Cursor Rules Template for Django Ninja - Cursor AI

Overview

This Cursor rules template targets the Django Ninja stack and provides a complete, copyable .cursorrules configuration. It encodes framework-specific guidance for API development, authentication, ORM usage, testing workflows, and production readiness. It is designed for developers who want Cursor AI to assist with Django Ninja projects while enforcing architecture and security constraints.

Direct answer: Paste the included .cursorrules block into your Django project root to configure Cursor AI for Django Ninja APIs and enforce stack-specific rules automatically.

When to Use These Cursor Rules

• Starting a new Django Ninja API with strong security and clear layering.
• Ensuring consistent code style, directory structure, and API design across modules.
• Automating validation, testing, and deployment checks with Cursor AI.

Copyable .cursorrules Configuration

Framework Role & Context: You are Cursor AI acting as a Django Ninja API engineering advisor. You will write and critique .cursorrules configurations for Django Ninja stacks, focusing on security, maintainability, and measurable quality.
Code Style and Style Guides: Follow PEP8, Black, isort; prefer type hints and docstrings; align with Django-Ninja schemas for request/response models.
Architecture & Directory Rules: Root project folder is myproject; apps under myproject/apps (api, users, core); settings in myproject/config/settings.py; migrations in myproject/**/migrations/; tests in tests/.
Authentication & Security Rules: Implement session-based auth for internal tooling and token-based auth for API clients (JWT-like flow). Enforce CSRF on state-changing endpoints. Never log secrets or embed them in code.
Database and ORM patterns: Use Django ORM; favor select_related and prefetch_related; define explicit model constraints; avoid raw SQL; prefer parameterized queries when needed.
Testing & Linting Workflows: Use pytest-django; factory_boy; enforce pre-commit hooks; maintain 80%+ test coverage; run static checks with mypy where applicable.
Prohibited Actions and Anti-patterns for the AI: Do not execute arbitrary Python; do not use eval/exec; do not bypass authentication; do not log secrets; do not generate insecure endpoints or unsafe SQL concatenation.

Recommended Project Structure

myproject/
├── manage.py
├── config/
│   └── settings.py
├── apps/
│   ├── api/
│   │   ├── endpoints/
│   │   │   └── v1.py
│   │   └── schemas/
│   ├── users/
│   │   ├── models.py
│   │   └── endpoints/
│   └── core/
│       ├── auth.py
│       └── security.py
└── tests/

Core Engineering Principles

• Security-by-design: protect all public endpoints; validate inputs exhaustively.
• Explicit boundaries: clear API layering (endpoints, services, repositories).
• Deterministic testing: deterministic fixtures and adequate coverage.
• Type safety: use type hints and pydantic-like schemas for request/response models.
• Operational discipline: codified linting, tests, and CI checks.

Code Construction Rules

• All API routes must use Django Ninja’s path operation decorators with proper input validation.
• Models live in apps like apps.users.models and are referenced via Django ORM in services.
• Serializers should be defined as pydantic-like models for requests/responses in apps.api.schemas.
• Use migrations for schema changes; avoid runtime schema alterations.
• Keep business logic out of views; prefer service layer boundaries.
• Do not construct raw SQL with string interpolation or f-strings; prefer ORM or parameterized queries.

Security and Production Rules

• Enable CSRF protection for mutating endpoints; use token-based auth for API clients.
• Hide sensitive fields in responses; enforce explicit serializers.
• Store secrets in environment variables or vaults; avoid logging them.
• Enable strict CORS with approved origins; minimize exposed surface area.
• Configure least-privilege database users and monitor slow queries.

Testing Checklist

• Unit tests for services and models; integration tests for endpoints.
• End-to-end tests simulating API clients with tokens.
• Static type checks (mypy) and linting (black/isort/flake8).
• CI pipeline to run tests and lint on push/PRs.

Common Mistakes to Avoid

• Hardcoding secrets or API keys in code or tests.
• Skipping input validation or trusting client data implicitly.
• Disabling CSRF for production endpoints or using unsafe HTTP methods.
• Mixing business logic with API endpoints in views.

FAQ

What is this Django Ninja Cursor Rules Template?

A Cursor Rules Template for Django Ninja is a copyable .cursorrules configuration that encodes framework-specific guidance for building secure, maintainable APIs with Django Ninja.

How do I apply this template to my project?

Copy the .cursorrules block into your project root and ensure Cursor AI processes it during development and CI, adjusting paths to reflect your app structure.

Does this template enforce security best practices?

Yes. It emphasizes proper authentication, CSRF protection, secret management, and restricted origin policies, aligning with production-grade Django Ninja APIs.

Which testing frameworks are recommended?

Use pytest-django with factories, along with pre-commit hooks and mypy for type checking.

How can I extend this template for versioned APIs?

Organize endpoints under versioned namespaces (e.g., api.v1, api.v2) and reuse common services and schemas. The Cursor Rules Template supports extension via directory structure and additional code-generation rules.