Cursor Rules Template: Teacher Productivity App with Lesson Plans, Worksheets, Grading and Analytics
Cursor Rules Template for building a teacher productivity app with Cursor AI, featuring lesson plans, worksheets, grading, and classroom analytics. Copyable .cursorrules configuration included.
Target User
Developers building education software with Cursor AI
Use Cases
- Automated lesson plan generation
- Worksheet creation
- Grading assistance
- Classroom analytics dashboards
- Student progress tracking
Markdown Template
Cursor Rules Template: Teacher Productivity App with Lesson Plans, Worksheets, Grading and Analytics
version: 1
rules:
- framework: 'Next.js + TypeScript frontend; Node.js API backend; PostgreSQL (no ORM)'
- role: 'You are Cursor AI configured to assist engineers building a teacher productivity app with lesson plans, worksheets, grading, and classroom analytics.'
- context: 'Project goals include secure student data handling, scalable API design, and a modular frontend.'
- architecture:
frontend: 'Next.js pages/ and components/'
backend: 'API routes/ controllers/ services/'
database: 'PostgreSQL with parameterized SQL via node-postgres'
- codeStyle: 'TypeScript, ESLint+Prettier, strict mode, no implicit any'
- authentication: 'HTTP-only cookies, JWT access tokens, refresh tokens; rotate tokens; store secrets in environment variables'
- security: 'Input validation, CSRF protection, proper CORS, least privilege access'
- database: 'Use parameterized queries, migrations in db/migrations, separate read/write roles'
- testing: 'Jest for unit tests; integration tests with supertest; end-to-end tests with Playwright'
- prohibited: 'Do not concatenate SQL strings; do not leak secrets in logs; do not perform network calls in business logic'
- notes: 'Review AI outputs; avoid unsafe dynamic imports; respect CSP and SSR boundaries'Overview
Cursor Rules Configuration for a teacher productivity app built with Next.js frontend, a Node.js API backend, and PostgreSQL data layer. This Cursor rules template provides a copyable .cursorrules block and concrete guardrails to keep AI generated code safe, consistent, and aligned with an education-focused workflow.
When to Use These Cursor Rules
- When starting a new teacher productivity application with lesson plans, worksheets, grading, and analytics features.
- When you want consistent data models across lesson planning, worksheets, and grading modules.
- When you need strict security and data privacy for student information.
- When you want to enforce testing, linting, and CI/CD best practices from AI outputs.
- When you need reusable architecture patterns for a classroom analytics dashboard.
Copyable .cursorrules Configuration
version: 1
rules:
- framework: 'Next.js + TypeScript frontend; Node.js API backend; PostgreSQL (no ORM)'
- role: 'You are Cursor AI configured to assist engineers building a teacher productivity app with lesson plans, worksheets, grading, and classroom analytics.'
- context: 'Project goals include secure student data handling, scalable API design, and a modular frontend.'
- architecture:
frontend: 'Next.js pages/ and components/'
backend: 'API routes/ controllers/ services/'
database: 'PostgreSQL with parameterized SQL via node-postgres'
- codeStyle: 'TypeScript, ESLint+Prettier, strict mode, no implicit any'
- authentication: 'HTTP-only cookies, JWT access tokens, refresh tokens; rotate tokens; store secrets in environment variables'
- security: 'Input validation, CSRF protection, proper CORS, least privilege access'
- database: 'Use parameterized queries, migrations in db/migrations, separate read/write roles'
- testing: 'Jest for unit tests; integration tests with supertest; end-to-end tests with Playwright'
- prohibited: 'Do not concatenate SQL strings; do not leak secrets in logs; do not perform network calls in business logic'
- notes: 'Review AI outputs; avoid unsafe dynamic imports; respect CSP and SSR boundaries'
Recommended Project Structure
apps/
frontend/
src/
pages/
components/
hooks/
styles/
backend/
src/
controllers/
routes/
services/
middlewares/
db/
migrations/
seeds/
tests/
Core Engineering Principles
- Data privacy by default and least privilege access.
- Clear separation of concerns across frontend, API, and data layers.
- Type safety and explicit contracts for API boundaries.
- Idempotent and auditable operations for data mutations.
- Observability through structured logging and metrics.
Code Construction Rules
- Define TypeScript interfaces for all domain models (Lesson, Worksheet, Grade, AnalyticsEvent).
- Use parameterized SQL queries with prepared statements to prevent injection.
- Keep API routes thin; move business logic into services with clear input/output shapes.
- Validate all inputs with schema validation before hitting the database.
- Reuse components and utilities; avoid tight coupling to specific DB schemas.
- Do not hard-code secrets; load from environment variables via a safe loader.
- Store audits and user actions to support classroom analytics without exposing PII in logs.
Security and Production Rules
- Store authentication tokens in HTTP-only cookies; implement refresh token rotation.
- Enforce role-based access control for teachers, admins, and students where appropriate.
- Validate inputs on server side; enforce CSRF protection for state-changing requests.
- Sanitize all user-generated content; strip dangerous HTML in worksheets where needed.
- Limit API rate and monitor for anomalous activity; use structured logging with redaction.
Testing Checklist
- Unit tests for all domain services (lesson planning, worksheet generation, grading rules).
- Integration tests for database queries and API boundaries.
- End-to-end tests simulating teacher workflows: create plan, generate worksheet, grade, view analytics.
- CI/CD: lint, type check, run unit/integration tests, run e2e tests in a staging environment.
Common Mistakes to Avoid
- Assuming the AI will implement security policies without explicit prompts.
- Mixing frontend-only validation with server-side checks; rely on server-side validation first.
- Using raw SQL in concatenated form or exposing secrets in logs or errors.
- Coupling business logic to specific DB schemas; avoid hard dependencies in AI outputs.
Related Cursor rules templates
Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.
- Cursor Rules Template — Real Estate Dashboard with Cash Flow, ROI, and Analytics
- Cursor Rules Template: AI Tutor SaaS Stack
- Cursor Rules Template for Fitness Trainer SaaS
- Cursor Rules Template for FastAPI + PostgreSQL AI Interview Platform
FAQ
What stack does this Cursor Rules Template cover?
The template targets a Next.js + TypeScript frontend, a Node.js API backend, and PostgreSQL without an ORM. It guides secure, modular development with Cursor AI for a teacher productivity app including lesson plans and classroom analytics.
Can I paste the .cursorrules block into my project root?
Yes. The block is designed to be copyable and self-contained. It sets framework expectations, coding standards, and architecture constraints so AI-generated code adheres to your stack and security policies.
Which components are aligned with classroom analytics?
The rules emphasize safe data modeling for lesson plans, worksheets, and grading data, along with analytics dashboards that aggregate usage metrics while protecting student privacy and enabling audit trails.
How is security enforced in the rules?
Security is wired through authentication strategies (HTTP-only cookies, JWTs, rotation), input validation, CSRF protection, and least-privilege access. The AI is instructed to avoid leaking secrets and to validate all user input before database access.
What testing workflows are recommended?
Unit tests for services, integration tests for API/database boundaries, and end-to-end tests for teacher workflows are required. The template promotes Playwright for E2E, Jest for unit tests, and linting/formatting in CI.