Cursor Rules Template: NestJS + Prisma + TypeScript + PostgreSQL

Overview

Direct answer: This Cursor Rules Template provides a copyable .cursorrules configuration for a NestJS + Prisma + TypeScript + PostgreSQL stack to guide Cursor AI in generating and reviewing production-ready code with strong typing and safe ORM usage.

The template covers the full stack: NestJS as the application framework, Prisma as the ORM, PostgreSQL as the database, and TypeScript for type-safe code. It establishes a repeatable pattern for architecture, authentication, testing, and deployment that Cursor AI can follow in code generation and review tasks.

When to Use These Cursor Rules

• Starting a new NestJS service with Prisma and PostgreSQL.
• Enforcing strict TypeScript typing and DTO validation across controllers and services.
• Setting up Prisma-based data access and migrations with safe patterns.
• Implementing JWT-based authentication and RBAC for API endpoints.
• Guiding Cursor AI to generate production-grade scaffolding, tests, and CI configurations.

Copyable .cursorrules Configuration

.cursorrules
version: 1
framework: nestjs
stack: prisma, typescript, postgresql
frameworkRoleAndContext:
  - role: Backend Engineer
    context: NestJS API with Prisma ORM and PostgreSQL
codeStyleAndStyleGuides:
  language: TypeScript
  guidelines:
    - Enable strict typing in tsconfig.json
    - Use ESLint with @typescript-eslint
    - Format with Prettier
architectureAndDirectoryRules:
  directories:
    - src/controllers
    - src/modules
    - src/services
    - src/dto
    - src/guards
    - src/interceptors
    - prisma
    - src/pipes
    - src/entities
  prisma: prisma/schema.prisma
authenticationAndSecurityRules:
  - JWT-based authentication using Passport
  - RBAC via guards
  - Protect endpoints with roles and guards
databaseAndOrmPatterns:
  - Prisma ORM usage with generated client
  - Explicit input validation with DTOs
testingAndLintingWorkflows:
  - Jest unit tests with ts-jest
  - API integration tests with SuperTest
  - CI: lint, test, build
prohibitedActionsAndAntipatterns:
  - Do not bypass Prisma migrations
  - Do not use raw SQL without parameters
  - Do not log secrets or push them to VCS

Recommended Project Structure

NestJS Prisma PostgreSQL (src)
├─ src/
│  ├─ app.module.ts
│  ├─ main.ts
│  ├─ modules/
│  │  ├─ auth/
│  │  │  ├─ auth.controller.ts
│  │  │  ├─ auth.service.ts
│  │  │  └─ jwt.strategy.ts
│  │  ├─ user/
│  │  │  ├─ user.controller.ts
│  │  │  ├─ user.service.ts
│  │  │  └─ dto/
│  │  └─ prisma/
│  │     └─ prisma.service.ts
│  ├─ dto/
│  ├─ guards/
│  ├─ interceptors/
│  └─ pipes/
├─ prisma/
│  └─ schema.prisma
├─ test/
│  ├─ unit/
│  └─ e2e/
└─ .env

Core Engineering Principles

• Type-safe API design using DTOs and Prisma generated types
• Single source of truth for data access via Prisma ORM patterns
• Security by design: JWT authentication, RBAC, and guarded routes
• Test-driven development with unit, integration, and end-to-end tests
• Declarative configuration and strict linting in CI/CD pipelines
• Observability and robust error handling with structured logs

Code Construction Rules

• Use DTOs with class-validator and class-transformer for request validation
• Leverage Prisma-generated types for strong compile-time safety in repositories and services
• Organize modules by domain with clear separation of concerns
• Do not bypass Prisma migrations; always apply schema.prisma changes through migrations
• Do not interpolate user input into raw SQL; prefer Prisma query API or parameterized queries
• Prefer dependency injection and guards over inline authorization checks

Security and Production Rules

• Use JWT authentication with short-lived access tokens and refresh tokens rotated via httpOnly cookies
• Guard routes with role-based access control using NestJS guards
• Enable TLS, secure cookies, HTTP security headers, and rate limiting
• Store secrets in environment variables; never commit them to VCS
• Audit database access patterns and limit privileged operations

Testing Checklist

• Unit tests for services and guards with mocked Prisma client
• Integration tests for critical API endpoints using SuperTest
• End-to-end tests simulating realistic user flows
• Linting and type-checking in CI; require 100% type safety where feasible
• Migration smoke tests and database seeding checks in CI

Common Mistakes to Avoid

• Ignoring DTO validation and relying on any types in controllers
• Using raw SQL without parameterization or migration drift
• Overexposing database internals or secrets through API responses
• Unsecured JWT tokens or long-lived refresh tokens without rotation

FAQ

What is a Cursor rules template for NestJS Prisma PostgreSQL?

A Cursor rules template provides a copyable .cursorrules configuration that guides Cursor AI in generating and reviewing NestJS + Prisma + PostgreSQL code with strict typing, safe ORM usage, and production-ready patterns.

Which stack does this template target?

Target stack: NestJS with Prisma ORM, TypeScript, and PostgreSQL. The rules enforce DTO validation, Prisma-based data access, and JWT-based authentication patterns.

How do I use this template in a project?

Copy the .cursorrules block into your project root, adjust environment-specific settings, and run the Cursor AI editor to generate scaffolded code and reviews aligned to this configuration.

How does this template handle security and testing?

It prescribes JWT auth, role-based access, unit tests with Jest, and integration tests for API endpoints, along with linting and CI checks to ensure code quality in production.

Can I customize Prisma schema in this template?

Yes. The template supports adding models, relations, and custom types in prisma/schema.prisma; ensure migrations are applied and the Prisma client is regenerated, then adapt DTOs and services accordingly.

How do I integrate with CI/CD?

Use a pipeline that runs lint, type-check, migrations checks, and tests on push or pull request; ensure environment variables are loaded securely and secrets are masked in logs.