Cursor Rules TemplatesTemplate

Cursor Rules Template: NestJS Asset Management Platform

Cursor Rules Template for a NestJS-based asset management platform with laptop tracking, software licenses, approvals and reminders.

.cursorrules templatecursor-rulesnestjsasset managementlaptop trackingsoftware licensesapprovalsremindersCursor AI rulesTypeScriptPostgreSQL

Target User

Backend engineers, platform teams, DevOps, and team leads building employee asset management

Use Cases

  • Guided Cursor AI configuration for asset management stack
  • Automated code scaffolding and policy enforcement
  • Reminders and approvals workflow automation

Markdown Template

Cursor Rules Template: NestJS Asset Management Platform

Framework: NestJS/TypeScript
Context: Build an employee asset management platform with laptop tracking, software licenses, approvals and reminders. Target runtime: Node.js 18+, PostgreSQL. Scope: Backend services with REST API; admin UI via Next.js.

Framework Role & Context:
  - Role: Backend Engineer
  - Context: You are Cursor AI assisting a NestJS based application that manages employee assets

Code Style and Style Guides:
  - Language: TypeScript
  - Rules: ESLint with Airbnb style, Prettier 2.x, strict typing, no implicit any
  - File endings: .ts
  - Commit messages: conventional commits

Architecture & Directory Rules:
  - Monorepo layout: apps/api (NestJS), apps/web (Next.js), libs/ (shared)
  - Use modules; entities grouped by bounded context assets, licenses, approvals, reminders
  - Migrations folder under libs/database/migrations using TypeORM CLI format
  - Do not place domain logic in controllers; use services/Domain

Authentication & Security Rules:
  - Use JWTs issued by Auth0 or a similar provider; store signing keys in environment
  - RBAC: Admin, IT, Approver, User
  - Enforce MFA for admins; enforce token expiry; refresh tokens rotate
  - Do not log plaintext tokens

Database and ORM patterns:
  - PostgreSQL
  - ORM: TypeORM with Entities and Repositories
  - Use migrations for schema changes
  - Use optimistic locking on critical tables

Testing & Linting Workflows:
  - Jest for unit tests; Supertest for API integration tests
  - CI runs lint, type-check, and test suite
  - Use seed scripts to generate deterministic test data

Prohibited Actions and Anti-patterns for the AI:
  - Do not generate production secrets; avoid writing to auth keys in code
  - Do not bypass input validation; do not skip DB migrations
  - Do not generate code that bypasses RBAC or exposes admin endpoints
  - Do not assume ORM specifics beyond TypeORM

Overview

Cursor rules configuration for a NestJS based asset management platform provides concrete guidance for Cursor AI to assist in building an employee asset management system. This template covers laptop tracking, software license management, approvals, and reminder workflows using a NestJS backend with PostgreSQL, TypeORM, and a performant Next.js frontend. It is designed to be copy-pasteable into a project root as a starting point for consistent architecture and safe AI-assisted development.

When to Use These Cursor Rules

  • Starting a NestJS and PostgreSQL based asset management project for employees
  • Enforcing a standardized folder structure, ORM patterns, and repository usage
  • Guiding Cursor AI through authentication, authorization, and secure data handling
  • Establishing a repeatable testing, linting, and CI/CD workflow for asset lifecycles
  • Implementing laptop tracking, license management, approvals, and reminders with auditable changes

Copyable .cursorrules Configuration

Framework: NestJS/TypeScript
Context: Build an employee asset management platform with laptop tracking, software licenses, approvals and reminders. Target runtime: Node.js 18+, PostgreSQL. Scope: Backend services with REST API; admin UI via Next.js.

Framework Role & Context:
  - Role: Backend Engineer
  - Context: You are Cursor AI assisting a NestJS based application that manages employee assets

Code Style and Style Guides:
  - Language: TypeScript
  - Rules: ESLint with Airbnb style, Prettier 2.x, strict typing, no implicit any
  - File endings: .ts
  - Commit messages: conventional commits

Architecture & Directory Rules:
  - Monorepo layout: apps/api (NestJS), apps/web (Next.js), libs/ (shared)
  - Use modules; entities grouped by bounded context assets, licenses, approvals, reminders
  - Migrations folder under libs/database/migrations using TypeORM CLI format
  - Do not place domain logic in controllers; use services/Domain

Authentication & Security Rules:
  - Use JWTs issued by Auth0 or a similar provider; store signing keys in environment
  - RBAC: Admin, IT, Approver, User
  - Enforce MFA for admins; enforce token expiry; refresh tokens rotate
  - Do not log plaintext tokens

Database and ORM patterns:
  - PostgreSQL
  - ORM: TypeORM with Entities and Repositories
  - Use migrations for schema changes
  - Use optimistic locking on critical tables

Testing & Linting Workflows:
  - Jest for unit tests; Supertest for API integration tests
  - CI runs lint, type-check, and test suite
  - Use seed scripts to generate deterministic test data

Prohibited Actions and Anti-patterns for the AI:
  - Do not generate production secrets; avoid writing to auth keys in code
  - Do not bypass input validation; do not skip DB migrations
  - Do not generate code that bypasses RBAC or exposes admin endpoints
  - Do not assume ORM specifics beyond TypeORM

Recommended Project Structure

project-root/
  apps/
    api/
      src/
        modules/
        entities/
        controllers/
        services/
      test/
    web/
      src/
      public/
  libs/
    common/
    database/
      src/
        entities/
        migrations/
        migrations.ts
    assets/
    employees/
  scripts/
  docker/

Core Engineering Principles

  • Security by design with least privilege and auditable changes
  • Clear separation of concerns and explicit module boundaries
  • Data integrity with migrations and strict typing
  • Testability via unit, integration, and contract tests
  • Observability with structured logs and metrics for asset lifecycles
  • Declarative configurations and reproducible deployments

Code Construction Rules

  • Follow NestJS module structure; place domain logic in services, not controllers
  • Use DTOs for input validation; apply class-validator via pipes
  • Use TypeORM repositories; avoid raw SQL in business logic
  • Model assets, licenses, approvals, and reminders as bounded contexts with clear relations
  • Environment-driven configuration; never hardcode secrets
  • Migrations for schema changes; seeders for deterministic tests
  • Write unit tests for services and DTOs; integration tests for API endpoints
  • Do not couple business logic to REST controllers
  • Document public APIs and internal contracts for Cursor AI guidance

Security and Production Rules

  • Enforce RBAC with roles Admin, IT, Approver, User; guard endpoints accordingly
  • Token rotation, short-lived access tokens, and TLS for all services
  • Secret management via vault or cloud secret store; avoid exposing keys in code
  • Input validation and output encoding to prevent injection attacks
  • Rate limiting, IP allowlisting, and audit logging for sensitive operations
  • Data retention and deletion policies; soft delete with audit trails

Testing Checklist

  • Unit tests for DTOs, services, and validators
  • Integration tests for asset creation, license assignment, and approval flows
  • End-to-end tests simulating login, asset lifecycle, and reminders
  • Lint, type-check, and build in CI; verify migrations run in CI environment
  • Blue/green or canary deployment checks for production safety

Common Mistakes to Avoid

  • Overcomplicating domain logic in controllers or UI code
  • Skipping migrations or relying on ad hoc schema updates
  • Weak input validation or RBAC gaps exposing admin endpoints
  • Hardcoding secrets or tokens in code or config
  • Ignoring observability and test coverage for asset lifecycle features

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

FAQ

What is a Cursor rules template for a NestJS asset management stack?

A Cursor rules template provides a copyable .cursorrules configuration and concrete guidelines to guide Cursor AI in building a NestJS based asset management platform with laptop tracking, license management, approvals and reminders.

Which stack does this template cover?

This template targets a NestJS backend in TypeScript with PostgreSQL, TypeORM, and a Next.js frontend, focused on employee assets, laptop tracking, licenses, approvals, and reminder workflows.

How do I apply the .cursorrules block in my project?

Copy the entire .cursorrules block into a file at the project root named .cursorrules. Cursor AI will read the directives and enforce architecture, security, and testing rules during code generation.

What are the security considerations?

Enforce RBAC, rotate tokens, store secrets in a vault, validate inputs, enforce TLS, and avoid exposing admin endpoints. Cursor rules emphasize secure by default design.