Add 10 best-practices cursor rules for popular frameworks#173
Closed
ofershap wants to merge 4 commits intoPatrickJS:mainfrom
Closed
Add 10 best-practices cursor rules for popular frameworks#173ofershap wants to merge 4 commits intoPatrickJS:mainfrom
ofershap wants to merge 4 commits intoPatrickJS:mainfrom
Conversation
Added rules for: - Tailwind CSS v4 (CSS-first config, modern syntax) - TypeScript (strict mode, satisfies, discriminated unions) - Python 3.12+ (type hints, Pydantic v2, uv, pathlib) - FastAPI (async, dependency injection, Pydantic v2) - SvelteKit (Svelte 5 runes, load functions, form actions) - shadcn/ui (component patterns, forms, theming) - Drizzle ORM (schema design, type-safe queries) - Expo/React Native (Expo Router, EAS Build) - Vibe Guard (security guardrails for AI code) - Think First (plan-before-code behavior) Each focuses on what AI agents get wrong with these frameworks.
Contributor
|
No actionable comments were generated in the recent review. 🎉 📝 WalkthroughWalkthroughAdds ten new Cursor Rules files and updates the README to list them, covering SvelteKit/Svelte 5, shadcn/ui, Expo/React Native, Tailwind CSS v4, Drizzle ORM, FastAPI, TypeScript, Python 3.12+, planning (Think First), and Vibe Guard security guidelines. (46 words) Changes
Sequence Diagram(s)(Skipped — changes are additions of policy/rules files, not new multi-component control flow.) Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related issues
Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (4)
rules/python-312-best-practices-cursorrules-prompt-file/.cursorrules (1)
2-4: Remove template meta-comments from the rule file.These HTML comment lines are template authoring notes (
<!-- Rules here should CHANGE agent behavior... -->), not Python rules. Cursor passes.cursorrulesas raw text to the model — HTML comments are not stripped — so the agent will receive these as literal instructions about how to write rules rather than rules about Python itself. They add noise without contributing to Python 3.12+ guidance.🧹 Suggested cleanup
- -<!-- Rules here should CHANGE agent behavior, not teach knowledge. --> -<!-- Keep rules actionable and specific. --> -<!-- Example: "Before generating Tailwind classes, verify they exist in v4" --> - - Use modern Python 3.12+ type hint syntax: X | Y not Union[X, Y], list[str] not List[str]🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@rules/python-312-best-practices-cursorrules-prompt-file/.cursorrules` around lines 2 - 4, Remove the template HTML comment lines (e.g., "<!-- Rules here should CHANGE agent behavior, not teach knowledge. -->" and "<!-- Keep rules actionable and specific. -->") from the .cursorrules content so the agent doesn't receive authoring notes as literal instructions; keep only actionable Python 3.12+ rule entries and examples.rules/sveltekit-svelte5-best-practices-cursorrules-prompt-file/.cursorrules (1)
2-6: Add a$derivedrule to cover computed reactive values from Svelte 4.Line 2 mentions
$derivedin the opening list, but Line 6 only maps$:→$effect. In Svelte 4,$:served two purposes: computed/derived values ($: doubled = count * 2) and side effects ($: console.log(count)). Without an explicit rule, an agent reading Line 6 may reach for$effecteven when$derivedis the correct replacement.✏️ Suggested addition
Use $effect for side effects - never use $: reactive statements. +Use $derived for computed/derived values - never use $: for reactive variable declarations.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@rules/sveltekit-svelte5-best-practices-cursorrules-prompt-file/.cursorrules` around lines 2 - 6, Add an explicit rule mapping Svelte 4 computed reactive declarations to Svelte 5 $derived: update the .cursorrules to include a line that distinguishes computed `$:` usage from effect `$:` usage, e.g. state that `$: <computed>` → `$derived` (or refer to `$derived` for computed/derived values) in addition to the existing `$:` → `$effect` rule; locate the rules list that already mentions `$state`, `$derived`, `$effect` and add the computed-to-$derived mapping so agents know to use the `$derived` rune for computed values (not `$effect`).rules/vibe-guard-security-cursorrules-prompt-file/.cursorrules (1)
23-23: RLS guidance is too narrowly scoped to Supabase.Row-Level Security is a standard PostgreSQL feature available in any PostgreSQL deployment (RDS, GCP Cloud SQL, self-hosted, etc.). The
if using Supabase/Postgresqualifier could cause an agent to skip RLS consideration when the project uses plain PostgreSQL without Supabase.✏️ Suggested fix
-- Add Row-Level Security policies if using Supabase/Postgres +- Add Row-Level Security policies when using PostgreSQL (especially with Supabase or direct multi-tenant access)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@rules/vibe-guard-security-cursorrules-prompt-file/.cursorrules` at line 23, Replace the narrow guidance text "Add Row-Level Security policies if using Supabase/Postgres" with a broader instruction that RLS applies to all PostgreSQL deployments (e.g., Supabase, RDS, GCP Cloud SQL, self-hosted) so agents do not skip RLS for non-Supabase projects; update the phrasing wherever the string "Add Row-Level Security policies if using Supabase/Postgres" appears (or similar variants) to something like "Add Row-Level Security policies for PostgreSQL (including Supabase, RDS, Cloud SQL, self-hosted)" so it clearly includes all PostgreSQL environments.rules/tailwind-v4-best-practices-cursorrules-prompt-file/.cursorrules (1)
10-10: Minor wording imprecision on gradient renaming.The phrase "v4 prefers linear over gradient naming" implies
bg-gradient-*still exists but is discouraged. In reality,bg-gradient-*was renamed tobg-linear-*in v4 — it no longer exists as a valid class. Tightening the wording avoids giving agents the impression the old name is an acceptable fallback.✏️ Suggested wording fix
-For gradients, use bg-linear-to-r and bg-linear-45 (angle) - v4 prefers linear over gradient naming for directional gradients. +For gradients, use bg-linear-to-r and bg-linear-45 (angle) - v4 removed bg-gradient-* naming; bg-linear-* is the only valid syntax for directional linear gradients.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@rules/tailwind-v4-best-practices-cursorrules-prompt-file/.cursorrules` at line 10, Update the wording to state that the old directional gradient classes were renamed in v4 and are no longer valid: replace the phrase "v4 prefers linear over gradient naming" with a precise statement that classes like bg-gradient-* were renamed to bg-linear-* (e.g., bg-linear-to-r and bg-linear-45) and the bg-gradient-* variants no longer exist in v4 so agents should use bg-linear-* exclusively.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@README.md`:
- Around line 239-240: Move the two new entries "TypeScript Best Practices" and
"Python 3.12+ Best Practices" into the Language-Specific section so the list
remains alphabetically ordered within that category: place "Python 3.12+ Best
Practices" before "TypeScript Best Practices" and ensure both come after all
JavaScript entries (e.g., after "JavaScript/TypeScript Code Quality" and
"JavaScript (Chrome APIs)"), preserving the exact entry text and links.
- Around line 278-279: The "Think First (Plan Before Code)" and "Vibe Guard
(Security Guardrails)" entries in the "Other" section are out of alphabetical
order; move the `Think First (Plan Before Code)` entry (starts with T) and the
`Vibe Guard (Security Guardrails)` entry (starts with V) so they appear after
the `Next.js (Type LLM)` entry (N) and before the `Unity (C#)` entry (U),
preserving their relative order (T then V) to maintain alphabetical ordering in
the section.
- Around line 116-119: Move the "Expo/React Native Best Practices" entry out of
the Frontend Frameworks section and add it under the Mobile Development category
(replace or merge with the existing "React Native Expo" entry as appropriate);
then reorder the Frontend Frameworks list alphabetically so "shadcn/ui Best
Practices" appears before the SvelteKit entries (i.e., place "shadcn/ui Best
Practices" between the Solid.js entries and the Svelte entries), and if you
decide to keep "Expo/React Native" in Frontend Frameworks instead of moving it,
place it in alphabetical order near the top of that section (after "Cursor AI"
and before the first Next.js entry).
- Line 148: The README's Backend and Full-Stack alphabetical ordering is broken:
move the "FastAPI Best Practices" entry so it appears after the "ES Module"
entry and before "Go Backend Scalability"; locate the list containing "ES
Module", "FastAPI Best Practices", and "Go Backend Scalability" and reorder the
line with "FastAPI Best Practices" (the exact text "[FastAPI Best
Practices](./rules/fastapi-best-practices-cursorrules-prompt-file/.cursorrules)")
to the correct alphabetical position.
In `@rules/fastapi-best-practices-cursorrules-prompt-file/.cursorrules`:
- Line 2: Update the rule text "Use async def for I/O-bound endpoints and def
for CPU-bound. Never make all endpoints async or all sync." to remove the
absolute "Never make all endpoints async" claim and instead state that it's
acceptable to make all endpoints async when the code and drivers are
non-blocking (e.g., asyncpg, httpx); add a precise warning to avoid using async
def with blocking synchronous calls (e.g., time.sleep(), sync DB drivers) that
would block the event loop, and suggest choosing def vs async def per-endpoint
based on whether the implementation uses blocking or non-blocking I/O.
---
Nitpick comments:
In `@rules/python-312-best-practices-cursorrules-prompt-file/.cursorrules`:
- Around line 2-4: Remove the template HTML comment lines (e.g., "<!-- Rules
here should CHANGE agent behavior, not teach knowledge. -->" and "<!-- Keep
rules actionable and specific. -->") from the .cursorrules content so the agent
doesn't receive authoring notes as literal instructions; keep only actionable
Python 3.12+ rule entries and examples.
In `@rules/sveltekit-svelte5-best-practices-cursorrules-prompt-file/.cursorrules`:
- Around line 2-6: Add an explicit rule mapping Svelte 4 computed reactive
declarations to Svelte 5 $derived: update the .cursorrules to include a line
that distinguishes computed `$:` usage from effect `$:` usage, e.g. state that
`$: <computed>` → `$derived` (or refer to `$derived` for computed/derived
values) in addition to the existing `$:` → `$effect` rule; locate the rules list
that already mentions `$state`, `$derived`, `$effect` and add the
computed-to-$derived mapping so agents know to use the `$derived` rune for
computed values (not `$effect`).
In `@rules/tailwind-v4-best-practices-cursorrules-prompt-file/.cursorrules`:
- Line 10: Update the wording to state that the old directional gradient classes
were renamed in v4 and are no longer valid: replace the phrase "v4 prefers
linear over gradient naming" with a precise statement that classes like
bg-gradient-* were renamed to bg-linear-* (e.g., bg-linear-to-r and
bg-linear-45) and the bg-gradient-* variants no longer exist in v4 so agents
should use bg-linear-* exclusively.
In `@rules/vibe-guard-security-cursorrules-prompt-file/.cursorrules`:
- Line 23: Replace the narrow guidance text "Add Row-Level Security policies if
using Supabase/Postgres" with a broader instruction that RLS applies to all
PostgreSQL deployments (e.g., Supabase, RDS, GCP Cloud SQL, self-hosted) so
agents do not skip RLS for non-Supabase projects; update the phrasing wherever
the string "Add Row-Level Security policies if using Supabase/Postgres" appears
(or similar variants) to something like "Add Row-Level Security policies for
PostgreSQL (including Supabase, RDS, Cloud SQL, self-hosted)" so it clearly
includes all PostgreSQL environments.
README.md
Outdated
Comment on lines
+239
to
+240
| - [TypeScript Best Practices](./rules/typescript-best-practices-cursorrules-prompt-file/.cursorrules) - Cursor rules for modern TypeScript with strict mode, discriminated unions, satisfies operator, and exhaustive switch patterns. | ||
| - [Python 3.12+ Best Practices](./rules/python-312-best-practices-cursorrules-prompt-file/.cursorrules) - Cursor rules for modern Python with type hints (X | Y syntax), Pydantic v2, uv package manager, pathlib, and pyproject.toml. |
Contributor
There was a problem hiding this comment.
Alphabetical ordering violation in Language-Specific.
TypeScript Best Practices (T) and Python 3.12+ Best Practices (P) are prepended to the top of the section, but the section already opens with JavaScript/TypeScript Code Quality and JavaScript (Chrome APIs) — J precedes both P and T. These two new entries should be placed after all JavaScript entries and in their correct relative positions (P before T).
As per coding guidelines: "Maintain alphabetical order within each category."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@README.md` around lines 239 - 240, Move the two new entries "TypeScript Best
Practices" and "Python 3.12+ Best Practices" into the Language-Specific section
so the list remains alphabetically ordered within that category: place "Python
3.12+ Best Practices" before "TypeScript Best Practices" and ensure both come
after all JavaScript entries (e.g., after "JavaScript/TypeScript Code Quality"
and "JavaScript (Chrome APIs)"), preserving the exact entry text and links.
rules/fastapi-best-practices-cursorrules-prompt-file/.cursorrules
Outdated
Show resolved
Hide resolved
README.md: - Fix alphabetical ordering in Frontend Frameworks (shadcn/ui before Svelte) - Move SvelteKit (Svelte 5) to correct position among SvelteKit entries - Move Expo/React Native from Frontend to Mobile Development section - Move FastAPI Best Practices to correct alphabetical position (after ES Module) - Move Python 3.12+ and TypeScript entries after JavaScript in Language-Specific - Move Think First and Vibe Guard to correct alphabetical positions in Other - Reorder Tailwind CSS v4 and Drizzle ORM entries alphabetically Rule files: - FastAPI: replace "Never make all endpoints async" with precise async/blocking guidance - Python 3.12+: remove template HTML comments that get passed as literal text - SvelteKit: add explicit $derived rule for computed values (distinct from $effect) - Tailwind v4: clarify bg-gradient-* was removed, not just discouraged - Vibe Guard: broaden RLS guidance to all PostgreSQL deployments Co-authored-by: Cursor <cursoragent@cursor.com>
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@README.md`:
- Around line 164-165: The two README entries are out of alphabetical order;
move the "Expo/React Native Best Practices" entry so it appears before "React
Native Expo" (i.e., swap the positions of the lines containing "Expo/React
Native Best Practices" and "React Native Expo") to ensure entries are sorted
alphabetically within the category.
In `@rules/sveltekit-svelte5-best-practices-cursorrules-prompt-file/.cursorrules`:
- Around line 1-2: Remove the leading blank line at the start of the
.cursorrules file so the file begins immediately with the first rule text ("Use
Svelte 5 runes ($state, $derived, $effect) - never use Svelte 4 stores
(writable, readable) or reactive declarations ($:)."); simply delete the empty
first line so the first visible character in the file is the "U" of "Use Svelte
5 runes".
---
Duplicate comments:
In `@README.md`:
- Around line 241-243: The three list items are out of alphabetical order: move
"Python 3.12+ Best Practices" and "TypeScript Best Practices" so they come after
"Optimize (Rell Blockchain Code)" and are placed in their correct alphabetical
positions within their groups; locate the three list entries by their exact
titles ("Python 3.12+ Best Practices", "TypeScript Best Practices", "Optimize
(Rell Blockchain Code)") in README.md and reorder the lines so "Optimize (Rell
Blockchain Code)" (O) precedes the P and T entries, and then ensure the P and T
entries are sorted alphabetically relative to other P- and T-group entries.
README.md
Outdated
Comment on lines
+164
to
+165
| - [React Native Expo](./rules/react-native-expo-cursorrules-prompt-file/.cursorrules) - Cursor rules for React Native Expo development. | ||
| - [Expo/React Native Best Practices](./rules/expo-react-native-best-practices-cursorrules-prompt-file/.cursorrules) - Cursor rules for Expo Router, EAS Build, expo-image, secure storage, and config plugins. Stops agents from using deprecated patterns. |
Contributor
There was a problem hiding this comment.
Expo/React Native Best Practices should be listed before React Native Expo.
'E' sorts before 'R', so the new entry at line 165 should precede the existing React Native Expo entry at line 164.
🛠 Proposed fix
+- [Expo/React Native Best Practices](./rules/expo-react-native-best-practices-cursorrules-prompt-file/.cursorrules) - Cursor rules for Expo Router, EAS Build, expo-image, secure storage, and config plugins. Stops agents from using deprecated patterns.
- [React Native Expo](./rules/react-native-expo-cursorrules-prompt-file/.cursorrules) - Cursor rules for React Native Expo development.
-- [Expo/React Native Best Practices](./rules/expo-react-native-best-practices-cursorrules-prompt-file/.cursorrules) - Cursor rules for Expo Router, EAS Build, expo-image, secure storage, and config plugins. Stops agents from using deprecated patterns.As per coding guidelines: "Maintain alphabetical order within each category."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@README.md` around lines 164 - 165, The two README entries are out of
alphabetical order; move the "Expo/React Native Best Practices" entry so it
appears before "React Native Expo" (i.e., swap the positions of the lines
containing "Expo/React Native Best Practices" and "React Native Expo") to ensure
entries are sorted alphabetically within the category.
rules/sveltekit-svelte5-best-practices-cursorrules-prompt-file/.cursorrules
Outdated
Show resolved
Hide resolved
…ule files - Move Expo/React Native before React Native Expo (E before R) in Mobile section - Remove unnecessary leading blank lines from all 10 new .cursorrules files Co-authored-by: Cursor <cursoragent@cursor.com>
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@rules/vibe-guard-security-cursorrules-prompt-file/.cursorrules`:
- Line 4: The rule line "ALWAYS validate and sanitize user input before
processing - use Zod, Joi, or equivalent" is JavaScript-specific; replace the
JS library examples with language-agnostic wording (e.g., recommend "use an
appropriate schema/validation library for your language such as
Zod/Joi/Pydantic/cerberus or equivalent") so the security guardrail applies
across languages; update the rule text in the .cursorrules entry where that
sentence appears (the user-input validation rule) to remove JS-only wording and
mention "language-appropriate validation/sanitization" instead.
---
Duplicate comments:
In `@README.md`:
- Line 112: The README entry "[shadcn/ui Best
Practices](./rules/shadcn-ui-best-practices-cursorrules-prompt-file/.cursorrules)"
is incorrectly placed after the Solid.js entries; move this shadcn/ui line so it
appears alphabetically before the three "Solid.js" entries (i.e., insert it
directly above the first Solid.js entry) to restore correct alphabetical order
within the category.
- Around line 241-242: Remove the two entries "Python 3.12+ Best Practices" and
"TypeScript Best Practices" from their current position and insert "Python 3.12+
Best Practices" into the existing Python group (among the other Python entries)
in alphabetical order, and insert "TypeScript Best Practices" into the existing
TypeScript group (among the other TypeScript entries) in alphabetical order;
also ensure "Optimize (Rell Blockchain Code)" appears before "Python 3.12+ Best
Practices" so the overall category ordering remains alphabetical.
Mention Pydantic for Python alongside Zod/Joi for JS/TS since this is a general security guardrail, not JS-specific. Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adding cursor rules for 10 popular frameworks and tools. Each rule focuses on patterns that AI agents commonly get wrong, with specific do/don't guidance.
Rules added
Frontend Frameworks and Libraries:
Backend and Full-Stack:
CSS and Styling:
Database and API:
Language-Specific:
Other:
Each rule file is self-contained and follows the existing folder naming convention.
Made with Cursor
Summary by CodeRabbit