Cursor Rules TemplatesCursor Rules Template

Cursor Rules Template: Node.js Express Media Asset Management

Cursor Rules Template for a Node.js Express based media asset management system with uploads, tags, search, approvals and rights management.

cursor-rules-templatecursor-rulesnodejsexpressmedia-asset-managementuploadstagssearchapprovalsrights-managementCursor AI rules

Target User

Developers building a Node.js Express based media asset management system

Use Cases

  • Asset uploads with validation and storage
  • Metadata tagging and search indexing
  • Tag-based filtering and full-text search
  • Approval workflows for asset publishing
  • Rights management and access control enforcement

Markdown Template

Cursor Rules Template: Node.js Express Media Asset Management

.cursorrules
Framework: Node.js, Express, PostgreSQL
Context: Build a Media Asset Management MAM with uploads, tags, search, approvals, and rights management
Role & Context: You are a software engineer implementing a production-grade MAM stack. Follow Cursor AI rules to produce clear project structure and safe AI-assisted patterns
Code Style & Style Guides: TypeScript preferred, ESLint + Prettier rules, strict types, and explicit return types
Architecture & Directory Rules:
  - src/controllers, src/models, src/routes, src/services, src/middleware
  - migrations for schema changes, config for env separation
  - tests for unit/integration coverage
Authentication & Security Rules:
  - JWT-based authentication or session-based with httpOnly cookies
  - RBAC with roles: admin, editor, reviewer, viewer
  - never expose private asset URLs without authorization checks
Database & ORM patterns:
  - PostgreSQL with parameterized queries via pg or a minimal query builder
  - assets and tags in separate tables with a join table for many-to-many relations
  - use JSONB for asset metadata where advantageous
Testing & Linting Workflows:
  - Jest for unit tests, Supertest for integration tests
  - pre-commit linting with ESLint + Prettier
  - CI runs tests on push to main
Prohibited Actions & Anti-patterns:
  - Do not bypass input validation or rely on client-side checks
  - Do not store secrets in source code or commit them to repo
  - Do not bypass authorization checks for asset access
  - Do not implement non-atomic multi-step operations without transactions
  - Do not skip migrations or ignore DB schema drift

Overview

Direct answer: This Cursor Rules Template provides a ready-to-paste .cursorrules block for a Node.js Express based media asset management system with uploads, tags, search, approvals, and rights management. It targets Cursor AI to guide implementation in this stack and includes an explicit, copyable configuration block.

This page is a Cursor rules template page designed for developers who want a concrete, stack-specific guideline set to generate a robust MAM solution using Cursor AI in a Node.js and PostgreSQL environment.

When to Use These Cursor Rules

  • When starting a new MAM project with Uploads, Tags, and Search capabilities on Node.js + Express
  • When you need deterministic, repeatable guidance for approvals workflows and rights management
  • When you want a copyable .cursorrules block to paste into your project root and tailor for your config

Copyable .cursorrules Configuration

.cursorrules
Framework: Node.js, Express, PostgreSQL
Context: Build a Media Asset Management MAM with uploads, tags, search, approvals, and rights management
Role & Context: You are a software engineer implementing a production-grade MAM stack. Follow Cursor AI rules to produce clear project structure and safe AI-assisted patterns
Code Style & Style Guides: TypeScript preferred, ESLint + Prettier rules, strict types, and explicit return types
Architecture & Directory Rules:
  - src/controllers, src/models, src/routes, src/services, src/middleware
  - migrations for schema changes, config for env separation
  - tests for unit/integration coverage
Authentication & Security Rules:
  - JWT-based authentication or session-based with httpOnly cookies
  - RBAC with roles: admin, editor, reviewer, viewer
  - never expose private asset URLs without authorization checks
Database & ORM patterns:
  - PostgreSQL with parameterized queries via pg or a minimal query builder
  - assets and tags in separate tables with a join table for many-to-many relations
  - use JSONB for asset metadata where advantageous
Testing & Linting Workflows:
  - Jest for unit tests, Supertest for integration tests
  - pre-commit linting with ESLint + Prettier
  - CI runs tests on push to main
Prohibited Actions & Anti-patterns:
  - Do not bypass input validation or rely on client-side checks
  - Do not store secrets in source code or commit them to repo
  - Do not bypass authorization checks for asset access
  - Do not implement non-atomic multi-step operations without transactions
  - Do not skip migrations or ignore DB schema drift

Recommended Project Structure

project-root/
├── src/
│   ├── controllers/
│   │   ├─ assetController.ts
│   │   ├─ tagController.ts
│   │   ├─ searchController.ts
│   │   ├─ approvalController.ts
│   │   └─ rightsController.ts
│   ├── models/
│   │   ├─ asset.ts
│   │   ├─ tag.ts
│   │   └─ user.ts
│   ├── routes/
│   │   └─ assetsRoutes.ts
│   ├── services/
│   │   ├─ storageService.ts
│   │   ├─ searchService.ts
│   │   ├─ tagService.ts
│   │   ├─ approvalService.ts
│   │   └─ rightsService.ts
│   ├── middleware/
│   │   └─ authMiddleware.ts
│   └── index.ts
├── migrations/
├── tests/
├── uploads/
└── config/

Core Engineering Principles

  • Clear module boundaries and single responsibility per service
  • Data validation everywhere; fail-fast on invalid input
  • Security by default: least privilege, strict access checks, secured secrets
  • Reliable data access with parameterized queries and transactions
  • Observability: structured logs, metrics, and tracing hooks
  • Idempotent asset operations for uploads, updates, and approvals
  • Cursor AI rules are explicit about risks and safety constraints

Code Construction Rules

  • Use TypeScript with explicit types for DTOs and domain models
  • Express routers should delegate to controllers; controllers call services
  • Store assets in a dedicated storage layer; avoid direct file system coupling in business logic
  • Use prepared statements and parameterized queries for all DB ops
  • Handle uploads via streaming, validate mime types and file size, and enforce quotas
  • Implement full-text search on asset metadata using PostgreSQL capabilities
  • Maintain a robust test suite: unit, integration, and end-to-end where feasible
  • Do not bypass security or validation for speed; prioritize correctness

Security and Production Rules

  • Serve assets through signed URLs or a protected CDN behind access checks
  • Store secrets in environment configs, not in code; rotate credentials
  • Use TLS, secure cookies, and CSRF protection where applicable
  • Implement role-based access controls for uploads, edits, and approvals
  • Audit trails for rights changes and approvals with immutable logs

Testing Checklist

  • Unit tests for controllers and services with deterministic mocks
  • Integration tests for authentication, asset CRUD, and search
  • End-to-end style tests for upload pipeline and approval flow
  • Security tests for access control and input validation
  • Linting and type checks in CI

Common Mistakes to Avoid

  • Skipping server-side validation and trusting client input
  • Overloading asset endpoints with business logic; keep controllers thin
  • Neglecting migrations and drift between code and DB schema
  • Ignoring RBAC; public endpoints that expose asset metadata unintentionally
  • Not indexing asset metadata for search; poor user experience

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

FAQ

What is a Cursor Rules Template and why use it for a MAM stack?

A Cursor Rules Template provides a copyable, stack-specific configuration that guides AI-assisted development. It defines scope, architecture, and safety rules for building a media asset management system on Node.js Express with PostgreSQL, enabling predictable results when you paste the block into your project.

How should uploads be handled in this template?

Uploads should be validated server-side, streamed and size-limited, stored securely in a storage service, and references saved in PostgreSQL. Access should be controlled via RBAC, and URLs should be protected or signed to prevent leaks.

How do I implement tagging and search effectively?

Store tags in a separate table with a many-to-many relation to assets. Use a PostgreSQL tsvector column for full-text search on metadata and tags, with GIN indexes to speed lookups. Keep search queries parameterized and paginated.

What about approvals and rights management?

Model asset state with pending, approved, and rejected, plus an audit trail. Implement RBAC for who can approve and publish. Rights checks should gate any asset access, and changes should be recorded for auditing.

How should I test this Cursor Rules Template?

Cover unit tests for controllers and services, integration tests for auth flows and asset lifecycle, and end-to-end tests for upload and approval paths. Use a CI pipeline to run tests on push, and ensure linting passes on pre-commit hooks.

Where should I place the .cursorrules block?

Place the copyable .cursorrules block in the Content section of this page and paste it into the project root as .cursorrules. It should be the authoritative guide for your stack and be tailored to your environment.