Cursor Rules TemplatesCursor Rules Template

Cursor Rules Template: Monorepo Turborepo PNPM Shared Packages

Cursor Rules Template for a Monorepo with Turborepo, PNPM workspaces, and shared packages. Includes a copyable .cursorrules configuration and stack-specific guidance for Cursor AI.

.cursorrules templatecursor rules templatemonorepoturborepopnpmshared packagescursor ai rulestypescriptnode.jsCursor AI rules

Target User

Developers building a monorepo with Turborepo and PNPM

Use Cases

  • Generate stack-specific scaffolding for a Turborepo PNPM monorepo
  • Enforce consistent TypeScript coding standards across apps and packages
  • Define safe AI-assisted development patterns for shared packages

Markdown Template

Cursor Rules Template: Monorepo Turborepo PNPM Shared Packages

// Cursor Rules Configuration for monorepo-turborepo-pnpm-shared-packages
// Framework Role & Context
Framework: Node.js + TypeScript monorepo with Turborepo and PNPM workspaces
Context: Cursor AI must generate, validate, and guard scaffolds for a multi-package monorepo consisting of apps/ and packages/, with strict TypeScript usage and safe code paths.

// Code Style and Style Guides
Style: TypeScript + ESLint + Prettier (Airbnb-like defaults). Enforce semicolons, 2-space indents, and explicit typing. Use .ts, .tsx, .json, .yaml. Path aliasing via tsconfig and tsconfig.paths.

// Architecture & Directory Rules
Root layout: monorepo/
  apps/
    web/
    api/
  packages/
    shared/
    ui/
    config/
    utils/
  turbo.json
  pnpm-workspace.yaml
  tsconfig.json

// Authentication & Security Rules
Secrets: Use CI vaults; do not commit credentials. Access via process.env or runtime config.
Network: Internal APIs only; no cross-tenant data leaks. Validate CORS where applicable.

// Database and ORM patterns
No ORM in the monorepo-wide layer. Use lightweight data access layers or REST/GraphQL APIs for data interactions; avoid direct DB calls from internal tooling.

// Testing & Linting Workflows
CI: pnpm -w test for workspace-wide tests; run lint before commit; enforce type checks in CI. Use Jest/ts-jest for unit tests where appropriate.

// Prohibited Actions and Anti-patterns
Do not hardcode secrets. Do not bypass linting or type checks. Do not introduce global mutable state across packages. Do not rely on non-deterministic builds in CI.

Overview

This Cursor rules configuration provides a complete, copyable .cursorrules block for a Monorepo Turborepo PNPM Shared Packages stack. It codifies the roles, directory architecture, and safety constraints Cursor AI should follow when scaffolding, validating, and reviewing code in a Node.js + TypeScript monorepo with apps and shared packages.

Direct answer: Use this Cursor rules template to enforce architecture, coding standards, and security practices across a Turborepo PNPM workspaces setup with apps (web/api) and packages (shared/ui/config/utils).

When to Use These Cursor Rules

  • Starting or maintaining a Turborepo-based monorepo with PNPM workspaces
  • Standardizing TypeScript, ESLint, and Prettier across all packages
  • Defining how apps/ and packages/ directories interact and cache within Turbo
  • Enforcing safe handling of environment variables and secrets in CI/CD
  • Guiding Cursor AI to generate scaffolds for shared packages and apps

Copyable .cursorrules Configuration

// Cursor Rules Configuration for monorepo-turborepo-pnpm-shared-packages
// Framework Role & Context
Framework: Node.js + TypeScript monorepo with Turborepo and PNPM workspaces
Context: Cursor AI must generate, validate, and guard scaffolds for a multi-package monorepo consisting of apps/ and packages/, with strict TypeScript usage and safe code paths.

// Code Style and Style Guides
Style: TypeScript + ESLint + Prettier (Airbnb-like defaults). Enforce semicolons, 2-space indents, and explicit typing. Use .ts, .tsx, .json, .yaml. Path aliasing via tsconfig and tsconfig.paths.

// Architecture & Directory Rules
Root layout: monorepo/
  apps/
    web/
    api/
  packages/
    shared/
    ui/
    config/
    utils/
  turbo.json
  pnpm-workspace.yaml
  tsconfig.json

// Authentication & Security Rules
Secrets: Use CI vaults; do not commit credentials. Access via process.env or runtime config.
Network: Internal APIs only; no cross-tenant data leaks. Validate CORS where applicable.

// Database and ORM patterns
No ORM in the monorepo-wide layer. Use lightweight data access layers or REST/GraphQL APIs for data interactions; avoid direct DB calls from internal tooling.

// Testing & Linting Workflows
CI: pnpm -w test for workspace-wide tests; run lint before commit; enforce type checks in CI. Use Jest/ts-jest for unit tests where appropriate.

// Prohibited Actions and Anti-patterns
Do not hardcode secrets. Do not bypass linting or type checks. Do not introduce global mutable state across packages. Do not rely on non-deterministic builds in CI.

Recommended Project Structure

monorepo-turborepo-pnpm-shared-packages/
├── apps/
│   ├── web/
│   │   ├── src/
│   │   │   ├── pages/
│   │   │   └── index.tsx
│   │   └── package.json
│   └── api/
│       ├── src/
│       │   └── index.ts
│       └── package.json
├── packages/
│   ├── shared/
│   │   ├── src/
│   │   │   └── index.ts
│   │   └── package.json
│   ├── ui/
│   │   └── package.json
│   ├── config/
│   │   └── package.json
│   └── utils/
│       └── package.json
├── turbo.json
├── pnpm-workspace.yaml
├── tsconfig.json
└── .eslintrc.cjs

Core Engineering Principles

  • Clear boundaries between apps/ and packages/ with explicit public API surfaces.
  • Strict typing and automated linting across all workspaces.
  • Deterministic builds with Turborepo caching and PNPM hoisting where possible.
  • Environment-first configuration and secrets management; avoid hard-coded values.
  • Safe AI-assisted development: Cursor AI operates within defined rules and project boundaries.

Code Construction Rules

  • Use TypeScript across both apps and packages. Enable noImplicitAny, strictNullChecks, and strictFunctionTypes.
  • All path aliases declared in tsconfig.json must resolve via tsconfig.paths; update tsconfig.json accordingly.
  • Folder structure must reflect monorepo layout: apps/ and packages/ only; avoid nested stray folders.
  • ESLint rules must enforce consistent code style; Prettier should format on save; run lint on CI.
  • Do not import from non-public internal modules; use public API surfaces from packages/.
  • Testing: unit tests per package; integration tests where apps/interfaces touch packages/ APIs.
  • Documentation: add README.md in new packages with usage examples and API notes.

Security and Production Rules

  • Environment secrets must be injected at runtime; avoid embedding credentials in code or config files.
  • All network calls must verify TLS and handle timeouts; use retry/backoff strategies.
  • CI secrets and build artifacts should never leak to logs; redact sensitive information.
  • Containerized deployments should run as non-root where possible; use minimal images and scan for vulnerabilities.
  • Access to internal services should be restricted by network policy and proper RBAC in CI/CD tools.

Testing Checklist

  • Unit tests for each package with deterministic mock data.
  • Integration tests for app/package boundaries; verify workspace interfaces.
  • Type-check and lint pass in CI; run build for all workspaces.
  • End-to-end tests for critical user flows if applicable.
  • Verify that environment-specific configurations load correctly in local development and CI.

Common Mistakes to Avoid

  • Over-connecting packages; keep public APIs minimal and well-documented.
  • Hard-coding environment values or secrets in source code.
  • Skipping linting or type checks to speed up commits.
  • Using non-deterministic build steps that vary across environments.
  • Ignoring Turborepo caching behavior which can lead to slow or flaky builds.

FAQ

What is a Cursor rules template?

A Cursor rules template is a copyable .cursorrules configuration that codifies stack-specific patterns, conventions, and safety constraints so Cursor AI can scaffold, review, and validate code in a monorepo TurboPNPM setup.

Which stack does this template cover?

This template targets a Node.js + TypeScript monorepo using Turborepo with PNPM workspaces and shared packages, focusing on apps (web/api) and packages (shared/ui/config/utils).

How do I apply the .cursorrules file in my project?

Place the copied .cursorrules block at the project root as .cursorrules. Cursor AI will read it to enforce architecture, coding standards, and security constraints for the monorepo. Ensure TS path aliases and workspace references resolve correctly.

How does the template handle secrets and security?

The template prescribes secrets management via environment variables and CI vaults, not embedded credentials. Cursor AI should avoid exposing secrets and rely on runtime config and per-environment files.

Can I extend this template for more packages?

Yes. Extend the .cursorrules by adding new workspace boundaries, typing rules, and test commands for additional apps or packages while maintaining consistent linting and CI patterns.