Cursor Rules Template: Accounts Payable Automation with OCR, Invoicing, and Approval Routing

Overview

Cursor rules configuration for building an Accounts Payable automation app with vendor invoices, OCR extraction, approval routing, and payment status tracking. This template targets a Node.js + TypeScript stack with PostgreSQL, using Cursor AI rules to enforce architecture, security, testing, and integration patterns.

Direct answer: This Cursor rules template provides a ready-to-paste .cursorrules block and a stack-specific project blueprint to implement AP automation with OCR and approval routing on a Node.js/PostgreSQL stack.

When to Use These Cursor Rules

• You are building an AP automation workflow that ingests vendor invoices via OCR.
• You need robust approval routing with escalation and audit trails.
• You want a repeatable, testable architecture with clear security and deployment guidelines.
• You plan to track payment status and reconcile against invoices in PostgreSQL.
• You require a copyable .cursorrules configuration to paste into your project root.

Copyable .cursorrules Configuration

.cursorrules
Framework: Node.js (TypeScript)
Context: You are Cursor AI assistant specialized in building an Accounts Payable automation app with vendor invoices, OCR extraction, approval routing, and payment status tracking. Enforce stack discipline and safe AI-assisted patterns.
CodeStyle: ESLint + Prettier; strict type-checking; TSconfig with noImplicitAny
Architecture: src/api/controllers, src/services, src/models, src/repositories, src/config, src/migrations, tests; PostgreSQL via Knex; OCR via Tesseract.js
Authentication: OAuth 2.0 for service actions; JWT for user sessions; secrets in environment; do not hard-code credentials
Database: PostgreSQL; Tables: invoices, vendors, approvals, payments; Use migrations; Use transactions for multi-step ops
ORM/Query: Knex.js as the query builder; typed interfaces; do not rely on heavyweight ORMs; use raw queries for complex reads when necessary
Testing & Linting: Jest with ts-jest; ESLint; Prettier; Husky pre-commit; GitHub Actions CI; test coverage thresholds
Prohibited Actions: Do not bypass input validation; Do not log sensitive data; Do not expose DB credentials in code; Do not perform non-idempotent operations without guards

Recommended Project Structure

src/
  api/
    controllers/
      invoicesController.ts
      approvalsController.ts
      paymentsController.ts
    routes/
      invoicesRoutes.ts
      approvalsRoutes.ts
  services/
    ocrService.ts
    apInvoiceService.ts
    paymentService.ts
    routingService.ts
  models/
    invoice.ts
    vendor.ts
    approval.ts
    payment.ts
  repositories/
    invoiceRepository.ts
    vendorRepository.ts
    approvalRepository.ts
  config/
    db.ts
  migrations/
    20260501_create_invoices_table.ts
    20260501_create_approval_table.ts
  tests/
    unit/
      invoices.test.ts
      ocr.test.ts
    integration/
      invoices_integration.test.ts

Core Engineering Principles

• Security-by-default: least-privilege DB roles, environment-based secrets, and TLS for all services.
• Data integrity and auditability: immutable invoices log, traceable approvals, and exact timestamps.
• Idempotent operations: idempotent invoice import, idempotent approval actions, and safe retries.
• Observability: structured logs, metrics for OCR success rate, and tracing across services.
• Maintainability: strong typing, modular services, and clear API contracts.

Code Construction Rules

• Use TypeScript with strict type-checking; export named types and interfaces.
• Validate all inputs; use a validation layer before processing OCR results and DB writes.
• All DB operations must run inside transactions when multiple steps occur together (invoice + approvals + payments).
• Optimize OCR results normalization (trim, normalize currency, dates) before persisting invoices.
• Prefer Knex.js transactions over raw queries for complex writes; use parameterized queries to prevent SQL injection.
• Write isolated unit tests for OCR parsing, invoice normalization, and approval routing logic.
• Keep code under API boundaries; avoid leaking internal implementation details to the UI layer.
• Do not hard-code secrets or credentials; load from environment or secret manager.

Security and Production Rules

• Use OAuth 2.0 + JWT for authentication; rotate keys regularly; store secrets in a vault.
• Encrypt sensitive fields (PII) at rest and mask data in logs; use DB-level access controls.
• Require TLS for all service-to-service calls; validate input schemas; implement rate limiting and IP allowlists as needed.
• Audit every invoice import, approval decision, and payment status update with user IDs and timestamps.
• Monitor and alert on OCR failures, reconciliation mismatches, and failed payments.

Testing Checklist

• Unit tests for OCR parsing, invoice normalization, and routing logic.
• Integration tests for DB migrations, transactions, and repository methods.
• End-to-end tests for AP workflow: import invoice → OCR → approvals → payment status update.
• Linting and type-checking in CI; run tests on pull requests with code coverage thresholds.
• Security tests for input validation, secret handling, and access controls.

Common Mistakes to Avoid

• Skipping OCR error handling or misparsing multi-page invoices.
• Omitting input validation or over-trusting OCR results without normalization.
• Bypassing approval routing rules or creating hard-coded decision logic.
• Storing secrets in code or exposing DB credentials in logs.
• Ignoring observability; lack of metrics for OCR accuracy and workflow latency.

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

• Cursor Rules Template: Rental Marketplace with Property Listings, Applications, Tenant Screening, Payments and Messaging
• Cursor Rules Template: NestJS + Next.js + PostgreSQL for B2B Wholesale Portal
• Cursor Rules Template: Mental Wellness Journaling App with Mood Tracking, AI Reflections, Habit Tracking, and Privacy Controls
• Cursor Rules Template: Node.js Express PostgreSQL Kanban SaaS

FAQ

What is this Cursor Rules Template for Accounts Payable?

This template provides a copyable .cursorrules block and stack-specific guidance to build an AP automation app with OCR, vendor invoices, approval routing, and payment tracking using Cursor AI rules on a Node.js + PostgreSQL stack.

Which technologies does the template target?

The stack includes Node.js with TypeScript, PostgreSQL via Knex migrations, Tesseract.js for OCR, and a modular service-oriented architecture with clear API boundaries and Cursor AI guardrails.

How do I apply the .cursorrules block?

Copy the code block under Copyable .cursorrules Configuration and paste it into your project root as .cursorrules to enforce the rules and scaffolding described here.

How is security handled in this template?

Security is enforced by OAuth 2.0, JWT-based sessions, secret management in a vault, parameterized queries, and encrypted data at rest. Secrets must never be committed to source control.

What are common pitfalls when implementing AP automation?

Common issues include OCR parsing failures without handling multi-page invoices, missing input validation, weak error handling, and gaps in audit trails or payment reconciliation.