Cursor Rules TemplatesCursor Rules Template

Cursor Rules Template: Incident Reporting Platform with Workflows, Evidence Uploads, Investigations and Regulatory Reports

Cursor Rules Template for a stack-specific incident reporting platform featuring workflows, evidence uploads, investigations, and regulatory reporting with Cursor AI rules.

incident reportingcursor rules templateCursor AI rulesNestJSTypeORMPostgreSQLEvidence uploadsregulatory reportsworkflowsaudit trails

Target User

Backend engineers and full-stack developers building incident reporting platforms

Use Cases

  • Incident reporting workflows
  • Evidence uploads and investigations
  • Regulatory reporting automation
  • Audit trails and RBAC

Markdown Template

Cursor Rules Template: Incident Reporting Platform with Workflows, Evidence Uploads, Investigations and Regulatory Reports

// Cursor Rules Template
Framework: Node.js (NestJS) + PostgreSQL
Context: You are a senior backend engineer shaping a robust incident reporting platform with workflows, evidence uploads, investigations, and regulatory reporting.
CodeStyle: TypeScript 5, ESLint, Prettier, Airbnb
Architecture: Monorepo with apps/api and libs/core; modules: incidents, investigations, evidence, regulatory_reports, workflows
Authentication: JWT RS256 with refresh tokens; RBAC; TLS; AWS S3 presigned URLs for evidence uploads
Database: PostgreSQL; ORM: TypeORM; migrations enabled; strict typing for Incident, Investigation, Evidence, and RegulatoryReport entities
Testing: Jest unit tests; SuperTest for API integration; ESLint + Prettier in CI
ProhibitedActions: Do not execute shell commands; Do not bypass authorization checks; Do not mutate audit trails outside transactions

Overview

Direct answer: This Cursor rules template provides a NestJS + TypeORM + PostgreSQL backend skeleton for an incident reporting platform with workflows, evidence uploads, investigations and regulatory reports. It enables modular incident handling, audit trails, RBAC, and safe AI-assisted development using Cursor AI rules.

Stack coverage: Node.js (NestJS) backend, PostgreSQL database, AWS S3 for evidence uploads, and a testing pipeline with Jest and ESLint/Prettier.

When to Use These Cursor Rules

  • When you need a repeatable, auditable incident reporting workflow with investigations and regulatory reporting.
  • When evidence artifacts must be uploaded securely and linked to incidents.
  • When you want a scaffold that enforces RBAC, data validation, and safe AI usage via Cursor rules.

Copyable .cursorrules Configuration

// Cursor Rules Template
Framework: Node.js (NestJS) + PostgreSQL
Context: You are a senior backend engineer shaping a robust incident reporting platform with workflows, evidence uploads, investigations, and regulatory reporting.
CodeStyle: TypeScript 5, ESLint, Prettier, Airbnb
Architecture: Monorepo with apps/api and libs/core; modules: incidents, investigations, evidence, regulatory_reports, workflows
Authentication: JWT RS256 with refresh tokens; RBAC; TLS; AWS S3 presigned URLs for evidence uploads
Database: PostgreSQL; ORM: TypeORM; migrations enabled; strict typing for Incident, Investigation, Evidence, and RegulatoryReport entities
Testing: Jest unit tests; SuperTest for API integration; ESLint + Prettier in CI
ProhibitedActions: Do not execute shell commands; Do not bypass authorization checks; Do not mutate audit trails outside transactions

Recommended Project Structure

apps/

  api/
    src/
      main.ts
      app.module.ts
      modules/
        incidents/
          incident.controller.ts
          incident.service.ts
          entities/Incident.ts
        investigations/
          investigation.controller.ts
          investigation.service.ts
          entities/Investigation.ts
        evidence/
          evidence.controller.ts
          evidence.service.ts
          entities/Evidence.ts
        regulatory/
          regulatory.controller.ts
          regulatory.service.ts
          entities/RegulatoryReport.ts
    test/
infra/
  db/
    connection.ts
  storage/
    s3.ts
migrations/

libs/
  core/
    config/
  entities/

Core Engineering Principles

  • Strong typing and explicit interfaces for all domain models (Incident, Investigation, Evidence, RegulatoryReport).
  • Separation of concerns: modules for incidents, evidence, investigations, regulatory reports, and workflows.
  • Secure by default: RBAC, input validation, and signed URLs for uploads.
  • Auditable actions with immutable event logs and transaction-scoped operations.
  • Test-driven scaffolding: unit and integration tests and CI linting.

Code Construction Rules

  • Use NestJS modules for each bounded context; expose REST APIs with DTO validation.
  • Define TypeORM entities for Incident, Investigation, Evidence, and RegulatoryReport with relations and indexes for audit fields.
  • Implement a WorkflowService to coordinate incident life cycles and investigations with state transitions.
  • Store evidence in AWS S3; save presigned URLs in the database; validate file types and sizes server-side.
  • All secrets must come from environment variables; use a config service with per-environment profiles.

Security and Production Rules

  • RBAC controls on all endpoints; deny anonymous access; enforce minimum privileges per action.
  • JWT RS256 with rotation; refresh tokens; short-lived access tokens; revocation strategy.
  • Audit trails for all create/update/delete operations; immutable writes to incident histories.
  • Validate inputs with class-validator; sanitize and escape outputs; guard against injection.
  • Audit and monitor with structured logging; use Sentry or similar for error reporting.

Testing Checklist

  • Unit tests for all domain models and services; mock external dependencies.
  • Integration tests for endpoints with real TypeORM repositories and in-memory PostgreSQL if possible.
  • End-to-end tests for workflows: create incident, upload evidence, assign investigators, generate regulatory report.
  • CI checks: lint, type-check, test, and build; run code formatting checks.

Common Mistakes to Avoid

  • Measuring performance early but skipping proper indexing for incident and evidence tables.
  • Embedding business logic in controllers; keep logic in services and domain models.
  • Not validating file types/sizes for evidence uploads; missing RBAC constraints on investigations.
  • Ignoring audit trails; skipping migrations before deployment; hard-coding secrets.

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

FAQ

What is this Cursor Rules Template for an incident reporting platform?

The template provides a ready-to-paste Cursor Rules block and a stack-specific project structure for a NestJS + TypeORM + PostgreSQL backend handling incident workflows, evidence uploads, investigations, and regulatory reports. It enforces RBAC, input validation, and safe Cursor AI usage.

Which stack does this template target?

The template targets Node.js with NestJS as the framework, TypeORM for PostgreSQL, and AWS S3 for evidence storage, plus Jest for testing and ESLint/Prettier for code quality.

How are evidence uploads handled securely?

Evidence is uploaded to AWS S3 with presigned URLs; the server validates file types and sizes, stores metadata in Postgres, and uses signed URLs to prevent direct exposure of credentials.

How do I run and test this template?

Set up environment variables, run migrations, start the API, and run unit/integration tests via the provided CI config. Use the Cursor rules to guide AI-assisted coding in each module, and validate with end-to-end tests for workflows.

Can I customize field names for investigations and regulatory reports?

Yes. The template uses bounded contexts; you can rename entities and fields as long as relations and migrations are updated, and Cursor rules are adjusted to reflect new names.