Bug Tracking System Cursor Rules Template for Cursor AI

Overview

This Cursor rules configuration provides a practical Cursor AI ruleset for building a bug tracking system. It targets a full stack consisting of a Node.js/Express backend, a React frontend, and PostgreSQL with Sequelize ORM. It ensures support for screenshots, logs, assignments, priorities, and release management, while guiding AI-assisted development with concrete constraints.

When to Use These Cursor Rules

• Kick off a production-grade bug tracker with consistent conventions
• Enforce authentication, authorization, and audit trails
• Direct Cursor AI to generate models, routes, and UI patterns aligned to the stack
• Define release management workflows and priority-driven release gates

Copyable .cursorrules Configuration

Framework: Node.js/Express + React + PostgreSQL (Sequelize)
Role: Cursor AI assistant configured as the primary rules author for a bug-tracking system
Context: Build a scalable bug-tracking app with screenshots, logs, assignments, priorities, and release management. Stack specifics: Node.js backend, React frontend, PostgreSQL with Sequelize ORM.
Code Style: TypeScript preferred; ESLint with standard config; Prettier; 2-space indentation; strict null checks
Architecture & Directory Rules: Backend in src/api, frontend in src/ui, database models in src/db, shared types in src/types
Authentication & Security Rules: JWT access/refresh tokens, password hashing with bcrypt, CORS restricted, input validation, rate limiting
Database & ORM patterns: PostgreSQL, Sequelize, models per domain entity; migrations; transactions; typed interfaces
Testing & Linting Workflows: Jest for unit tests; Supertest for API integration; ESLint CI; GitHub Actions workflow; pre-commit hooks
Prohibited Actions and Anti-patterns for the AI: Do not bypass validation; do not concatenate SQL strings; do not generate dangerous shell commands

Recommended Project Structure

project-root/
├── src/
│   ├── api/            # Backend: controllers, routes, services, middlewares
│   │   ├── controllers/
│   │   ├── routes/
│   │   └── middlewares/
│   ├── ui/             # Frontend: React components and pages
│   │   ├── components/
│   │   └── pages/
│   ├── db/             # ORM models and migrations (Sequelize)
│   │   ├── models/
│   │   └── migrations/
│   └── types/          # Shared TypeScript types
└── tests/              # Tests: unit, integration, e2e

Core Engineering Principles

• Fail-fast with clear validation errors and precise guardrails
• Security by default: least privilege and zero trust where possible
• Observability: structured logs, metrics, and tracing for issues and releases
• Idempotent API design and deterministic data mutations
• Typed contracts between backend and frontend; explicit data schemas
• Declarative data modeling with migrations and schema evolution policies

Code Construction Rules

• Backend endpoints follow RESTful conventions under /api using Express routers
• Use TypeScript across server and client with strict typing
• Model names: Issue, Screenshot, Log, Assignment, Priority, Release
• Validate and sanitize all input on the server; avoid direct string interpolation in queries
• Use Sequelize parameterized queries; leverage transactions for multi-step mutations
• Frontend components are modular, accessible, and testable; avoid global state drift

Security and Production Rules

• Environment variables for secrets; never commit credentials
• JWT with short expiry; rotate tokens; enforce refresh token rotation
• Audit trails for changes to issues, assignments, and releases
• Validate and sanitize file uploads for screenshots; store references, not files in repo
• Restrict CORS to trusted origins; implement rate limiting and IP allowlists

Testing Checklist

• Unit tests cover validators, helpers, and domain logic
• Integration tests verify API endpoints using a test DB or in-memory database
• End-to-end tests simulate real user flows: create issues, attach screenshots, assign, set priority, and manage releases
• CI/CD gates include lint, type checks, and test suites

Common Mistakes to Avoid

• Skipping server-side validation and relying on client-side checks
• Exposing sensitive data or internal error details in responses
• Overloading routes with business logic instead of separating concerns
• Ignoring accessibility for image uploads and UI components

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

• Cursor Rules Template: Rental Marketplace with Property Listings, Applications, Tenant Screening, Payments and Messaging
• Cursor Rules Template: Inventory SaaS with Stock Tracking, POs, Barcode Scanning
• Field Sales Cursor Rules Template: Location Check-ins, Visits, Notes, Tasks, and Manager Analytics
• Cursor Rules Template: Node.js Express PostgreSQL Kanban SaaS

FAQ

What is Cursor Rules Template used for in this bug tracker?

It defines executable rules for Cursor AI to generate backend and frontend patterns, ensuring consistency in data models, security, and release workflows for a bug-tracking system.

Which stack is covered by this template?

The template targets a Node.js/Express backend, React frontend, and PostgreSQL database using Sequelize ORM, with JWT authentication and a test-driven workflow.

How do I integrate screenshots and logs in issues?

Use the Screenshot and Log models linked to Issue; store file references securely, validate uploads, and expose a UI panel for viewing screenshots and logs per issue.

How is release management modeled?

Release objects tie to issues via relationships, track status and priority, and trigger deployment pipelines; prioritization rules guide gating of releases.

How do I validate this template in a real project?

Paste the .cursorrules block into your project root, configure environment variables, scaffold models, and run tests; adapt paths to your repo layout.