Cursor Rules TemplatesBackend API Rules
Clinic Management SaaS Cursor Rules Template for Cursor AI
Copyable Cursor rules configuration for building a clinic management SaaS backend (appointments, patients, doctors, billing, prescriptions, medical records) using NestJS, PostgreSQL, and TypeORM.
clinic-managementcursor-rules-templatenestjspostgresqltypeormrbacjwt-authmedical-recordsappointmentsbillingprescriptions
Target User
Backend engineers building a clinic management SaaS
Use Cases
- Define safe Cursor AI prompts for the clinic backend
- Standardize module boundaries for appointments, patients, doctors, billing, prescriptions, and records
- Ensure security, testing, and CI/CD readiness
Markdown Template
Clinic Management SaaS Cursor Rules Template for Cursor AI
Framework Role & Context:
- You are a backend architect for a Clinic Management SaaS (appointments, patients, doctors, billing, prescriptions, medical records).
- Stack: NestJS, TypeORM, PostgreSQL, JWT auth, RBAC roles Admin/Doctor/Receptionist/Patient.
Code Style and Style Guides:
- TypeScript with ESLint (airbnb-typescript) and Prettier.
- Use DTOs, explicit types, and consistent naming. Enforce strictNullChecks.
Architecture & Directory Rules:
- Monorepo layout with apps/api/src/modules/{appointments,patients,doctors,billing, prescriptions, records} and shared utilities.
- Each module exposes a Controller, Service, Repository, and Entity (TypeORM).
- Migrations under migrations/ with a dedicated migrations runner.
- Use domain-driven naming and index barrels for exports.
Authentication & Security Rules:
- JWT-based authentication with access and refresh tokens; RBAC roles: Admin, Doctor, Receptionist, Patient.
- Guards protect routes; avoid exposing sensitive fields in responses; enforce CSRF considerations for browser sessions.
- Always hash passwords with bcrypt and store only salted hashes.
Database and ORM patterns:
- PostgreSQL with TypeORM; use transactions for billing and critical updates; avoid N+1 queries with proper relations and eager vs lazy loading wisely.
- Use proper cascade rules; define indices for search on patients, doctors, and billing records.
Testing & Linting Workflows:
- Jest unit tests for services, integration tests for modules, and end-to-end tests with SuperTest.
- CI runs lint, test, build; enforce pre-commit hooks.
Prohibited Actions and Anti-patterns for the AI:
- Do not bypass authentication or authorization checks.
- Do not generate raw SQL without parameters; avoid string concatenation.
- Do not mutate patient data without audit logging.
- Do not leak internal identifiers; obscure or hash sensitive IDs when exposed.Overview
Copyable Cursor rules for a Clinic Management SaaS backend. This template targets a Node.js/NestJS stack with PostgreSQL, TypeORM, and Cursor AI to guide code generation for modules: appointments, patients, doctors, billing, prescriptions, and medical records. Direct answer: follow the rules to keep data models consistent, enforce RBAC, secure endpoints, and generate maintainable module boundaries.
When to Use These Cursor Rules
- Starting a new Clinic Management SaaS project with a REST API surface.
- Standardizing module boundaries across appointments, patients, doctors, billing, prescriptions, and medical records.
- Enforcing RBAC and JWT-based authentication across endpoints.
- Setting architecture and directory conventions for a TypeORM-based PostgreSQL backend.
- Preparing for automated testing, linting, and CI/CD pipelines from day one.
Copyable .cursorrules Configuration
Framework Role & Context:
- You are a backend architect for a Clinic Management SaaS (appointments, patients, doctors, billing, prescriptions, medical records).
- Stack: NestJS, TypeORM, PostgreSQL, JWT auth, RBAC roles Admin/Doctor/Receptionist/Patient.
Code Style and Style Guides:
- TypeScript with ESLint (airbnb-typescript) and Prettier.
- Use DTOs, explicit types, and consistent naming. Enforce strictNullChecks.
Architecture & Directory Rules:
- Monorepo layout with apps/api/src/modules/{appointments,patients,doctors,billing, prescriptions, records} and shared utilities.
- Each module exposes a Controller, Service, Repository, and Entity (TypeORM).
- Migrations under migrations/ with a dedicated migrations runner.
- Use domain-driven naming and index barrels for exports.
Authentication & Security Rules:
- JWT-based authentication with access and refresh tokens; RBAC roles: Admin, Doctor, Receptionist, Patient.
- Guards protect routes; avoid exposing sensitive fields in responses; enforce CSRF considerations for browser sessions.
- Always hash passwords with bcrypt and store only salted hashes.
Database and ORM patterns:
- PostgreSQL with TypeORM; use transactions for billing and critical updates; avoid N+1 queries with proper relations and eager vs lazy loading wisely.
- Use proper cascade rules; define indices for search on patients, doctors, and billing records.
Testing & Linting Workflows:
- Jest unit tests for services, integration tests for modules, and end-to-end tests with SuperTest.
- CI runs lint, test, build; enforce pre-commit hooks.
Prohibited Actions and Anti-patterns for the AI:
- Do not bypass authentication or authorization checks.
- Do not generate raw SQL without parameters; avoid string concatenation.
- Do not mutate patient data without audit logging.
- Do not leak internal identifiers; obscure or hash sensitive IDs when exposed.
Recommended Project Structure
clinic-saas/
├── apps/
│ └── api/
│ ├── src/
│ │ ├── modules/
│ │ │ ├── appointments/
│ │ │ ├── patients/
│ │ │ ├── doctors/
│ │ │ ├── billing/
│ │ │ ├── prescriptions/
│ │ │ └── records/
│ │ ├── shared/
│ │ │ ├── dto/
│ │ │ └── guards/
│ │ ├── app.module.ts
│ │ └── main.ts
│ └── tsconfig.json
├── migrations/
├── .eslintrc.js
├── package.json
└── tsconfig.json
Core Engineering Principles
- Domain-driven module boundaries with clean, testable interfaces.
- Least privilege RBAC and JWT-based auth across all endpoints.
- Idempotent APIs and auditable data mutations for PHI-like data.
- Schema-first development: migrations and TypeORM entities in sync.
- Automated testing and CI/CD integration from the start.
Code Construction Rules
- Use NestJS controllers and services with DTO validation; do not skip validation.
- Define TypeORM entities per domain module; map relations explicitly.
- All data access uses repositories; avoid inline SQL in services.
- Authentication must use JWTs; protect routes with guards; never trust client payloads.
- Keep business logic in services, not controllers; controllers handle request mapping.
- Follow the exact directory structure: modules must include controllers, services, repositories, and entities.
Security and Production Rules
- Use TLS, store secrets in env, rotate keys regularly; enable audit logging for sensitive actions.
- Encrypt sensitive fields in the database where appropriate; avoid exposing PHI in responses.
- Apply rate limiting and IP allowlists for admin endpoints; monitor anomalous patterns.
- Implement backup and disaster recovery plans for the PostgreSQL data.
Testing Checklist
- Unit tests for services with mocked repositories.
- Integration tests covering module interactions (appointments, billing, records).
- End-to-end tests for typical flows: patient creation, appointment booking, billing, prescription, and record updates.
- Security tests: authentication, authorization, input validation.
- CI/CD pipeline validates lint, tests, build artifacts, and deployment readiness.
Common Mistakes to Avoid
- Skipping migrations or diverging entity schemas from migrations.
- Over-privileging roles or bypassing authorization checks.
- Exposing internal IDs or PHI in API responses.
- Neglecting audit trails for critical actions like billing or medical data changes.
- Ignoring N+1 queries and not using proper relations in ORM queries.
Related Cursor rules templates
Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.
- Cursor Rules Template: Django Subscription Box Platform
- Cursor Rules Template: Podcast Management Stack
- KPI Dashboard Builder — Cursor Rules Template for Cursor AI
- Circular Economy Marketplace: Cursor Rules Template for NestJS + PostgreSQL
FAQ
What is the Clinic Management Cursor Rules Template used for?
It provides a complete .cursorrules configuration to guide Cursor AI when building a clinic management SaaS backend (NestJS, PostgreSQL, TypeORM) including modules for appointments, patients, doctors, billing, prescriptions, and medical records.
Which stack does this template target?
NestJS on Node.js, PostgreSQL as the database, TypeORM as the ORM, with JWT-based authentication and RBAC roles for Admin, Doctor, Receptionist, and Patient.
How do I use the copyable .cursorrules block?
Copy the block under Copyable .cursorrules Configuration and paste into your project's root as .cursorrules. It defines framework roles, code style, architecture rules, security rules, and testing workflows.
Can I extend this template for more modules?
Yes. The architecture and directory rules are modular; you can add modules (e.g., billing, prescriptions) under their own domain in a clean, consistent manner using the same Cursor AI guardrails.
What are the recommended tests and CI steps?
Include unit tests for services, integration tests for modules, API contract tests, and e2e tests. Integrate tests in the CI/CD pipeline with lint, test, and build stages.