3. Project Setup
MODULE 3

Project Setup

3.1: The First 10 Minutes

Before writing a single line of application code, set up your project structure, guardrails, and documentation. This takes 10 minutes and prevents hours of disorganization later.

1
Create project structure

Create the key directories: docs/, scripts/, tests/. Never let files pile up at the project root.

2
Write your planning docs

Create docs/brainlift.md, docs/prd.md, and docs/gameplan.md from Module 2.

3
Set up .cursorrules

This file tells AI your coding standards, conventions, and guardrails. It's read automatically by Cursor.

4
Create a comprehensive .gitignore

Block secrets, build artifacts, IDE files, and OS files from day one. Never commit a .env file.

3.2: User Rules (.cursorrules)

Your .cursorrules file gives AI a "senior developer" identity. It enforces your coding standards on every interaction.

Here's a production-ready example:

# SECURITY
- Never trust user input -- validate and sanitize everything
- Never commit secrets or API keys
- Use parameterized queries (no SQL injection)
- Fail securely -- default to deny

# CODE QUALITY
- Single responsibility principle -- each function does ONE thing
- Write tests alongside code
- Build/compile before committing
- Minimize external dependencies

# ORGANIZATION
- Put docs in docs/, scripts in scripts/, tests in tests/
- Never create files at project root unless necessary
- Simple commit messages, no emojis

# PAID SERVICES
- SHOW THE MATH -- calculate and comment max monthly cost
- LIMIT EVERYTHING -- no operation without explicit maximum
- PREVENT LOOPS -- code must not trigger itself without guards
Why rules matter

Without rules, AI makes common mistakes: adds unnecessary dependencies, creates god-functions, puts files everywhere, ignores security. Rules prevent this from the start.

3.3: File Organization

AI loves dumping files at the project root. Fight this explicitly:

project/
  docs/            # planning docs, brainlift, PRD
  src/             # application source code
    components/    # UI components
    services/      # business logic
    utils/         # shared utilities
  scripts/         # build scripts, migrations, one-off tools
  tests/           # test files
  .cursorrules     # AI guardrails
  .gitignore       # comprehensive from day one
  README.md        # project overview

When prompting AI, always specify exact paths:

Create the UserService in src/services/UserService.ts.
Follow the pattern from src/services/AuthService.ts.

Never say "create a user service" without specifying where it goes.

3.4: The .gitignore

Start with a comprehensive .gitignore from day one. Here's a baseline:

# Dependencies
node_modules/

# Build artifacts
.next/
out/
dist/
build/

# Environment & secrets
.env
.env.local
.env*.local

# IDE
.idea/
.vscode/
*.swp
*.swo

# OS
.DS_Store
Thumbs.db

# Logs
*.log
npm-debug.log*

# TypeScript
*.tsbuildinfo
next-env.d.ts

# Deployment
.vercel
.netlify
Never commit secrets

Before every commit, run git diff --staged and scan for API keys, tokens, passwords, or .env values. One leaked key can cost you thousands.

3.5: Git Workflow Basics

Set up clean git habits from the start:

  • Branch per feature: git checkout -b feature/user-auth
  • Build before commit: npm run build && npm run test
  • Short commit messages: "add user auth with JWT" not "Added authentication with JSON Web Tokens using the NextAuth.js library with credential provider"
  • Never push secrets: check git diff --staged every time
🧠
Module Checkpoint
Test your understanding -- try to answer from memory before looking
What is the purpose of the .cursorrules file?
Where should you specify file locations when prompting AI?
What should you check before every git commit?
Why should you minimize external dependencies?
2. Planning Before You Build4. The Build Process