Cursor Rules TemplatesCursor Rules Template

Express + TypeScript + Drizzle ORM + PostgreSQL Cursor Rules Template

A copyable Cursor rules template for Express apps using TypeScript, Drizzle ORM, and PostgreSQL. Includes architecture, security, testing, and production guidelines.

.cursorrules templatecursor-rulesexpresstypescriptdrizzle-ormpostgrescursor-ai-rulesbackendnodejsapitesting

Target User

Developers building Express plus TypeScript backends with Drizzle ORM and PostgreSQL who want a Cursor AI rules blueprint.

Use Cases

  • Bootstrap Express APIs with Cursor AI guidance
  • Enforce architecture security and data access standards
  • Guide Drizzle ORM usage with PostgreSQL
  • Standardize authentication and authorization handling
  • Ensure testing and linting workflows are wired

Markdown Template

Express + TypeScript + Drizzle ORM + PostgreSQL Cursor Rules Template

Overview


The Cursor rules configuration for Cursor AI is a stack specific blueprint that guides AI assisted development for an Express backend written in TypeScript that uses Drizzle ORM with PostgreSQL. This page delivers a copyable .cursorrules configuration and clear constraints so AI suggestions stay aligned with the Express TypeScript Postgres Drizzle stack.


When to Use These Cursor Rules




Copyable .cursorrules Configuration


Framework Role & Context
- You are Cursor AI configured to assist in building an Express + TypeScript backend that uses Drizzle ORM for PostgreSQL. You provide precise, typed guidance and enforce project constraints. Do not bypass types or safety rules.

Code Style and Style Guides
- Use ESLint with typescript plugin, Prettier, and a strict tsconfig. Enforce explicit types, no any, consistent naming.

Architecture & Directory Rules
- Entry point: src/server.ts. Routes in src/routes. Controllers in src/controllers. DB schema in db/drizzle/schema.ts. Migrations in db/drizzle/migrations.

Authentication & Security Rules
- Use HttpOnly cookies or Authorization header with JWT; never localStorage. Validate input via a schema, enable basic CSRF protection where applicable; Use helmet.

Database and ORM patterns
- Use Drizzle ORM models in db/drizzle/schema.ts; keep migrations in db/drizzle/migrations with semantic names. Use typed queries like select().where({ id })

Testing & Linting Workflows
- Unit tests for controllers and services; integration tests for routes with a test database. Include migrations in CI, ensure type safety across tests, and verify authentication flows. Use fixtures for deterministic tests.

Prohibited Actions and Anti-patterns for the AI
- Do not generate raw SQL strings with concatenated values. Do not bypass validation or typing layers. Do not introduce global mutable state or non deterministic behavior.

Recommended Project Structure


ProjectRoot
├── src
│   ├── server.ts
│   ├── routes
│   │   └── index.ts
│   ├── controllers
│   └── middleware
├── db
│   └── drizzle
│       ├── schema.ts
│       └── migrations
│           └── 0001_init.ts
├── migrations
├── tests
├── drizzle.config.ts
├── tsconfig.json
├── package.json

Core Engineering Principles




Code Construction Rules




Security and Production Rules




Testing Checklist




Common Mistakes to Avoid




FAQ


What is included in this Cursor Rules Template for Express + Drizzle + Postgres?


A tailored set of guidelines and a copyable .cursorrules block for an Express server written in TypeScript that uses Drizzle ORM for PostgreSQL. It enforces architectural boundaries, security practices, testing workflows, and production readiness to keep AI assisted coding aligned with your stack.


How do I apply the .cursorrules block in my project root?


Place the provided .cursorrules block at the repository root of your Express plus TypeScript and Drizzle project. The rules guide Cursor AI on scope architecture security and test patterns ensuring consistent AI assistance across routes services and database interactions.


Can I adapt this template to other ORMs?


Yes but you should reframe the ORM specific sections to match the target ORM API and typing. The core structure architecture security testing and production guidelines remain valid. Update the database patterns and migrations to reflect the new ORM conventions.


What tests should I add first?


Begin with unit tests for controllers and services and then add integration tests for routes using a test database. Include migrations in CI, verify type safety across tests, and cover authentication flows with realistic fixtures.


How do I run the Cursor AI checks locally?


Install dependencies, run TypeScript compile and linter, then execute the test suite and a local server. Use a subset of endpoints to validate Cursor AI guidance on architecture security and ORM usage and review the generated rules for completeness.

Overview

The Cursor rules configuration for Cursor AI is a stack specific blueprint that guides AI assisted development for an Express backend written in TypeScript that uses Drizzle ORM with PostgreSQL. This page delivers a copyable .cursorrules configuration and clear constraints so AI suggestions stay aligned with the Express TypeScript Postgres Drizzle stack.

When to Use These Cursor Rules

Copyable .cursorrules Configuration

Framework Role & Context
- You are Cursor AI configured to assist in building an Express + TypeScript backend that uses Drizzle ORM for PostgreSQL. You provide precise, typed guidance and enforce project constraints. Do not bypass types or safety rules.

Code Style and Style Guides
- Use ESLint with typescript plugin, Prettier, and a strict tsconfig. Enforce explicit types, no any, consistent naming.

Architecture & Directory Rules
- Entry point: src/server.ts. Routes in src/routes. Controllers in src/controllers. DB schema in db/drizzle/schema.ts. Migrations in db/drizzle/migrations.

Authentication & Security Rules
- Use HttpOnly cookies or Authorization header with JWT; never localStorage. Validate input via a schema, enable basic CSRF protection where applicable; Use helmet.

Database and ORM patterns
- Use Drizzle ORM models in db/drizzle/schema.ts; keep migrations in db/drizzle/migrations with semantic names. Use typed queries like select().where({ id })

Testing & Linting Workflows
- Unit tests for controllers and services; integration tests for routes with a test database. Include migrations in CI, ensure type safety across tests, and verify authentication flows. Use fixtures for deterministic tests.

Prohibited Actions and Anti-patterns for the AI
- Do not generate raw SQL strings with concatenated values. Do not bypass validation or typing layers. Do not introduce global mutable state or non deterministic behavior.

Recommended Project Structure

ProjectRoot
├── src
│   ├── server.ts
│   ├── routes
│   │   └── index.ts
│   ├── controllers
│   └── middleware
├── db
│   └── drizzle
│       ├── schema.ts
│       └── migrations
│           └── 0001_init.ts
├── migrations
├── tests
├── drizzle.config.ts
├── tsconfig.json
├── package.json

Core Engineering Principles

  • Idempotent migrations and repeatable deployments
  • Security by default and defense in depth
  • Test driven guidance for AI assisted coding
  • Observability through structured logs and metrics
  • Documentation embedded in code and rules
  • Performance minded design for IO heavy endpoints

Code Construction Rules

Security and Production Rules

Testing Checklist

  • Migration tests to ensure schema compatibility across envs
  • Linter, type checks, and test suite run in CI with coverage reporting
  • End to end tests for critical user flows in a staging environment

Common Mistakes to Avoid

FAQ

What is included in this Cursor Rules Template for Express + Drizzle + Postgres?

A tailored set of guidelines and a copyable .cursorrules block for an Express server written in TypeScript that uses Drizzle ORM for PostgreSQL. It enforces architectural boundaries, security practices, testing workflows, and production readiness to keep AI assisted coding aligned with your stack.

How do I apply the .cursorrules block in my project root?

Place the provided .cursorrules block at the repository root of your Express plus TypeScript and Drizzle project. The rules guide Cursor AI on scope architecture security and test patterns ensuring consistent AI assistance across routes services and database interactions.

Can I adapt this template to other ORMs?

Yes but you should reframe the ORM specific sections to match the target ORM API and typing. The core structure architecture security testing and production guidelines remain valid. Update the database patterns and migrations to reflect the new ORM conventions.

What tests should I add first?

Begin with unit tests for controllers and services and then add integration tests for routes using a test database. Include migrations in CI, verify type safety across tests, and cover authentication flows with realistic fixtures.

How do I run the Cursor AI checks locally?

Install dependencies, run TypeScript compile and linter, then execute the test suite and a local server. Use a subset of endpoints to validate Cursor AI guidance on architecture security and ORM usage and review the generated rules for completeness.