Cursor AI Project Rules for Web Development

📌 About This Repository

This repository contains a set of Cursor AI rules specifically designed to enhance efficiency, enforce coding standards, and automate best practices for web developers, particularly those working with PHP, Drupal, JavaScript, and frontend frameworks.

These rules help Cursor AI assist developers by:

• Enforcing coding standards and best practices
• Ensuring tests and documentation remain up to date
• Detecting inefficiencies in AI query usage and improving response quality
• Providing automated suggestions for commit messages, dependencies, and performance optimisations

---

🚀 Who Is This For?

This repository is ideal for:

• PHP & Drupal developers following Drupal coding standards
• Web developers working with JavaScript, React, Vue, Tailwind, and other frontend technologies
• Software teams looking for a structured, automated workflow with Cursor AI
• Open-source contributors who want a standardized set of development rules

---

📥 Installation

Interactive Installation (Recommended)

For a fully interactive installation with prompts:

# Step 1: Download the installer
curl -s https://raw.githubusercontent.com/ivangrynenko/cursor-rules/main/install.php -o install.php

# Step 2: Run the installer interactively
php install.php

This two-step process ensures you get the interactive experience with:

• Prompts to choose which rule sets to install (Core, Web Stack, Python, or All)
• Option to remove the installer file after installation (defaults to yes)

Quick Non-Interactive Installation

For a quick installation without prompts (installs core rules only):

curl -s https://raw.githubusercontent.com/ivangrynenko/cursor-rules/main/install.php | php

or install rules by tag expression

curl -s https://raw.githubusercontent.com/ivangrynenko/cursor-rules/main/install.php | php -- --tags "language:javascript category:security"

⚠️ Note: When using the curl piping method above, interactive mode is not possible because STDIN is already being used for the script input. The installer will automatically default to installing core rules only.

Installation with Specific Options

To install with specific options and bypass the interactive mode:

curl -s https://raw.githubusercontent.com/ivangrynenko/cursor-rules/main/install.php | php -- [options]

For example, to install all rules:

curl -s https://raw.githubusercontent.com/ivangrynenko/cursor-rules/main/install.php | php -- --all

Installation Options

The installer supports the following options:

• --core: Install core rules only
• --web-stack or --ws: Install web stack rules (includes core rules)
• --python: Install Python rules (includes core rules)
• --all: Install all rules
• --yes or -y: Automatically answer yes to all prompts
• --destination=DIR: Install to a custom directory (default: .cursor/rules)
• --debug: Enable detailed debug output for troubleshooting installation issues
• --ignore-files <opt>: Control installation of .cursorignore files (yes, no, ask), default's to yes
• --help or -h: Show help message

.cursorignore Files

The installer can automatically add recommended .cursorignore and .cursorindexingignore files to your project. These files tell Cursor AI which files and directories to exclude from processing, which helps to:

• Improve performance by skipping large generated files, vendor directories, and node_modules
• Reduce noise in AI responses by focusing only on relevant project files
• Prevent unnecessary context from third-party code being included in AI prompts

The .cursorignore file ensures files are not indexed by Cursior and they are not read by Cursor or sent to the models for processing. This is a good setting for files that may contain secrets or other information you'd prefer to keep private. The .cursorindexingignore file is just for indexing and is there mainly for performance reasons.

By default, the installer will add these files (controlled by the --ignore-files option). You can:

• Set to yes (default): Always install ignore files
• Set to no: Never install ignore files
• Set to ask: Prompt during installation

If you need to modify the ignore patterns, you can edit the .cursorignore files manually after installation.

Troubleshooting Installation

If you encounter issues during installation, try running the installer with the debug option:

php install.php --debug

This will provide detailed information about what the installer is doing, which can help identify the source of any problems.

Common issues:

• If only core rules are installed when selecting other options, make sure your internet connection is working properly as the installer needs to download additional rules from GitHub.
• If you're behind a corporate firewall or proxy, you may need to configure PHP to use your proxy settings.

Examples

Install core rules only:

curl -s https://raw.githubusercontent.com/ivangrynenko/cursor-rules/main/install.php | php -- --core

Install web stack rules (includes core rules):

curl -s https://raw.githubusercontent.com/ivangrynenko/cursor-rules/main/install.php | php -- --web-stack
# Or using the shorter alias
curl -s https://raw.githubusercontent.com/ivangrynenko/cursor-rules/main/install.php | php -- --ws

Install all rules:

curl -s https://raw.githubusercontent.com/ivangrynenko/cursor-rules/main/install.php | php -- --all

Install to a custom directory:

curl -s https://raw.githubusercontent.com/ivangrynenko/cursor-rules/main/install.php | php -- --all --destination=my/custom/path

Tag-Based Selection

The installer now supports filtering rules by tags, allowing you to install only the rules relevant to your project:

# Install all JavaScript security rules
curl -s https://raw.githubusercontent.com/ivangrynenko/cursor-rules/main/install.php | php -- --tags "language:javascript category:security"

# Install all OWASP Top 10 rules for PHP
curl -s https://raw.githubusercontent.com/ivangrynenko/cursor-rules/main/install.php | php -- --tags "language:php standard:owasp-top10"

# Install all React-related rules
curl -s https://raw.githubusercontent.com/ivangrynenko/cursor-rules/main/install.php | php -- --tags "framework:react"

# Install rules matching multiple criteria with OR logic
curl -s https://raw.githubusercontent.com/ivangrynenko/cursor-rules/main/install.php | php -- --tags "language:javascript OR language:php"

Available tag presets:

• web: JavaScript, HTML, CSS, PHP
• frontend: JavaScript, HTML, CSS
• drupal: Drupal-specific rules
• react: React-specific rules
• vue: Vue-specific rules
• python: Python-specific rules
• security: Security-focused rules
• owasp: OWASP Top 10 rules
• a11y: Accessibility rules
• php-security: PHP security-focused rules
• js-security: JavaScript security-focused rules
• python-security: Python security-focused rules
• drupal-security: Drupal security-focused rules
• php-owasp: PHP OWASP Top 10 rules
• js-owasp: JavaScript OWASP Top 10 rules
• python-owasp: Python OWASP Top 10 rules
• drupal-owasp: Drupal OWASP Top 10 rules

See the TAG_STANDARDS.md file for detailed information about the tagging system.

Manual Installation

If you prefer to install manually:

1. Clone this repository:

   git clone https://github.com/ivangrynenko/cursor-rules.git

2. Copy the rules to your project:

   mkdir -p /path/to/your/project/.cursor/rules
   cp -r cursor-rules/.cursor/rules/* /path/to/your/project/.cursor/rules/

---

📜 Available Cursor Rules

Each rule is written in .mdc format and structured to enforce best practices in different aspects of development.

Core Rules

File Name	Purpose
cursor-rules.mdc	Defines standards for creating and organising Cursor rule files
git-commit-standards.mdc	Enforces structured Git commit messages with proper prefixes and formatting
github-actions-standards.mdc	Ensures GitHub Actions workflows follow best practices
improve-cursorrules-efficiency.mdc	Detects and optimises inefficient AI queries
pull-request-changelist-instructions.mdc	Guidelines for creating consistent pull request changelists in markdown format with proper code block formatting
readme-maintenance-standards.mdc	Ensures README documentation is comprehensive and up-to-date
testing-guidelines.mdc	Ensures proper testing practices and separation between test and production code

Web Development Rules

Frontend Development

File Name	Purpose
accessibility-standards.mdc	WCAG compliance and accessibility best practices
api-standards.mdc	RESTful API design and documentation standards
build-optimization.mdc	Webpack/Vite configuration and build process optimisation
javascript-performance.mdc	Best practices for optimising JavaScript performance
javascript-standards.mdc	Standards for JavaScript development in Drupal
node-dependencies.mdc	Node.js versioning and package management best practices
react-patterns.mdc	React component patterns and hooks usage guidelines
tailwind-standards.mdc	Tailwind CSS class organisation and best practices
vue-best-practices.mdc	Vue 3 and NuxtJS specific standards and optimisations

Backend Development

File Name	Purpose
php-drupal-best-practices.mdc	PHP & Drupal Development Standards and Best Practices
php-drupal-development-standards.mdc	Standards for PHP and Drupal development
drupal-database-standards.mdc	Database schema changes, migrations, and query optimisation
drupal-file-permissions.mdc	Drupal file permissions security standards
govcms-saas.mdc	Constraints and best practices for GovCMS Distribution projects
govcms-saas-project-documentation-creation.mdc	GovCMS SaaS Documentation Generator. This rule helps generate comprehensive technical documentation for GovCMS SaaS projects, automatically detecting frameworks and dependencies, and providing structured documentation that aligns with government standards.

Security Rules

File Name	Purpose
drupal-authentication-failures.mdc	Prevents authentication failures in Drupal
drupal-broken-access-control.mdc	Prevents broken access control vulnerabilities in Drupal
drupal-cryptographic-failures.mdc	Prevents cryptographic failures in Drupal applications
drupal-injection.mdc	Prevents injection vulnerabilities in Drupal
drupal-insecure-design.mdc	Prevents insecure design patterns in Drupal
drupal-integrity-failures.mdc	Prevents integrity failures in Drupal
drupal-logging-failures.mdc	Prevents logging failures in Drupal
drupal-security-misconfiguration.mdc	Prevents security misconfigurations in Drupal
drupal-ssrf.mdc	Prevents Server-Side Request Forgery in Drupal
drupal-vulnerable-components.mdc	Identifies and prevents vulnerable components in Drupal
javascript-broken-access-control.mdc	Prevents broken access control vulnerabilities in JavaScript applications
javascript-cryptographic-failures.mdc	Prevents cryptographic failures in JavaScript applications
javascript-injection.mdc	Prevents injection vulnerabilities in JavaScript applications
javascript-insecure-design.mdc	Prevents insecure design patterns in JavaScript applications
javascript-security-misconfiguration.mdc	Prevents security misconfigurations in JavaScript applications
javascript-vulnerable-outdated-components.mdc	Identifies and prevents vulnerable components in JavaScript applications
javascript-identification-authentication-failures.mdc	Prevents authentication failures in JavaScript applications
javascript-software-data-integrity-failures.mdc	Prevents software and data integrity failures in JavaScript applications
javascript-security-logging-monitoring-failures.mdc	Prevents logging and monitoring failures in JavaScript applications
javascript-server-side-request-forgery.mdc	Prevents Server-Side Request Forgery in JavaScript applications
security-practices.mdc	Security best practices for PHP, JavaScript, and Drupal
secret-detection.mdc	Detects and prevents secrets from being committed to code

DevOps & Infrastructure

File Name	Purpose
docker-compose-standards.mdc	Docker Compose standards
lagoon-docker-compose-standards.mdc	Standards for Lagoon Docker Compose configuration
lagoon-yml-standards.mdc	Standards for Lagoon configuration files and deployment workflows
vortex-cicd-standards.mdc	Standards for Vortex CI/CD and Renovate configuration
vortex-scaffold-standards.mdc	Standards for Vortex/DrevOps scaffold usage and best practices

Development Process

File Name	Purpose
code-generation-standards.mdc	Standards for code generation and implementation
debugging-standards.mdc	Standards for debugging and error handling
generic_bash_style.mdc	Enforce general Bash scripting standards with enhanced logging
multi-agent-coordination.mdc	Multi-agent coordination and workflow standards
project-definition-template.mdc	Template for defining project context
tests-documentation-maintenance.mdc	Require tests for new functionality and enforce documentation updates
third-party-integration.mdc	Standards for integrating external services
behat-steps.mdc	Documentation for available Behat testing steps in Drupal projects

Python Rules

File Name	Purpose
python-authentication-failures.mdc	Prevents authentication failures in Python
python-broken-access-control.mdc	Prevents broken access control vulnerabilities in Python
python-cryptographic-failures.mdc	Prevents cryptographic failures in Python applications
python-injection.mdc	Prevents injection vulnerabilities in Python
python-insecure-design.mdc	Prevents insecure design patterns in Python
python-integrity-failures.mdc	Prevents integrity failures in Python
python-logging-monitoring-failures.mdc	Prevents logging and monitoring failures in Python
python-security-misconfiguration.mdc	Prevents security misconfigurations in Python
python-ssrf.mdc	Prevents Server-Side Request Forgery in Python
python-vulnerable-outdated-components.mdc	Identifies and prevents vulnerable components in Python

---

🔧 Usage

In Cursor AI

Once installed, Cursor AI will automatically use these rules when working with your codebase. The rules will:

1. Provide Guidance: Offer suggestions and best practices when writing code
2. Enforce Standards: Flag code that doesn't meet the defined standards
3. Automate Repetitive Tasks: Generate boilerplate code, documentation, and tests
4. Improve Security: Identify potential security vulnerabilities
5. Optimise Performance: Suggest performance improvements

Rule Customisation

You can customise the rules by:

1. Editing Rule Files: Modify the .mdc files to match your project's specific requirements
2. Adding New Rules: Create new .mdc files following the same format
3. Disabling Rules: Remove or rename rule files you don't want to use

---

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

1. Fork the repository
2. Create your feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'feat: add some amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

Commit Message Standards

This project follows the Conventional Commits specification. Commit messages should be structured as follows:

<type>: <description>

[optional body]

[optional footer(s)]

Types include:

• fix: for bug fixes
• feat: for new features
• perf: for performance improvements
• docs: for documentation updates
• style: for frontend changes (SCSS, Twig, etc.)
• refactor: for code refactoring
• test: for adding or updating tests
• chore: for maintenance tasks

Example: feat: add support for Python security rules

---

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

---

🙏 Acknowledgements

• Cursor AI for the amazing AI-powered code editor
• All contributors who have helped improve these rules

---

📊 Benefits of Using These Rules

For Individual Developers

1. Consistency:

   • Maintain consistent coding style across projects
   • Reduce cognitive load when switching between tasks
   • Ensure best practices are followed even when under time pressure

2. Efficiency:

   • Automate repetitive coding tasks
   • Reduce time spent on boilerplate code
   • Get immediate feedback on code quality

3. Learning:

   • Learn best practices through contextual suggestions
   • Discover security vulnerabilities and how to fix them
   • Improve coding habits through consistent reinforcement

For Teams

1. Standardisation:

   • Enforce team-wide coding standards
   • Reduce code review friction
   • Maintain consistent documentation

2. Knowledge Sharing:

   • Codify team knowledge in rules
   • Reduce onboarding time for new team members
   • Share best practices automatically

3. Quality Assurance:

   • Catch common issues before they reach code review
   • Ensure security best practices are followed
   • Maintain high code quality across the team

For Organisations

1. Governance:

   • Enforce organisational standards
   • Ensure compliance with security requirements
   • Maintain consistent code quality across teams

2. Efficiency:

   • Reduce time spent on code reviews
   • Decrease technical debt accumulation
   • Streamline development processes

3. Knowledge Management:

   • Preserve institutional knowledge in rules
   • Simplified onboarding for new team members

Recommendations for Users

1. Selective Rule Usage:

   • Disable rules not relevant to your specific technology stack
   • Configure rule priorities based on your project's needs
   • Consider creating custom installation scripts that only install relevant rules

2. Performance Optimisation:

   • If experiencing slowdowns, review which rules are most frequently triggered
   • Consider disabling computationally expensive rules for very large files
   • Report performance issues so rule patterns can be optimised

3. Custom Rule Development:

   • When creating custom rules, follow the patterns established in existing rules
   • Use specific file filters to minimise unnecessary rule evaluation
   • Test new rules thoroughly in isolation before adding to the collection

Future Scalability Plans

While maintaining all rules in a single repository currently provides the best developer experience, we're preparing for potential future growth:

1. Enhanced Categorisation:

   • Rules include clear language/framework tagging with a structured hierarchical system (As seen in the OWASP Top Ten Rules):
     • language:php - Explicitly identifies the programming language
     • framework:drupal - Specifies the framework or CMS
     • category:security - Defines the primary functional category
     • subcategory:injection - Provides more granular categorisation (e.g., injection, authentication)
     • standard:owasp-top10 - Identifies the security standard being applied
     • risk:a01-broken-access-control - Specifies the exact risk identifier
   • This tagging system enables selective installation based on language, framework, or security concern
   • Installation scripts can target specific categories (e.g., only install PHP rules or only OWASP rules)

2. Modular Design:

   • Rule file structure supports potential future separation
   • Consistent naming conventions facilitate organisation

3. Monitoring and Feedback:

   • Repository growth and performance impacts are monitored
   • User feedback helps identify optimisation opportunities

If you encounter any issues with rule management or have suggestions for improving organisation, please submit an issue or pull request.