Cursor Rules Examples: 10 .cursorrules snippets you can use today

## Stack
- Language: TypeScript 5.x, strict mode enabled
- Framework: Next.js 15 App Router (not Pages Router)
- Styling: Tailwind CSS 4 — no inline styles
- Data: Prisma + PostgreSQL 16
- Package manager: pnpm — NEVER use npm or yarn

When in doubt about a library version, check package.json first.
Never add a dependency without listing it here first.

## Stack
- Language: Python 3.12+
- Framework: FastAPI with Pydantic v2 models
- Tests: pytest + pytest-asyncio
- Linter: ruff (not flake8 or pylint)
- Dependency manager: uv (not pip, not poetry)

Use type hints everywhere. Pydantic for all request/response shapes.
Return typed dicts or Pydantic models — never raw dicts from endpoints.

## Conventions
- Match the style of the file you're editing — don't impose a new style
- Pure functions in lib/ — side effects only at API/route boundaries
- Descriptive names: prefer `getUserByEmail` over `getUser`
- Comments explain WHY, not WHAT — delete comments that restate the code
- No dead code: delete it, don't comment it out
- Errors: throw typed errors, never swallow silently with empty catch blocks
- Imports: named exports preferred; no default exports in shared lib files

## Testing
- Every bug fix starts with a failing test that reproduces the bug
- New logic in lib/ ships with unit tests
- New API routes ship with at least one integration test
- NEVER delete or weaken a test to make CI pass — fix the code instead
- NEVER use `any` as a type to silence TypeScript errors
- Test file structure: describe → it → arrange/act/assert

## Guardrails — stop and surface a plan before:
- Adding any new npm/pip/go dependency
- Changing more than 5 files in a single task
- Touching auth, billing, migrations, or anything under infra/
- Adding any network calls, external API integrations, or telemetry
- Modifying database schema files

For each of these: write out what you plan to do and why, then wait for
approval before making changes.

## Security (non-negotiable)
- NEVER log secrets, tokens, passwords, or PII
- NEVER commit .env files or credentials to the repo
- Parameterized queries only — no string-interpolated SQL
- Validate and sanitize all external input at the boundary
- No new third-party network calls or data egress without explicit approval

## How to work
1. Restate the task in one sentence to confirm you understood
2. List the files you plan to touch and why
3. Make the smallest change that solves the problem
4. Run tests and lint before declaring done
5. Show a summary of what changed and why

If you get stuck after 2 attempts, stop. Write a short summary of where
you are and one specific question. Don't spiral.

## Definition of done
Before saying a task is complete, verify all of these:
[ ] Behavior matches the request exactly
[ ] All tests pass (no skips, no weakened assertions)
[ ] Lint and typecheck clean (zero errors, zero warnings)
[ ] Diff is minimal — no stray reformats or unrelated changes
[ ] No secrets, debug logs, or TODO comments left in

# .cursorrules — My SaaS Project

## Stack
TypeScript 5 strict · Next.js 15 App Router · Tailwind 4 · Prisma + Postgres 16
pnpm only — never npm or yarn
Vitest for unit tests, Playwright for e2e

## Project map
- src/app/         routes and server components
- src/lib/         pure business logic (test this hardest)
- src/db/          schema, migrations, queries
- src/components/  shared UI components

## Commands
- pnpm dev         dev server
- pnpm test        vitest
- pnpm lint        eslint + tsc --noEmit
Always run `pnpm lint` before declaring done.

## Conventions
Match the file. Pure functions in lib/. Typed errors. Comments = why.

## Testing
Bug fix = failing test first. Never weaken a test.

## Guardrails — ask first
New deps · >5 files · auth/billing/migrations/infra/ · any network call.

## Security
No secret logging. Parameterized SQL. Validate input at boundary.

## How to work
Restate → plan → smallest change → tests → summary.
Stuck? Stop and ask one specific question.

## Done when
[ ] behavior correct [ ] tests pass [ ] lint clean [ ] diff minimal

# .cursorrules — CLI Tool

## Stack
Python 3.12+ · Click for CLI · Rich for terminal output
pytest for tests · ruff for linting · uv for deps
No ORM — raw SQL via aiosqlite when DB needed

## Project map
- src/cli/      Click command groups
- src/core/     pure logic (no I/O, heavily tested)
- src/db/       query functions only (no schema logic here)
- tests/        mirrors src/ structure

## Commands
- uv run pytest          run tests
- uv run ruff check .    lint
- uv run ruff format .   format

## Conventions
Type hints everywhere. Pydantic for config/models. Never `Any`.
One function, one job. Raise typed exceptions, don't print and exit.

## Testing
Unit test everything in core/. Integration tests in tests/integration/.
Never mock what you can test for real.

## Guardrails — ask first
New pip deps · >4 files · touching DB schema.

## Done when
[ ] all tests pass [ ] ruff clean [ ] behavior correct [ ] no debug prints