Cursor Rules Template: BPM Forms, Approvals & Visual Workflow Builder

Overview

Direct answer: This Cursor rules template provides a ready-to-paste .cursorrules configuration for a business process automation platform with forms, multi-step approval flows, event-driven notifications, and a visual workflow builder, all implemented on a Node.js + PostgreSQL stack. It enforces safe AI-assisted development, strong typing, and clear separation of concerns.

The stack targeted by this template includes Node.js (NestJS-like structure), PostgreSQL as the data store, and TypeORM for ORM patterns, with JWT-based authentication and RBAC for access control.

When to Use These Cursor Rules

• Starting a new BPM project that requires structured forms and approvals.
• Integrating a visual workflow builder into an existing Node.js application.
• Enforcing consistent security, auditing, and change-tracking in automation flows.
• Defining data models for forms, workflows, and notifications with clear boundaries.

Copyable .cursorrules Configuration

# Cursor rules for BPM with forms, approvals, and notifications
# Framework Role & Context
Role: Platform Engineer for BPM with Cursor AI
Context: Build forms, approval flows, and a visual workflow builder

# Code Style and Style Guides
CodeStyle: ESLint + Prettier (TS)
Linting: yes

# Architecture & Directory Rules
Architecture:
  - src/forms
  - src/approvals
  - src/workflows
  - src/notifications
  - src/auth
  - src/ui
  - src/database
  - tests

# Authentication & Security Rules
Auth: JWT + RBAC; OAuth optional
Security: secrets managed via Vault; no secrets in code

# Database and ORM patterns
ORM: PostgreSQL + TypeORM
Entities: User, Form, FormField, Workflow, Step, Approval, Notification, AuditLog
Relationships: user-forms, workflow-steps, approvals-logs

# Testing & Linting Workflows
Tests: Jest + SuperTest; TS compilation check; Lint via ESLint in CI

# Prohibited Actions and Anti-patterns for the AI
Prohibited: bypass auth, trusting client input, executing untrusted code
Anti-patterns: direct string concatenation in queries, skipping migrations, ignoring migrations

Recommended Project Structure

root/
  src/
    forms/
    approvals/
    workflows/
    notifications/
    auth/
    ui/
    database/
  migrations/
  tests/
  package.json
  tsconfig.json

Core Engineering Principles

• Strong typing and explicit DTOs for all inputs.
• Separation of concerns: UI, domain logic, and data access are separate.
• Idempotent and retry-friendly operations for workflows and notifications.
• Observability: structured logging, metrics, and tracing.
• Security-by-default: enforce least privilege and audit trails.

Code Construction Rules

• Use DTOs with runtime validation for forms and flow definitions.
• Implement repository patterns around TypeORM for data access.
• Define explicit interfaces for services and controllers; use dependency injection.
• All inputs should be validated and sanitized; avoid dynamic code execution.
• Transactions should wrap multi-step form approvals to ensure consistency.

Security and Production Rules

• JWT-based authentication with role-based access control for endpoints.
• Secret storage in a vault; never commit secrets; rotate keys regularly.
• Input validation, output encoding, and strict CORS policies.
• Audit logs for all form submissions, approvals, and notifications.

Testing Checklist

• Unit tests for validators and DTOs.
• Integration tests for forms, approvals, and notifications flows.
• End-to-end tests for typical BPM scenarios.
• Lint and type checks in CI; run migrations before tests.

Common Mistakes to Avoid

• Skipping input validation and relying on client-side checks.
• Over-privileged roles or unclear RBAC rules.
• Ignoring migration strategies; schema drift hurts production.
• Not validating or sanitizing data in workflow definitions.

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

• Cursor Rules Template: NestJS + Next.js + PostgreSQL for B2B Wholesale Portal
• Cursor Rules Template: Cash Flow SaaS with Bank Imports, Invoices, and AI Predictions
• Cursor Rules Template: Accounts Payable Automation with OCR, Invoicing, and Approval Routing
• Cursor Rules Template: Construction Project Management Stack

FAQ

What is this Cursor Rules Template for BPM forms and workflow?

A copyable Cursor rules configuration and guidance to implement a business process automation platform with forms, approvals, notifications, and a visual workflow builder on a Node.js + PostgreSQL stack.

Which stack does this template target?

The template targets Node.js-based backends (NestJS-inspired structure) with PostgreSQL and TypeORM, JWT-based authentication, and a UI layer for forms and workflow visuals. Cursor AI assists implementation while enforcing stack-specific rules.

How do I paste the .cursorrules block into my project?

Copy the block from the Copyable section and place it in the project root as .cursorrules. Use Cursor AI to validate and adapt the definitions to your environment.

How can I customize forms and approval rules?

Adjust the form field definitions, validation rules, and multi-step approval steps in the rules block; ensure field IDs are stable and approvals are auditable.

What should I test for BPM rules?

Validate unit-level validators, integration flows for forms/approvals, and end-to-end BPM scenarios; verify migrations, deployment configs, and security checks in CI.