Physiotherapy Practice Management Cursor Rules Template for Cursor AI

Overview

The Cursor rules configuration enables Cursor AI to guide the implementation of a Physiotherapy Practice Management System (PPMS) with exercise plans, progress tracking, and a patient portal. This Cursor Rules Template targets a stack of NestJS backend, React frontend, PostgreSQL database with TypeORM, and JWT/OAuth2 for authentication.

Cursor rules template summary: provide a copyable, framework-specific set of rules you can paste into your project root to ensure consistent architecture, secure data handling, and testable code.

When to Use These Cursor Rules

• Starting a PPMS project with exercise plans, progress tracking, and a patient portal
• Onboarding new developers to the PPMS stack
• Enforcing consistent module boundaries and data models across backend and frontend
• Defining security, auditing, and testing expectations from day one

Copyable .cursorrules Configuration

framework: NestJS + React + PostgreSQL
stack: TypeORM, JWT, OAuth2
role: System: Cursor AI coding assistant for PPMS
context: You are building a Physiotherapy Practice Management System with exercises, progress tracking, and a patient portal
codeStyle: TypeScript strict, ESLint, Prettier
architecture: backend/src/modules/patients, exercises, progress, portal
authentication: JWT with HttpOnly cookies, OAuth2 for patient portal
database: TypeORM with PostgreSQL
testing: Jest + Supertest for API, Cypress for end-to-end
linting: ESLint + Prettier + lint-staged
security: input validation, parameterized queries, secret management, encryption in transit and at rest
prohibitedActions: do not use Prisma, Mongoose, or arbitrary evaluation of external code
antiPatterns: avoid dynamic code generation in production, avoid bypassing server-side validation.

Recommended Project Structure

workspace/

apps/backend/src/modules/patients

apps/backend/src/modules/exercises

apps/backend/src/modules/progress

apps/backend/src/modules/portal

apps/frontend/src/components

apps/frontend/src/pages

apps/frontend/src/services

apps/frontend/src/hooks

shared/types

Core Engineering Principles

• Security by default and verified access control
• Explicit data models and clear domain boundaries
• Testability with unit/integration/e2e tests
• Idempotent mutations and proper error handling
• Observability with structured logging and metrics

Code Construction Rules

• Define DTOs and validate inputs at every boundary
• Isolate business logic from framework specifics
• Use typed interfaces for services and repositories
• Keep module boundaries explicit and decouple layers
• Ensure deterministic API contracts with versioning
• Do not bypass authentication on protected routes

Security and Production Rules

• Require HTTPS, rotate secrets, and store them securely
• HttpOnly cookies with secure attributes; implement CSRF protection for SPA
• Limit API rate and enforce access controls; audit sensitive actions
• Encrypt data in transit and at rest; implement backups and disaster recovery

Testing Checklist

• Unit tests for all services and validators
• Integration tests for API endpoints and DB interactions
• End-to-end tests simulating real patient workflows
• Linting and type-checks in CI
• Security regression tests for input validation and auth

Common Mistakes to Avoid

• Storing sensitive data in logs or code
• Skipping server-side validation or using client-side validation alone
• Overfetching data or exposing internal schemas
• Mixing domain concerns with presentation layer
• Ignoring accessibility in UI components

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

• Cursor Rules Template: LMS with Courses, Lessons, Quizzes, Certificates, Payments, and Admin Dashboard
• Cursor Rules Template for FastAPI + PostgreSQL AI Interview Platform
• Cursor Rules Template: Manufacturing Execution Dashboard (NestJS + PostgreSQL)
• Cursor Rules Template: Teacher Productivity App with Lesson Plans, Worksheets, Grading and Analytics

FAQ

What is a Cursor Rules Template for PPMS?

A Cursor Rules Template provides a copyable set of Cursor AI rules to guide PPMS development from architecture to testing. It focuses on a stack with NestJS, React, PostgreSQL, and TypeORM, and covers exercises, progress tracking, and patient portal features.

Which stack does this template target?

The template targets a NestJS backend, a React frontend, a PostgreSQL database, and TypeORM for ORM, with JWT-based authentication and OAuth2 for patient portal access.

Where do I paste the .cursorrules file?

Paste the copied rules into your project root as a .cursorrules file. Cursor AI will then guide you through implementation, enforcing architecture, security, and testing conventions.

How does this template address patient data privacy?

It enforces strict access control, encrypted data in transit and at rest, HttpOnly cookies, and auditing. All sensitive actions are authenticated and authorized with role-based checks.

Can I extend this template for additional modules?

Yes. The template is designed to be extended. Add modules for tele-rehab, in-clinic scheduling, or reporting while preserving the core rules for security and data integrity.