[{"_1":2,"_77":-5,"_78":-5},"loaderData",{"_3":4,"_7":8},"root",{"_5":6},"gaMeasurementId","G-LQYTSH5Y0M","routes/skill.$id",{"_9":10,"_51":52,"_70":-5,"_71":72,"_75":76},"skill",{"_11":12,"_13":14,"_15":16,"_17":18,"_19":20,"_21":22,"_23":24,"_25":26,"_27":28,"_29":30,"_31":32,"_33":34,"_35":34,"_36":37,"_38":34,"_39":40,"_41":42,"_43":44,"_45":-5,"_46":-5,"_47":48,"_49":30,"_50":22},"id","64253ca7-307e-4531-a73d-b9b0cf02ed76","title","Monity Web Application - Cursor Rules","description","Monity is a full-stack personal finance management application with AI-powered transaction categorization, collaborative expense splitting, and financial health insights. Built with React and Node.js following MVC architecture.","content","# Monity Web Application - Cursor Rules\n\n## Project Overview\nMonity is a full-stack personal finance management application with AI-powered transaction categorization, collaborative expense splitting, and financial health insights. Built with React and Node.js following MVC architecture.\n\n## Tech Stack\n\n### Backend\n- **Runtime**: Node.js 18+\n- **Framework**: Express.js with MVC architecture\n- **Database**: PostgreSQL via Supabase\n- **Authentication**: JWT with Supabase Auth\n- **AI/ML**: Custom Naive Bayes classifier with NLP (natural, compromise, stopword, ml-naivebayes)\n- **Payment Processing**: Stripe API\n- **Caching**: LRU cache (in-memory)\n- **Scheduling**: node-cron for automated tasks\n- **Security**: helmet, rate limiting (express-rate-limit), encryption middleware, input validation (joi), XSS protection\n- **Testing**: Jest + Supertest\n\n### Frontend\n- **Framework**: React 19\n- **Build Tool**: Vite 6\n- **Styling**: Tailwind CSS 4\n- **State Management**: React Context + TanStack React Query v5\n- **Routing**: React Router v7\n- **Charts**: react-chartjs-2\n- **i18n**: react-i18next (English & Portuguese)\n- **Performance**: react-window for virtualization, lazy loading\n- **Analytics**: Vercel Analytics & Speed Insights\n- **Testing**: Vitest + Testing Library\n\n### Infrastructure\n- **Database & Auth**: Supabase\n- **API**: RESTful with versioning (/api/v1)\n- **CI/CD**: AWS deployment ready\n\n## Project Structure\n\n### Backend Structure\n```\nbackend/\n├── server.js # Application entry point\n├── config/ # Environment & database config\n│ ├── supabase.js # Supabase client setup\n│ └── stripe.js # Stripe configuration\n├── models/ # Data models (User, Transaction, Category, etc.)\n├── controllers/ # Request handlers\n│ ├── authController.js\n│ ├── transactionController.js\n│ ├── categoryController.js\n│ ├── groupController.js\n│ ├── savingsGoalController.js\n│ ├── aiController.js\n│ ├── adminController.js\n│ └── index.js # Controller initialization\n├── services/ # Business logic layer\n│ ├── smartCategorizationService.js # AI categorization\n│ ├── aiSchedulerService.js # Scheduled transactions\n│ ├── expenseSplittingService.js # Group expense logic\n│ ├── financialHealthService.js # Financial scoring\n│ ├── scheduledTransactionService.js\n│ └── index.js\n├── routes/ # API endpoint definitions\n│ ├── auth.js\n│ ├── transactions.js\n│ ├── categories.js\n│ ├── groups.js\n│ ├── savingsGoals.js\n│ └── index.js # Route aggregation\n├── middleware/ # Cross-cutting concerns\n│ ├── auth.js # JWT authentication\n│ ├── validation.js # Input validation\n│ ├── encryption.js # Data encryption\n│ ├── errorHandler.js # Error handling\n│ ├── rateLimiter.js # Rate limiting\n│ └── index.js\n├── utils/ # Helper functions\n│ ├── logger.js # Winston logger\n│ ├── helpers.js # Utility functions\n│ └── constants.js # App constants\n├── migrations/ # Database migrations\n└── __tests__/ # Backend test suite\n```\n\n### Frontend Structure\n```\nfrontend/src/\n├── App.jsx # Main router & layout\n├── components/ # React components\n│ ├── auth/ # Login, Signup, etc.\n│ ├── dashboard/ # Dashboard views\n│ ├── transactions/ # Transaction management\n│ ├── groups/ # Expense splitting\n│ ├── settings/ # Settings & preferences\n│ ├── admin/ # Admin dashboard\n│ ├── ai/ # AI features\n│ ├── cashFlow/ # Cash flow calendar\n│ ├── ui/ # Reusable UI components\n│ └── index.js # Component exports\n├── context/ # Global state\n│ └── AuthContext.jsx # Auth state management\n├── hooks/ # Custom React hooks\n│ ├── usePageTracking.js # Analytics\n│ └── useLazyComponentPreloader.js\n├── utils/ # Utilities\n│ ├── api.js # API client\n│ ├── supabase.js # Supabase client\n│ └── i18n/ # Translations (en, pt)\n└── styles/ # Global styles\n```\n\n## Architecture Guidelines\n\n### MVC Pattern\nFollow strict separation of concerns:\n- **Models**: Handle data structure, validation, and database operations\n- **Controllers**: Process HTTP requests, coordinate models/services, format responses\n- **Routes**: Define API endpoints, apply middleware chains\n- **Services**: Contain complex business logic and algorithms\n- **Middleware**: Handle authentication, validation, logging, errors\n\n### Controllers\n- Accept Supabase client via dependency injection\n- Use `asyncHandler` wrapper for async methods\n- Return consistent JSON responses: `{ success, data, message, pagination }`\n- Handle errors with appropriate HTTP status codes\n- Never directly access database (use models)\n- Validate inputs before processing\n\n### Services\n- Implement reusable business logic\n- Independent of HTTP layer\n- Should be testable in isolation\n- Use dependency injection for external dependencies\n- Handle complex algorithms (AI, financial calculations, splitting)\n- Coordinate multiple models when needed\n\n### Models\n- One model per database table/resource\n- Implement CRUD operations\n- Handle data validation\n- Manage database queries via Supabase\n- Return plain objects (not class instances)\n- Handle encryption/decryption when needed\n\n### Routes\n- RESTful endpoint design\n- Apply middleware at appropriate levels (global, route-level, endpoint-specific)\n- Use proper HTTP methods (GET, POST, PUT, DELETE)\n- Implement pagination: `?page=1&limit=10`\n- Support filtering and sorting\n- Versioned: `/api/v1/resource`\n\n## Coding Standards\n\n### JavaScript/JSX Style\n- Use ES6+ features (const/let, arrow functions, destructuring, async/await)\n- Prefer named exports over default exports\n- Use PascalCase for components, camelCase for functions/variables\n- 2-space indentation\n- Semicolons required\n- Async/await over promises chains\n\n### React Patterns\n```jsx\n// Component structure\nimport React, { useState, useEffect, useCallback } from 'react';\nimport { useAuth } from '../context/AuthContext';\nimport API from '../utils/api';\n\nconst ComponentName = ({ prop1, prop2 }) => {\n const { user } = useAuth();\n const [state, setState] = useState(null);\n \n useEffect(() => {\n // Side effects\n }, [dependencies]);\n \n const handleAction = useCallback(async () => {\n try {\n const response = await API.post('/endpoint', data);\n setState(response.data);\n } catch (error) {\n console.error('Error:', error);\n }\n }, [dependencies]);\n \n return (\n

\n {/* JSX */}\n

\n );\n};\n\nexport default React.memo(ComponentName);\n```\n\n### Backend Patterns\n```javascript\n// Controller pattern\nclass ResourceController {\n constructor(supabase) {\n this.supabase = supabase;\n this.model = new ResourceModel(supabase);\n this.service = new ResourceService(supabase);\n }\n\n getAll = asyncHandler(async (req, res) => {\n const userId = req.user.id;\n const { page = 1, limit = 10 } = req.query;\n \n const data = await this.model.findByUser(userId, { page, limit });\n const total = await this.model.countByUser(userId);\n \n res.status(200).json({\n success: true,\n data,\n pagination: {\n page: parseInt(page),\n limit: parseInt(limit),\n total,\n pages: Math.ceil(total / limit)\n }\n });\n });\n}\n```\n\n### Error Handling\n```javascript\n// Backend\nthrow new Error('Descriptive error message');\n\n// Frontend\ntry {\n await operation();\n toast.success('Operation successful');\n} catch (error) {\n console.error('Operation failed:', error);\n toast.error(error.message || 'Operation failed');\n}\n```\n\n## Security Best Practices\n\n### Authentication & Authorization\n- All protected routes require JWT via `authenticate` middleware\n- Check user ownership: `userId === req.user.id`\n- Admin routes use `requireRole('admin')` middleware\n- Premium features check `subscriptionTier === 'premium'`\n- Never trust client-side data, always validate server-side\n\n### Data Protection\n- Use encryption middleware for sensitive data\n- Implement Row Level Security (RLS) in Supabase\n- Validate all inputs with Joi schemas\n- Sanitize user input to prevent XSS\n- Rate limit sensitive endpoints (auth, payments)\n- Use helmet for security headers\n\n### API Security\n```javascript\n// Apply rate limiting\nrouter.use('/auth', rateLimiter.authLimiter);\nrouter.use('/api', rateLimiter.apiLimiter);\n\n// Authentication middleware\nrouter.use(middleware.auth.authenticate);\n\n// Input validation\nrouter.post('/', validationMiddleware.validateBody(schema), controller.create);\n```\n\n## Performance Optimization\n\n### Frontend\n- Lazy load routes and heavy components with `React.lazy()`\n- Use `React.memo()` for expensive components\n- Implement virtualization with `react-window` for long lists\n- Preload critical components after initial render\n- Optimize images and assets\n- Use TanStack Query for caching and data synchronization\n- Implement proper loading states and skeletons\n\n### Backend\n- Use LRU cache for frequently accessed data\n- Implement pagination for large datasets\n- Use database indexes on frequently queried fields\n- Enable gzip compression\n- Optimize Supabase queries (select specific fields, use filters)\n- Background jobs for heavy operations (AI training, reports)\n\n## Testing Standards\n\n### Backend Tests\n```javascript\n// Unit test example\ndescribe('ResourceController', () => {\n let controller;\n \n beforeEach(() => {\n controller = new ResourceController(mockSupabase);\n });\n \n it('should return all resources for user', async () => {\n const req = { user: { id: 'user-123' }, query: {} };\n const res = mockResponse();\n \n await controller.getAll(req, res);\n \n expect(res.status).toHaveBeenCalledWith(200);\n expect(res.json).toHaveBeenCalledWith({\n success: true,\n data: expect.any(Array)\n });\n });\n});\n```\n\n### Frontend Tests\n```javascript\n// Component test example\nimport { render, screen, waitFor } from '@testing-library/react';\nimport userEvent from '@testing-library/user-event';\n\ntest('renders component and handles interaction', async () => {\n render();\n \n const button = screen.getByRole('button', { name: /submit/i });\n await userEvent.click(button);\n \n await waitFor(() => {\n expect(screen.getByText(/success/i)).toBeInTheDocument();\n });\n});\n```\n\n## Environment Configuration\n\n### Backend (.env)\n```env\n# Supabase\nSUPABASE_URL=your_supabase_url\nSUPABASE_KEY=your_service_role_key\nSUPABASE_ANON_KEY=your_anon_key\n\n# Server\nPORT=3000\nNODE_ENV=development\n\n# Security\nJWT_SECRET=your_jwt_secret\nENCRYPTION_KEY=your_encryption_key\n\n# Stripe\nSTRIPE_SECRET_KEY=sk_test_...\nSTRIPE_WEBHOOK_SECRET=whsec_...\n\n# Frontend URL\nCLIENT_URL=http://localhost:5173\n```\n\n### Frontend (.env)\n```env\nVITE_SUPABASE_URL=your_supabase_url\nVITE_SUPABASE_ANON_KEY=your_anon_key\nVITE_API_URL=http://localhost:3000\nVITE_STRIPE_PUBLIC_KEY=pk_test_...\n```\n\n## API Design Standards\n\n### RESTful Endpoints\n```\nGET /api/v1/resource # List all\nGET /api/v1/resource/:id # Get one\nPOST /api/v1/resource # Create\nPUT /api/v1/resource/:id # Update\nDELETE /api/v1/resource/:id # Delete\n\n# Nested resources\nGET /api/v1/groups/:id/members # List group members\nPOST /api/v1/groups/:id/expenses # Create group expense\n```\n\n### Response Format\n```json\n// Success\n{\n \"success\": true,\n \"data\": {...},\n \"message\": \"Optional success message\",\n \"pagination\": {\n \"page\": 1,\n \"limit\": 10,\n \"total\": 100,\n \"pages\": 10\n }\n}\n\n// Error\n{\n \"success\": false,\n \"message\": \"Error description\",\n \"errors\": [\"validation error 1\", \"validation error 2\"],\n \"code\": \"ERROR_CODE\"\n}\n```\n\n### HTTP Status Codes\n- 200: Success (GET, PUT, DELETE)\n- 201: Created (POST)\n- 400: Bad Request (validation errors)\n- 401: Unauthorized (not authenticated)\n- 403: Forbidden (insufficient permissions)\n- 404: Not Found\n- 409: Conflict (duplicate resource)\n- 422: Unprocessable Entity (business logic error)\n- 429: Too Many Requests (rate limit)\n- 500: Internal Server Error\n\n## Database Conventions\n\n### Supabase Patterns\n```javascript\n// Query with RLS (as user)\nconst { data, error } = await supabase\n .from('transactions')\n .select('*')\n .eq('user_id', userId)\n .order('date', { ascending: false })\n .range(offset, offset + limit - 1);\n\n// Insert\nconst { data, error } = await supabase\n .from('transactions')\n .insert({ ...transactionData, user_id: userId })\n .select()\n .single();\n\n// Update\nconst { data, error } = await supabase\n .from('transactions')\n .update(updates)\n .eq('id', id)\n .eq('user_id', userId)\n .select()\n .single();\n\n// Delete\nconst { error } = await supabase\n .from('transactions')\n .delete()\n .eq('id', id)\n .eq('user_id', userId);\n```\n\n### Table Naming\n- Use snake_case for table and column names\n- Plural table names: `transactions`, `categories`, `users`\n- Foreign keys: `user_id`, `category_id`\n- Timestamps: `created_at`, `updated_at`\n\n## Internationalization (i18n)\n\n### Translation Keys\n```javascript\n// Usage in React\nimport { useTranslation } from 'react-i18next';\n\nconst Component = () => {\n const { t } = useTranslation();\n \n return

{t('dashboard.welcome')}

;\n};\n\n// Translation files structure\n// frontend/src/utils/i18n/locales/en.json\n// frontend/src/utils/i18n/locales/pt.json\n```\n\n### Supported Languages\n- English (en) - Default\n- Portuguese (pt-BR)\n\n## Feature-Specific Guidelines\n\n### AI Categorization\n- Use `smartCategorizationService` for ML predictions\n- Train model with user feedback via `/ai/feedback`\n- Cache categorization results\n- Provide confidence scores\n- Allow manual override\n\n### Expense Splitting\n- Use `expenseSplittingService` for calculations\n- Support equal and percentage-based splits\n- Track settlements and balances\n- Generate invitation links for groups\n- Handle currency consistently\n\n### Financial Health\n- Calculate scores based on income/expense ratio, savings rate, and budget adherence\n- Update scores when transactions change\n- Provide personalized insights\n- Track trends over time\n\n### Scheduled Transactions\n- Use node-cron for recurring transactions\n- Support frequencies: daily, weekly, biweekly, monthly, yearly\n- Allow modification and deletion\n- Track execution history\n\n### Analytics\n- Track key events: page views, transactions, AI usage\n- Respect user consent (GDPR compliant)\n- Use Vercel Analytics for frontend metrics\n- Implement custom event tracking\n\n## Git Workflow\n\n### Commit Message Format\n```\nfeat: add new feature\nfix: fix bug in component\nrefactor: restructure code\ndocs: update documentation\ntest: add tests\nstyle: formatting changes\nperf: performance improvement\nchore: maintenance tasks\n```\n\n### Branch Naming\n- `feature/feature-name` - New features\n- `fix/bug-description` - Bug fixes\n- `refactor/component-name` - Code refactoring\n- `docs/update-readme` - Documentation updates\n\n## Common Patterns\n\n### Loading States\n```jsx\nconst [loading, setLoading] = useState(true);\n\nif (loading) return ;\n```\n\n### Error Boundaries\n```jsx\nimport ErrorBoundary from './components/ui/ErrorBoundary';\n\n\n \n\n```\n\n### Protected Routes\n```jsx\nimport { ProtectedRoute, AdminRoute, PremiumRoute } from './App';\n\n\n \n \n} />\n```\n\n### Toast Notifications\n```javascript\nimport { toast } from 'react-toastify';\n\ntoast.success('Operation successful');\ntoast.error('Operation failed');\ntoast.info('Information message');\ntoast.warning('Warning message');\n```\n\n### API Client\n```javascript\nimport API from '../utils/api';\n\n// GET\nconst response = await API.get('/transactions');\n\n// POST\nconst response = await API.post('/transactions', data);\n\n// PUT\nconst response = await API.put(`/transactions/${id}`, updates);\n\n// DELETE\nconst response = await API.delete(`/transactions/${id}`);\n```\n\n## Dependencies Management\n\n### Backend Key Dependencies\n- express: Web framework\n- @supabase/supabase-js: Database & auth client\n- jsonwebtoken: JWT handling\n- bcryptjs: Password hashing\n- joi: Input validation\n- stripe: Payment processing\n- helmet: Security headers\n- cors: CORS handling\n- compression: Response compression\n- morgan: HTTP request logger\n- natural, compromise, ml-naivebayes: NLP & ML\n- node-cron: Task scheduling\n\n### Frontend Key Dependencies\n- react, react-dom: UI framework\n- react-router-dom: Routing\n- @tanstack/react-query: Data fetching & caching\n- axios: HTTP client\n- react-i18next: Internationalization\n- react-chartjs-2: Charts\n- react-toastify: Notifications\n- date-fns, moment: Date manipulation\n- lucide-react: Icons\n- react-window: Virtualization\n\n## Deployment\n\n### Backend Deployment\n- Deploy to AWS EC2 or similar Node.js hosting\n- Set environment variables in hosting dashboard\n- Run migrations before deploying\n- Use PM2 or similar for process management\n- Enable SSL/HTTPS in production\n- Configure CORS for production domain\n\n### Frontend Deployment\n- Build: `npm run build` (outputs to `dist/`)\n- Deploy to Vercel, Netlify, or AWS Amplify\n- Configure production API URL\n- Enable analytics and speed insights\n- Set up custom domain\n\n## Troubleshooting\n\n### Common Issues\n1. **CORS errors**: Check `CLIENT_URL` in backend .env\n2. **Auth failures**: Verify Supabase keys and JWT configuration\n3. **Database errors**: Check RLS policies and user permissions\n4. **Stripe webhooks**: Verify webhook secret and endpoint\n5. **AI categorization**: Ensure model is trained with sufficient data\n\n### Debugging\n- Backend: Check logs via Winston logger\n- Frontend: Use React DevTools and browser console\n- Network: Monitor API calls in browser Network tab\n- Database: Use Supabase dashboard for query debugging\n\n## Key Features Summary\n\n1. **AI-Powered Categorization**: Automatic transaction categorization using ML\n2. **Expense Splitting**: Collaborative group expense management\n3. **Financial Health**: Personalized financial insights and scores\n4. **Budgets**: Monthly budgets with alerts and tracking\n5. **Savings Goals**: Goal setting and progress tracking\n6. **Cash Flow Calendar**: Visual cash flow planning (Premium)\n7. **Analytics Dashboard**: Comprehensive financial analytics\n8. **Recurring Transactions**: Automated scheduled transactions\n9. **Multi-language**: Full English and Portuguese support\n10. **Admin Dashboard**: Platform analytics and user management\n\n## Development Commands\n\n### Backend\n```bash\nnpm start # Start server\nnpm run dev # Start with nodemon\nnpm test # Run tests\n```\n\n### Frontend\n```bash\nnpm start # Start dev server (Vite)\nnpm run build # Production build\nnpm run preview # Preview production build\nnpm test # Run tests\nnpm run lint # Run ESLint\n```\n\n## Best Practices Checklist\n\n- [ ] Follow MVC architecture strictly\n- [ ] Validate all user inputs\n- [ ] Implement proper error handling\n- [ ] Use TypeScript for new features (future consideration)\n- [ ] Write tests for new functionality\n- [ ] Document complex business logic\n- [ ] Optimize for performance\n- [ ] Ensure accessibility (a11y)\n- [ ] Implement proper logging\n- [ ] Handle edge cases\n- [ ] Keep dependencies updated\n- [ ] Follow security best practices\n- [ ] Maintain code consistency\n- [ ] Review before committing\n\n---\n\n**Remember**: This is a production application with real users. Prioritize security, performance, and user experience in all changes.\n\n\n\n\n\n\n\n","sourceUrl","https://github.com/Monity-FinanceTracker/Monity/blob/400567931287cc1d0389c989ffb48f88e6745e86/.cursorrules.md","viewCount",0,"createdAt",["D",1770531724000],"status","published","skillType","prompt","difficulty",1,"timeToValueMin",5,"useCases","[]","inputs","outputFormat","markdown","dependencies","categoryId","b31af42c-ecda-40ee-a2ca-9845bad35f56","categoryName","Coding","categorySlug","coding","authorName","authorImage","hasAdditionalFiles",false,"fileCount","totalSizeBytes","relatedSkills",[53,59,64],{"_11":54,"_13":55,"_15":56,"_41":42,"_43":44,"_21":57,"_23":58,"_27":28,"_29":30,"_31":32,"_36":37},"20883adf-3530-4398-a914-716aa3783689","Markdown Converter","Agent skill for markdown-converter",7,["D",1767894033000],{"_11":60,"_13":61,"_15":62,"_41":42,"_43":44,"_21":57,"_23":63,"_27":28,"_29":30,"_31":32,"_36":37},"b404ec38-bffb-4822-8916-4480ffb7cb0c","Nano Banana Pro","Agent skill for nano-banana-pro",["D",1767894033000],{"_11":65,"_13":66,"_15":67,"_41":42,"_43":44,"_21":68,"_23":69,"_27":28,"_29":30,"_31":32,"_36":37},"525e6c82-58f2-4312-bfd2-c2972bb23e56","1password","Agent skill for 1password",6,["D",1767894032000],"session","userInteractions",{"_73":48,"_74":48},"liked","favorited","additionalFiles",[],"actionData","errors"]

Monity Web Application - Cursor Rules

Related Skills

Markdown Converter

Nano Banana Pro

1password