Cursor Rules TemplatesCursor Rules Template
Cursor Rules Template: Policy QA with Source Citations
Cursor Rules Template for building policy question answering apps with source citations using Cursor AI on a Python FastAPI stack.
cursor-rules-templatepolicy-qasource citationscursor aipythonfastapisqlalchemypostgresqlqa engineretrieval augmented generation
Target User
Developers building policy QA apps with source citations using Cursor AI
Use Cases
- Policy document Q&A with citations
- Legal policy Q&A
- Regulatory compliance documentation QA
Markdown Template
Cursor Rules Template: Policy QA with Source Citations
Overview
Direct answer: This Cursor rules configuration enables building policy question answering apps with source citations using Python FastAPI PostgreSQL SQLAlchemy and Cursor AI to enforce citation aware responses.
When to Use These Cursor Rules
- Use when building policy oriented Q&A apps that require traceable sources
- Apply to retrieval augmented generation workflows with a citations model
- Leverage Cursor AI to enforce provenance and citation formatting in answers
- Ideal for compliance and regulatory documentation workflows
Copyable .cursorrules Configuration
cursorRules:
frameworkRole:
- role: Policy QA AI Assistant
- context: Assist in building policy question answering apps with source citations using Python, FastAPI, PostgreSQL, SQLAlchemy, and Cursor AI
codeStyle:
- guide: PEP8 Black isort
- docstrings: Google style
architecture:
- dirs:
- app/
- app/api/
- app/models/
- app/services/
- config/
- tests/
authentication:
- methods: OAuth 2.0 with JWTs; secure cookies
security:
- cors: strict
- secrets: environment variables
database:
- orm: SQLAlchemy
- database: PostgreSQL
- citationsTable: citations
testing:
- unit: pytest
- integration: httpx
antiPatterns:
- Do not execute raw user input as code
- Do not bypass authentication in tests
- Do not store secrets in code
Recommended Project Structure
project/
└── app/
├── api/
│ └── v1/
│ ├── endpoints.py
│ └── deps.py
├── core/
│ ├── config.py
│ └── security.py
├── db/
│ ├── base.py
│ ├── session.py
│ └── migrations/
├── models/
│ ├── citation.py
│ └── question.py
└── services/
├── retriever.py
└── qa_engine.py
Core Engineering Principles
- Safety first with strict citation enforcement and provenance tracking
- Principle of least privilege for secrets and access
- Deterministic retrieval augmented generation and testable prompts
- Observability through structured logging and tracing
- Data modeling that separates citation metadata from content
- Cursor AI guided development with auditable prompts
Code Construction Rules
- Use FastAPI with APIRouter patterns; declare pydantic models for requests and responses
- Target Python 3.11+ and use async where appropriate
- SQLAlchemy as ORM with Alembic migrations; define models for citations and questions
- Implement RAG workflow: retriever fetches policy docs, then Cursor AI constructs answer with citations
- Prompts must require citation placeholders and enforce source attribution in outputs
- Do not embed secrets or API keys in code; read from environment or secret management
- Do not use unsafe eval or direct user code execution in prompts
Security and Production Rules
- enforce HTTPS and TLS; disable insecure endpoints
- use OAuth 2.0 or API keys with scope based access
- validate all inputs; implement strict content validation for policy data
- store citations in a dedicated table with read/write restrictions
- rotate keys and manage secrets with environment variables
- enable observability and audit logging for prompts and responses
Testing Checklist
- Unit tests for retriever and qa_engine components
- Integration tests for API endpoints and prompt flows
- End to end tests with sample policy docs and citation verification
- Lint, type check, and pre-commit hooks in CI
- Security tests including input validation and access control checks
Common Mistakes to Avoid
- Assuming LLM outputs are always citation accurate; always verify with source data
- Storing plain text policy content without standardized citation IDs
- Neglecting audit logs and monitoring in production
- Overly broad permissions or ignoring secret management
- Discarding localization and language handling in multilingual policy docs
Related implementation resources: AI Use Case for Notion Knowledge Base and Internal Question Answering and RAG Context Windows for Legal Docs: Practical Guide.
FAQ
What frameworks does this Cursor Rules Template target?
It targets Python with FastAPI, SQLAlchemy, PostgreSQL, and Cursor AI for policy Q&A with source citations.
How do I integrate policy source citations using Cursor AI?
The template defines a retrieval augmented generation pattern with a citations model and a dedicated citations table to attach sources to each answer.
Can I adapt for multilingual policy docs?
Yes. The template supports localization hooks, language specific prompts, and translation pipelines while preserving citations.
How do I test the retrieval correctness?
Use unit tests for retriever logic, integration tests for QA endpoints, and end to end tests with sample policy docs to confirm citation accuracy.
What deployment considerations are included?
Focus on production grade security, environment driven configuration, and observability to validate behavior in production.Overview
Direct answer: This Cursor rules configuration enables building policy question answering apps with source citations using Python FastAPI PostgreSQL SQLAlchemy and Cursor AI to enforce citation aware responses.
When to Use These Cursor Rules
- Use when building policy oriented Q&A apps that require traceable sources
- Apply to retrieval augmented generation workflows with a citations model
- Leverage Cursor AI to enforce provenance and citation formatting in answers
- Ideal for compliance and regulatory documentation workflows
Copyable .cursorrules Configuration
cursorRules:
frameworkRole:
- role: Policy QA AI Assistant
- context: Assist in building policy question answering apps with source citations using Python, FastAPI, PostgreSQL, SQLAlchemy, and Cursor AI
codeStyle:
- guide: PEP8 Black isort
- docstrings: Google style
architecture:
- dirs:
- app/
- app/api/
- app/models/
- app/services/
- config/
- tests/
authentication:
- methods: OAuth 2.0 with JWTs; secure cookies
security:
- cors: strict
- secrets: environment variables
database:
- orm: SQLAlchemy
- database: PostgreSQL
- citationsTable: citations
testing:
- unit: pytest
- integration: httpx
antiPatterns:
- Do not execute raw user input as code
- Do not bypass authentication in tests
- Do not store secrets in codeRecommended Project Structure
project/
└── app/
├── api/
│ └── v1/
│ ├── endpoints.py
│ └── deps.py
├── core/
│ ├── config.py
│ └── security.py
├── db/
│ ├── base.py
│ ├── session.py
│ └── migrations/
├── models/
│ ├── citation.py
│ └── question.py
└── services/
├── retriever.py
└── qa_engine.pyCore Engineering Principles
- Safety first with strict citation enforcement and provenance tracking
- Principle of least privilege for secrets and access
- Deterministic retrieval augmented generation and testable prompts
- Observability through structured logging and tracing
- Data modeling that separates citation metadata from content
- Cursor AI guided development with auditable prompts
Code Construction Rules
- Use FastAPI with APIRouter patterns; declare pydantic models for requests and responses
- Target Python 3.11+ and use async where appropriate
- SQLAlchemy as ORM with Alembic migrations; define models for citations and questions
- Implement RAG workflow: retriever fetches policy docs, then Cursor AI constructs answer with citations
- Prompts must require citation placeholders and enforce source attribution in outputs
- Do not embed secrets or API keys in code; read from environment or secret management
- Do not use unsafe eval or direct user code execution in prompts
Security and Production Rules
- enforce HTTPS and TLS; disable insecure endpoints
- use OAuth 2.0 or API keys with scope based access
- validate all inputs; implement strict content validation for policy data
- store citations in a dedicated table with read/write restrictions
- rotate keys and manage secrets with environment variables
- enable observability and audit logging for prompts and responses
Testing Checklist
- Unit tests for retriever and qa_engine components
- Integration tests for API endpoints and prompt flows
- End to end tests with sample policy docs and citation verification
- Lint, type check, and pre-commit hooks in CI
- Security tests including input validation and access control checks
Common Mistakes to Avoid
- Assuming LLM outputs are always citation accurate; always verify with source data
- Storing plain text policy content without standardized citation IDs
- Neglecting audit logs and monitoring in production
- Overly broad permissions or ignoring secret management
- Discarding localization and language handling in multilingual policy docs
Related implementation resources: AI Use Case for Notion Knowledge Base and Internal Question Answering and RAG Context Windows for Legal Docs: Practical Guide.
FAQ
What frameworks does this Cursor Rules Template target?
It targets Python with FastAPI, SQLAlchemy, PostgreSQL, and Cursor AI for policy Q&A with source citations.
How do I integrate policy source citations using Cursor AI?
The template defines a retrieval augmented generation pattern with a citations model and a dedicated citations table to attach sources to each answer.
Can I adapt for multilingual policy docs?
Yes. The template supports localization hooks, language specific prompts, and translation pipelines while preserving citations.
How do I test the retrieval correctness?
Use unit tests for retriever logic, integration tests for QA endpoints, and end to end tests with sample policy docs to confirm citation accuracy.
What deployment considerations are included?
Focus on production grade security, environment driven configuration, and observability to validate behavior in production.