Cursor Rules Template: Home Care Caregiver Risk Cursor Rules for Cursor AI

Overview

The Cursor rules configuration shown here is designed for building caregiver risk monitoring tools for home care providers using a Node.js/TypeScript backend with PostgreSQL. It defines how Cursor AI reasons about patient risk, caregiver activity, device telemetry, and incident data. Direct answer: paste the included .cursorrules block into your project root to enforce architecture, security, and testing constraints for this stack.

When to Use These Cursor Rules

Starting a new home care project that tracks patient risk, caregiver visits, and incidents.
Integrating patient telemetry and caregiver activity streams into a unified risk dashboard.
Enforcing security, privacy, and audit requirements in healthcare tooling.
Establishing a consistent project structure and CI/CD for Cursor AI in a Node.js/TS + PostgreSQL stack.

Copyable .cursorrules Configuration

// Cursor Rules Template for Home Care Caregiver Risk Monitoring
# Framework Role & Context
Role: Backend Node.js + TypeScript service with PostgreSQL for home care providers
Context: Build caregiver risk monitoring, patient safety scoring, and caregiver activity auditing. Supports device telemetry and incident logging.

# Code Style and Style Guides
CodeStyle: TypeScript strict, ESLint, Prettier, TSdoc, explicit any avoided, named exports
Formatting: 4-space indents

# Architecture & Directory Rules
Directories: src/controllers, src/services, src/models, src/routes, src/middleware, src/utils, tests, migrations, scripts
Dependencies: separate domains; avoid circular dependencies; clear module boundaries

# Authentication & Security Rules
Auth: JWT-based sessions; OAuth2 for providers; RBAC for patient data; secrets in environment; no plaintext passwords
Security: TLS, encryption in transit, encryption at rest, audit logs, tamper-evident logs

# Database and ORM patterns
DB: PostgreSQL; parameterized queries; migrations via migrations folder; avoid ORM blind defaults; store PII with hashing where applicable

# Testing & Linting Workflows
Tests: jest for unit, cypress for end-to-end; lint on commit; CI with coverage

# Prohibited Actions and Anti-patterns
- Do not log PII unmasked
- Do not bypass auth checks
- Do not concatenate SQL
- Do not embed secrets in code
- Do not ignore audit trails

Recommended Project Structure

home-care-monitoring/
├── src/
│   ├── controllers/
│   ├── services/
│   ├── models/
│   ├── routes/
│   ├── middleware/
│   ├── utils/
│   └── index.ts
├── migrations/
│   └── 001-create-patients.sql
├── tests/
│   ├── unit/
│   └── integration/
└── .env.example

Core Engineering Principles

Security by default and least privilege with RBAC
Auditable actions and immutable logs
Data minimization and privacy by design
Defensive programming with strict input validation
Observability: structured logging, metrics, tracing
Cursor AI rules define safe AI-assisted development

Code Construction Rules

Use TypeScript types and DTOs for all data boundaries
Define clear interfaces for requests and responses
Validate and sanitize all input server-side
Use parameterized queries and avoid string concatenation for SQL
Keep business logic in services; controllers should be thin
Maintain a single source of truth for patient and caregiver identifiers

Security and Production Rules

Encrypt data in transit with TLS and encrypt at rest where feasible
Enforce RBAC and access controls by patient, caregiver, and provider roles
Store secrets in a vault; rotate keys; use environment-based configs
Audit all data access and changes; implement tamper-evident logs
Implement input validation, rate limiting, and CSRF protection for web endpoints

Testing Checklist

Unit tests for services and utilities with deterministic fixtures
Integration tests for endpoints and DB interactions using test containers
End-to-end tests for caregiver risk workflows
CI checks: lint, type-check, test coverage thresholds (e.g., 80%+)
Security scans and dependency checks in CI

Common Mistakes to Avoid

Skipping input validation and output encoding
Storing secrets in code or repository
Over-permissive RBAC or global DB accounts
Ignoring audit logs and failure cases in risk scoring
Assuming external APIs are always available without retries

FAQ

What is the Cursor rules template used for in caregiver risk monitoring?

The Cursor rules template provides a concrete, copyable set of Stack-specific constraints and guidance for building caregiver risk monitoring tools in a home care context. It defines architecture, security, data handling, testing, and risk scoring workflows aligned with Cursor AI to keep development safe and auditable.

Which stack does this template assume?

This template targets a Node.js with TypeScript backend and PostgreSQL database, running under Cursor AI, with RBAC-based access control and HIPAA-like data privacy practices for caregiver and patient data.

How do I use the included .cursorrules block?

Copy the block into the project root as .cursorrules and adapt identifiers to your project. It configures framework context, code style, architecture, authentication, DB patterns, testing workflows, and anti-patterns to prevent drift from the intended stack.

What should I verify during testing?

Ensure unit tests cover services and utilities, integration tests cover endpoints and DB interactions, and end-to-end tests validate caregiver risk workflows. Verify linting, TS type-checking, and CI security scans pass before deployment.

How do I align with data privacy requirements?

Follow data minimization, encrypt sensitive data, enforce RBAC, log accesses, and review privacy impact assessments. Do not expose PHI to unauthorized clients and ensure audit trails capture access events.

What deployment considerations exist for production?

Use environment-based configuration, secret management, encrypted connections, access control boundaries, and monitored deployments with blue-green or canary strategies to minimize risk.

Target User

Use Cases