Cursor Rules Templatestemplate

Cursor Rules Template: Abandoned Cart Recovery AI for Online Stores

Copyable Cursor rules template for building abandoned cart recovery AI assistants in online stores using Node.js Express and PostgreSQL, with security, testing, and multi-channel messaging rules.

abandoned-cartcursor-rulescursor-aiecommercenode-expresspostgrescart-recoveryai-assistantsqlapi-securitytesting

Target User

Developers building Cursor AI-based abandoned cart recovery flows for online stores

Use Cases

  • Generate personalized cart recovery messages
  • Orchestrate multi-channel outreach (email, SMS)
  • Trigger messages based on cart age and user behavior
  • A/B test prompts for different storefronts

Markdown Template

Cursor Rules Template: Abandoned Cart Recovery AI for Online Stores

Overview


Cursor rules configuration for Cursor AI editors is a formalized set of prompts and constraints that guide AI actions in building abandoned cart recovery assistants for online stores. This template targets a Node.js Express backend with PostgreSQL and Redis, enabling multi-channel outreach (email, SMS) and secure cart recovery workflows.


Direct answer: This Cursor rules template provides a copyable configuration to build a multi-channel abandoned-cart AI assistant using Node.js Express and PostgreSQL, with explicit constraints on architecture, security, testing, and messaging prompts.


When to Use These Cursor Rules



  - When integrating Cursor AI to orchestrate cart-recovery flows across channels (email, SMS, push).

  - When you need deterministic prompts for consistent messaging and rate-limiting policies.

  - When pairing API endpoints with PostgreSQL carts and cart_events to drive AI decisions.

  - When you want to enforce security, audit trails, and privacy controls for customer data.


Copyable .cursorrules Configuration


framework: 'node-express-postgres-redis'
role: 'system'
context: 'You are Cursor AI assistant for building abandoned cart recovery flows in online stores'
styleGuide: 'eslint-config-airbnb, prettier'
directoryRules: 'monorepo with apps/cart-service, apps/cart-ai, infra/db, infra/ai'
authentication: 'JWT for API endpoints; OAuth2 for admin dashboards'
database: 'PostgreSQL with tables carts, cart_events, customers, messages, deliveries; use prepared statements'
ormPattern: 'prefer raw SQL with minimal ORM; avoid lazy loading'
testing: 'jest unit tests; Playwright integration tests; GitHub Actions CI'
linting: 'eslint, prettier, type-checking'
security: 'encrypt data at rest, use TLS in transit, rotate keys, secrets via vault'
prohibited: 'Do not use Mongoose, Prisma, or Drizzle; Do not embed secrets in code; Do not bypass ORM for critical queries'
notes: 'Cursor AI prompts should be deterministic and auditable'
Recommended Project Structure


apps/
  cart-service/
    src/
      controllers/
      routes/
      models/
      config/
      services/
  cart-ai/
    src/
      prompts/
      policies/
      integrations/
infra/
  db/
    migrations/
    seeds/
  ai/
    prompts/
    templates/
tests/
scripts/
Dockerfile
Core Engineering Principles



  - Clear API boundaries and explicit data contracts between cart service, AI prompts, and AI orchestration.

  - Safety and guardrails for AI: avoid PII leakage, respect opt-outs, and implement rate limits.

  - Deterministic prompts with verifiable outputs and tests to catch drift.

  - Observability: end-to-end tracing, structured logging, and metrics for AI prompts and delivery outcomes.

  - Privacy-first: minimize data sent to Cursor AI, and comply with privacy regulations.

  - Reproducibility: lock dependencies, pin AI model versions, and use reproducible test data.


Code Construction Rules



  - Do not bypass the backend API for sending messages; route all prompts through authenticated endpoints.

  - Do not rely on dynamic SQL without prepared statements; use parameterized queries for all cart data queries.

  - Do not generate uncapped or unsolicited messages; respect opt-out signals and frequency limits.

  - Do not mix business logic with AI prompt generation; separate concerns with a clear services layer.

  - Do not use unsafe eval or reflective prompts; avoid code execution in prompts.

  - Follow the directory rules and keep AI policies under infra/ai/prompts; document provenance.


Security and Production Rules



  - Enforce TLS 1.2+ for all endpoints and encrypt database connections and secrets at rest.

  - Use short-lived JWTs with rotation and implement refresh tokens for API access.

  - Audit AI actions and message deliveries; store delivery receipts for compliance.

  - Validate all inputs; implement input schemas for cart data and customer attributes.

  - Limit AI prompt payload sizes to prevent abuse and ensure prompt determinism.


Testing Checklist



  - Unit tests for cart logic, message templates, and prompt generation functions.

  - Integration tests for cart-service + cart-ai orchestration and message delivery paths.

  - End-to-end tests for a simulated abandoned cart lifecycle (cart abandon, prompt, follow-up).

  - Linting and type checks; run tests in CI on PRs.

  - Security scanning and dependency checks; verify secret management.


Common Mistakes to Avoid



  - Overly aggressive AI prompts that reveal back-end logic to users.

  - Missing consent handling and opt-out pathways for marketing messages.

  - Skipping token rotation or insecure storage of secrets.

  - Not isolating AI prompts from business logic, causing drift in behavior.

  - Neglecting observability for AI outcomes and message delivery.



Related implementation resources: AI Agent Use Case for Fashion Retailers Using Customer Behavior Data to Personalize Product Recommendations and How Codex becomes more useful when it understands the project structure.




FAQ


What is a Cursor Rules Template?


A Cursor Rules Template is a copyable, stack-specific configuration block that defines how Cursor AI should operate in a given context. It prescribes roles, style guidelines, architecture expectations, and safety constraints to deliver consistent, auditable AI-driven behaviors for abandoned cart recovery in online stores.


Which stack does this template target?


This template targets a Node.js Express backend with PostgreSQL, Redis for queues, and a structured AI flow to generate and deliver cart recovery messages across channels. It enforces a clean separation between API surface, AI prompts, and delivery services for reliable operations.


How do I test the Cursor rules in my project?


Use unit tests for prompt generation utilities, integration tests for AI orchestration paths, and end-to-end tests simulating an abandoned cart. Integrate with GitHub Actions for CI to ensure reproducible test runs across environments.


How is security handled in this template?


Security is addressed with TLS, short-lived JWTs, encrypted secrets, and restricted data access. AI prompts are sandboxed and auditable, and data flows are designed to minimize PII exposure and comply with privacy requirements.


Can I customize prompts for different storefronts?


Yes, the template includes prompts with parameters for storefront branding, channel preferences, and message cadence. It supports per-store overrides while preserving core safety and architecture constraints.

Overview

Cursor rules configuration for Cursor AI editors is a formalized set of prompts and constraints that guide AI actions in building abandoned cart recovery assistants for online stores. This template targets a Node.js Express backend with PostgreSQL and Redis, enabling multi-channel outreach (email, SMS) and secure cart recovery workflows.

Direct answer: This Cursor rules template provides a copyable configuration to build a multi-channel abandoned-cart AI assistant using Node.js Express and PostgreSQL, with explicit constraints on architecture, security, testing, and messaging prompts.

When to Use These Cursor Rules

  • When integrating Cursor AI to orchestrate cart-recovery flows across channels (email, SMS, push).
  • When you need deterministic prompts for consistent messaging and rate-limiting policies.
  • When pairing API endpoints with PostgreSQL carts and cart_events to drive AI decisions.
  • When you want to enforce security, audit trails, and privacy controls for customer data.

Copyable .cursorrules Configuration

framework: 'node-express-postgres-redis'
role: 'system'
context: 'You are Cursor AI assistant for building abandoned cart recovery flows in online stores'
styleGuide: 'eslint-config-airbnb, prettier'
directoryRules: 'monorepo with apps/cart-service, apps/cart-ai, infra/db, infra/ai'
authentication: 'JWT for API endpoints; OAuth2 for admin dashboards'
database: 'PostgreSQL with tables carts, cart_events, customers, messages, deliveries; use prepared statements'
ormPattern: 'prefer raw SQL with minimal ORM; avoid lazy loading'
testing: 'jest unit tests; Playwright integration tests; GitHub Actions CI'
linting: 'eslint, prettier, type-checking'
security: 'encrypt data at rest, use TLS in transit, rotate keys, secrets via vault'
prohibited: 'Do not use Mongoose, Prisma, or Drizzle; Do not embed secrets in code; Do not bypass ORM for critical queries'
notes: 'Cursor AI prompts should be deterministic and auditable'

Recommended Project Structure

apps/
  cart-service/
    src/
      controllers/
      routes/
      models/
      config/
      services/
  cart-ai/
    src/
      prompts/
      policies/
      integrations/
infra/
  db/
    migrations/
    seeds/
  ai/
    prompts/
    templates/
tests/
scripts/
Dockerfile

Core Engineering Principles

  • Clear API boundaries and explicit data contracts between cart service, AI prompts, and AI orchestration.
  • Safety and guardrails for AI: avoid PII leakage, respect opt-outs, and implement rate limits.
  • Deterministic prompts with verifiable outputs and tests to catch drift.
  • Observability: end-to-end tracing, structured logging, and metrics for AI prompts and delivery outcomes.
  • Privacy-first: minimize data sent to Cursor AI, and comply with privacy regulations.
  • Reproducibility: lock dependencies, pin AI model versions, and use reproducible test data.

Code Construction Rules

  • Do not bypass the backend API for sending messages; route all prompts through authenticated endpoints.
  • Do not rely on dynamic SQL without prepared statements; use parameterized queries for all cart data queries.
  • Do not generate uncapped or unsolicited messages; respect opt-out signals and frequency limits.
  • Do not mix business logic with AI prompt generation; separate concerns with a clear services layer.
  • Do not use unsafe eval or reflective prompts; avoid code execution in prompts.
  • Follow the directory rules and keep AI policies under infra/ai/prompts; document provenance.

Security and Production Rules

  • Enforce TLS 1.2+ for all endpoints and encrypt database connections and secrets at rest.
  • Use short-lived JWTs with rotation and implement refresh tokens for API access.
  • Audit AI actions and message deliveries; store delivery receipts for compliance.
  • Validate all inputs; implement input schemas for cart data and customer attributes.
  • Limit AI prompt payload sizes to prevent abuse and ensure prompt determinism.

Testing Checklist

  • Unit tests for cart logic, message templates, and prompt generation functions.
  • Integration tests for cart-service + cart-ai orchestration and message delivery paths.
  • End-to-end tests for a simulated abandoned cart lifecycle (cart abandon, prompt, follow-up).
  • Linting and type checks; run tests in CI on PRs.
  • Security scanning and dependency checks; verify secret management.

Common Mistakes to Avoid

  • Overly aggressive AI prompts that reveal back-end logic to users.
  • Missing consent handling and opt-out pathways for marketing messages.
  • Skipping token rotation or insecure storage of secrets.
  • Not isolating AI prompts from business logic, causing drift in behavior.
  • Neglecting observability for AI outcomes and message delivery.

Related implementation resources: AI Agent Use Case for Fashion Retailers Using Customer Behavior Data to Personalize Product Recommendations and How Codex becomes more useful when it understands the project structure.

FAQ

What is a Cursor Rules Template?

A Cursor Rules Template is a copyable, stack-specific configuration block that defines how Cursor AI should operate in a given context. It prescribes roles, style guidelines, architecture expectations, and safety constraints to deliver consistent, auditable AI-driven behaviors for abandoned cart recovery in online stores.

Which stack does this template target?

This template targets a Node.js Express backend with PostgreSQL, Redis for queues, and a structured AI flow to generate and deliver cart recovery messages across channels. It enforces a clean separation between API surface, AI prompts, and delivery services for reliable operations.

How do I test the Cursor rules in my project?

Use unit tests for prompt generation utilities, integration tests for AI orchestration paths, and end-to-end tests simulating an abandoned cart. Integrate with GitHub Actions for CI to ensure reproducible test runs across environments.

How is security handled in this template?

Security is addressed with TLS, short-lived JWTs, encrypted secrets, and restricted data access. AI prompts are sandboxed and auditable, and data flows are designed to minimize PII exposure and comply with privacy requirements.

Can I customize prompts for different storefronts?

Yes, the template includes prompts with parameters for storefront branding, channel preferences, and message cadence. It supports per-store overrides while preserving core safety and architecture constraints.