Advanced Prompt Patterns for automation: Working Examples for Gemini 3.1 Pro and Cursor

Why prompt patterns matter more in 2026 than they did in 2024

Gemini 3.1 Pro Preview ships with a 1M-token context window at $2/$12 per million tokens, and Cursor’s agent mode now executes multi-file refactors that would have required a senior engineer’s afternoon eighteen months ago. The bottleneck is no longer model capability. It is whether you know how to prompt these systems so they behave like deterministic tools instead of expensive autocomplete.

The gap between teams shipping reliable AI automation and teams stuck in demo purgatory comes down to one thing: prompt patterns. Not prompt “tips.” Not clever tricks pulled from a Twitter thread. Reusable, testable, version-controlled patterns that survive contact with production traffic, edge cases, and the inevitable model upgrade six months later.

This article walks through six advanced patterns that work today on Gemini 3.1 Pro Preview and inside Cursor’s agent loop. Each one includes a working example you can paste into your own workflow, the failure mode it fixes, and the trade-off you accept by using it. Throughout, we’ll reference benchmark numbers from the current generation of models — Gemini 3.1 Pro Preview (74.2% on SWE-bench Verified per Google’s source), GPT-5.2-Codex, and Claude Sonnet 4.6 — because the right pattern often depends on which model is at the other end of the API call.

The patterns are: structured contract prompting, the planner-executor split, retrieval-grounded scaffolding, deterministic tool-use loops, self-critique with rubrics, and stateful agent memory compression. Each one solves a class of failure you have probably already hit in production.

One thing to set expectations on early: none of these patterns are magic. They reduce variance, improve auditability, and let you swap models without rewriting your stack. They do not turn a 70%-accurate workflow into a 99%-accurate one through prompting alone. If your task requires that level of precision, you need evaluations, fallback logic, and human review gates — patterns help, but they are not a substitute.

Pattern 1: Structured contract prompting with JSON Schema

The single highest-leverage shift you can make in 2026 is treating every prompt as a typed function call. Gemini 3.1 Pro Preview, GPT-5.2, and Claude Sonnet 4.6 all support strict structured outputs via JSON Schema, and the reliability difference between “respond in JSON format” and a declared schema with strict: true is roughly the difference between a parser that works 92% of the time and one that works 99.8% of the time.

The pattern has three parts: a schema declaration that locks the output shape, a system prompt that describes the contract in prose, and a user message that provides only the variable inputs. Here is a working example for a code-review automation that runs against pull request diffs:

{
  "model": "gemini-3.1-pro-preview",
  "generationConfig": {
    "responseMimeType": "application/json",
    "responseSchema": {
      "type": "object",
      "properties": {
        "summary": { "type": "string", "maxLength": 280 },
        "severity": { "type": "string", "enum": ["block", "warn", "nit", "pass"] },
        "findings": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "file": { "type": "string" },
              "line": { "type": "integer" },
              "category": { "type": "string", "enum": ["security", "perf", "correctness", "style"] },
              "explanation": { "type": "string" },
              "suggested_fix": { "type": "string" }
            },
            "required": ["file", "line", "category", "explanation"]
          }
        }
      },
      "required": ["summary", "severity", "findings"]
    }
  }
}

The schema does more than format the output. It forces the model to commit to a severity level, which downstream automation can branch on. It caps the summary at 280 characters so it fits in a Slack message. It requires a category enum, which means your dashboards can aggregate findings without fuzzy string matching.

Pair this with a system prompt that explicitly states the contract: “You are a code-review automation. Return findings only if you have line-level evidence. If the diff contains no issues, return an empty findings array with severity ‘pass’. Never return prose outside the schema.” That last sentence matters — without it, you will occasionally see models prepend explanatory text that breaks JSON parsing on edge cases.

The trade-off: strict schemas reduce model creativity. If you want a free-form architectural critique, schemas hurt. If you want a deterministic input to an automation pipeline, schemas are non-negotiable.

For the engineering trade-offs behind this approach, see our analysis in Advanced Prompt Patterns for writing: Working Examples for Claude Opus 4.7 and GPT-5.4, which breaks down the cost-vs-quality decisions in detail.

One subtle gotcha with Gemini 3.1 Pro Preview specifically: the model occasionally hallucinates line numbers if you give it a diff without surrounding file context. The fix is to include 20 lines of context above and below each hunk, which costs maybe 2,000 extra input tokens per review — at $2 per million input tokens, that is $0.004 per PR. Cheap insurance.

Pattern 2: Planner-executor split for multi-step automation

The second pattern addresses a failure mode you have certainly seen: a single prompt asked to “analyze, plan, and execute” produces a plan that drifts mid-execution. The model commits to step 3 of its own plan, realizes step 1 was wrong, and tries to fix it inline. The output is a tangled mess.

The fix is to split the work into two model calls with different roles. The planner is given the full context and produces a structured plan. The executor is given the plan plus the relevant slice of context and executes one step at a time. This is the architecture Cursor’s agent mode uses internally, and it is why agent mode handles 8-file refactors more reliably than asking GPT-5.2-Codex to do the same work in a single chat turn.

Here is the pattern applied to a database migration automation:

1. Planner call: input is the current schema, the target schema, and any constraints (zero-downtime, must support rollback). Output is a JSON array of migration steps with explicit dependencies. Use Gemini 3.1 Pro Preview here — its long context handles full schema dumps without truncation, and at $2/M input tokens, even a 200K-token schema costs $0.40.
2. Validator call: a smaller, cheaper model (gpt-5.4-mini or claude-haiku-4.5) checks that the plan satisfies the constraints. This catches ~80% of planning errors before any code is generated.
3. Executor calls: one call per migration step. Each call gets only the step description, the relevant tables, and the prior step’s output. Use a code-specialized model (gpt-5.2-codex or gpt-5.3-codex) here.
4. Reconciliation call: after all steps, a final pass verifies the resulting schema matches the target. This is where you catch drift.

The splits matter because they let you mix models by cost and capability. The planner needs reasoning and context; the executor needs code precision; the validator needs throughput. Trying to do all three with one model means overpaying for the easy steps or under-resourcing the hard ones.

In Cursor specifically, you can implement this pattern through .cursorrules files that establish the planner-executor contract for your repo. Define a planner persona that always emits a plan in a fenced YAML block, and an executor persona that refuses to act without a referenced plan ID. This sounds rigid because it is — rigidity is the point.

If you want the practical implementation details, see our analysis in Advanced Prompt Patterns for coding: Working Examples for Claude Opus 4.7 and Cursor, which walks through the production patterns engineering teams actually ship.

Trade-off: latency. A four-call pattern takes 3-4x longer than a single-prompt approach. For automation that runs in CI or overnight, this is fine. For interactive workflows, you need to stream intermediate results to the user so they do not stare at a spinner.

Pattern 3: Retrieval-grounded scaffolding with citation enforcement

Retrieval-augmented generation is not new, but the way you scaffold the prompt around the retrieved context has matured significantly. The pattern that works in 2026 is what we’ll call citation enforcement: every claim in the model’s output must include an inline reference to a specific retrieved chunk, and the system prompt rejects responses without citations.

This matters because Gemini 3.1 Pro Preview’s 1M-token context window tempts you to dump entire codebases or document corpora into the prompt. That works for retrieval but creates a new problem: the model can no longer tell you where its answer came from. With citation enforcement, you maintain the auditability of a smaller-context system while keeping the recall of a long-context one.

Here is the pattern applied to a documentation automation that answers engineer questions from internal runbooks:

SYSTEM:
You answer infrastructure questions using only the provided RUNBOOK_CHUNKS.
Each chunk has an ID like [RB-1247]. Every factual claim in your answer
MUST end with one or more chunk IDs in square brackets.
If the chunks do not contain the answer, respond with exactly:
{"answer": null, "reason": "insufficient_context", "missing": "<what you would need>"}
Never invent chunk IDs. Never answer from general knowledge.

USER:
Question: How do I rotate the Postgres replication credentials for the
analytics cluster without triggering replica resync?

RUNBOOK_CHUNKS:
[RB-1247] Analytics cluster uses streaming replication with replication
slots named analytics_replica_1 through analytics_replica_4...
[RB-1812] Credential rotation procedure: 1) Update password in Vault...
[RB-1813] After rotation, verify slot status with: SELECT slot_name...

The output should look like: “Update the password in Vault first [RB-1812], then issue ALTER USER on the primary [RB-1812]. The replication slots will continue using the old credential until the next reconnect, so no resync occurs [RB-1247].”

The citation requirement does something important: it makes hallucinations visible. A claim without a citation is a parsing failure your pipeline can reject. A claim with a citation that does not exist in your retrieved set is a hallucination your pipeline can catch with a regex check against the chunk IDs you actually retrieved.

Combine this with prompt caching — both Anthropic’s and OpenAI’s APIs now charge roughly 10% of normal input cost for cached prefix tokens. If your runbook corpus is stable, cache the chunk index and pay full price only for the question itself. For a 200K-token cached prefix on Claude Sonnet 4.6, you go from $0.60 per query to $0.06.

The pattern’s weakness: it depends on chunk quality. Garbage chunks produce confidently-cited garbage. Invest in chunking strategy before you invest in prompting strategy.

Pattern 4: Deterministic tool-use loops with state validation

Tool use (function calling) is where most automation lives in 2026. The model picks a tool, you execute it, return the result, the model picks the next tool. This loop is conceptually simple and operationally brutal — models confidently call non-existent tools, pass malformed arguments, and forget what they did three turns ago.

The pattern that fixes this is what experienced agent developers call the validation envelope. Every tool call is wrapped in three layers: argument validation (does the call match the schema?), precondition validation (is the system in a state where this tool can run?), and postcondition validation (did the tool actually achieve what the model expected?).

Here is the pattern for a deployment automation that uses Gemini 3.1 Pro Preview as the orchestrator:

The crucial insight: every layer’s failure is returned to the model as structured feedback, not as an exception that kills the loop. When the model calls deploy_service(env="prod", version="1.2.3") and the precondition check fails because a deploy is already in flight, the model receives {"error": "precondition_failed", "current_state": {"deploy_in_progress": true, "started_by": "ci-bot", "eta": "2m"}}. The model can then decide to wait, abort, or escalate.

Gemini 3.1 Pro Preview handles this pattern particularly well because it tends to produce well-structured tool calls when given a strict schema. Claude Sonnet 4.6 is similarly strong. GPT-5.2 sometimes over-invokes tools — calling list_services three times in a row when once would do — so add a deduplication layer if that becomes a cost issue.

One pattern variant worth knowing: the “dry run by default” approach. Every destructive tool has a dry_run: bool parameter that defaults to true. The model must explicitly set it to false to actually execute. This catches an entire class of agent runaway, where the model misinterprets the user’s intent and starts deleting things. The cost is one extra round-trip per destructive action, which is worth it.

For a closer look at the tools and patterns covered here, see our analysis in Advanced Prompt Patterns for research: Working Examples for GPT-5 Pro and GPT-5.4, which covers the practical implementation details and trade-offs.

Pattern 5: Self-critique with explicit rubrics

The fifth pattern improves output quality by adding a critique step with a structured rubric. The naive version is “ask the model if its answer is correct,” which produces almost no signal — models are sycophantic and will rate their own work highly. The pattern that actually works gives the critique step a different set of inputs than the generation step had, and uses a rubric with specific failure modes to look for.

For example, a documentation generation automation might use this two-step structure: first, GPT-5.2 generates API documentation from the source code. Second, Claude Sonnet 4.6 critiques the documentation against a rubric that includes: “Does every public function have an example? Are error conditions documented? Does the doc match the actual function signature? Are there claims not supported by the code?”

The critique model gets the documentation and the source code but does not see the generation model’s reasoning. This independence is what makes the critique useful. Using a different model family for critique also helps — Claude tends to catch overstatements that GPT models gloss over, and vice versa.

The rubric should produce structured output:

{
  "passed": false,
  "issues": [
    {
      "rubric_item": "examples_present",
      "severity": "high",
      "location": "section: authenticate()",
      "evidence": "No code example provided for OAuth flow",
      "suggested_action": "Add example using the test_client from line 47"
    }
  ],
  "overall_quality": 0.72
}

Downstream automation can branch on passed, route high-severity issues back to the generation step with the specific feedback, and approve outputs above a quality threshold. After 2-3 critique-revise cycles, you usually converge on output that passes — or you discover the task is harder than expected and route to human review.

The cost math matters here. A generate-critique-revise loop with three models costs roughly 3-4x a single generation. For high-stakes outputs (customer-facing documentation, legal-adjacent text, financial summaries) this is a bargain. For internal tooling where speed matters more than precision, skip it.

One thing to avoid: do not use the same model for generation and critique without changing the prompt substantially. Models recognize their own writing patterns and rate them favorably. If you must use one model for both, frame the critique as “you are reviewing an unrelated team’s work that you have been asked to approve or reject.” This reduces but does not eliminate the bias.

Pattern 6: Stateful agent memory with compression

The final pattern addresses the long-running agent problem. An agent that runs for 50 tool calls accumulates context that eventually exceeds the model’s window or becomes too expensive to send every turn. Gemini 3.1 Pro Preview’s 1M-token context is generous, but at $2 per million input tokens, an agent sending 800K tokens per turn over 50 turns costs $80 just in input — and that ignores attention degradation at very long contexts.

The pattern is hierarchical memory compression. The agent maintains three memory tiers:

• Working memory: the last 5-10 turns verbatim. This is what the model sees in full detail.
• Episodic memory: compressed summaries of turn ranges (e.g., “turns 1-20: investigated database performance, identified slow query on orders table, ran EXPLAIN ANALYZE, found missing index on order_date”). Updated by a cheap model after every N turns.
• Semantic memory: extracted facts and decisions, stored as a structured KV store the agent can query (e.g., {"target_table": "orders", "identified_issue": "missing_index_on_order_date", "user_constraint": "no_downtime"}).

The system prompt teaches the agent to query semantic memory before acting and to write to it when it commits to a decision. Working memory gives recency. Episodic memory gives the arc. Semantic memory gives durable facts.

Implementation tip: use a separate, cheap model for the compression step. Claude Haiku 4.5 or gpt-5.4-mini at fractional pricing handle summarization well, and you do not need your top-tier model burning cycles on “summarize these 20 turns.” Run the compression asynchronously between agent turns so it does not block.

Here is the order of operations per agent turn:

1. Agent receives new user input or tool result
2. Retrieve relevant semantic memory entries (vector search or keyword)
3. Construct prompt: system + semantic_memory_subset + episodic_summaries + working_memory + new_input
4. Call the model, parse the tool call
5. Execute the tool, capture result
6. Append turn to working memory
7. If working memory exceeds threshold, async-summarize oldest 10 turns into episodic memory
8. If turn contained a commitment (“I will use approach X”), write it to semantic memory

This pattern is what makes Cursor’s agent mode feel coherent across long sessions — it is not just streaming chat history into the model. The same approach works for any long-running automation: customer support agents, research assistants, code-migration tools.

Putting the patterns together in Cursor

Cursor in 2026 is where these patterns become concrete for most engineers. The IDE’s agent mode uses planner-executor splits internally, supports MCP servers for custom tool integration, and respects .cursorrules at the repo and directory level. Here is how to compose the patterns into a working setup.

Start with a .cursorrules file that establishes the contract for your repo: which models to prefer for which tasks, the JSON schemas for any structured outputs your codebase generates, the citation requirements for documentation changes, and the validation rules for any destructive operations. Cursor will respect these as a system-level prompt prefix.

Layer on MCP servers for tools that need precondition and postcondition validation — database access, deployment triggers, external API calls. The MCP protocol is designed for exactly this validation envelope pattern; use it instead of letting the agent shell out to raw commands.

For memory, Cursor’s session state handles working memory natively, but for sessions that span multiple workdays, you want explicit semantic memory in a file the agent reads at session start. A PROJECT_CONTEXT.md file containing current goals, recent decisions, and known constraints — updated by the agent at the end of each session — gives you durable cross-session continuity.

One concrete combination worth trying: use Gemini 3.1 Pro Preview as the planner (long context, strong reasoning, cheap at $2/$12), gpt-5.2-codex or gpt-5.3-codex as the executor (best code-generation precision currently available per source), and Claude Haiku 4.5 as the critic (fast, cheap, different model family for independence). This three-model setup costs more per task than single-model approaches but produces output quality that single-model approaches do not reach.

The honest assessment: these patterns add complexity. A team that has never shipped AI automation should not start with all six. Start with structured contracts (Pattern 1) because it is the highest leverage and easiest to retrofit. Add validation envelopes (Pattern 4) when you start letting agents take destructive actions. Add memory compression (Pattern 6) only when you actually have long-running agents — premature optimization here wastes effort.

The patterns also evolve. The structured-output APIs that exist today did not exist in 2023; the prompt caching that makes Pattern 3 economical did not exist in early 2024. Expect the specific implementations to change as model APIs mature, but the underlying ideas — contracts, splits, grounding, validation, critique, memory — will keep working because they reflect how reliable automation has always been built.

Useful Links

• Gemini API: Structured Output documentation
• OpenAI Structured Outputs guide
• Anthropic Tool Use documentation
• Model Context Protocol specification
• Cursor: Rules for AI documentation
• 
  ⚡
  Get Free Access — All Premium Content
  →
  

  🕐 Instant∞ Unlimited🎁 Free

  Related Articles

  • → Advanced Prompt Patterns for writing: Working Examples for Claude Opus 4.7 and GPT-5.4
  • → Advanced Prompt Patterns for coding: Working Examples for Claude Opus 4.7 and Cursor
  • → Advanced Prompt Patterns for research: Working Examples for GPT-5 Pro and GPT-5.4
  • → 7 automation Prompts for Gemini 3.1 Pro u2014 Copy-Paste Ready for Enterprise Deployments

  Frequently Asked Questions

  What makes structured contract prompting more reliable than plain JSON requests?

  Declaring a JSON Schema with <code>strict: true</code> forces Gemini 3.1 Pro Preview, GPT-5.2-Codex, and Claude Sonnet 4.6 to constrain their output to the exact shape you specify. This lifts parse-success rates from roughly 92% with informal instructions to approximately 99.8%, making downstream automation far more predictable and easier to test.

  How does the planner-executor split pattern improve multi-step automation reliability?

  The planner-executor split separates reasoning from execution into two discrete model calls. The planner produces a structured task graph; the executor processes each node independently. This isolation prevents a single reasoning error from cascading through an entire workflow and makes each step independently auditable and retryable without rerunning the full pipeline.

  Which models support the six advanced prompt patterns described in this article?

  All six patterns are validated against Gemini 3.1 Pro Preview (74.2% SWE-bench Verified), GPT-5.2-Codex, and Claude Sonnet 4.6. Gemini 3.1 Pro Preview's 1M-token context window is particularly relevant for retrieval-grounded scaffolding and stateful agent memory compression patterns that require large working contexts.

  Can Cursor agent mode execute multi-file refactors using these prompt patterns?

  Yes. Cursor's 2026 agent mode supports multi-file refactors that previously required significant manual engineering effort. Combining deterministic tool-use loops and the planner-executor split inside Cursor's agent loop gives you structured, repeatable refactor workflows with clear rollback points and auditable intermediate states.

  Do prompt patterns alone guarantee production-grade accuracy for AI automation?

  No. The article explicitly states these patterns reduce variance and improve auditability but do not transform a 70%-accurate workflow into a 99%-accurate one through prompting alone. High-precision tasks still require dedicated evaluations, fallback logic, and human review gates alongside well-designed prompt patterns.

  What is stateful agent memory compression and when should you use it?

  Stateful agent memory compression summarizes and restructures conversation or task history into a compact, semantically dense representation before each new model call. It is most useful in long-running Cursor agent sessions or Gemini 3.1 Pro Preview pipelines where accumulated context would otherwise exceed cost thresholds or degrade model attention quality over extended multi-step workflows.

  Please leave this field empty

  Infrastructure & EngineeringInsight & AnalyticsGovernance, Privacy & EthicsProduct & StrategyAdministration & ManagementFinance & AccountingSales & MarketingOperations & ProductionHuman ResourcesInformation TechnologyKnowledge Seekers & CreatorsEnthusiasts & Specialized UsersStudentHousehold ManagerInfluencerResearcher

  Thank you! Please check your inbox (and spam folder) for a confirmation email. Click the link to get instant access to our 40,000+ ChatGPT Prompt Library.Check your inbox or spam folder to confirm your subscription.

  Please leave this field empty

  Infrastructure & EngineeringInsight & AnalyticsGovernance, Privacy & EthicsProduct & StrategyAdministration & ManagementFinance & AccountingSales & MarketingOperations & ProductionHuman ResourcesInformation TechnologyKnowledge Seekers & CreatorsEnthusiasts & Specialized UsersStudentHousehold ManagerInfluencerResearcher

  Thank you! Please check your inbox (and spam folder) for a confirmation email. Click the link to get instant access to our 40,000+ ChatGPT Prompt Library.Check your inbox or spam folder to confirm your subscription.

  Please leave this field empty

  Infrastructure & EngineeringInsight & AnalyticsGovernance, Privacy & EthicsProduct & StrategyAdministration & ManagementFinance & AccountingSales & MarketingOperations & ProductionHuman ResourcesInformation TechnologyKnowledge Seekers & CreatorsEnthusiasts & Specialized UsersStudentHousehold ManagerInfluencerResearcher

  Thank you! Please check your inbox (and spam folder) for a confirmation email. Click the link to get instant access to our 40,000+ ChatGPT Prompt Library.Check your inbox or spam folder to confirm your subscription.