Cursor Rules Template: Express ATS with Cursor AI

Overview

Cursor rules configuration for building an applicant tracking system (ATS) using Cursor AI in a Node.js/Express + PostgreSQL stack. This template covers Job Posts, Candidate Pipeline, Interviews, Scorecards, and AI Resume Screening. Direct answer: paste the .cursorrules block below to enable Cursor AI guidance across the ATS modules.

When to Use These Cursor Rules

When implementing a full-stack ATS with job postings, candidate pipelines, and interview workflows.
When integrating AI resume screening and scoring within the candidate funnel.
When you need consistent coding standards and security patterns across the backend layers.
When you want Cursor AI to guide architecture, naming, and testing workflows.

Copyable .cursorrules Configuration

# .cursorrules configuration for a Node.js/Express ATS with PostgreSQL

framework_role: 'Senior Node.js/Express ATS Engineer with Cursor AI oversight'
framework_context: 'Build an applicant tracking system featuring JobPost, Candidate, PipelineStage, Interview, Scorecard, and AIResume; using PostgreSQL + TypeORM; secured with JWTs; tested with Jest'
code_style: 'eslint: recommended + prettier; typescript; 100-char line max'
architecture_directory_rules: 'src/app, src/domain/jobs, src/domain/candidates, src/domain/interviews, src/domain/scorecards, src/persistence, src/config, src/middlewares, tests, migrations'
authentication_security_rules: 'JWT-based auth; bcrypt for passwords; roles: admin, recruiter, interviewer; refresh tokens with httpOnly cookies; audit logs for changes'
database_orm_patterns: 'PostgreSQL; TypeORM; entities in PascalCase; relations with eager/lazy loading as needed; careful N+1 prevention; parameterized queries'
testing_linting_workflows: 'jest + supertest; eslint + prettier; pre-commit hooks; CI: GitHub Actions with npm test and lint runs'
prohibited_actions_and_antipatterns: 'Do not bypass auth, expose private endpoints; Do not store secrets in code; Do not use dynamic SQL without parameters; Do not commit migrations with test data'
atss_domain_rules: 'JobPost, Candidate, PipelineStage, Interview, Scorecard, AIResume, InterviewFeedback'
ai_resume_screening_rules: 'Parse resume, extract keywords, score candidates, propose next-step actions; never expose raw resumes to client; store only hashes and metadata unless needed by user; ensure privacy'

Recommended Project Structure

src/
  app.ts
  server.ts
  config/
  domain/
    jobs/
      JobPost.ts
      JobPostService.ts
    candidates/
      Candidate.ts
      CandidateService.ts
    interviews/
      Interview.ts
    scorecards/
      Scorecard.ts
    ai-screening/
      Resume.ts
  persistence/
    entities/
    migrations/
    repositories/
  middlewares/
  routes/
  services/
  dtos/
  tests/

Core Engineering Principles

Explicit contracts between modules with clear responsibilities
Defensive coding and input validation at API boundaries
Security-by-default: least privilege, robust auth, and encrypted data at rest
Test-driven style: unit before integration; CI-driven lint and tests
Deterministic builds with migrations and seed data under version control

Code Construction Rules

Use TypeScript with strict mode; avoid any as much as possible
Define DTOs for all API surfaces; validate with class-validator
Follow RESTful routes; use meaningful nouns and avoid action verbs in routes
Entity relationships should be explicit; avoid circular imports
Keep business logic in services, not in controllers
All secrets must be in environment variables; use a config service

Security and Production Rules

JWTs with short lifetimes; rotate tokens; store refresh tokens securely
Input validation, output escaping, and prepared statements to prevent injection
Audit trails for job postings and candidate data changes
Rate limiting on sensitive endpoints; CSRF protection where applicable

Testing Checklist

Unit tests for services and validators
Integration tests for routes and database interactions
End-to-end tests simulating job posting, pipeline progression, and interview scheduling
Lint and type checks in CI; ensure migrations run cleanly

Common Mistakes to Avoid

Storing credentials in code or scripts; rely on environment configs
Skipping migrations or using destructive schema changes in production
Overloading endpoints with business logic; violate separation of concerns
Neglecting security headers and proper CORS in API responses

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

FAQ

What is the Cursor Rules Template for an ATS?

The template provides a complete, copyable .cursorrules block and a stack-specific project structure to build an ATS with job posts, candidate pipeline, interviews, scorecards, and AI resume screening using Cursor AI in a Node.js/Express + PostgreSQL stack.

Can I adapt these rules to another stack?

Yes. The template is stack-specific but the approach—clear architecture, strong security, and explicit testing—translates to other backends, with appropriate ORM and routing adjustments.

How do I integrate AI resume screening with Cursor AI?

The rules cover parsing resumes, extracting keywords, scoring candidates, and suggesting next steps, while protecting privacy by not exposing raw resumes unless authorized.

What production practices are included?

The template enforces migrations, unit/integration tests, linting, CI checks, access control, and secure handling of secrets.

Does this template enforce testing practices?

Yes. It emphasizes unit tests for services, integration tests for routes, and CI enforcement of linting and type checks to catch regressions early before deployment.

Target User

Use Cases