Cursor Rules TemplatesCursor Rules Template

Cursor Rules Template: Node.js + Express + PostgreSQL for Food Producer Traceability Docs

Copyable Cursor rules configuration for building traceability documentation tools for food producers using a Node.js + Express + PostgreSQL stack with Cursor AI.

.cursorrules templatecursor rules templatecursor-rules-templatenodejsexpresspostgresqltypeormcursor ai rulestraceability documentationfood producersdocumentation toolingaudit trails

Target User

Backend engineers building traceability documentation tooling for food producers

Use Cases

  • Generate consistent traceability docs from batch data
  • Enforce data provenance and audit trails
  • Automate report generation for regulatory compliance
  • Integrate with existing ERP and LIMS systems

Markdown Template

Cursor Rules Template: Node.js + Express + PostgreSQL for Food Producer Traceability Docs

# Cursor Rules Template for Node.js + Express + PostgreSQL
framework: Node.js, Express, PostgreSQL, TypeORM
version: 1.0
stackNotes: Back-end API and tooling to emit traceability docs for food producers.
roles:
  - name: Framework Role & Context
    value: |
      You are a Node.js back-end service responsible for collecting, validating, and exporting batch traceability data into human-readable documentation artifacts. You integrate with PostgreSQL via TypeORM and expose REST endpoints for docs generation.
  - name: Code Style and Style Guides
    value: |
      Follow eslint:airbnb-base, with Prettier formatting; enforce type definitions with TypeScript; enable tsconfig strict.
  - name: Architecture & Directory Rules
    value: |
      Place database models in src/entities, business logic in src/services, API layers in src/controllers, and migrations in src/migrations. Use DTOs for requests/responses.
  - name: Authentication & Security Rules
    value: |
      Use JWTs, secret from env vars, refresh tokens; protect endpoints with middleware; sanitize all inputs; forbid SQL string concatenation.
  - name: Database and ORM patterns
    value: |
      PostgreSQL with TypeORM; use repositories for data access; avoid n+1 queries; use eager vs lazy loading deliberately.
  - name: Testing & Linting Workflows
    value: |
      Jest with SuperTest for API tests; pre-commit lint; GitHub Actions to run tests and lint on PRs.
  - name: Prohibited Actions and Anti-patterns for the AI
    value: |
      Do not perform remote code execution, do not rely on dynamic SQL assembly, do not bypass migrations, do not access production secrets in prompts.
rules:
  - Do not log secrets
  - Do not skip validation
  - Do not bypass migrations
  - Do not use unsafe eval
security:
  - Store secrets in env vars and secret managers
  - Enable TLS; enforce HTTPS
  - Validate and sanitize all inputs
  - Audit logs for access to traceability docs
testing:
  - Unit tests for validators and services
  - Integration tests for REST endpoints
  - End-to-end tests for doc generation pipeline
deployment:
  - CI with GitHub Actions; run tests and lint
  - Dockerize services; run migrations on startup
  - Health checks and metrics

Overview

Direct answer style: This Cursor rules configuration enables building traceability documentation tooling for food producers using a Node.js + Express + PostgreSQL stack with TypeORM, focusing on data provenance, auditable docs, and automated report generation.

This template provides a complete copyable .cursorrules block, stack-specific project structure, and concrete guidelines to keep AI-assisted development aligned with regulatory traceability needs in the food industry.

When to Use These Cursor Rules

  • When you are building a server-side toolchain that ingests batch data and exports human-readable traceability documents.
  • When you need strict data provenance, audit trails, and reproducible doc generation for compliance reporting.
  • When you want a repeatable architecture for SQL-backed models with an ORM and clear service boundaries.
  • When you require production-grade testing, linting, and CI workflows for rapid iteration.

Copyable .cursorrules Configuration

# Cursor Rules Template for Node.js + Express + PostgreSQL
framework: Node.js, Express, PostgreSQL, TypeORM
version: 1.0
stackNotes: Back-end API and tooling to emit traceability docs for food producers.
roles:
  - name: Framework Role & Context
    value: |
      You are a Node.js back-end service responsible for collecting, validating, and exporting batch traceability data into human-readable documentation artifacts. You integrate with PostgreSQL via TypeORM and expose REST endpoints for docs generation.
  - name: Code Style and Style Guides
    value: |
      Follow eslint:airbnb-base, with Prettier formatting; enforce type definitions with TypeScript; enable tsconfig strict.
  - name: Architecture & Directory Rules
    value: |
      Place database models in src/entities, business logic in src/services, API layers in src/controllers, and migrations in src/migrations. Use DTOs for requests/responses.
  - name: Authentication & Security Rules
    value: |
      Use JWTs, secret from env vars, refresh tokens; protect endpoints with middleware; sanitize all inputs; forbid SQL string concatenation.
  - name: Database and ORM patterns
    value: |
      PostgreSQL with TypeORM; use repositories for data access; avoid n+1 queries; use eager vs lazy loading deliberately.
  - name: Testing & Linting Workflows
    value: |
      Jest with SuperTest for API tests; pre-commit lint; GitHub Actions to run tests and lint on PRs.
  - name: Prohibited Actions and Anti-patterns for the AI
    value: |
      Do not perform remote code execution, do not rely on dynamic SQL assembly, do not bypass migrations, do not access production secrets in prompts.
rules:
  - Do not log secrets
  - Do not skip validation
  - Do not bypass migrations
  - Do not use unsafe eval
security:
  - Store secrets in env vars and secret managers
  - Enable TLS; enforce HTTPS
  - Validate and sanitize all inputs
  - Audit logs for access to traceability docs
testing:
  - Unit tests for validators and services
  - Integration tests for REST endpoints
  - End-to-end tests for doc generation pipeline
deployment:
  - CI with GitHub Actions; run tests and lint
  - Dockerize services; run migrations on startup
  - Health checks and metrics

Recommended Project Structure

project-root/
├─ backend/
│  └─ src/
│     ├─ controllers/
│     ├─ middlewares/
│     ├─ routes/
│     ├─ services/
│     ├─ entities/
│     ├─ repositories/
│     ├─ dtos/
│     └─ migrations/
│  ├─ tests/
│  ├─ migrations/
│  ├─ Dockerfile
│  └─ package.json

Core Engineering Principles

  • Single responsibility: separate controllers, services, and data access layers.
  • Idempotent doc generation: document export must not mutate source data.
  • Explicit data contracts: DTOs for all inputs/outputs; strict validation.
  • Provenance-first: preserve batch lineage and audit trails in all docs.
  • Test-driven under CI: unit, integration, and E2E tests for doc generation.

Code Construction Rules

  • Use TypeORM repositories for data access; avoid raw SQL in business logic.
  • Validate all inputs against defined DTO schemas before processing.
  • Keep migrations as the only path to schema changes; never alter tables at runtime.
  • Export traceability docs via a dedicated service in a deterministic format (JSON/HTML) for auditing.
  • Document generation should be idempotent and replayable against the same data.

Security and Production Rules

  • Store secrets in environment variables or secret managers; never commit them.
  • Enforce TLS, secure cookies, and CORS with a strict policy for API endpoints.
  • Validate and sanitize all user inputs; avoid SQL string concatenation; use parameterized queries.
  • Implement role-based access controls for doc generation and exports.
  • Enable logging, monitoring, and alerting for production deployments.

Testing Checklist

  • Unit tests for validators, DTOs, and services.
  • Integration tests for REST endpoints and ORM interactions.
  • End-to-end tests for the doc generation pipeline from ingestion to export.
  • CI checks: lint, type-check, and test suite execution on PRs.
  • Migration tests to ensure schema changes apply cleanly in CI/CD.

Common Mistakes to Avoid

  • Relying on dynamic SQL assembly; prefer parameterized queries.
  • Bypassing migrations for schema changes.
  • Overloading controllers with business logic; break into services.
  • Neglecting data provenance in generated docs.
  • Exposing secrets or tokens in logs, tests, or code.

Related implementation resources: AI Use Case for Civil Engineers Using Excel To Run Stress Calculation Models On Prospective Bridge Building Designs and Production-grade compliance reporting for AI-led finance: a practical blueprint.

FAQ

What is the Cursor Rules Template for this Node.js stack?

It is a copyable configuration and pattern set that guides AI-assisted development for building traceability documentation tools using Node.js, Express, PostgreSQL, and TypeORM. It enforces architecture, security, testing, and data provenance best practices in Cursor AI interactions.

How do I integrate TypeORM with PostgreSQL for traceability data?

Use a dedicated connection factory, define entities in src/entities, and expose repositories for all queries. Use migrations for schema changes and avoid runtime schema mutations. Optimize for minimal N+1 queries and explicit loading strategies.

How can I ensure generated docs remain auditable?

Record a complete data provenance trail including batch IDs, timestamps, and source transformations. Produce docs in a deterministic format, persist in an immutable store, and include a hash of input data in the export. Use versioned templates for repeatability.

What should CI guarantee for this template?

CI should run linting, type-checking, and the full test suite (unit, integration, E2E). It should also validate migrations and perform a smoke test of the doc generation pipeline to ensure outputs are deterministic and non-destructive.

What security practices are required?

Encrypt secrets, enforce TLS, sanitize inputs, use proper authentication and RBAC, and monitor access logs. Never log secrets, and ensure any external calls are rate-limited and validated.