Cursor Rules Template: Feature Flag Platform with Cursor Rules
A copyable Cursor rules template for building a feature flag platform with environments, targeting rules, rollout analytics, and audit logs using Node.js, NestJS, PostgreSQL, and Redis.
Target User
Developers building a feature flag management platform
Use Cases
- Define per-environment flags (dev/stage/prod)
- Implement targeting rules for user segments
- Capture rollout analytics
- Record audit logs for changes and access
Markdown Template
Cursor Rules Template: Feature Flag Platform with Cursor Rules
/* Cursor Rules for Feature Flag Platform (NestJS + PostgreSQL) */
Framework Role & Context
framework: 'Node.js + TypeScript (NestJS) for a feature flag service with environments, targeting, analytics, and audit logs.'
context: 'Stack uses NestJS API, PostgreSQL persistence, Redis caching, Dockerized deployment, and Kubernetes for environment orchestration.'
Code Style and Style Guides
language: 'TypeScript'
rules: ESLint + Prettier; adhere to Airbnb style; strict=true; no implicit any; prefer interfaces for DTOs
Architecture & Directory Rules
architecture: 'Monorepo: apps/flag-service; packages/core; packages/flags; packages/environments; packages/rollouts; packages/audit; infra/db; infra/cache'
directories: 'src/modules/flags, src/modules/environments, src/modules/rollouts, src/modules/audit, src/modules/auth, src/database, src/config'
Authentication & Security Rules
authSecurity: 'JWT with RS256; OAuth2 for external; Vault for secrets; TLS everywhere'
Database and ORM patterns
database: 'PostgreSQL; ORM TypeORM; migrations enabled; stable indexing; separate read-replica for analytics'
Testing & Linting Workflows
testing: 'Jest unit tests; NestJS testing utilities; Cypress for integration/e2e; GitHub Actions CI; lint-staged on commit'
Prohibited Actions and Anti-patterns for the AI
prohibited: 'Do not bypass authentication; do not modify production data outside migrations; do not hardcode secrets; do not rely on in-memory caches for rollout state; avoid unindexed queries on flags'Overview
Direct answer: This Cursor Rules Template provides a production-ready configuration for a feature flag platform that supports environments, targeting rules, rollout analytics, and audit logs using a Node.js/TypeScript stack with NestJS, PostgreSQL, and Redis. It is designed to be copied into your project root as a .cursorrules file and executed by Cursor AI to guide implementation.
The Cursor rules configuration outlined here targets a full-stack setup with an API layer, database layer, and deployment pipeline, ensuring traceability, security, and correctness while enabling safe AI-assisted development.
When to Use These Cursor Rules
- Kick off a feature flag platform project with a clear environment model (dev, staging, prod).
- Define per-environment rollout rules with precise targeting (segments, cohorts, and rulesets).
- Automate rollout analytics collection and audit logging for compliance.
- Enforce architecture, security, and testing standards through Cursor AI guidance.
- Ensure coding standards and deployment workflows remain consistent across teams.
Copyable .cursorrules Configuration
/* Cursor Rules for Feature Flag Platform (NestJS + PostgreSQL) */
Framework Role & Context
framework: 'Node.js + TypeScript (NestJS) for a feature flag service with environments, targeting, analytics, and audit logs.'
context: 'Stack uses NestJS API, PostgreSQL persistence, Redis caching, Dockerized deployment, and Kubernetes for environment orchestration.'
Code Style and Style Guides
language: 'TypeScript'
rules: ESLint + Prettier; adhere to Airbnb style; strict=true; no implicit any; prefer interfaces for DTOs
Architecture & Directory Rules
architecture: 'Monorepo: apps/flag-service; packages/core; packages/flags; packages/environments; packages/rollouts; packages/audit; infra/db; infra/cache'
directories: 'src/modules/flags, src/modules/environments, src/modules/rollouts, src/modules/audit, src/modules/auth, src/database, src/config'
Authentication & Security Rules
authSecurity: 'JWT with RS256; OAuth2 for external; Vault for secrets; TLS everywhere'
Database and ORM patterns
database: 'PostgreSQL; ORM TypeORM; migrations enabled; stable indexing; separate read-replica for analytics'
Testing & Linting Workflows
testing: 'Jest unit tests; NestJS testing utilities; Cypress for integration/e2e; GitHub Actions CI; lint-staged on commit'
Prohibited Actions and Anti-patterns for the AI
prohibited: 'Do not bypass authentication; do not modify production data outside migrations; do not hardcode secrets; do not rely on in-memory caches for rollout state; avoid unindexed queries on flags'
Recommended Project Structure
workspace-root/
├── apps/
│ └── flag-manager/ # NestJS API for feature flags per environment
├── packages/
│ ├── core/ # shared types and utilities
│ ├── flags/ # feature flag domain models
│ ├── environments/ # environment definitions and scopes
│ ├── rollouts/ # rollout rules and analytics
│ ├── audit/ # audit trails and access logs
│ └── infra/ # database and cache adapters
└── infra/ # deployment and infra configs
Core Engineering Principles
- Security-first by default: least privilege, strict auth, encrypted data at rest and in transit.
- Defensive design: validate inputs, fail closed, and emit meaningful audit events.
- Observability: structured logs, metrics, and traces across services.
- Type safety and clear contracts: strict DTOs and API schemas across boundaries.
- Deterministic deployments: immutable infrastructure and repeatable builds.
Code Construction Rules
- Use NestJS modules for each bounded context: Flags, Environments, Rollouts, Audit, and Auth.
- Define DTOs with class-validator; never trust client input; enforce server-side validation.
- Persist flags, environments, and rollouts via PostgreSQL with properly indexed columns.
- Implement targeting rules with clear predicates and fallback defaults.
- Separate responsibilities: services for business logic, controllers for routing, repositories for data access.
Security and Production Rules
- Enable TLS termination at the edge; enforce secure defaults in every service.
- Store secrets in a vault; rotate keys on a defined schedule; monitor access patterns.
- Audit all create/update/delete operations on flags and rollout events.
- Enforce per-environment isolation; deploy with feature flags to control exposure.
Testing Checklist
- Unit tests for DTOs, services, and guards; mock external services.
- Integration tests for database interactions with a test database; use migrations.
- E2E tests for common flows: create flag, define envs, set rollout, validate audit logs.
- CI pipeline runs linting, tests, and type checks; deploy to staging before prod.
Common Mistakes to Avoid
- Relying on in-memory state for rollout data; use persistent storage and cache invalidation rules.
- Skipping validation and authorization in APIs for performance; this leads to security gaps.
- Not indexing queries on flags and rollouts; causes slow rollouts and analytics.
- Ignoring audit logging requirements; avoid hiding sensitive events.
Related Cursor rules templates
Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.
- Cursor Rules Template: NestJS + Next.js + PostgreSQL for B2B Wholesale Portal
- Cursor Rules Template: Express ATS with Cursor AI
- Cursor Rules Template: LMS with Courses, Lessons, Quizzes, Certificates, Payments, and Admin Dashboard
- Cursor Rules Template: Manufacturing Execution Dashboard (NestJS + PostgreSQL)
FAQ
What is this Cursor Rules Template for?
It provides a copyable .cursorrules configuration and a recommended project structure to build a feature flag platform with environments, targeting rules, rollout analytics, and audit logs using the specified stack.
Which stack does this template cover?
The template targets a Node.js/TypeScript (NestJS) API, PostgreSQL database with TypeORM, Redis for caching, and Docker/Kubernetes for deployment orchestration, designed for scalable feature flag platforms.
How do I apply the .cursorrules block?
Copy the provided code block into your project root as a .cursorrules file and run Cursor AI to enforce architecture, security, and testing rules while implementing the feature flag platform.
Can I adapt the template for multi-cloud or different auth methods?
Yes. The template supports environment isolation and pluggable auth providers; you can swap the JWT/OAuth2 setup and adapt deployment configs for multi-cloud architectures.
What tests should be run before production?
Unit tests for DTOs and services, integration tests for database access, and end-to-end tests of flag creation, environments, and rollouts; verify audit logging and rollout analytics events.