights help clarify which tools might best fit their workflows and needs. Moreover, the ability to leverage LLMs to explore open-source agents further democratizes access to cutting-edge AI development technology.

If you’re interested in AI-assisted coding, now is a great time to explore these platforms, armed with new understanding from the leaked system prompts.

Enjoyed this deep dive? Stay tuned for more updates and analyses on AI development tools. And if you found this valuable, consider subscribing and supporting the continued exploration of AI technologies.

Note: This blog post is based on leaked information and should be treated as an unofficial analysis.

📝 Transcript (193 entries):

Something crazy just happened. Someone leaked the system prompts models and tools of a lot of different AI platforms. Cursor, Windsurf, Replet, Manis, even Lovable and Devon. There is some really surprising information about how these tools actually work. Along with them, some open- source tools like Bolt and Rue Code were also leaked. Their system prompts were revealed too, and these prompts are what tell the AI agents how to function. I went through most of the leaked system prompts and found some pretty amazing things. That is what I am going to share with you in this video. This is going to be a pretty interesting video because of the leaks and the information we have gotten from them. The first thing I want to tell you is that many people still do not know which tool is better, Cursor or Windsurf. After reading the system prompts, we finally have an answer. The clear winner is Windsurf. Here are the clear reasons why Windsour's Cascade outperforms Cursor. The first reason is that it has a richer tool set with a lot of built-in apps, while Cursor only offers basic apps that force you to leave the IDE again and again. Cascade offers some crazy tools. One of them is live browser preview, which means whatever you build that needs to run on a browser runs directly inside Windsurf. You can reference things directly in there, which makes coding front-end apps much faster. Another feature they introduced is one-click deployment where they have partnered with Netleifi to make deployment really fast. They also have advanced project navigation with better search methods that cursor lacks. Their file system browser is also far better than cursor. All of these tools create a richer tool set that makes Windinsurf much better to work with. Cascade also has persistent memory which means it remembers what you told it while cursor resets memory every time you open a project. Cascade has memory crud. It can create memory and store things like user preferences, code snippets, API keys, and project milestones, which helps you track your project's progress. It also has automatic retrieval, so when Cascade restarts, it brings back relevant memories based on semantic matches. You keep working in the same way even after long breaks. Even if you return to your project after a week, Cascade will remember. Cursor lacks all of these features. Another reason why Cascade is better is because of asynchronous orchestration in the way it handles tasks. Cascade can run commands while it is writing code and editing files. Cursor follows a synchronous process. It edits something, runs tests, waits, and edits again step by step. Cascade handles everything in the background. It also checks the status of running processes automatically while cursor does not even support background tasks. You can multitask with Cascade which you cannot do with cursor. This was all extracted from the leaked system prompts so it is authentic information. Cascade definitely outperforms cursor by a solid margin. We also have some takeaways from the leaked manis agent prompt. The first is that it offers full sandbox control. Manis boots up a real Ubuntu environment with pseudo rights. It can install different packages like Python or Node packages, spin up its own servers, and even expose its ports to the internet. When we watch Manis code or perform tasks, we are seeing a full virtual engineer that has its own space and can do anything within it. Manis runs on a six layer agent loop architecture. First, the user sends a message. Manis analyzes the message, selects the tools needed to perform actions, observes the result, plans again, and picks another tool if needed. All of this happens while its internal knowledge is being updated. This structure allows Manis to function like a real world human engineer. Manis treats the browser as a first class tool. It does not use Selenium to automate tasks. Instead, it has native functions for clicking, typing, scrolling, and even executing JavaScript code. It interacts with the browser the same way a human would. Manis is also modular, which helps reduce hallucinations and makes its results more reliable. In the leaked files, there was a deploy and exposed port feature. This means Manis can push static sites or even Nex.js apps live. It can also clone Git repositories and install dependencies, making it a true all-in-one automation engineer. Manis has a built-in prompting guide as well. If it gets stuck at any point, it either asks for input from the user or reprompts itself automatically. Guardrails are also set in the system prompts, making sure that it only works inside its sandbox and does not use any external accounts. I will not be able to cover everything here. But if you want to explore other tools like the open-source ones, there is an easy way. You do not need to manually read everything yourself. For example, if you want to look at Bolt, you do not have to go through all the files by hand. It is actually quite hard to read all of it. What you can do is convert the whole repo or part of it into LLM readable text. This means the LLM will understand it better because the information is structured properly. I would not recommend doing this with the entire repo because it is quite large and has a lot of tokens. Instead, if you want to give just the cursor folder to an LLM to question and understand the agent prompt, you can replace the hub in the GitHub link. It is a pretty amazing trick. It converts whatever you give it into LLM readable text. You can then copy it and you will also get the directory structure. Although you may not need it here, you can paste that text into any LLM you want. In this case, the estimated token count is around 7,000, which is not a lot. Even the free version of Chat GPT should be able to answer questions by looking at it. Before ending the video, I want to talk about some interesting things I found about Replet from reading their leaked system prompts. Replet is explicitly forbidden from using Docker or any kind of external virtual environment. It uses its own environment and creates a ripple which allows it to have more control over the development environment. The agent has 17 specialized tools, one of which is the VNC window application feedback tool. This means it can test GUI apps inside a VNC window. There are other tools as well like spinning up a Postgress database. Replet also has autoconfigured workflows. For example, if any application needs an API key, it automatically asks you. It prevents errors from progressing further. I noticed that Replet has gotten really good at building front ends, especially after its integration with Shad Cn UI. A big reason it excels at this is the built-in feedback loop. After it iterates something, it must verify that there are no errors. This might be why it builds front ends with far fewer errors compared to other AI coding agents. There are built-in restrictions with databases, too, which help protect your data through a safety net. That's it for this video. If you liked it, please consider subscribing. If you want us to keep making these videos and since my wallet is running a bit empty, please consider donating using the link below. Thanks as always for watching and I'll see you in the next