Cursor Rules Template: SOC 2 Cybersecurity Compliance Dashboard (FastAPI + PostgreSQL)

Overview

This Cursor Rules Template provides a copyable .cursorrules configuration for building a SOC 2 cybersecurity compliance dashboard with evidence collection and readiness scoring on a FastAPI + PostgreSQL stack. It targets a Python FastAPI backend with PostgreSQL (SQLAlchemy) and a React frontend. Cursor AI guides model behavior to enforce SOC 2 controls, collect audit-ready evidence, and compute readiness scores with traceable prompts and audit trails.

When to Use These Cursor Rules

• When mapping SOC 2 controls to a live data model layer and evidence workflows.
• During design and implementation of evidence ingestion, attestation, and readiness scoring features.
• To enforce secure coding practices and auditable data flows in a compliant dashboard.
• When you need deterministic scoring that is configurable and trackable in CI/CD.

Copyable .cursorrules Configuration

.cursorrules
Framework Role & Context
You are Cursor AI configured to support a Python FastAPI + PostgreSQL SOC 2 dashboard with evidence ingestion and readiness scoring. Your role is to help structure data models validation workflow and ensure auditability while staying aligned with SOC 2 criteria and Cursor AI guidelines.

Code Style and Style Guides
Language Python 3.11+
Formatting Black
Imports isort
Validation Pydantic
Type hints and docstrings
Tests via pytest
Lint via flake8

Architecture & Directory Rules
Project layout at root
server/app
server/db
frontend
server/app/api
server/app/core
server/app/models
server/app/schemas
server/app/security

Authentication & Security Rules
Authentication via OAuth2 JWT tokens (RS256)
Store secrets in environment variables or vault
Use TLS 1.2+
Do not log secrets in logs
Password hashing with bcrypt or argon2

Database and ORM patterns
PostgreSQL
SQLAlchemy 2.x
Alembic for migrations
Async DB session where appropriate
No raw queries in business logic

Testing & Linting Workflows
pytest unit and integration tests
Fixture factories
Pre-commit hooks
CI to run tests and lint

Prohibited Actions and Anti-patterns for the AI
Do not fetch remote resources at runtime
Do not generate fake SOC 2 evidence
Do not bypass authentication
Do not log sensitive data
Do not mutate production data
Do not rely on unsafe dynamic code generation

Recommended Project Structure

server/
  app/
    main.py
    api/
    core/
    models/
    schemas/
    security/
  db/
frontend/
  src/
    components/
    pages/
  public/
  assets/

Core Engineering Principles

• Security by default with defense-in-depth for SOC 2 data.
• Evidence-based design enabling traceability and auditability.
• Least privilege and strong authentication for all services.
• Explicit data lineage from SOC 2 controls to database models.
• Deterministic readiness scoring with auditable weighting.
• Automated validation and reproducible builds via CI/CD.

Code Construction Rules

• Map each SOC 2 control to a concrete data model and API endpoint.
• Store evidences in encrypted storage; never persist sensitive PII in logs.
• Use SQLAlchemy models for domain objects; isolate persistence from business logic.
• Keep readiness scoring deterministic and configuration-driven (no hard-coded weights).
• Validate all inputs with Pydantic schemas; add schema tests.
• Follow Python style guidelines (Black, isort) and maintain clean test coverage.
• Do not use unsafe eval, dynamic code generation in production, or insecure deserialization.

Security and Production Rules

• Encrypt at rest and in transit; use KMS for key management.
• Rotate credentials; enforce short-lived tokens; implement revocation checks.
• Audit logging: record user actions on controls, evidence uploads, and scoring changes.
• Deploy with IaC; maintain immutable infrastructure principles.
• Regular dependency scanning and vulnerability management in CI/CD.

Testing Checklist

• Unit tests for SOC 2 control models and scoring algorithm.
• Integration tests for evidence ingestion workflows and auth flows.
• End-to-end tests simulating evidence submission and readiness scoring.
• CI checks for lint, type checks, and test coverage above threshold.

Common Mistakes to Avoid

• Missing traceable evidence attachments for controls.
• Hard-coding SOC 2 control mappings instead of data-driven config.
• Weak or mismanaged authentication tokens and secrets.
• Ignoring data retention and encryption requirements.
• Overly brittle readiness scoring that ignores auditability.

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

• Cursor Rules Template: Construction Project Management Stack
• Cursor Rules Template for FastAPI + PostgreSQL AI Interview Platform
• Cursor Rules Template: Django Subscription Box Platform
• Cursor Rules Template: Sustainability Supplier Assessment Platform with Questionnaires, Scoring, and Compliance Dashboards

FAQ

What is a Cursor Rules Template for SOC 2 dashboards?

A Cursor Rules Template for SOC 2 dashboards provides a copyable .cursorrules configuration that aligns a Python FastAPI + PostgreSQL stack with SOC 2 control mapping, evidence collection, and readiness scoring. It defines architecture, security, testing, and anti-patterns to keep development aligned with secure, auditable practices.

Which stack does this template target?

This template targets a FastAPI backend with PostgreSQL using SQLAlchemy for ORM, a React frontend, and Cursor AI to enforce policy, structure data flows, and enforce SOC 2 readiness scoring across services.

How do I use the .cursorrules block?

Copy the entire code block into a new file named .cursorrules at the root of your project. Cursor AI will read the sections and tailor prompts to your codebase, ensuring SOC 2 controls and evidence workflows are implemented consistently.

Can I customize weighting for readiness scoring?

Yes. The template defines configuration-driven weights and rules. Adjust the weights in the scoring configuration to reflect your control maturity, but keep it auditable and versioned along with your code and evidence data.

What are common SOC 2 evidence patterns in this template?

The template includes evidence ingestion endpoints, evidence metadata schemas, and attachments with hash verification to ensure traceability and non-repudiation for SOC 2 controls.

How does Cursor AI help with security and deployment?

Cursor AI provides structured prompts that enforce secure coding practices, limit unsafe operations, and guide the CI/CD pipeline to validate SOC 2 artifacts, enforce access control, and ensure production-readiness of the dashboard.