Cursor Rules TemplatesCursor Rules Template

Web Push Notifications with Service Worker Cursor Rules Template

Cursor Rules Template for web push notifications using a Service Worker. Includes a ready-to-paste .cursorrules configuration and stack-specific guidance for Cursor AI.

.cursorrules templatecursor rules templateweb push notificationsservice workerpush APIVAPIDCursor AIPWAJavaScriptweb-push-cursor-rules

Target User

Frontend and backend developers implementing web push using a Service Worker

Use Cases

  • Implement service-worker-based push handling
  • Test push event handling in isolation
  • Define security rules for VAPID and push subscriptions
  • Validate CI/CD for push notification features
  • Define clear architecture and anti-pattern guidance

Markdown Template

Web Push Notifications with Service Worker Cursor Rules Template

// Cursor Rules for: Web Push Notifications (Service Worker)
FRAMEWORK: Web Push Notifications
STACK: Service Worker JS, Push API, VAPID, Node server
ROLE & CONTEXT
You are Cursor AI assistant configured to generate a copyable .cursorrules file for a web push stack using a Service Worker and server for sending pushes. Output must be directly pasteable into a project root
CODE STYLE
Style: JavaScript with Airbnb style
LANGUAGE: JavaScript
REQUIREMENTS
Ensure consistent indentation, semicolon usage, and no global leakage
ARCHITECTURE
Project root contains public/service-worker.js, server/push/index.js, and tests. Use a clean module layout and avoid inlining secrets
AUTHENTICATION & SECURITY
Do not embed VAPID private keys in client code. Use server side storage and deliver public keys via an endpoint if needed
DATABASE PATTERNS
Client uses IndexedDB for caching; server uses a real database. Do not store sensitive data on the client
TESTING & LINTING
Unit tests for service worker logic; integration tests for push endpoints; CI includes lint, test, and build steps
PROHIBITED ACTIONS
Do not register service worker on non secure origin without user consent. Do not expose private VAPID keys in client code. Do not bypass user consent for push prompts.

Overview

The Cursor rules configuration for web push notifications enables Cursor AI to guide you through implementing a Service Worker based push flow with the Web Push API, VAPID server keys, and a Node.js backend for sending pushes. This template is stack-specific and copyable for quick adoption in Cursor AI editor.

Direct answer: Use this template to paste a complete .cursorrules file at your project root to configure Cursor AI for web push with a Service Worker, including architecture, security, and tests.

When to Use These Cursor Rules

  • Starting a web push project that relies on a Service Worker and the Push API.
  • Need a copyable .cursorrules block to enforce architecture and security constraints.
  • Integrating with a Node.js backend that sends push notifications using VAPID.
  • Defining tests and linting workflows as part of the Cursor rules.
  • Seeking anti-pattern guidance to avoid insecure patterns.

Copyable .cursorrules Configuration

// Cursor Rules for: Web Push Notifications (Service Worker)
FRAMEWORK: Web Push Notifications
STACK: Service Worker JS, Push API, VAPID, Node server
ROLE & CONTEXT
You are Cursor AI assistant configured to generate a copyable .cursorrules file for a web push stack using a Service Worker and server for sending pushes. Output must be directly pasteable into a project root
CODE STYLE
Style: JavaScript with Airbnb style
LANGUAGE: JavaScript
REQUIREMENTS
Ensure consistent indentation, semicolon usage, and no global leakage
ARCHITECTURE
Project root contains public/service-worker.js, server/push/index.js, and tests. Use a clean module layout and avoid inlining secrets
AUTHENTICATION & SECURITY
Do not embed VAPID private keys in client code. Use server side storage and deliver public keys via an endpoint if needed
DATABASE PATTERNS
Client uses IndexedDB for caching; server uses a real database. Do not store sensitive data on the client
TESTING & LINTING
Unit tests for service worker logic; integration tests for push endpoints; CI includes lint, test, and build steps
PROHIBITED ACTIONS
Do not register service worker on non secure origin without user consent. Do not expose private VAPID keys in client code. Do not bypass user consent for push prompts.

Recommended Project Structure

project-root/
  public/
    index.html
    service-worker.js
  server/
    push/
      index.js
      vapid-keys.js
  tests/
    unit/
      sw.test.js
    integration/
      push.test.js

Core Engineering Principles

  • Minimize surface area and grant least privilege
  • Secure by default; explicit consent for push
  • Idempotent deployment and deterministic builds
  • Clear separation between client and server concerns
  • Observability with concise logging and metrics

Code Construction Rules

  • Follow the project structure and avoid forcing browser-side secrets
  • Register the service worker only after explicit user interaction
  • Do not cache or expose push payload data on the client
  • Use a server-side endpoint to fetch VAPID keys or public keys
  • Keep service worker logic modular and testable

Security and Production Rules

  • Serve over HTTPS; enforce CSP and strict transport security
  • Do not log sensitive payloads; sanitize messages before display
  • Keep VAPID private keys on the server; rotate keys regularly
  • Implement user consent prompts for push subscriptions and notifications

Testing Checklist

  • Unit tests for service worker listeners and message handlers
  • Integration tests for the push endpoint and VAPID flow
  • End-to-end tests for user permission prompts and notification rendering
  • CI checks for linting and type checking if typed JS is used

Common Mistakes to Avoid

  • Embedding private keys in client code
  • Assuming service workers work in insecure contexts
  • Ignoring user consent flows or failing to handle push subscription updates

FAQ

What is the purpose of this Cursor Rules Template?

It provides a copyable .cursorrules configuration and stack-specific guidance to implement web push notifications via a Service Worker, including security, testing, and deployment considerations.

Which stack components does this template cover?

This template targets a Service Worker based web push flow using the Push API, VAPID for server authentication, a Node.js backend for sending notifications, and client caching strategies with IndexedDB.

Where do I paste the .cursorrules file?

Place the pasted .cursorrules block in the project root as .cursorrules to be consumed by Cursor AI editor.

How should I handle VAPID keys securely?

Store VAPID keys on the server; never embed private keys in client code. Use environment variables and a secure fetch to retrieve public keys if needed.

What testing strategy does this template recommend?

Unit tests for service worker logic, integration tests for push endpoints, and end-to-end tests for user consent flows, using Jest, Playwright, or equivalent tools.