Cursor Rules Template: Location Analysis Tools for Property Developers

Overview

The Cursor rules configuration outlines a practical, copyable .cursorrules configuration for a Python FastAPI + PostGIS stack to build location analysis tools for property developers. It specifies a defensible architecture, security norms, testing, and code-construction rules so AI-assisted development remains focused and production-ready.

Direct answer: use this Cursor rules template to paste a ready-to-run .cursorrules block into your project root, guiding Cursor AI to generate geospatial endpoints, data models, and tests for property development workflows.

When to Use These Cursor Rules

• Starting a location analytics feature for property development with Python FastAPI + PostGIS.
• Defining geospatial data models and API endpoints for property site analyses.
• Implementing prepared, parameterized queries for PostGIS operations to avoid SQL injection.
• Setting up authentication, authorization, and secure secret handling in a geospatial API.
• Integrating CI/CD with tests and linting for a location analysis microservice.

Copyable .cursorrules Configuration

# Cursor rules template for location analysis on Python FastAPI + PostGIS
# Cursor AI rules for a geospatial stack used by property developers

Framework Role & Context:
- You are Cursor AI configured to assist with building location analytics tools for property developers
  using Python FastAPI, SQLAlchemy, and PostgreSQL with PostGIS.
- Produce modular, testable code and documentation aligned to the project structure.

Code Style and Style Guides:
- Enforce PEP8, Black formatting, and isort; add mypy type hints where helpful.
- Use Google Python docstring style for public functions.
- Prefer explicit type hints and clear function signatures.

Architecture & Directory Rules:
- Project layout emphasizes app/, tests/, migrations/; API code under app/api/; models under app/models/;
  business logic under app/services/; database layer under app/db/.
- Migrations managed with Alembic; configuration injected via environment variables.

Authentication & Security Rules:
- Use OAuth2 with Password flow and JWT access tokens; refresh tokens rotated and stored securely.
- Do not log secrets; fetch credentials from environment variables or secret stores.
- Enforce HTTPS in production and enable CORS strictly for trusted origins.

Database and ORM patterns:
- PostgreSQL with PostGIS for geospatial data; SQLAlchemy ORM as the primary data access layer.
- Use spatial types, GeoJSON input/output, and bound parameters to prevent injection.
- Avoid raw string concatenation in queries; prefer parameterized SQL where necessary.

Testing & Linting Workflows:
- pytest for unit and integration tests; pytest-asyncio for async endpoints.
- Run linting and type checks in CI; include geospatial test fixtures and migrations checks.
- Include end-to-end tests for common location queries (distance, within radius, intersects).

Prohibited Actions and Anti-patterns:
- Do not bypass authentication or expose admin endpoints publicly.
- Do not embed credentials or secrets in source code or diffs.
- Do not perform blocking I/O in async paths; avoid N+1 query patterns.
- Do not rely on raw SQL strings for user-controlled input without parameterization.

Recommended Project Structure

my_project/
├── app/
│   ├── main.py
│   ├── api/
│   │   └── v1/
│   │       └── endpoints/
│   │           └── location.py
│   ├── core/
│   │   └── config.py
│   ├── db/
│   │   ├── base.py
│   │   │   └── session.py
│   │   ├── models.py
│   │   └── geospatial.py
│   ├── models/
│   │   └── location.py
│   └── services/
│       └── location_analysis.py
├── migrations/
│   └── env.py
├── tests/
│   └── test_locations.py
├── Dockerfile
├── docker-compose.yml
├── requirements.txt
└── alembic.ini

Core Engineering Principles

• Explicitness over magic: clear function signatures and documentation for geospatial logic.
• Security by default: secure credentials, proper token handling, and minimum-privilege access.
• Testable architecture: modular services with isolated, reproducible tests for geospatial features.
• Performance awareness: efficient PostGIS queries, indexing, and mindful loading patterns.
• Maintainability: clean separation of concerns between API, data access, and domain logic.

Code Construction Rules

• Do use SQLAlchemy ORM with bound parameters for all queries; never concatenate user input into SQL.
• Do model geospatial data with PostGIS types and use spatial indexes (GIST) for performance.
• Do structure endpoints to be small, composable, and well-tested; avoid monolithic handlers.
• Do keep migrations deterministic and reproducible; pin exact versions in requirements.
• Do enforce input validation with Pydantic models; provide explicit error messages.

Security and Production Rules

• Store secrets in environment variables or a secret manager; never commit them.
• Use HTTPS in production; enable CORS only for trusted origins.
• Validate and sanitize all inputs; enforce authorization on data access paths.
• Rotate JWTs and implement short-lived access tokens with refresh tokens.
• Apply network and database access controls; log security-relevant events without exposing secrets.

Testing Checklist

• Unit tests for geospatial utilities and data models.
• Integration tests for API endpoints with a test PostGIS instance or SQLite with spatial extension mocks.
• End-to-end tests for typical location queries (distance, within, intersects) and data flows.
• Linting and type checks in CI; run pre-commit hooks locally.
• Migrations tested against a clean database snapshot.

Common Mistakes to Avoid

• Using string-concatenated SQL for user input in location queries.
• Ignoring spatial indexes leading to slow geospatial queries.
• Over-privileged database roles or leaked credentials in logs.
• Coupling API handlers to persistence layer too early, hindering testability.
• Skipping input validation for complex geospatial inputs like GeoJSON.

Related implementation resources: AI Use Case for Geotechnical Firms Using Core Sample Records To Predict Soil Stability for Heavy Foundation Building and Stop AI Agents From Leaking Secrets: Credential Management for AI Workspaces.

FAQ

What stack is this Cursor rules template designed for?

This template targets a Python FastAPI + SQLAlchemy + PostgreSQL with PostGIS stack, optimized for location analytics in property development workflows. It provides a complete, copyable .cursorrules configuration and stack-specific guidance.

How do I use the copyable .cursorrules block?

Copy the block from the Copyable section and paste it into the root of your project’s repository as .cursorrules. The Cursor AI will then tailor code generation to your FastAPI + PostGIS setup, including models, endpoints, and tests.

What should I emphasize for geospatial performance?

Use PostGIS spatial indexes (GIST), proper bounding parameters for queries, and avoid N+1 queries by eager-loading only to the extent required. Validate coordinates and CRS consistency at the API boundary.

How should authentication be configured in production?

Implement OAuth2 with JWTs, rotate tokens, and store secrets in a secure vault. Enforce token scopes to restrict data access and audit token usage in production logs.

How do I test geospatial endpoints effectively?

Write unit tests for validators and serializers, integration tests for API endpoints with a test database, and end-to-end tests for common geospatial queries against a controlled dataset.