PromptScript¶
Write once. Deploy to 37 agents. Update everywhere instantly.
Write AI instructions once. Compile to GitHub Copilot, Claude Code, Cursor, Windsurf, Cline, and 32 more.
Get Started in 5 Minutes See Enterprise Guide GitHub
# Checkout Service
← inherited from @acme/platform-standards
## Project
Expert Fullstack Engineer.
## Tech Stack
TypeScript 5.x · Node 20+ · PostgreSQL
## Standards
✓ Strict mode, no `any`
✓ Zod for validation
✓ API: https://api.acme.io
## Security
⛔ Never log PII/card data
⛔ Parameterized SQL only---
mode: agent
tools: [codebase, terminal]
description: Security code review
---
Perform security-focused code review.
Check for:
• SQL injection vulnerabilities
• XSS attack vectors
• Exposed secrets/API keys
• Input validation gaps---
mode: agent
tools: [terminal, codebase]
description: Database migration
---
Generate Prisma migration safely.
Steps:
1. Analyze schema changes
2. Generate migration file
3. Review for data loss
4. Create rollback plan---
name: security-audit
description: Audit for vulnerabilities
---
# Security Audit Skill
Scan for:
• OWASP Top 10 issues
• Hardcoded credentials
• Insecure dependencies
• Missing input sanitization# Checkout Service
← @acme/platform-standards
## Project
Expert Fullstack Engineer.
## Tech TypeScript · Hexagonal · DDD
## API https://api.acme.io
## Commands
/review Security code review
/test Write vitest tests
/migrate DB migration helper
## Don'ts
✗ Don't use `any` - use Zod
✗ Don't log payment data
✗ Don't skip validation---
name: review
description: Security code review
---
Perform security-focused review.
Focus areas:
• Authentication flows
• Data validation
• Error handling
• Secrets management---
name: migrate
description: Database migration
---
Help with Prisma migrations.
Capabilities:
• Schema diff analysis
• Migration generation
• Rollback scripts
• Data preservation---
description: Checkout Service
globs: ["src/**/*.ts"]
alwaysApply: true
---
# Checkout Service
← @acme/platform-standards
## Project
Expert Fullstack Engineer.
## Stack
TypeScript 5.x · Node 20+ · Prisma
## API https://api.acme.io
## Rules
✓ Strict mode, no `any`
✓ Zod validation on inputs
✓ 90% test coverage
## Security
⛔ Never log PII or card data
⛔ Parameterized queries only---
description: Security audit skill
globs: ["src/**/*.ts"]
---
# Security Audit
Scan for vulnerabilities:
• SQL injection risks
• XSS attack vectors
• Hardcoded secrets
• Missing input validation
• Insecure dependencies
• IDOR vulnerabilities---
description: Checkout Service standards
activation: always
---
# Checkout Service
← @acme/platform-standards
## Project
Expert Fullstack Engineer.
## Stack
TypeScript 5.x · Node 20+ · Prisma
## Rules
✓ Strict mode, no `any`
✓ Zod validation on inputs
## Security
⛔ Never log PII or card data
⛔ Parameterized queries only---
description: Security audit skill
activation: manual
---
# Security Audit
Scan for vulnerabilities:
• SQL injection risks
• XSS attack vectors
• Hardcoded secrets
• Missing input validation# Checkout Service Agent
← @acme/platform-standards
## Role
Expert Fullstack Engineer working on
the Checkout Service.
## Commands
/review Security code review
/test Write vitest tests
## Handoffs
➜ security-audit for vulnerability scans
➜ migration for DB schema changes---
name: review
description: Security code review
---
Perform security-focused review.
Focus areas:
• Authentication flows
• Data validation
• Error handling
• Secrets management# Checkout Service
← @acme/platform-standards
## Project
Expert Fullstack Engineer.
## Tech TypeScript · Hexagonal · DDD
## Commands
/review Security code review
/test Write vitest tests
## Skills
▶ security-audit
▶ migration---
name: review
description: Security code review
---
Perform security-focused review.
Check for:
• SQL injection risks
• XSS attack vectors
• Hardcoded secrets
• Missing input validation# Checkout Service
← @acme/platform-standards
## Project
Expert Fullstack Engineer.
## Tech TypeScript · Hexagonal · DDD
## Commands
/review Security code review
/test Write vitest tests
## Don'ts
✗ Don't use `any` - use Zod
✗ Don't log payment data[command]
name = "review"
description = "Security code review"
[command.steps]
action = "review"
# Focus areas:
# SQL injection risks
# XSS attack vectors
# Hardcoded secrets
# Missing input validationWhy PromptScript?
Enterprise-grade features for managing AI instructions at scale
Write Once, Compile to 37 AI Agents
Define standards in PromptScript. Compile to GitHub Copilot, Claude Code, Cursor, Windsurf, Cline, Roo Code, and 31 more. Add new agents without rewriting.
37 agents and counting — every new tool means more config to manage
Hierarchical Inheritance at Scale
Org-wide policies inherit into team standards, which inherit into projects. Change once at the top, propagate everywhere.
Audit Trails & Policy Enforcement
Every standard versioned and traceable. Run prs validate --strict in CI to block non-compliant configs before production.
Your Private Standards Registry
Host standards in a private Git registry. Teams inherit from @company/security, @company/react-app — your standards, your control.
CI/CD Pipeline Integration
Add prs compile --check to your pipeline. Detect drift, enforce standards, fail builds on non-compliance.
Zero-Touch Rollout to 100+ Repos
Update a security policy once. Every repo gets the latest standards compiled to every AI tool — no manual PRs.
The Problem: AI Instructions Don't Scale
Your organization adopted AI coding tools. Without infrastructure, every team configures differently.
Scale Problem
Updating a security policy across 100 microservices takes weeks of manual PRs. One change = 100 commits.
Tool Fragmentation
Your teams use Copilot, Claude, and Cursor. Each has its own format. Keeping them in sync is a full-time job.
Governance Void
No audit trail. Junior devs miss critical security context. Unvetted instructions everywhere.
Vendor Lock-in Risk
You went all-in on Cursor rules. Now leadership evaluates Claude Code. Rewriting 200 repos is not an option.
The Solution: PromptOps
PromptOps is the practice of managing AI instructions as versioned, auditable infrastructure. Treat your AI instructions as managed infrastructure — compiled, validated, and deployed.
flowchart TB
subgraph org["🏢 Organization Registry"]
direction TB
OrgSec["@company/security<br/>(Security team)"]
OrgTS["@company/typescript<br/>(Platform team)"]
OrgJava["@company/java<br/>(Platform team)"]
end
subgraph teams["👥 Team Standards"]
direction TB
Backend["@backend/standards"]
Frontend["@frontend/standards"]
Data["@data/standards"]
end
subgraph projects["📦 Project Repos (100+)"]
direction TB
P1["checkout-service/.prs"]
P2["user-api/.prs"]
P3["dashboard/.prs"]
Pn["...more repos"]
end
OrgSec --> Backend & Frontend & Data
OrgTS --> Backend & Frontend
OrgJava --> Data
Backend --> P1 & P2
Frontend --> P3
Data --> Pn
subgraph compile["⚙️ prs compile"]
Compiler
end
P1 & P2 & P3 --> Compiler
Compiler --> Copilot["GitHub Copilot"]
Compiler --> Claude["Claude Code"]
Compiler --> Cursor["Cursor"]
Compiler --> Antigravity["Antigravity"]
Compiler --> Factory["Factory AI"]
Compiler --> OpenCode["OpenCode"]
Compiler --> Gemini["Gemini CLI"]
Compiler --> CI["CI/CD Audit"]See It In Action
Write once, compile to all major AI tools
@meta { id: "checkout-service" syntax: "1.0.0" }
@inherit @company/backend-standards
@identity {
"""
You are an expert Fullstack Engineer working on the Checkout Service.
This service handles payments using hexagonal architecture.
"""
}
@standards {
typescript: [
"Strict mode enabled",
"Never use any type"
]
testing: [
"Use vitest as test framework",
"Maintain 90% code coverage"
]
}
@restrictions {
- "Never expose API keys in code"
- "Never skip input validation"
}
@shortcuts {
"/review": "Security-focused code review"
"/test": "Write unit tests with Vitest"
}
@skills {
security-audit: {
description: "Audit code for vulnerabilities"
content: "Check for: SQL injection, XSS, IDOR, PII leaks."
}
}
Generated file tree:
.github/
├── copilot-instructions.md
├── prompts/
│ ├── review.prompt.md
│ └── test.prompt.md
└── copilot-skills/
└── security-audit.md
.github/copilot-instructions.md
# GitHub Copilot Instructions
> Auto-generated from project.prs
## Project
You are an expert Fullstack Engineer working on the Checkout Service.
This service handles payments using hexagonal architecture.
## Code Standards
- TypeScript: strict mode, no `any` types
- Testing: vitest, 90% coverage
## Restrictions
- Never expose API keys in code
- Never skip input validation
<!-- Inherited from @company/backend-standards -->
.github/prompts/review.prompt.md
---
mode: agent
description: Security-focused code review
---
Perform a security-focused code review on the selected code.
Check for: SQL injection, XSS, IDOR, PII leaks.
.github/prompts/test.prompt.md
---
mode: agent
description: Write unit tests with Vitest
---
Write comprehensive unit tests for the selected code using Vitest.
Target coverage: 90%.
.github/copilot-skills/security-audit.md
Generated file tree:
CLAUDE.md
# CLAUDE.md
## Project
You are an expert Fullstack Engineer working on the Checkout Service.
This service handles payments using hexagonal architecture.
## Code Style
- Strict TypeScript, no `any`
- Testing: vitest, >90% coverage
## Don'ts
- Don't expose API keys in code
- Don't skip input validation
## Commands
/review - Security-focused code review
/test - Write unit tests with Vitest
.claude/skills/review.md
---
name: review
description: Security-focused code review
---
Perform a security-focused code review.
Check for: SQL injection, XSS, IDOR, PII leaks.
.claude/skills/test.md
---
name: test
description: Write unit tests with Vitest
---
Write comprehensive unit tests using Vitest.
Target coverage: 90%.
.claude/skills/security-audit.md
Generated file tree:
.cursor/rules/checkout-service.mdc
---
description: Checkout Service standards
globs: ["src/**/*.ts"]
alwaysApply: true
---
You are working on the Checkout Service.
This service handles payments using hexagonal architecture.
## Code Style
- TypeScript: strict mode, no `any`
- Testing: vitest, 90% coverage
## Never
- Expose API keys in code
- Skip input validation
.cursor/rules/security-audit.mdc
Generated file tree:
.agent/rules/checkout-service.md
---
description: Checkout Service standards
activation: always
---
You are working on the Checkout Service.
This service handles payments using hexagonal architecture.
## Code Style
- TypeScript: strict mode, no `any`
- Testing: vitest, 90% coverage
## Never
- Expose API keys in code
- Skip input validation
.agent/rules/security-audit.md
Before & After
See the difference PromptScript makes
Manually maintain 5+ separate config files per repo, per tool:
.github/copilot-instructions.md # GitHub Copilot
CLAUDE.md # Claude Code
.cursor/rules/project.mdc # Cursor
AGENTS.md # Codex / Factory
GEMINI.md # Gemini CLI
- No validation — instructions drift silently
- No inheritance — copy-paste across repos
- No audit trail — who changed what?
- Adding a new tool = rewrite everything
Write one .prs file, compile to all 37 agents:
@meta { id: "my-project" syntax: "1.0.0" }
@inherit @company/standards
@identity { """You are an expert developer.""" }
- Validated at compile time and in CI/CD
- Hierarchical inheritance from org → team → project
- Full audit trail via Git
- New tools supported automatically
See It Live
Try PromptScript right in your browser — no installation needed
Video walkthrough coming soon
Join the Community
PromptScript is open source and early-adopter friendly
We're building the future of AI instruction management in the open.
Ready to Standardize Your AI Instructions?
Join engineering teams using PromptScript to manage AI context at scale
Get Started in 5 Minutes Enterprise? Let's Talk View on GitHub