Cursor Rules Template for DDD in TypeScript with Cursor AI

Overview

The Cursor rules configuration is a Cursor AI editor instruction profile that guides Cursor AI in generating TypeScript code for a Domain-Driven Design (DDD) backend. This Cursor rules template is tailored for a DDD stack using TypeScript, hexagonal architecture, PostgreSQL, and JWT-based authentication. It enforces domain boundaries and safe AI-assisted development while remaining paste-friendly for project roots.

When to Use These Cursor Rules

Starting a new DDD-based TypeScript backend with Cursor AI support.
Enforcing strict domain boundaries across domain, application, and infrastructure layers.
Guiding AI-generated code to follow hexagonal architecture and repository patterns.
Configuring authentication, data access, and testing workflows with Cursor AI.
Ensuring safe, auditable AI-generated code that respects project conventions.

Copyable .cursorrules Configuration

.cursorrules
Framework: TypeScript
Stack: DDD + Cursor AI
Role & Context: You are a senior TypeScript engineer specializing in Domain-Driven Design. Build a backend with Node.js, TypeORM, PostgreSQL, and Cursor AI. Follow strict domain boundaries and hexagonal architecture.
CodeStyle: ESLint + Prettier, 4 spaces, strict TypeScript config
Architecture & Directory Rules: Hexagonal architecture, module-per-domain, clear domain boundaries between domain, application, and infra. Use src/domain, src/application, src/infra, src/interfaces, tests.
Authentication & Security Rules: JWT-based authentication (HS256); store secrets in environment variables; never hardcode secrets.
Database & ORM patterns: PostgreSQL with TypeORM; implement repository pattern; avoid raw SQL in domain; use parameterized queries.
Testing & Linting Workflows: Vitest for unit tests; integration tests with a test database; linting on commit; type-check in CI.
Prohibited Actions & Anti-patterns: Do not access infrastructure directly from domain; do not bypass domain boundaries; do not generate unsafe SQL strings; do not rely on runtime eval.

Recommended Project Structure

src/
  domain/
    order/
      aggregates/
      entities/
      value-objects/
  application/
  infrastructure/
    database/
      migrations/
      repositories/
  interfaces/
    http/
      controllers/
  tests/

Core Engineering Principles

Domain-first design: code and tests reflect the language of the domain model.
Strong typing: leverage TypeScript to enforce domain invariants at compile time.
Clear boundaries: strict separation between domain, application, and infrastructure.
Testability: design aggregates and services for deterministic unit tests and integration tests.
Safe AI-assisted development: Cursor AI should augment but not override domain rules.
Idempotent commands: make commands idempotent and theme-runner friendly.

Code Construction Rules

Use domain-driven patterns: aggregates, value objects, domain events, repositories.
Prefer explicit interfaces over concrete types across boundaries.
Value objects for identifiers and invariants; avoid primitive obsession.
DTOs for application services and API adapters; keep domain models pure.
Repository pattern for persistence; domain should not know about ORM internals.
Dependency injection: compose services in a central container; avoid new calls in domain logic.
Use TypeScript enums and discriminated unions for clarity in messages and events.
Documentation in inline comments only where it adds value; rely on types for understanding.

Security and Production Rules

Environment-based configuration: secrets loaded from env vars; never commit secrets.
JWT-based authentication with short-lived tokens; rotate refresh tokens securely.
Input validation and output encoding to prevent injection and XSS risks in APIs.
Parameterize queries; avoid string concatenation for SQL to prevent SQL injection.
Audit logging and error handling; avoid leaking sensitive information in errors.
TLS in transit; proper CORS and rate-limiting for public APIs.

Testing Checklist

Unit tests for domain objects and aggregates; verify invariants and edge cases.
Integration tests for repositories and adapters using a test database.
Contract tests for API boundaries; validate DTO transformations.
End-to-end tests for critical user flows (where applicable).
CI checks: type-check, lint, unit tests, and integration tests on PRs.

Common Mistakes to Avoid

Ignoring domain boundaries and letting infrastructure leak into domain code.
Overusing anemic domain models; missing rich behavior on aggregates.
Relying on ORM internals in domain or application layers.
Neglecting tests for domain invariants and event flows.
Hardcoding secrets or relying on unsafe code generation patterns.

FAQ

What is this Cursor rules template for DDD TypeScript?

A copyable Cursor rules configuration block and stack-specific guidance for building a DDD-based TypeScript backend with Cursor AI, Hexagonal Architecture, and PostgreSQL.

What stack does this template cover?

TypeScript backend, Domain-Driven Design, Hexagonal Architecture, PostgreSQL, TypeORM, JWT authentication, and Cursor AI guidelines for safe AI-assisted development.

How do I apply the .cursorrules block?

Copy the entire block from the Copyable .cursorrules Configuration section and paste it into a file named .cursorrules at your project root. Cursor AI will adhere to the rules during code generation.

What should I watch out for in production?

Keep strict type-checking, enforce API boundaries, secure authentication flows, and ensure domain events align with the domain model. Avoid anti-patterns like God objects and database-centric domain logic.

Who maintains these templates?

Suhas Bhairav maintains Cursor Rules Templates focusing on safe AI-assisted development and practical, stack-specific guidance.

DDD Domain-Driven Design TypeScript Cursor Rules Template for Cursor AI

Target User

Use Cases