Django Vendor Portal Cursor Rules Template | Suhas Bhairav

Overview

This Cursor rules template provides a Django-based configuration for building a vendor compliance portal with questionnaires, document uploads, scoring, and AI gap analysis. It outlines exact rules Cursor AI should follow to implement secure data handling, auditable actions, and scalable workflows for compliance programs.

Direct answer: Use this Django-centered Cursor rules configuration to deploy a vendor oversight portal with questionnaire workflows, upload validations, scoring, and AI-assisted gap analysis, all under a clean, testable architecture.

When to Use These Cursor Rules

You need a Django REST Framework-backed API for vendor questionnaires and document uploads.
You require auditable scoring and an AI gap analysis pipeline to identify control weaknesses.
You want a clear folder structure, strict ORM usage, and secure authentication for vendor data.
You are enforcing data validation, roles, and permissions across questionnaire responses and file uploads.
You need CI workflows with linting, tests, and pre-commit checks specific to Django projects.

Copyable .cursorrules Configuration

framework: django
language: python
stack: Django 4.x, DRF, PostgreSQL
projectRoot: "/"

roleAndContext: &role
  You are Cursor AI configured as a Django vendor compliance portal architect. Your mandate is to generate and enforce rules for secure questionnaire workflows, document uploads, scoring, and AI gap analysis. Prioritize data integrity, auditable events, and safe AI recommendations.

codeStyleAndStyleGuides: &style
  pythonVersion: 3.11
  formatting: Black
  lint: flake8
  imports: isort
  typing: mypy
  serializers: explicit

architectureAndDirectoryRules: &arch
  apps:
    - portal
    - questionnaires
    - documents
    - scoring
    - ai_gap_analysis
  projectRoot: "/"
  settings:
    DATABASES: { default: { ENGINE: 'django.db.backends.postgresql', NAME: 'vendor_portal', USER: 'portal', PASSWORD: 'REPLACE_ME', HOST: 'localhost', PORT: '5432' } }
    MEDIA_ROOT: '/var/www/media'
    MEDIA_URL: '/media/'
    STATIC_ROOT: '/var/www/static'
  migrations: true

authenticationAndSecurityRules: &auth
  tokens: SimpleJWT
  csrf: true
  https: true
  allowedHosts: ['*']
  authBackends: ['rest_framework.authentication.JWTAuthentication']
  audit: true
  uploadValidation: true

databaseAndORMPatterns: &db
  models:
    - Vendor
    - Questionnaire
    - Question
    - Answer
    - Document
    - Score
    - GapAnalysis
  relations:
    - Vendor - Questionnaire (OneToMany)
    - Questionnaire - Question (OneToMany)
    - Questionnaire - Answer (OneToMany)
    - Vendor - Document (OneToMany)
  performance:
    - select_related('vendor')
    - prefetch_related('questions__answers')
  transactions: true

testingAndLintingWorkflows: &tests
  unit: pytest-django
  integration: pytest-django + DRF test client
  lint: flake8 + black
  ci: github actions with test matrix
  coverage: true
  typeChecking: mypy

prohibitedActionsAndAntiPatterns: &ban
  - Do not bypass authentication for endpoints
  - Do not store secrets in code or VCS
  - Do not use raw SQL for critical scoring logic
  - Do not expose file upload URLs without permissions
  - Do not mix ORM calls with unvalidated user input

Recommended Project Structure

vendor_portal/
├── manage.py
├── vendor_portal/
│   ├── __init__.py
│   ├── asgi.py
│   ├── settings.py
│   ├── urls.py
│   └── wsgi.py
├── apps/
│   ├── questionnaires/
│   │   ├── __init__.py
│   │   ├── models.py
│   │   ├── serializers.py
│   │   └── views.py
│   ├── documents/
│   │   ├── __init__.py
│   │   ├── models.py
│   │   ├── serializers.py
│   │   └── views.py
│   ├── scoring/
│   │   ├── __init__.py
│   │   ├── models.py
│   │   ├── serializers.py
│   │   └── views.py
│   └── ai_gap_analysis/
│       ├── __init__.py
│       ├── models.py
│       ├── serializers.py
│       └── views.py
├── templates/
├── static/
├── requirements.txt
└── Dockerfile

Core Engineering Principles

Explicit domain models with clear relationships for vendors, questionnaires, and documents.
Separation of concerns: API layer, domain logic, and AI analysis are isolated.
Cursor rules are declarative and testable, not embedded ad-hoc in views.
Security by design: enforce authentication, authorization, and audit trails for all data actions.
Automation: CI, linting, and tests run on every change; migrations are auditable.

Code Construction Rules

Endpoints should be Django REST Framework ViewSets with explicit serializers and permissions.
Models must use ForeignKey/M2M with related_name and use select_related/prefetch_related for queries.
Questionnaire data validation should use DRF serializers with field-level validators and cross-field root validators where needed.
Document uploads must validate MIME types, size limits, and store in MEDIA_ROOT with proper permissions.
AI gap analysis must run as asynchronous tasks and return structured gap reports to the API.
Tests must cover model constraints, serializer validation, and API endpoints with realistic fixtures.

Security and Production Rules

Enforce HTTPS, secure cookies, and CSRF protection on all state-changing endpoints.
Use token-based authentication (JWT) with short-lived access tokens and refresh tokens rotation.
Audit user actions: questionnaire submissions, document uploads, scoring changes.
Validate all file uploads; reject dangerous file types and enforce size caps.
Limit admin and vendor data exposure; implement per-object permissions and role-based access.

Testing Checklist

Unit tests for models, serializers, and scoring logic.
Integration tests for questionnaire submission, document upload, and scoring flow.
End-to-end tests simulating a vendor onboarding and compliance scoring path.
CI checks for linting, type checking, and test coverage thresholds.
Deployment checks: migrations, static assets collection, and media storage path availability.

Common Mistakes to Avoid

Overcomplicating permissions; start with simple roles and expand as needed.
Storing large uploaded documents in the database; use filesystem or object storage with pointers.
Ignoring input validation in questionnaires which can lead to inconsistent scoring.
Skipping audit logging for key actions like scoring and document uploads.
Assuming AI gap analysis is deterministic; design for probabilistic outputs and traceability.

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

FAQ

What is a Cursor Rules Template for a Django vendor portal?

A Cursor Rules Template defines a set of rules Cursor AI must follow to implement a Django-based vendor portal with questionnaires, document uploads, scoring, and AI gap analysis. It provides architecture, security, and workflow constraints so AI-assisted development remains consistent and auditable.

How does this template handle questionnaire workflows?

The template enforces models for Questionnaire, Question, and Answer, with DRF-based endpoints, validation rules, and audit logs for each submission. It supports multi-questionnaire journeys and per-vendor responses with immutable history.

What about document uploads and security?

Uploads are validated for type and size, stored in a secure media path, and access-controlled. The rules require per-object permissions, CSRF protection on mutating endpoints, and encrypted transport.

How is AI gap analysis integrated?

AI gap analysis runs as an asynchronous task that consumes questionnaire data, compares results against policy baselines, and returns structured reports. Outputs are stored as GapAnalysis models and are auditable and traceable.

What should I validate in CI/CD for this template?

Ensure linting with Black/Isort/Flake8, type checks with mypy, and a comprehensive test suite (unit and integration). Verify migrations, static assets, and that secret management is externalized via environment variables.

Django Vendor Portal Cursor Rules Template for Compliance

Target User

Use Cases