Cursor Rules TemplatesCursor Rules Template

Cursor Rules Template: Node.js Express PostgreSQL Catering Cursor Rules

Cursor Rules Template for building catering preparation planners from event requirements using Node.js, Express, and PostgreSQL. This page includes a copyable .cursorrules configuration and stack-specific project guide.

.cursorrules templatecursor rules templatecursor-rulesnode-express-postgrescatering plannerevent requirementsCursor AIbackend rulessql parameterizedtestingci

Target User

Backend developers building catering preparation planners driven by event requirements

Use Cases

  • Translate event requirements into dynamic catering plans (menus, inventories, staff, equipment)
  • Generate procurement and task timelines from constraints
  • Validate data against schema before persisting
  • Automate testing and deployment workflows

Markdown Template

Cursor Rules Template: Node.js Express PostgreSQL Catering Cursor Rules

Overview


Direct answer: This Cursor rules configuration provides a practical blueprint for building a catering preparation planner that derives menus, staffing, equipment, and timelines from event requirements, using a Node.js (Express) backend with PostgreSQL. It encodes stack-specific rules to keep AI-generated output safe and production-ready.



When to Use These Cursor Rules



- When you need to generate a complete catering plan (menus, inventories, staff, equipment) from a client event spec.

- When building a REST API that translates event requirements into actionable production tasks and procurement lists.

- When you want deterministic outputs, strong validation, and testable data flows to integrate with your UI.



Copyable .cursorrules Configuration



# Cursor Rules Template for Node.js Express + PostgreSQL catering planner
framework: node-express-postgres
context: You are a software engineer building a catering preparation planner that converts event requirements into menus, staffing, equipment, and timelines. Target stack: Node.js with Express and PostgreSQL. Follow Cursor AI rules to deliver production-ready, testable code with secure patterns.
roles:
  - frameworkRole: Backend API server for catering planning; orchestrates events, menus, inventory, staff, and schedules.
  - assistantRole: Cursor AI assistant that writes clean, typed, testable code with explicit decisions and documentation.
codeStyle:
  - styleGuide: Airbnb JavaScript Style
  - formatting: Prettier with 2 spaces
architecture:
  directoryStructure:
    - src/
    - src/controllers/
    - src/routes/
    - src/models/
    - src/services/
    - src/repositories/
    - src/utils/
    - config/
    - migrations/
  approach: RESTful API with service and repository layers; explicit data flows from event requirements to output plans.
security:
  authentication:
    method: JWT in Authorization header
    tokenLifetime: 15m access, 7d refresh
  authorization:
    roles: admin, planner, user
  secrets:
    management: Use environment variables; never log secrets; use secret stores in prod
database:
  engine: PostgreSQL
  client: pg (node-postgres)
  patterns:
    - parameterized queries
    - connection pooling
    - migrations via sql files
  orm:
    strategy: No ORM; use repository pattern with raw SQL
testing:
  unit: Jest or Vitest with ts-node
  integration: SuperTest for HTTP; seed database for deterministic tests
  linting: ESLint + Prettier; type checking with TypeScript
ci:
  workflow: GitHub Actions; run tests, lint, and type-check on push
antiPatterns:
  - Do not concatenate SQL; parameterize all inputs
  - Do not bypass authentication
  - Do not leak stack traces to clients
  - Do not commit secrets to repo
  - Do not perform business logic in controllers; keep to routing


Recommended Project Structure


project-root/
├── src/
│   ├── controllers/
│   │   └── cateringController.ts
│   ├── routes/
│   │   └── cateringRoutes.ts
│   ├── services/
│   │   └── cateringService.ts
│   ├── repositories/
│   │   └── cateringRepo.ts
│   ├── models/
│   │   └── types.ts
│   ├── utils/
│   │   └── validation.ts
│   ├── config/
│   │   └── index.ts
│   ├── db/
│   │   ├── migrations/
│   │   └── seeds/
│   └── index.ts
├── tests/
│   ├── unit/
│   └── integration/
├── package.json
├── tsconfig.json
└── .env.example

Core Engineering Principles



- Deterministic outputs: seed data and event requirements map to consistent results.

- Validation at boundaries: strict input validation and type-safe outputs.

- Security-by-default: JWT-based auth, least privilege, no secrets in code.

- Modular design: service and repository layers with clear contracts.

- Testability: comprehensive unit and integration tests with CI checks.



Code Construction Rules



- Use TypeScript with strict mode enabled; define precise interfaces for event requirements.

- Validate inputs with Zod; generate output schemas and validate responses before sending.

- Endpoints should be RESTful; use consistent status codes and error shapes.

- Implement repository pattern with parameterized SQL; avoid ORMs unless explicitly required.

- Maintain a clear separation between controllers, services, and repositories.



Security and Production Rules



- Always read configuration from environment variables; do not hardcode secrets.

- Enable Helmet, rate-limiting, and secure headers in Express.

- Use HTTPS in production; enforce CORS policies per environment.

- Rotate JWTs and implement short-lived tokens with refresh flow.

- Audit logs for critical actions; avoid logging sensitive data.



Testing Checklist



- Unit tests for validation, data transformation, and business rules.

- Integration tests for API endpoints with a test PostgreSQL instance.

- End-to-end tests simulating event-driven flows from requirements to outputs.

- CI runs lint, type checks, tests, and code coverage reporting.



Common Mistakes to Avoid



- Hardcoding event-to-output mappings instead of data-driven rules.

- Skipping input validation; insecure or inconsistent inputs break plans.

- Leakage of secrets in logs or artifacts.

- Using raw SQL without parameterization in production code.



Related implementation resources: AI Agent Use Case for Catering Businesses Using Event Requirements to Generate Shopping and Preparation Plans and Using Skill Files to Stop SQL Injection in Generated Backend Code.





FAQ


What is this Cursor Rules Template about?


This Cursor Rules Template provides stack-specific Cursor AI guidance for building a catering preparation planner from event requirements using Node.js, Express, and PostgreSQL. It includes a copyable .cursorrules block and concrete project structure guidance.


Which stack does this template target?


The template targets Node.js with Express and PostgreSQL, using raw SQL via node-postgres, a TypeScript codebase, and a repository-service architecture to ensure clean separation of concerns and testability.


How do I use the .cursorrules block?


Paste the block into your project root as .cursorrules and use Cursor AI to enforce the rules during code generation, ensuring stack constraints and security patterns are followed.


What should I do to run locally?


Install dependencies, configure a local PostgreSQL instance, copy .env.example to .env, run migrations, seed data, and start the server. Use the tests to verify behavior and adjust environment-specific settings as needed.


How does this template ensure security?


The template enforces JWT-based authentication, parameterized queries, environment-based secrets, secure HTTP headers, and restricted access by role to protect data and operations.

Overview

Direct answer: This Cursor rules configuration provides a practical blueprint for building a catering preparation planner that derives menus, staffing, equipment, and timelines from event requirements, using a Node.js (Express) backend with PostgreSQL. It encodes stack-specific rules to keep AI-generated output safe and production-ready.

When to Use These Cursor Rules

  • When you need to generate a complete catering plan (menus, inventories, staff, equipment) from a client event spec.
  • When building a REST API that translates event requirements into actionable production tasks and procurement lists.
  • When you want deterministic outputs, strong validation, and testable data flows to integrate with your UI.

Copyable .cursorrules Configuration


# Cursor Rules Template for Node.js Express + PostgreSQL catering planner
framework: node-express-postgres
context: You are a software engineer building a catering preparation planner that converts event requirements into menus, staffing, equipment, and timelines. Target stack: Node.js with Express and PostgreSQL. Follow Cursor AI rules to deliver production-ready, testable code with secure patterns.
roles:
  - frameworkRole: Backend API server for catering planning; orchestrates events, menus, inventory, staff, and schedules.
  - assistantRole: Cursor AI assistant that writes clean, typed, testable code with explicit decisions and documentation.
codeStyle:
  - styleGuide: Airbnb JavaScript Style
  - formatting: Prettier with 2 spaces
architecture:
  directoryStructure:
    - src/
    - src/controllers/
    - src/routes/
    - src/models/
    - src/services/
    - src/repositories/
    - src/utils/
    - config/
    - migrations/
  approach: RESTful API with service and repository layers; explicit data flows from event requirements to output plans.
security:
  authentication:
    method: JWT in Authorization header
    tokenLifetime: 15m access, 7d refresh
  authorization:
    roles: admin, planner, user
  secrets:
    management: Use environment variables; never log secrets; use secret stores in prod
database:
  engine: PostgreSQL
  client: pg (node-postgres)
  patterns:
    - parameterized queries
    - connection pooling
    - migrations via sql files
  orm:
    strategy: No ORM; use repository pattern with raw SQL
testing:
  unit: Jest or Vitest with ts-node
  integration: SuperTest for HTTP; seed database for deterministic tests
  linting: ESLint + Prettier; type checking with TypeScript
ci:
  workflow: GitHub Actions; run tests, lint, and type-check on push
antiPatterns:
  - Do not concatenate SQL; parameterize all inputs
  - Do not bypass authentication
  - Do not leak stack traces to clients
  - Do not commit secrets to repo
  - Do not perform business logic in controllers; keep to routing

Recommended Project Structure

project-root/
├── src/
│   ├── controllers/
│   │   └── cateringController.ts
│   ├── routes/
│   │   └── cateringRoutes.ts
│   ├── services/
│   │   └── cateringService.ts
│   ├── repositories/
│   │   └── cateringRepo.ts
│   ├── models/
│   │   └── types.ts
│   ├── utils/
│   │   └── validation.ts
│   ├── config/
│   │   └── index.ts
│   ├── db/
│   │   ├── migrations/
│   │   └── seeds/
│   └── index.ts
├── tests/
│   ├── unit/
│   └── integration/
├── package.json
├── tsconfig.json
└── .env.example

Core Engineering Principles

  • Deterministic outputs: seed data and event requirements map to consistent results.
  • Validation at boundaries: strict input validation and type-safe outputs.
  • Security-by-default: JWT-based auth, least privilege, no secrets in code.
  • Modular design: service and repository layers with clear contracts.
  • Testability: comprehensive unit and integration tests with CI checks.

Code Construction Rules

  • Use TypeScript with strict mode enabled; define precise interfaces for event requirements.
  • Validate inputs with Zod; generate output schemas and validate responses before sending.
  • Endpoints should be RESTful; use consistent status codes and error shapes.
  • Implement repository pattern with parameterized SQL; avoid ORMs unless explicitly required.
  • Maintain a clear separation between controllers, services, and repositories.

Security and Production Rules

  • Always read configuration from environment variables; do not hardcode secrets.
  • Enable Helmet, rate-limiting, and secure headers in Express.
  • Use HTTPS in production; enforce CORS policies per environment.
  • Rotate JWTs and implement short-lived tokens with refresh flow.
  • Audit logs for critical actions; avoid logging sensitive data.

Testing Checklist

  • Unit tests for validation, data transformation, and business rules.
  • Integration tests for API endpoints with a test PostgreSQL instance.
  • End-to-end tests simulating event-driven flows from requirements to outputs.
  • CI runs lint, type checks, tests, and code coverage reporting.

Common Mistakes to Avoid

  • Hardcoding event-to-output mappings instead of data-driven rules.
  • Skipping input validation; insecure or inconsistent inputs break plans.
  • Leakage of secrets in logs or artifacts.
  • Using raw SQL without parameterization in production code.

Related implementation resources: AI Agent Use Case for Catering Businesses Using Event Requirements to Generate Shopping and Preparation Plans and Using Skill Files to Stop SQL Injection in Generated Backend Code.

FAQ

What is this Cursor Rules Template about?

This Cursor Rules Template provides stack-specific Cursor AI guidance for building a catering preparation planner from event requirements using Node.js, Express, and PostgreSQL. It includes a copyable .cursorrules block and concrete project structure guidance.

Which stack does this template target?

The template targets Node.js with Express and PostgreSQL, using raw SQL via node-postgres, a TypeScript codebase, and a repository-service architecture to ensure clean separation of concerns and testability.

How do I use the .cursorrules block?

Paste the block into your project root as .cursorrules and use Cursor AI to enforce the rules during code generation, ensuring stack constraints and security patterns are followed.

What should I do to run locally?

Install dependencies, configure a local PostgreSQL instance, copy .env.example to .env, run migrations, seed data, and start the server. Use the tests to verify behavior and adjust environment-specific settings as needed.

How does this template ensure security?

The template enforces JWT-based authentication, parameterized queries, environment-based secrets, secure HTTP headers, and restricted access by role to protect data and operations.