Cursor Rules TemplatesCursor Rules Template

Cursor Rules Template: Sustainability Supplier Assessment Platform with Questionnaires, Scoring, and Compliance Dashboards

Copyable Cursor rules template for building a sustainability supplier assessment platform with questionnaires, scoring, and compliance dashboards. Target stack: Node.js/Express API backend, PostgreSQL, TypeScript.

.cursorrules templatecursor rules templatesustainabilitysupplier assessmentquestionnairesscoringcompliance dashboardsCursor AINode.jsPostgreSQLTypeScript

Target User

Developers building a sustainability supplier assessment platform with questionnaires, scoring, and dashboards

Use Cases

  • Define dynamic supplier questionnaires aligned to sustainability standards
  • Compute and publish scoring across environmental, social, and governance categories
  • Render auditable compliance dashboards from scored results
  • Enforce data governance and security in AI-assisted development

Markdown Template

Cursor Rules Template: Sustainability Supplier Assessment Platform with Questionnaires, Scoring, and Compliance Dashboards

cursor_rules:
  framework: 'Node.js + Express API + PostgreSQL + TypeScript'
  role: 'System Architect'
  context: 'You guide Cursor AI to implement a sustainable supplier assessment platform with questionnaires, scoring, and dashboards. Emphasize data integrity, security, auditing, and maintainable architecture.'
  codeStyle:
    - 'TypeScript with strict type checking'
    - 'ESLint + @typescript-eslint plugin'
    - 'Prettier for formatting'
    - 'JSDoc/TSDoc for APIs and data models'
  architecture:
    structure:
      - api/src/controllers
      - api/src/routes
      - api/src/services
      - api/src/models
      - api/src/dto
      - api/src/middlewares
      - db/migrations
      - web/src/components
      - web/src/pages
      - web/src/hooks
      - web/public
  authentication:
    strategy: 'JWT RS256 with refresh tokens'
    roles: ['admin', 'auditor', 'supplier']
    accessPatterns:
      - 'admin endpoints require admin role'
      - 'auditor endpoints require auditor role and audit logging'
      - 'supplier endpoints require supplier role with restricted access'
  database:
    vendor: 'PostgreSQL'
    migrations: 'Flyway-compatible SQL migrations or node migrations with parameterized queries'
    patterns:
      - 'domain data: suppliers, questionnaires, responses, scores, dashboards, logs'
      - 'use prepared statements; avoid string concatenation'
      - 'all writes pass through API with server-side validation'
  testingLinting:
    unit: 'Vitest with TS'
    integration: 'supertest or equivalent'
    e2e: 'Cypress or Playwright'
    lint: 'ESLint + Prettier in CI'
  prohibitedActions:
    - 'Do not execute arbitrary host commands'
    - 'Do not bypass authentication checks in generated code'
    - 'Do not store secrets in source control or environment variables in code'
    - 'Do not generate unsafe dynamic SQL via string interpolation'
    - 'Do not trust client-side validation; enforce server-side validation'

Overview

This Cursor Rules Template provides a complete, copyable configuration for Cursor AI to help you build a sustainability supplier assessment platform with questionnaires, scoring, and compliance dashboards. Target stack: Node.js/Express API backend, PostgreSQL database, and a TypeScript codebase. It offers direct prompts and constraints that enable auditable AI-generated code, data models, and API contracts.

Direct Answer

Cursor AI will generate a production-grade backend plus data models, with strict validation, role-based access, and auditable scoring dashboards.

When to Use These Cursor Rules

  • When you need structured supplier questionnaires mapped to sustainability standards.
  • When scoring across environmental, social, and governance categories must be auditable.
  • When you require secure API routes, role-based access, and compliant dashboards.
  • When you want a repeatable, testable architecture with clear separation of concerns.

Copyable .cursorrules Configuration

cursor_rules:
  framework: 'Node.js + Express API + PostgreSQL + TypeScript'
  role: 'System Architect'
  context: 'You guide Cursor AI to implement a sustainable supplier assessment platform with questionnaires, scoring, and dashboards. Emphasize data integrity, security, auditing, and maintainable architecture.'
  codeStyle:
    - 'TypeScript with strict type checking'
    - 'ESLint + @typescript-eslint plugin'
    - 'Prettier for formatting'
    - 'JSDoc/TSDoc for APIs and data models'
  architecture:
    structure:
      - api/src/controllers
      - api/src/routes
      - api/src/services
      - api/src/models
      - api/src/dto
      - api/src/middlewares
      - db/migrations
      - web/src/components
      - web/src/pages
      - web/src/hooks
      - web/public
  authentication:
    strategy: 'JWT RS256 with refresh tokens'
    roles: ['admin', 'auditor', 'supplier']
    accessPatterns:
      - 'admin endpoints require admin role'
      - 'auditor endpoints require auditor role and audit logging'
      - 'supplier endpoints require supplier role with restricted access'
  database:
    vendor: 'PostgreSQL'
    migrations: 'Flyway-compatible SQL migrations or node migrations with parameterized queries'
    patterns:
      - 'domain data: suppliers, questionnaires, responses, scores, dashboards, logs'
      - 'use prepared statements; avoid string concatenation'
      - 'all writes pass through API with server-side validation'
  testingLinting:
    unit: 'Vitest with TS'
    integration: 'supertest or equivalent'
    e2e: 'Cypress or Playwright'
    lint: 'ESLint + Prettier in CI'
  prohibitedActions:
    - 'Do not execute arbitrary host commands'
    - 'Do not bypass authentication checks in generated code'
    - 'Do not store secrets in source control or environment variables in code'
    - 'Do not generate unsafe dynamic SQL via string interpolation'
    - 'Do not trust client-side validation; enforce server-side validation'

Recommended Project Structure

api/
  src/
    controllers/
    routes/
    services/
    models/
    dto/
    middlewares/
  tests/
  tsconfig.json

db/
  migrations/
  seeds/

web/
  src/
    components/
    pages/
    hooks/
  public/
  styles/

shared/
  lib/
  types/

Core Engineering Principles

  • Explicit data validation at API boundaries; never trust client input.
  • Clear separation of concerns between questionnaire handling, scoring, and dashboards.
  • Auditable actions with immutable logs and versioned schemas.
  • Defensive security: proper RBAC, JWT validation, and least privilege.
  • Test-driven development with unit, integration, and E2E tests.

Code Construction Rules

  • Represent questionnaires and scoring rules as typed data models with validation schemas.
  • Store questionnaire definitions in DB with versioning; changes should not invalidate historical scores.
  • Compute scores server-side; expose read-only results to dashboards with secure endpoints.
  • Use parameterized queries and prepared statements for all DB access.
  • Adopt a strict API surface with DTOs and input validation.

Security and Production Rules

  • Use JWT RS256 with short-lived access tokens and rotate refresh tokens.
  • Encrypt sensitive fields at rest; log-only non-sensitive data in audit logs.
  • Apply rate limiting and IP allowlisting for admin endpoints.
  • Enforce least privilege in DB roles; separate read/write roles per service.
  • Require TLS in transit; use secure cookies with HttpOnly and Secure flags.

Testing Checklist

  • Unit tests for models and services with deterministic fixtures.
  • Integration tests for API endpoints with real DB in CI.
  • E2E tests for the questionnaires, scoring, and dashboards user flow.
  • Lint, type checks, and security scanning in CI pipelines.

Common Mistakes to Avoid

  • Relying on client-side validation to enforce rules.
  • Hard-coding secrets or credentials in code or repos.
  • Overloading API endpoints with business logic; create clear services.
  • Neglecting data versioning and migratability for questionnaire schemas.
  • Ignoring audit trails and RBAC in dashboards and APIs.

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

FAQ

What tech stack does this Cursor Rules Template target?

The template targets a Node.js + Express API backend with PostgreSQL and TypeScript, optionally a React frontend. It emphasizes server-side validation, robust typing, and auditable data handling without committing to a specific ORM.

How are questionnaires and scoring modeled?

Questionnaires are stored as typed schemas with sections and questions; scoring uses rubric-based metrics across environmental, social, and governance categories. Calculations run on the server for reproducibility and auditability.

Where should I paste the .cursorrules block?

Place the copied .cursorrules block in your project root as a file named .cursorrules. Cursor AI will read it to generate code, data models, and API contracts for your stack.

What testing strategy is recommended?

Unit tests for models/services, integration tests for API endpoints, and end-to-end tests for the questionnaire-to-dashboard flows. Include linting and type checks in CI.

What are the security requirements?

Enforce RBAC with JWT, rotate refresh tokens, encrypt sensitive data at rest, enforce TLS in transit, and maintain audit logs for data access and scoring changes.