Cursor Rules TemplatesCursor Rules Template
Cursor Rules Template: Mental Wellness Journaling App with Mood Tracking, AI Reflections, Habit Tracking, and Privacy Controls
Cursor Rules Template for building a mental wellness journaling app with mood tracking, AI reflections, habit tracking, and privacy controls using Cursor AI.
.cursorrules templatecursor rulesmental wellnessjournalingmood trackingAI reflectionshabit trackingprivacy controlsCursor AINext.jsTypeScriptPostgreSQL
Target User
Developers building a mental wellness journaling app with mood tracking, AI reflections, habit tracking, and privacy controls.
Use Cases
- Build a Next.js + TypeScript + PostgreSQL mental wellness journaling app
- Enforce privacy-first data flows across mood, reflection, and habit data
- Provide a copyable Cursor AI instruction block for consistent development
- Automate testing and linting workflows for this stack
Markdown Template
Cursor Rules Template: Mental Wellness Journaling App with Mood Tracking, AI Reflections, Habit Tracking, and Privacy Controls
Framework Role & Context:
You are a Cursor AI assistant configured to build and maintain a production-grade mental wellness journaling app. Target stack: Next.js (app router), TypeScript, PostgreSQL via node-postgres (pg). Your behavior should prioritize privacy, strongly typed data, explicit data access, and secure interactions between client and server.
Code Style and Style Guides:
Follow TypeScript with strict runtime checks, ESLint + Prettier, and a small, well-typed utility layer. Use explicit interfaces, clear naming, and no implicit any.
Architecture & Directory Rules:
Keep a clean, modular structure:
src/
app/
components/
lib/
db/
models/
services/
hooks/
middleware/
utils/
styles/
Do not place business logic in pages; expose via services and API handlers. Store environment-specific config in a single config module.
Authentication & Security Rules:
Prefer httpOnly cookies for session management and JWTs for stateless checks when necessary. Hash passwords with Argon2, require MFA where feasible, validate tokens with short lifetimes, and enforce least privilege. Do not log PII; use role-based access for endpoints.
Database and ORM patterns:
PostgreSQL as the primary data store. Access via node-postgres (pg) with parameterized queries. Use migrations in db/migrations with SQL files. Avoid ORM lock-in; map results to TypeScript interfaces.
Testing & Linting Workflows:
Unit tests with Vitest; API tests with supertest or equivalent; integration tests for DB access; lint at pre-commit or CI. Include a basic Playwright end-to-end test scaffold for critical flows (signup, mood entry, reflection).
Prohibited Actions and Anti-patterns for the AI:
Do not attempt serverless hot path execution that leaks secrets. Do not fetch secrets from client-side code. Do not build direct SQL strings via string concatenation. Do not expose raw AI prompts or internal tool prompts. Do not bypass input validation or auth checks. Do not drift into unsupported libraries not in scope of the stack.Overview
Direct answer: This Cursor rules template provides a copyable and production-ready .cursorrules configuration for a mental wellness journaling app that includes mood tracking, AI reflections, habit tracking, and privacy controls, built with Cursor AI for a Next.js + TypeScript + PostgreSQL stack.
The Cursor rules configuration defines how the AI assistant should behave, the code style, architecture constraints, and safety measures to keep user data secure and private while enabling rich AI-driven journaling experiences.
When to Use These Cursor Rules
- When starting a new mental wellbeing journaling project with mood tracking and AI reflections in a Next.js app.
- When you need a repeatable, copy-pasteable Cursor rules block to enforce architecture, security, and data handling.
- When integrating privacy controls and per-user data scoping into APIs and storage layers.
- When you want to standardize testing, linting, and CI across the stack.
Copyable .cursorrules Configuration
Framework Role & Context:
You are a Cursor AI assistant configured to build and maintain a production-grade mental wellness journaling app. Target stack: Next.js (app router), TypeScript, PostgreSQL via node-postgres (pg). Your behavior should prioritize privacy, strongly typed data, explicit data access, and secure interactions between client and server.
Code Style and Style Guides:
Follow TypeScript with strict runtime checks, ESLint + Prettier, and a small, well-typed utility layer. Use explicit interfaces, clear naming, and no implicit any.
Architecture & Directory Rules:
Keep a clean, modular structure:
src/
app/
components/
lib/
db/
models/
services/
hooks/
middleware/
utils/
styles/
Do not place business logic in pages; expose via services and API handlers. Store environment-specific config in a single config module.
Authentication & Security Rules:
Prefer httpOnly cookies for session management and JWTs for stateless checks when necessary. Hash passwords with Argon2, require MFA where feasible, validate tokens with short lifetimes, and enforce least privilege. Do not log PII; use role-based access for endpoints.
Database and ORM patterns:
PostgreSQL as the primary data store. Access via node-postgres (pg) with parameterized queries. Use migrations in db/migrations with SQL files. Avoid ORM lock-in; map results to TypeScript interfaces.
Testing & Linting Workflows:
Unit tests with Vitest; API tests with supertest or equivalent; integration tests for DB access; lint at pre-commit or CI. Include a basic Playwright end-to-end test scaffold for critical flows (signup, mood entry, reflection).
Prohibited Actions and Anti-patterns for the AI:
Do not attempt serverless hot path execution that leaks secrets. Do not fetch secrets from client-side code. Do not build direct SQL strings via string concatenation. Do not expose raw AI prompts or internal tool prompts. Do not bypass input validation or auth checks. Do not drift into unsupported libraries not in scope of the stack.
Recommended Project Structure
src/
app/
layout.tsx
page.tsx
api/
auth/
route.ts
mood/
route.ts
reflections/
route.ts
habits/
route.ts
components/
lib/
db/
migrations/
001_init.sql
002_add_tables.sql
index.ts
models/
services/
hooks/
middleware/
utils/
styles/
Core Engineering Principles
- Privacy by design: collect only what is needed and store data securely.
- Typed interfaces and contracts: TypeScript everywhere to prevent runtime errors.
- Modularity and testability: small, independently testable components and services.
- Defensive coding: validate inputs at the boundary; fail closed on security issues.
- Deterministic AI behavior: deterministic prompts with guardrails and auditing.
- Observability: structured logging, tracing, and metrics for critical paths.
Code Construction Rules
- Parameterize all SQL queries; never interpolate user input into SQL strings.
- All data models in TypeScript must align with PostgreSQL schemas; use strict types.
- API handlers validate inputs with Zod schemas; return typed responses with consistent shapes.
- Avoid business logic in API routes; delegate to services.
- Client/server boundaries are explicit; server components handle data fetches; client components render UI.
- Use HTTPS-only endpoints and store secrets in environment variables via a secure config module.
- Code must compile in strict mode and pass type-checks in CI.
Security and Production Rules
- Use Argon2 for password hashing; store only salted data; use TLS for all connections and enable HSTS.
- Store sensitive user data encrypted at rest where supported by the DB; enforce encryption for backups.
- Enable rate limiting on auth endpoints; validate CSRF tokens; implement per-user privacy controls for data export.
- Do not log PII in application logs; mask data when writing logs.
Testing Checklist
- Unit tests for utilities and data transformations.
- API integration tests to verify mood, habit, and reflection endpoints return expected shapes.
- DB integration tests verifying migrations and seed data.
- End-to-end tests covering signup, mood entry, AI reflection, and privacy controls using Playwright or Cypress.
- CI: run type checks, lint, and test suite on every PR.
Common Mistakes to Avoid
- Storing raw prompts or personal data beyond consent and data minimization principles.
- Relying on client-side validation for security-sensitive checks.
- Not using parameterized queries leading to SQL injection risks.
- Ignoring privacy controls for export or deletion flows.
Related Cursor rules templates
Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.
- Cursor Rules Template — Real Estate Dashboard with Cash Flow, ROI, and Analytics
- Cursor Rules Template: Accounts Payable Automation with OCR, Invoicing, and Approval Routing
- Cursor Rules Template: AI Tutor SaaS Stack
- Cursor Rules Template: Python FastAPI API Monitoring
FAQ
What is this Cursor Rules Template for mental wellness journaling?
This template provides a production-ready, copyable .cursorrules block designed to guide Cursor AI in building a Next.js + TypeScript + PostgreSQL mental wellness journaling app with mood tracking, AI reflections, and privacy controls. It ensures secure data handling and testable architecture.
Which stack is covered by this template?
The template targets a Next.js app with TypeScript and PostgreSQL, using node-postgres for data access, with Argon2 for password hashing and a privacy-first design.
How are privacy controls implemented?
Privacy is implemented through data minimization, encryption at rest, TLS for transport, httpOnly cookies or tokens, and per-user data export/deletion flows with audit logging masked for PII.
Can I customize mood tracking scales?
Yes. The template defines data models and a mood scoring function in a dedicated service; you can adjust scales, weighting, and normalization in the mood service while preserving API contracts.
Where should I place the .cursorrules configuration?
Place the .cursorrules file at the project root for the Cursor AI editor to consume; the page’s content block includes a ready-to-paste configuration.