Cursor Rules Template: Node.js + Sequelize Car Rental Management

Overview

Direct answer: This Cursor rules configuration targets a Node.js plus Sequelize plus PostgreSQL stack to architect a car rental management system with vehicles, bookings, insurance, payments, and damage reports. It defines roles, patterns, and constraints so Cursor AI can generate consistent code blocks and keep the project aligned with the stack's conventions.

When to Use These Cursor Rules

• When implementing a multi-entity domain including vehicles, bookings, payments, and insurance
• When you need consistent ORM models, migrations, and transaction boundaries
• When you want to enforce security patterns and input validation across services
• When designing a modular architecture with clear directory structure and testing strategy

Copyable .cursorrules Configuration

Framework Role & Context
- Role: You are a Node.js backend engineer using Sequelize with PostgreSQL. Task is to implement a car rental management system with vehicles bookings insurance payments and damage reports. You must operate within this stack and produce code blocks suitable for a real project in root of the repository.
- Direct answer style: produce precise, actionable blocks with minimal fluff.

Code Style and Style Guides
- Language: TypeScript
- conventions: ESLint with Airbnb rules in strict mode
- formatting: Prettier with 2 space indentation
- file extensions: .ts for source code
- avoid dynamic typing; use strict types and interfaces

Architecture & Directory Rules
- Source under src
- Models in src/models, routes in src/routes, controllers in src/controllers
- Services for business logic in src/services, middlewares in src/middlewares
- Use migrations for DB changes in migrations folder
- Config in config folder with env based settings
- Use repository pattern for DB access via Sequelize models

Authentication & Security Rules
- Use JWT tokens with short lived access tokens and refresh tokens
- Do not store passwords in plain text; always hash with bcrypt
- Validate tokens on protected endpoints; implement RBAC for bookings and payments
- CSRF protection for state changing endpoints in browser clients

Database and ORM patterns
- PostgreSQL with Sequelize ORM
- Define models: Vehicle, Booking, Insurance, Payment, DamageReport, User
- Relationships: Vehicle hasMany Booking; Booking belongsTo Vehicle; Booking hasOne Payment; Vehicle hasMany DamageReport; Booking hasOne Insurance
- Use migrations for schema evolution; seed initial data
- Use transactions for multi-step operations like placeBooking with payment and insurance

Testing & Linting Workflows
- Unit tests with Jest; integration tests with SuperTest
- ESLint run on commit; TypeScript compiler checks during CI
- Run tests on CI and in pre-commit hooks

Prohibited Actions and Anti-patterns for the AI
- Do not embed raw SQL mixed with code; use Sequelize query interface with bindings
- Do not bypass authentication; never perform privileged actions without RBAC checks
- Do not hardcode credentials; rely on environment variables
- Do not skip migrations; avoid sync({ force: true }) in production
- Do not couple services to framework specific features outside Sequelize

Recommended Project Structure

project-root/
  src/
    controllers/
      vehicleController.ts
      bookingController.ts
      insuranceController.ts
      paymentController.ts
      damageReportController.ts
    models/
      vehicle.ts
      booking.ts
      insurance.ts
      payment.ts
      damageReport.ts
      user.ts
    routes/
      vehicleRoutes.ts
      bookingRoutes.ts
      insuranceRoutes.ts
      paymentRoutes.ts
      damageReportRoutes.ts
    services/
      bookingService.ts
      paymentService.ts
      notificationService.ts
    middlewares/
      authMiddleware.ts
      errorMiddleware.ts
    utils/
      validators.ts
  config/
    dbConfig.ts
    passportConfig.ts
  migrations/
  seeders/
  tests/
    unit/
    integration/

Core Engineering Principles

• Single source of truth for domain models through Sequelize definitions
• Explicit interfaces and strong typing with TypeScript
• Security driven design across auth, payments, and data access
• Idempotent migrations and careful rollback strategies
• Clear separation of concerns between models controllers services and routes
• Testable by design with comprehensive unit and integration tests

Code Construction Rules

• Models for Vehicle Booking Insurance Payment and DamageReport must include sensible constraints
• Use Sequelize associations to represent real world relationships
• Transactions must wrap multi step operations like placeBooking with payment and insurance
• Environment based configuration and encrypted secrets management
• Validation at DTO level and model validators; reject invalid data early
• Do not use raw queries; always bind parameters
• Do not hardcode credentials; use environment variables
• Follow the project style guides; TypeScript strict mode
• Include unit tests for critical paths and integration tests for API endpoints

Security and Production Rules

• Use JWT with short lived access tokens and rotation via refresh tokens
• Store password hashes with bcrypt; never plain text
• Minimize surface area; protect endpoints with RBAC
• Audit logs for booking payments and damage reports
• Use HTTPS; correct CORS configuration; input validation to defend against injection
• CI/CD with automated tests; migrations run in production with zero downtime strategies

Testing Checklist

• Unit tests for models and validators
• Integration tests for booking creation and payment flow
• End-to-end tests or API smoke tests
• Linting and TypeScript compilation in CI
• Migration integrity checks and rollback tests

Common Mistakes to Avoid

• Skipping migrations and relying on sync API in production
• Overly permissive RBAC or missing authorization checks
• Embedding secrets in code; not using env var management
• Ignoring null safety and data validation
• Neglecting transaction boundaries during multi-step operations

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

• Cursor Rules Template: Salon Booking System with Staff Calendars, Services, Packages, Memberships, and Payments
• Cursor Rules Template for Node.js Hotel Booking Platform
• Cursor Rules Template: Rental Marketplace with Property Listings, Applications, Tenant Screening, Payments and Messaging
• Cursor Rules Template: Local Services Marketplace (Providers, Quotes, Bookings, Payments)

FAQ

What stack is used in this Cursor Rules Template?

The template targets Node.js with Sequelize and PostgreSQL to implement a car rental management system covering vehicles bookings insurance payments and damage reports.

How do I extend models for new vehicle types?

Extend the Vehicle model with a type field and a separate VehicleType table for normalization; adjust migrations and controllers to include type in creation and validation logic.

How are bookings validated to avoid conflicts?

Use a transactional booking flow that checks existing bookings for a vehicle within the requested time window, using row level isolation and proper indexing to prevent race conditions.

How is payment processing integrated?

Integrate with a payments provider like Stripe; create a Payment record on success; use idempotency keys and webhooks to reconcile state changes with bookings.

How do I test the API endpoints?

Use Jest and SuperTest to test authentication, booking creation, and payment flows; mock external services and validate error paths and edge cases.