Cursor Rules TemplatesCursor Rules Template
Cursor Rules Template: AI Agent Marketplace with API Key Execution
Copyable Cursor Rules Template for building an AI agent marketplace with API key-based execution using Cursor AI.
.cursorrules templatecursor rules templateai agent marketplaceapi key executionCursor AI rulesNode.jsTypeScriptPostgreSQLsandboxmonetizationtenant isolation
Target User
Developers building AI agent marketplaces with API key-based execution
Use Cases
- Build an AI agent marketplace where users create, publish, and monetize agents
- Sandbox agent execution with per-tenant API keys
- Enforce security and billing for agent usage
- Publish agents with pricing and ownership metadata
Markdown Template
Cursor Rules Template: AI Agent Marketplace with API Key Execution
// Cursor Rules Template for AI Agent Marketplace
Framework: Node.js/TypeScript backend (Express-like routing)
Context: Multi-tenant AI agent marketplace with API key-based execution using Cursor AI
Framework Role & Context
- Role: Server orchestrator enforcing policy, sandboxing user agents, and routing API requests to agents.
- Context: Node.js runtime, PostgreSQL, Redis for caching, Stripe for monetization; Cursor AI ensures safe execution.
Code Style and Style Guides
- TypeScript-first codebase; ESLint with @typescript-eslint/plugin; Prettier for formatting; strict null checks.
- Enforce consistent naming: camelCase for vars, PascalCase for classes; explicit types.
Architecture & Directory Rules
- Monorepo with apps/ and shared/ components.
- src/ contains api/, services/, db/, and workers/ with clear module boundaries.
- Separate business logic from HTTP handlers; use dependency injection.
Authentication & Security Rules
- API keys per user; keys stored hashed; rotation supported.
- Access control validated on each request; implement tenant isolation.
- Use TLS, HSTS, and secure cookies where applicable.
Database and ORM patterns
- PostgreSQL with row-level security; no direct string concatenation in queries.
- Use pg (node-postgres) with parameterized queries; migrations folder under db/migrations/.
- No ORM heavy abstractions; hand-written queries for performance.
Testing & Linting Workflows
- Unit tests with Jest; integration tests for db interactions; end-to-end tests with Playwright or similar.
- CI runs ESLint, TypeScript compile, tests, and lint on PRs.
Prohibited Actions and Anti-patterns for the AI
- Do not execute user-submitted code directly; sandbox with Cursor AI.
- Do not leak API keys or tenant data; never expose internal endpoints to all tenants.
- Do not bypass rate limits or skip input validation.
- Do not rely on global mutable state for request handling.Overview
Cursor rules configuration for building an AI agent marketplace where users create, publish, and monetize agents with API key based execution. This template targets a Node.js/TypeScript backend with PostgreSQL, using Cursor AI to enforce safety and sandboxing for agent execution.
When to Use These Cursor Rules
- You're building a multi-tenant marketplace where users own agents.
- You need API key-based execution with per-tenant isolation.
- You want to publish agents securely to monetize them.
- You require a deterministic, auditable policy engine for agent behavior.
- You want a copyable configuration that you can paste into .cursorrules in your project root.
Copyable .cursorrules Configuration
// Cursor Rules Template for AI Agent Marketplace// Cursor Rules Template for AI Agent Marketplace
Framework: Node.js/TypeScript backend (Express-like routing)
Context: Multi-tenant AI agent marketplace with API key-based execution using Cursor AI
Framework Role & Context
- Role: Server orchestrator enforcing policy, sandboxing user agents, and routing API requests to agents.
- Context: Node.js runtime, PostgreSQL, Redis for caching, Stripe for monetization; Cursor AI ensures safe execution.
Code Style and Style Guides
- TypeScript-first codebase; ESLint with @typescript-eslint/plugin; Prettier for formatting; strict null checks.
- Enforce consistent naming: camelCase for vars, PascalCase for classes; explicit types.
Architecture & Directory Rules
- Monorepo with apps/ and shared/ components.
- src/ contains api/, services/, db/, and workers/ with clear module boundaries.
- Separate business logic from HTTP handlers; use dependency injection.
Authentication & Security Rules
- API keys per user; keys stored hashed; rotation supported.
- Access control validated on each request; implement tenant isolation.
- Use TLS, HSTS, and secure cookies where applicable.
Database and ORM patterns
- PostgreSQL with row-level security; no direct string concatenation in queries.
- Use pg (node-postgres) with parameterized queries; migrations folder under db/migrations/.
- No ORM heavy abstractions; hand-written queries for performance.
Testing & Linting Workflows
- Unit tests with Jest; integration tests for db interactions; end-to-end tests with Playwright or similar.
- CI runs ESLint, TypeScript compile, tests, and lint on PRs.
Prohibited Actions and Anti-patterns for the AI
- Do not execute user-submitted code directly; sandbox with Cursor AI.
- Do not leak API keys or tenant data; never expose internal endpoints to all tenants.
- Do not bypass rate limits or skip input validation.
- Do not rely on global mutable state for request handling.
Recommended Project Structure
ai-agent-marketplace/
backend/
src/
api/
v1/
routers/
controllers/
db/
migrations/
models/
services/
workers/
tests/
package.json
tsconfig.json
shared/
lib/
types/
.env
README.md
Core Engineering Principles
- Principle of least privilege for access control and API keys.
- Explicit API contracts and validators (OpenAPI-first).
- Deterministic, idempotent operations to avoid side-effects.
- Strong typing and test coverage across modules.
- Defensive programming with strict input validation and error handling.
Code Construction Rules
- Always define explicit interfaces for agents, keys, and transactions.
- Use parameterized SQL for all database queries and do not build SQL via string concatenation.
- Validate agent metadata before publishing; enforce schema constraints.
- Isolate agent execution in a sandbox; enforce resource limits and timeouts per request.
- Audit trails for agent actions with userId, agentId, and timestamp.
- CI checks run on PRs; lint and type checks must pass before build.
Security and Production Rules
- Hash and salt all API keys; rotate keys regularly; store in secure vault if possible.
- Enforce per-tenant data isolation; use PostgreSQL RLS policies.
- Use TLS for all endpoints; enable TLS termination at edge.
- Implement rate limiting and circuit breakers; log security incidents.
- Regular dependency vulnerability scans and patching.
Testing Checklist
- Unit tests for handlers, validators, and utilities.
- Integration tests for db access with seed test data.
- End-to-end tests for agent creation, publishing, and monetization flows.
- CI pipelines run on PRs; tests must pass before merge.
Common Mistakes to Avoid
- Skipping tenant isolation leads to cross-tenant data leakage.
- Hard-coding API keys or secrets in code.
- Unbounded agent sandbox execution that can abuse resources.
- Neglecting input validation and error handling paths.
Related Cursor rules templates
Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.
- Cursor Rules Template: Sustainability Supplier Assessment Platform with Questionnaires, Scoring, and Compliance Dashboards
- Cursor Rules Template — Real Estate Dashboard with Cash Flow, ROI, and Analytics
- Cursor Rules Template: Newsletter Platform with Subscriptions, Campaigns, Segmentation, Payments and AI Writing Assistant
- Cursor Rules Template: Rental Marketplace with Property Listings, Applications, Tenant Screening, Payments and Messaging
FAQ
What is a Cursor Rules Template for an AI agent marketplace?
A Cursor Rules Template provides a complete, copyable .cursorrules configuration that encodes roles, constraints, and safety policies for building an AI agent marketplace with API key based execution. It guides developers on how to structure code, security, and deployment workflows.
How do API keys impact agent execution in the marketplace?
API keys isolate execution per user, enforce rate limits, and control access to agent endpoints. The template includes tokens for issuing, revoking, and auditing API keys, with strict sandboxing to prevent cross-tenant data leakage.
What stack is this Cursor Rules Template designed for?
This template targets a Node.js/TypeScript backend with a PostgreSQL database and an API key based authorization layer. It includes patterns for server architecture, data access, testing, and deployment suitable for building a scalable AI agent marketplace.
How can I monetize created agents in the marketplace?
Agents can be monetized via per-call or subscription models, with revenue tracked per agent and exposed through a billing service API. The template includes hooks for publishing agents and managing pricing, ownership, and payout events.
Can Cursor Rules Template enforce per-tenant sandbox limits?
Yes. The template prescribes per-tenant sandbox limits, timeouts, and resource usage caps to prevent abuse, while logging usage for invoicing and anomaly detection.