Add cursor-rules-pack: production-tested TypeScript rules

.cursor-plugin/marketplace.json

@@ -42,6 +42,11 @@
       "name": "cli-for-agent",
       "source": "cli-for-agent",
       "description": "Patterns for designing CLIs that coding agents can run reliably: flags, help with examples, pipelines, errors, idempotency, dry-run."
+    },
+    {
+      "name": "cursor-rules-pack",
+      "source": "cursor-rules-pack",
+      "description": "50 production-tested Cursor Rules for TypeScript/Next.js, Prisma, Stripe, Supabase \u2014 with error handling, state management, security, and AI behavior rules."
     }
   ]
-}
+}

cursor-rules-pack/.cursor-plugin/plugin.json

@@ -0,0 +1,30 @@
+{
+  "name": "cursor-rules-pack",
+  "displayName": "Cursor Rules Pack",
+  "version": "1.0.0",
+  "description": "50 production-tested Cursor Rules for TypeScript/Next.js, Prisma, Stripe, Supabase, and more. Includes rules for error handling, state management, security, and AI behavior \u2014 with before/after code examples.",
+  "author": {
+    "name": "OliviaCraft",
+    "email": "oliviacraftlat@gmail.com"
+  },
+  "homepage": "https://github.com/oliviacraft/cursor-rules-pack-sample",
+  "repository": "https://github.com/oliviacraft/cursor-rules-pack-sample",
+  "license": "MIT",
+  "keywords": [
+    "cursor-rules",
+    "typescript",
+    "nextjs",
+    "prisma",
+    "production",
+    "best-practices"
+  ],
+  "category": "developer-tools",
+  "tags": [
+    "rules",
+    "typescript",
+    "nextjs",
+    "security",
+    "error-handling"
+  ],
+  "rules": "./rules/"
+}

cursor-rules-pack/LICENSE

@@ -0,0 +1,17 @@
+MIT License
+
+Copyright (c) 2026 OliviaCraft
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

cursor-rules-pack/README.md

@@ -0,0 +1,41 @@
+# Cursor Rules Pack
+
+Production-tested Cursor Rules for TypeScript projects — covers the patterns that matter most when building real software.
+
+## Rules Included
+
+### Core (`rules/core.mdc`)
+- Dependency Discipline — evaluate packages before installing
+- Explicit Error Handling — typed errors, no silent failures
+- Comments Policy — explain WHY not WHAT
+- Naming Conventions — consistent, self-documenting
+- File Size Discipline — co-location and modularity
+
+### Next.js App Router (`rules/nextjs.mdc`)
+- Server Components First
+- State Management Hierarchy (URL → React → Zustand → React Query)
+- Parallel Data Fetching
+- Loading & Error States
+
+### Database & Backend (`rules/database.mdc`)
+- Database Query Safety — always use select
+- API Route Security — auth, validate, authorize, respond
+- Webhook Security — signatures, idempotency, async processing
+- Prisma Best Practices
+
+## Installation
+
+These rules are automatically available when you install this plugin in Cursor.
+
+Or copy individual `.mdc` files to your `.cursor/rules/` directory.
+
+## Full Pack
+
+This plugin includes a curated subset. The complete **Cursor Rules Pack v2** (50 rules with before/after examples) is available at:
+
+→ https://github.com/oliviacraft/cursor-rules-pack-sample  
+→ https://oliviacraftlat.gumroad.com/l/wyaeil ($27)
+
+## License
+
+MIT

cursor-rules-pack/rules/core.mdc

@@ -0,0 +1,22 @@
+---
+description: Core production rules — apply to all TypeScript projects
+globs: ["**/*.ts", "**/*.tsx"]
+alwaysApply: true
+---
+
+# Core Production Rules
+
+## Dependency Discipline
+Before suggesting a new npm package: (1) state what it does in one sentence, (2) confirm it's actively maintained (last publish < 6 months), (3) check if < 30 lines replaces it. Never add a dependency for a task under 20 lines of code.
+
+## Explicit Error Handling
+Always wrap async operations in try/catch. Never swallow errors silently. Log errors with context: `logger.error('[FunctionName] description', { error, context })`. Always provide user-facing error states in UI components.
+
+## Comments Policy
+Write self-documenting code first. Add comments only for: (1) non-obvious business logic — explain WHY not WHAT, (2) workarounds with issue links, (3) complex algorithms. Never comment what the code clearly does.
+
+## Naming Conventions
+PascalCase for components/types, camelCase for functions/variables, SCREAMING_SNAKE_CASE for constants, kebab-case for file names. Booleans start with `is`, `has`, `can`, or `should`. Be descriptive: `getUserByEmail` not `getUser`.
+
+## File Size Discipline
+Keep files under 200 lines. If a file grows beyond that, proactively suggest how to split it. Co-locate related files: keep a component's types, hooks, and utilities in the same folder.

cursor-rules-pack/rules/database.mdc

@@ -0,0 +1,21 @@
+---
+description: Database and backend rules — Prisma, API routes, webhooks
+globs: ["**/*.ts", "app/api/**/*", "lib/**/*"]
+alwaysApply: false
+---
+
+# Database & Backend Rules
+
+## Database Query Safety
+Never return full database records to the client — always use `select` to specify exactly which fields are needed. This prevents exposing password hashes, reset tokens, and sensitive fields.
+
+For queries that could return more than 50 rows, always add pagination (take/skip or cursor-based).
+
+## API Route Security
+Every API route must: (1) authenticate first — return 401 if no session, (2) validate body with Zod — return 400 with field errors if invalid, (3) authorize the action — verify the user can perform this operation, (4) return typed responses `{ data }` on success, `{ error }` on failure, (5) use correct HTTP status codes — never return 200 for errors.
+
+## Webhook Security
+Verify the signature in the first 3 lines of the handler — reject immediately if invalid. Respond with HTTP 200 within 5 seconds — offload processing to a background job. Implement idempotency using the event ID.
+
+## Prisma Best Practices
+Use transactions (db.$transaction) for operations that write to multiple tables. Every model needs: id (cuid default), createdAt, updatedAt. Add @@index for every foreign key and every WHERE clause field.

cursor-rules-pack/rules/nextjs.mdc

@@ -0,0 +1,24 @@
+---
+description: Next.js App Router rules — server components, state, data fetching
+globs: ["**/*.tsx", "app/**/*"]
+alwaysApply: false
+---
+
+# Next.js App Router Rules
+
+## Server Components First
+Default to server components. Add "use client" only when required by: event handlers, useState, useEffect, browser-only APIs. Always explain your choice when adding "use client". Use Server Actions for mutations.
+
+## State Management Hierarchy
+- URL state → filters, pagination, search (useSearchParams)
+- React state → UI-only, ephemeral (useState)
+- Zustand → cross-component app state
+- React Query → all server state
+
+Never use Zustand to cache server data. Never reach for Redux.
+
+## Parallel Data Fetching
+Identify and parallelize independent fetches. Never await sequentially when operations are independent — use Promise.all. When making a sequential await, add a comment explaining the dependency that forces it.
+
+## Loading & Error States
+Every async operation needs three states: loading, error, success. Use skeleton components (not spinners) for content loading. Error boundaries must show actionable messages — "Something went wrong" is not acceptable.