Cursor Rules Template: Django REST Framework, PostgreSQL, Redis

Overview

Cursor rules configuration for Django REST Framework stack using PostgreSQL and Redis, tailored for Cursor AI for safe, scalable API development. This template defines roles, architecture, authentication, database patterns, testing workflows, and anti-patterns specific to DRF + Postgres + Redis.

Direct answer: Paste the .cursorrules block below into your Django project root to configure Cursor AI for DRF APIs backed by PostgreSQL and Redis. It provides concrete guidance on structure, security, testing, and production readiness.

When to Use These Cursor Rules

Starting a new DRF project that uses PostgreSQL as the primary data store and Redis for caching or session management.
Standardizing code generation across multiple DRF apps to ensure consistent authentication, serialization, and API patterns.
Implementing safe AI-assisted code changes and reviews in a Django repository with a clear project layout.
Embedding testing and CI/CD best practices into the Cursor AI workflow for Django stacks.

Copyable .cursorrules Configuration


# Cursor Rules for Django REST Framework + PostgreSQL + Redis
framework: django-rest-framework
language: python
stack:
  - postgresql
  - redis
context: >
  You are a senior Django REST Framework engineer. Your project is a Django monorepo with apps/api and a separate Django settings module. PostgreSQL stores relational data; Redis handles caching and tokens. Cursor AI should generate safe, testable code and follow the project’s structure.
roles:
  - Framework Engineer
  - Security Engineer
code_style: PEP8, Black, isort; type hints where appropriate
architecture:
  - manage.py at repo root
  - django_project/settings.py for config
  - apps/api for API endpoints
  - config/docker for docker-compose and envs
authentication:
  method: JWT using djangorestframework-simplejwt
  tokenLifetime: 7 days
database:
  orm: Django ORM
  modelsPattern: AbstractBaseModel for common fields
  migrations: automatic via makemigrations
testing:
  unit:
    - tests for serializers and validators
  integration:
    - tests for API endpoints with DRF APITestCase
  tooling:
    - pytest-django
linting:
  - ruff
  - flake8
  - black --check
prohibitedActions:
  - Do not execute shell commands from API handlers
  - Do not bypass ORM; never concatenate SQL strings
antiPatterns:
  - N+1 queries
  - Global mutable state
  - Storing secrets in source code
examples:
  - Implement a DRF ModelViewSet with proper pagination and filtering
  - Cache GET-heavy queries in Redis with cache_backend

Recommended Project Structure


myproject/
├── manage.py
├── requirements.txt
├── .env
├── docker-compose.yml
├── django_project/
│   ├── __init__.py
│   ├── settings.py
│   ├── urls.py
│   └── wsgi.py
└── apps/
    ├── api/
    │   ├── __init__.py
    │   ├── models.py
    │   ├── serializers.py
    │   ├── views.py
    │   └── urls.py
    └── core/
        ├── __init__.py
        └── utils.py

Core Engineering Principles

Explicit scope and boundaries between Django apps and shared utilities.
Idempotent code generation and safe AI-assisted changes.
Strong typing and linted, readable code (PEP8/Black).
Security-first by default: secret management, proper auth, and restricted access.
Test-driven development with unit and integration tests for API endpoints.
Observability: structured logging and metrics for API responses and caching.
Reproducible builds and environment parity with Docker and CI.

Code Construction Rules

Use Django REST Framework ModelViewSet with routers for CRUD endpoints.
Serialize input with DRF serializers and validate data in serializers and validators.
Follow Django ORM patterns: models inherit from a shared AbstractBaseModel; use related managers for queries.
Cache read-heavy endpoints in Redis and invalidate caches on writes using signals or explicit cache busting.
Use JWT authentication (DRF SimpleJWT); avoid session-based auth for APIs.
Environment-driven configuration: SECRET_KEY, DB_URL, and REDIS_URL come from .env or CI secrets.
Database migrations must be explicit and reviewed; migrations should be small and incremental.
Testing: unit tests for serializers, views, and permissions; integration tests for end-to-end API behavior.
Prohibited: Do not use raw SQL in business logic; do not bypass ORM; do not hardcode secrets.

Security and Production Rules

Secret management: load sensitive values from environment variables; do not commit secrets.
HTTP security: enforce HTTPS, set CSRF guards where appropriate for API endpoints, and configure proper CORS policy.
Authentication: use JWT with short-lived access tokens and refresh tokens; rotate keys if compromised.
Database: use parameterized queries via Django ORM; enable TLS for PostgreSQL connections if available.
Redis: enable TLS where supported; restrict access to Redis with proper authentication and ACLs.
Monitoring: enable application logs, error tracking, and health checks in production.
Do not expose admin endpoints publicly; use network-level controls or per-environment bridges.

Testing Checklist

Unit tests for serializers, validators, and model methods.
Integration tests for API endpoints, including authentication flows and permissions.
End-to-end tests simulating common user journeys against a PostgreSQL instance and Redis cache.
Linting and type-checking in CI; run Black, isort, and Ruff on push.
CI/CD: tests run on PRs; dependencies pinned; migrations applied in test env.

Common Mistakes to Avoid

Overusing raw SQL or bypassing the ORM for performance; start with ORM and profile.
Storing secrets or keys in code or in version control.
Ignoring migrations during development or deployment; failing to apply migrations in production.
Not validating input; assuming client data is safe.
Neglecting Redis cache invalidation after writes, causing stale data.

FAQ

What is this Cursor Rules Template for Django DRF with PostgreSQL and Redis?

This template provides Cursor AI rules to guide code generation, reviews, and automation for a Django REST Framework API using PostgreSQL and Redis. It covers architecture, security, testing, and production readiness tailored to DRF stacks.

Which stack does this template cover?

The template targets Django REST Framework with PostgreSQL as the database and Redis for caching and token storage, leveraging the Django ORM and DRF authentication patterns.

How do I integrate the .cursorrules block into my project?

Copy the provided .cursorrules block into the project root as .cursorrules and ensure the rules align with your Django repository. Cursor AI will use these rules to guide code generation, reviews, and automation safely.

What security rules are included?

The rules enforce JWT-based authentication, secret management via environment variables, parameterized queries through the ORM, and restricted access to sensitive endpoints to prevent data exposure.

What testing workflow is recommended?

Use pytest-django with fixtures for API endpoints, validate serializers and permissions with unit tests, and integrate tests into CI/CD with migrations applied in test environments.

How should I structure the project for this template?

Follow a Django-first layout with a dedicated apps/api for endpoints, apps/core for shared utilities, and a clear settings module. Use environment variables for configuration and Docker for development parity.

Cursor Rules Template for Django REST Framework with PostgreSQL and Redis

Target User

Use Cases