Cursor Rules TemplatesCursor Rules Template

Cursor Rules Template: Physiotherapy Treatment Progress Summary App

Cursor Rules Template for building physiotherapy treatment progress summary apps with Cursor AI integration.

cursor-rules-templatephysiotherapytreatment-progresscursor-aiclinicspostgresqlnextjstypescriptdata-privacyaudit-logs

Target User

Developers building physiotherapy clinic treatment progress summary apps using Cursor AI

Use Cases

  • Building patient progress dashboards
  • Auto-generated progress notes
  • Clinician-friendly summaries from structured data
  • Data validation and privacy controls

Markdown Template

Cursor Rules Template: Physiotherapy Treatment Progress Summary App

Framework: Next.js + TypeScript
Context: You are a software engineer building a physiotherapy treatment progress summary app. The app stores patient data in PostgreSQL with tables patients, sessions, progress_entries. You must ensure privacy, audit logs, and clinician workflows. Cursor AI should enforce stack-specific rules while assisting engineering tasks.
Role: Developer Assistant for Cursor AI in a physiotherapy clinic stack
CodeStyle: TypeScript strict, ESLint + Prettier, commit message guidelines
Architecture: Monorepo with apps/web (Next.js UI), apps/api (Node.js API), libs/db (PostgreSQL access), libs/auth (OAuth/JWT utilities), libs/ui (shared components)
Authentication: JWT-based sessions; OAuth2 for clinicians or clinic staff
Database & ORM patterns: PostgreSQL with normalized schema; use foreign keys; avoid storing PII in logs; use prepared statements
Testing & Linting Workflows: Jest for unit tests, Playwright for end-to-end tests; GitHub Actions CI with lint/test steps
Prohibited Actions and Anti-patterns: Do not bypass auth; Do not log PII; Do not call external APIs with patient data without consent; Do not store raw patient data in production logs; Do not use client-side data as the sole source of truth
Anti-patterns: Avoid client-only data fetching for protected data; Avoid dynamic SQL without parameterization
Notes: Cursor tokens should not generate or reveal clinical diagnoses without clinician confirmation.

Overview

Cursor rules configuration for building a physiotherapy treatment progress summary app with Cursor AI. This template targets a Next.js + TypeScript frontend, a Node.js API, and a PostgreSQL database, providing policy-driven guidance for data models, privacy, authentication, and clinician-focused summaries in a clinical workflow.

Direct summary: This Cursor Rules Template encodes stack-specific rules for architecture, security, and data handling so AI-assisted development remains safe and auditable in a physiotherapy clinic context.

When to Use These Cursor Rules

  • When building patient progress dashboards that clinicians can read during sessions.
  • When auto-generating progress notes from structured session data with enforced privacy constraints.
  • When you need RBAC checks to restrict access to PII and clinical data.
  • When aiming for auditable data flows and reproducible builds in healthcare software.

Copyable .cursorrules Configuration

Framework: Next.js + TypeScript
Context: You are a software engineer building a physiotherapy treatment progress summary app. The app stores patient data in PostgreSQL with tables patients, sessions, progress_entries. You must ensure privacy, audit logs, and clinician workflows. Cursor AI should enforce stack-specific rules while assisting engineering tasks.
Role: Developer Assistant for Cursor AI in a physiotherapy clinic stack
CodeStyle: TypeScript strict, ESLint + Prettier, commit message guidelines
Architecture: Monorepo with apps/web (Next.js UI), apps/api (Node.js API), libs/db (PostgreSQL access), libs/auth (OAuth/JWT utilities), libs/ui (shared components)
Authentication: JWT-based sessions; OAuth2 for clinicians or clinic staff
Database & ORM patterns: PostgreSQL with normalized schema; use foreign keys; avoid storing PII in logs; use prepared statements
Testing & Linting Workflows: Jest for unit tests, Playwright for end-to-end tests; GitHub Actions CI with lint/test steps
Prohibited Actions and Anti-patterns: Do not bypass auth; Do not log PII; Do not call external APIs with patient data without consent; Do not store raw patient data in production logs; Do not use client-side data as the sole source of truth
Anti-patterns: Avoid client-only data fetching for protected data; Avoid dynamic SQL without parameterization
Notes: Cursor tokens should not generate or reveal clinical diagnoses without clinician confirmation.

Recommended Project Structure

apps/
  web/       # Next.js frontend for physiotherapy clinics
  api/       # Node.js API backend for clinical data and auth
libs/
  db/        # PostgreSQL data access and query helpers
  auth/      # JWT/OAuth utilities and middleware
  ui/        # Shared UI components and forms
scripts/
tests/

Core Engineering Principles

  • Data privacy by design: restrict access to PII and audit data.
  • Strong typing and explicit contracts across API surfaces and data models.
  • Defense in depth: layered authentication, authorization, and input validation.
  • Observability: structured logging with redaction and end-to-end testing.
  • Deterministic builds and reproducible deployments via a monorepo structure.
  • Safe AI-assisted development: guardrails, validation, and audit trails for AI outputs.

Code Construction Rules

  • Use TypeScript types for all request/response shapes and DTOs.
  • All database writes must occur inside a transaction with error handling.
  • Use parameterized queries to prevent SQL injection and enforce schema boundaries.
  • Model patient progress with clear tables: patients, sessions, progress_entries, with proper FK relationships.
  • Endpoints enforce RBAC by role (clinician, admin, support) before data access.
  • Logs must redact PII and rely on IDs, not raw patient data, for traceability.
  • Environment-specific configuration via secrets manager; never hard-code credentials.
  • Testing: unit tests for domain logic, integration tests for DB access, and E2E tests for clinician workflows.
  • Do not embed private keys, tokens, or credentials in code or the .cursorrules block.

Security and Production Rules

  • Transport: TLS everywhere; enforce secure cookies and CSRF protection where applicable.
  • Auth: short-lived access tokens, refresh tokens, and periodic rotation; protect API routes with RBAC.
  • Data protection: encrypt sensitive data at rest; minimize exposure of PII in logs and UI.
  • Observability: centralized logging with redaction and audit trails for data access events.
  • Deployment: feature flags for safe rollout, immutable builds, and blue/green deployments.
  • Secrets: store in a dedicated secrets manager; never commit secrets to VCS.

Testing Checklist

  • Unit tests for domain rules and data validation.
  • Integration tests for API endpoints and DB transactions.
  • End-to-end tests simulating clinician workflows with Playwright.
  • Static analysis and type checks in CI; linting with Prettier.
  • Security tests for auth, RBAC, and data redaction in logs.
  • Performance checks on common queries for patient progress data.

Common Mistakes to Avoid

  • Assuming client-side code is enough for protecting patient data.
  • Storing raw PII in logs or analysis outputs.
  • Skipping authorization checks on API endpoints.
  • Hard-coding secrets or connecting to external services without consent.
  • Over-fetching patient data or bypassing pagination and filtering.

Related implementation resources: AI Use Case for Medical Practices Using Outlook To Prioritize Urgent Patient Emails Over Routine Inquiries and Why authorization checks belong in AI coding instructions for production-grade systems.

FAQ

What is a Cursor Rules Template for physiotherapy apps?

A Cursor Rules Template is a copyable .cursorrules configuration that instructs Cursor AI on how to operate within a physiotherapy treatment progress summary app, including data models, privacy constraints, and integration patterns.

Which stack does this template cover?

It targets a Next.js + TypeScript frontend, a Node.js API, PostgreSQL database, and Cursor AI integration, with clear authentication, data models, and testing workflows.

How do I use the .cursorrules block?

Copy the provided block into a file named .cursorrules at your project root. Cursor AI reads the block to enforce stack-specific rules during content generation and coding tasks.

How does this template handle patient data privacy?

Rules enforce role-based access, data minimization, audit trails, and redaction patterns. The configuration prohibits exposing PII in logs or outputs and requires secure data handling.

Can I customize for other stacks?

Yes. Modify the Framework Context, Architecture rules, and database patterns in the header of the .cursorrules file to fit your stack while maintaining Cursor safety guidelines.