Cursor Rules Template: Travel Itinerary Planner with AI

Overview

Cursor rules configuration for the Travel Itinerary Planner stack provides a precise set of guidelines for Cursor AI to generate AI-assisted itineraries with map-based routing, booking flows, collaborative editing, and PDF export. This template targets a Next.js + TypeScript frontend, a Node.js API backend, PostgreSQL with PostGIS for maps, and real-time collaboration. It is a copyable .cursorrules configuration you can paste into your project root.

Direct answer: This Cursor rules template sets expectations for AI actions, security, data modeling, and deployment practices to deliver a reliable itinerary planning experience.

When to Use These Cursor Rules

• When implementing AI recommendations for travel days, routes, and activities with map visuals.
• When integrating maps, geocoding, routing, and distance-based scoring into itineraries.
• When enabling collaborative editing and sharing of itineraries among users.
• When exporting itineraries to PDF for offline distribution or printing.
• When building a multi-service backend with a PostgreSQL + PostGIS storage layer and real-time features.

Copyable .cursorrules Configuration

# Cursor rules configuration for Travel Itinerary Planner with AI, Maps, Bookings, Collaboration, PDF export

Framework Role & Context:
  You are Cursor AI assistant configured to build a full-stack Travel Itinerary Planner with AI recommendations, integrated maps, booking workflows, real-time collaboration, and PDF export. Target stack: Next.js frontend, Node API, PostgreSQL with PostGIS, Redis, and WebSocket-based collaboration.

Code Style and Style Guides:
  - Language: TypeScript
  - Lint: ESLint with strict rules
  - Formatter: Prettier
  - Style Guide: Airbnb-style with explicit types
  - Project-wide conventions: 4-space indentation, no implicit any, explicit nullability

Architecture & Directory Rules:
  - apps/web: Next.js frontend
  - apps/api: Node API
  - services/maps: Map and geocoding integration
  - services/bookings: Booking engine and payment flow
  - libs/common: Shared types, utilities, constants
  - migrations/: Database migrations and seed scripts
  - Use a monorepo approach with clear module boundaries

Authentication & Security Rules:
  - Use OAuth 2.0 / OpenID Connect for user authentication
  - Use JWT access tokens with short lifetimes and refresh tokens
  - CSRF protection for state-changing requests
  - Input validation and output encoding for all user input
  - Secrets stored in a vault; environment variables not hard-coded
  - Role-based access control (RBAC) for itinerary creation, sharing, and bookings
  - Audit logging of sensitive actions

Database and ORM patterns:
  - PostgreSQL with PostGIS for maps and geospatial queries
  - Core tables: users, itineraries, days, activities, bookings, collaborators
  - Use raw SQL for complex queries; avoid ORMs that hinder performance
  - Use migrations and versioned schema changes
  - Use connection pooling; parameterized queries to prevent injection

Testing & Linting Workflows:
  - Unit tests with Jest for business logic
  - End-to-end tests with Playwright for critical flows (auth, itinerary creation, map visuals, PDF export)
  - Lint with ESLint; format with Prettier
  - CI on push/PR; test coverage thresholds enforced

Prohibited Actions and Anti-patterns:
  - Do not perform network calls or side effects during prompt evaluation
  - Do not expose secrets in code or logs
  - Do not bypass authentication or authorize users beyond their RBAC role
  - Do not embed API keys in the client bundle
  - Do not implement brittle geospatial logic without tests
  - Do not drift from the defined project structure

Recommended Project Structure

workspace/
├── apps/
│   ├── web/           # Next.js frontend
│   └── api/           # Node.js API
├── services/
│   ├── maps/          # map, geocoding, routing
│   └── bookings/      # booking and payment
├── libs/
│   └── common/        # shared types/utilities
└── migrations/          # database migrations

Core Engineering Principles

• Principle of least privilege and RBAC for all access.
• Idempotent operations for idempotent user actions (bookings, saves).
• Explicit data validation and strong typing across frontend and backend.
• Clear separation of concerns: UI, API, services, and data layer.
• Defensive logging and observability for production reliability.

Code Construction Rules

• Ensure all API endpoints validate input with schema validation libraries; never trust client data.
• Define clear data transfer objects (DTOs) for every API boundary.
• Use typed maps and coordinates with proper validation (lat/long bounds).
• Keep business logic in services; thin API/controllers.
• Use migrations for DB changes; avoid ad-hoc schema changes.
• Document all public interfaces in code comments and README examples.

Security and Production Rules

• Use HTTPS; enforce HSTS; TLS 1.2+.
• Store secrets in a vault; rotate credentials regularly.
• Implement rate limiting on API routes; protect against brute force.
• Encrypt sensitive data at rest and in transit; separate keys per environment.
• Implement robust input sanitization and output encoding to prevent injection.
• Set appropriate cache headers; ensure public content is cache-friendly.

Testing Checklist

• Unit tests for all services with deterministic inputs.
• Integration tests covering API endpoints and database interactions.
• End-to-end tests for itinerary creation, map visualization, booking flow, collaboration, and PDF export.
• Static analysis and linting in CI; test coverage goals configured.

Common Mistakes to Avoid

• Overcoupling frontend and backend logic in UI components.
• Skipping migrations or relying on ad-hoc schema changes.
• Ignoring RBAC and data privacy, exposing bookings or itineraries unintentionally.
• Assuming external APIs are always available or latency-insensitive.

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

• Cursor Rules Template for Node.js Hotel Booking Platform
• Cursor Rules Template: Node/Nest Proposal SaaS with CRM Integration
• Cursor Rules Template: Node/NestJS Tour Operator SaaS
• Cursor Rules Template: Django Subscription Box Platform

FAQ

What does this Cursor Rules Template cover?

This template defines a comprehensive travel itinerary planner stack, including AI-generated recommendations, map integration, booking workflows, collaboration features, and PDF export. It specifies architecture, security, testing, and deployment practices tailored to a Next.js + Node + PostgreSQL environment with PostGIS support.

Which stack does it target?

It targets a Next.js frontend with a Node.js API backend, PostgreSQL with PostGIS for maps, Redis for caching, and WebSocket-based collaboration. The template also addresses CI/CD, testing, and production readiness for Cursor AI usage.

How do I apply the Cursor rules file in my project?

Copy the entire .cursorrules block into the project root of your repository to enable Cursor AI to follow the prescribed architecture, security, and testing patterns while generating code and guidance for this stack.

Can I customize the rules for my environment?

Yes. The template is a starting point. Modify project structure, stack choices, and environment-specific values, but preserve security and testing constraints to maintain safety and reliability.

What are the security considerations?

The rules enforce OAuth/OpenID authentication, RBAC, CSRF protection, input validation, and secrets management. They require encryption in transit and at rest, audit logging, and strict access controls for itineraries and bookings.

What testing strategy is recommended?

Use unit tests for business logic, integration tests for API endpoints, and end-to-end tests for user flows including maps, bookings, collaboration, and PDF export. Integrate tests into the CI workflow with coverage checks.