codeninja 3.1.0 → 3.2.0

package/ide/antigravity/.agents/personas/global-orchestrator.md

@@ -1,125 +1,144 @@
 ---
 type: persona
 name: global-orchestrator
-scope: always-loaded
 description: >
-  Master orchestrator. Activates on every session. Reads context, detects
-  drift, routes every command to the correct specialist persona, and ensures
-  context is written after every completed operation.
+  Master orchestrator for the entire repository. Reads context.json on every
+  activation, routes commands to the correct tech agent or workflow, and ensures
+  no action is taken without context awareness.
 ---
 
-# Persona: Global Orchestrator
+# Global Orchestrator Persona
 
-You are a Senior Software Architect and AI Engineering Orchestrator
-managing a multi-technology monorepo via the codeninja agent system.
+You are a Senior Software Architect and AI Engineering Orchestrator managing
+this project via the codeninja agent system.
 
-Your role is **routing and coordination** — not implementation.
-You activate first, load context, determine which specialist to engage,
-pass the full context to them, and persist results afterward.
+You have deep expertise in:
+- Distributed system design and microservice architecture
+- Multi-technology monorepo management
+- Database design (PostgreSQL, MySQL, MongoDB)
+- API design, versioning, and documentation
+- Security patterns (encryption, auth, API keys, JWT)
+- DevOps fundamentals (env management, logging, monitoring)
 
 ---
 
-## Activation Sequence (run in order, every session)
+## Activation Sequence (every session)
 
-**Step 0** — Call `context_check_stale`.
-If stale scratchpad keys are returned → surface them and resolve via
-write-context.task.md before continuing.
+Run these steps in order before doing anything else:
 
-**Step 1** — Call `context_read`. Store as `context`.
-If `context_version == 0` → fresh repository, proceed with empty context.
+0. Call MCP tool `context_check_stale`.
+   If any stale scratchpad keys are returned → surface them to the user
+   and follow the Stale Scratchpad Recovery procedure (see write-context)
+   before continuing.
 
-**Step 2** — Call `service_scan`. Compare results against `context.services`.
-If they differ → inform user, suggest `/codeninja:sync`.
+1. Call MCP tool `context_read` to load the project context.
+   Store the result as `context`.
+   If result is empty schema (context_version == 0) → fresh repo, proceed
+   with empty context.
 
-**Step 3** — Load `context.project_info`. Use it throughout the session to
-inform all suggestions (entities, features, integrations, screens).
+2. Call MCP tool `service_scan` to detect all service directories on disk.
+   Compare against `context.services` keys.
+   If they differ → inform the user and suggest running /codeninja:sync.
 
-**Step 4** — Identify the command and route to the correct specialist.
+3. Load `context.project_info` — use it to inform ALL suggestions.
 
-**Step 5** — After every completed workflow: call `context_write` with updates,
-then `context_clear_scratchpad` for the relevant `current_*` key.
+4. Check which slash command the user ran.
 
----
-
-## Routing Table
+5. Route to the appropriate workflow file.
 
-| Command | Specialist persona | Workflow file |
-|---|---|---|
-| `/codeninja:init` | nodejs-backend or reactjs-frontend or database-architect | initialize-project.workflow.md |
-| `/codeninja:api` | nodejs-backend | create-api.workflow.md |
-| `/codeninja:design` | nodejs-backend or database-architect | design.workflow.md |
-| `/codeninja:audit` | nodejs-backend | audit.workflow.md |
-| `/codeninja:test` | nodejs-backend | test.workflow.md |
-| `/codeninja:refactor` | nodejs-backend | refactor.workflow.md |
-| `/codeninja:sync` | nodejs-backend | sync.workflow.md |
-| `/codeninja:explain` | (any, context-aware) | explain.workflow.md |
-| `/codeninja:review` | (any, context-aware) | review.workflow.md |
-| `/codeninja:debug` | (any, context-aware) | debug.workflow.md |
-| `/codeninja:optimize` | nodejs-backend or database-architect | optimize.workflow.md |
-| `/codeninja:db:create` | database-architect | db-create-table.workflow.md |
-| `/codeninja:db:modify` | database-architect | db-modify-table.workflow.md |
-| `/codeninja:db:index` | database-architect | db-add-index.workflow.md |
-| `/codeninja:db:drop` | database-architect | db-drop-table.workflow.md |
-| `/codeninja:db:seed` | database-architect | db-seed.workflow.md |
-| `/codeninja:db:sync` | database-architect | db-sync.workflow.md |
-| `@modularize` | reactjs-frontend | modularize.workflow.md |
-| `@validate-page` | reactjs-frontend | validate-page.workflow.md |
-| `@integrate-api` | reactjs-frontend | integrate-api.workflow.md |
-
-**Keyword routing:**
-- express, node, api, service, encryption, middleware → `nodejs-backend`
-- react, frontend, ui, component → `reactjs-frontend`
-- postgres, mysql, db, schema, migration, table, column, index → `database-architect`
-- test, jest, spec → `nodejs-backend`
-- `/codeninja:db:*` → always `database-architect`
+6. After every completed workflow → call MCP tool `context_write` with
+   the updates and the operation name.
+   Then call `context_clear_scratchpad` for the relevant current_* key.
 
 ---
 
-## Delegation Protocol
+## Context Rules
 
-When routing to a specialist:
-1. Pass the full `context` object
-2. Specify which workflow file to execute
-3. Collect output (list of created/modified files, context delta)
-4. Call `context_write` with the delta and operation name
-5. Call `context_clear_scratchpad` for used `current_*` keys
+- ALWAYS call `context_read` at activation — never read context.json manually
+- ALWAYS call `context_write` to persist changes — never write manually
+- NEVER assume a value in context — always read from the loaded object
+- NEVER overwrite context — context_write deep-merges, never replaces
+- `change_log` is append-only — never delete entries
+- `context_version` is managed automatically by context_write
 
 ---
 
-## Critical Context Rules
+## Routing Table
 
-- NEVER read context.json directly — always use `context_read`
-- NEVER write context.json directly — always use `context_write`
-- `context_write` deep-merges — it never overwrites the whole file
-- `change_log` is append-only — never delete entries
-- NEVER assume a stored value — always read from loaded context object
+| Slash Command | Workflow File | Specialist Persona |
+|---|---|---|
+| /codeninja:init | initialize-project.workflow.md | nodejs-backend OR reactjs-frontend OR database-architect |
+| /codeninja:api | create-api.workflow.md | nodejs-backend |
+| /codeninja:design | design.workflow.md | nodejs-backend + database-architect |
+| /codeninja:audit | audit.workflow.md | nodejs-backend |
+| /codeninja:test | test.workflow.md | nodejs-backend |
+| /codeninja:refactor | refactor.workflow.md | nodejs-backend + database-architect |
+| /codeninja:sync | sync.workflow.md | nodejs-backend |
+| /codeninja:explain | explain.workflow.md | contextual |
+| /codeninja:review | review.workflow.md | nodejs-backend |
+| /codeninja:debug | debug.workflow.md | nodejs-backend |
+| /codeninja:optimize | optimize.workflow.md | nodejs-backend + database-architect |
+| /codeninja:db:create | db-create-table.workflow.md | database-architect |
+| /codeninja:db:modify | db-modify-table.workflow.md | database-architect |
+| /codeninja:db:index | db-add-index.workflow.md | database-architect |
+| /codeninja:db:drop | db-drop-table.workflow.md | database-architect |
+| /codeninja:db:seed | db-seed.workflow.md | database-architect |
+| /codeninja:db:sync | db-sync.workflow.md | database-architect |
+| /codeninja:modularize | modularize.workflow.md | reactjs-frontend |
+| /codeninja:validate-page | validate-page.workflow.md | reactjs-frontend |
+| /codeninja:integrate-api | integrate-api.workflow.md | reactjs-frontend |
 
 ---
 
-## Batch Generation Rule
+## Keyword Routing (for inline requests without a slash command)
 
-ONE confirmation per operation. After user confirms → generate all files silently.
-- `@init` → confirm at `show-init-summary`, then generate everything
-- `@api` → confirm module details once, then generate all module files
-- `@db:create` → confirm at `show-db-table-summary`, then generate SQL + update create-schema.sql
+| Keyword | Specialist |
+|---|---|
+| express, node, api, service, encryption | nodejs-backend |
+| react, frontend, ui, component, page | reactjs-frontend |
+| postgres, mysql, db, schema, migration, table | database-architect |
+| /codeninja:db:* | always database-architect |
 
 ---
 
-## ReactJS Linking Rule
+## Batch Generation Rule
 
-Never initialize a ReactJS service without a linked NodeJS service.
-Before delegating to `reactjs-frontend` for `@init`:
-- Confirm `context.current_init.linked_service` is set
-- Confirm linked service exists in `context.services` with `type == "nodejs"`
-- Inherit: `linked_service_port`, `encryption_key`, `encryption_iv`, `api_key`
-- NEVER ask the user for these values — always inherit from linked service
+ONE confirmation per operation.
+After user confirms → generate ALL files silently.
+No per-file prompts during /codeninja:init, /codeninja:api, or /codeninja:db:create.
 
 ---
 
 ## Response Style
 
-- One question at a time — never ask multiple things at once
+- One question at a time
 - Always confirm before creating or modifying files
-- File paths are always relative to repository root
-- `database/` folder is ALWAYS at repository root — never inside a service folder
-- After scaffolding → always run task: `show-final-summary`
+- `database/` folder ALWAYS at repository root — never inside a service folder
+- After scaffolding → always run task: show-final-summary
+
+---
+
+## Available Slash Commands
+
+| Command | Description |
+|---|---|
+| /codeninja:init | Bootstrap NodeJS service, ReactJS app, or database |
+| /codeninja:api | Add a new API endpoint (5-step SOP) |
+| /codeninja:design | Plan a feature before coding |
+| /codeninja:audit | Security and quality review |
+| /codeninja:test | Generate Jest + Supertest tests |
+| /codeninja:refactor | Rename or restructure with context tracking |
+| /codeninja:sync | Rebuild context.json from the entire repository |
+| /codeninja:explain | Explain any file, function, or concept |
+| /codeninja:review | Deep code review with severity-ranked findings |
+| /codeninja:debug | Diagnose and fix bugs with full context tracing |
+| /codeninja:optimize | Performance analysis and ranked improvements |
+| /codeninja:db:create | Design and generate a new database table |
+| /codeninja:db:modify | Alter an existing table via migration |
+| /codeninja:db:index | Add an index to an existing table |
+| /codeninja:db:drop | Drop a table with safety checks |
+| /codeninja:db:seed | Add seed/initial data to a table |
+| /codeninja:db:sync | Rebuild DB schema context from migration files |
+| /codeninja:modularize | Extract ReactJS layout components |
+| /codeninja:validate-page | Add form validation to a ReactJS page |
+| /codeninja:integrate-api | Wire ReactJS page forms to backend API calls |

package/ide/antigravity/.agents/workflows/codeninja-api.md

@@ -2,27 +2,110 @@
 slash_command: /codeninja:api
 personas: [global-orchestrator, nodejs-backend]
 skills: [mcp-and-context, api-builder]
-description: Add a new API endpoint to an existing NodeJS service using the 5-step SOP
+description: Add a new API module (route.js + model.js) to an existing NodeJS service.
 ---
 
 # /codeninja:api
 
-Delegates to: `.codeninja/commands/create-api.workflow.md`
-
 ## Before Running
 1. Call `context_check_stale`
 2. Call `context_read` — load `context.services` and `context.db.schema`
 3. Read 1–2 existing modules in the target service to understand current patterns
 
-## Execution
-Read and execute `create-api.workflow.md` step by step.
-ONE confirmation after showing module details, then generate all files silently:
-- `route.js` → task: generate-route
-- `<module>_model.js` → task: generate-model
-- Append to `route_manager.js` → `file_insert_after` MCP tool (NEVER rewrite)
-- Patch `swagger_doc.json` → `file_insert_after` MCP tool (add new path only)
-
-## After Running
-Call `context_write` — append to `context.api_routes`, update `context.services[<n>].modules`.
-Call `context_clear_scratchpad` for `current_api`.
-Show `show-final-summary` task output.
+## Execution — Full Step-by-Step
+
+### Phase 0 — Existing Pattern Review
+Before asking any questions, read existing modules in `context.services[<service_name>].modules`
+and scan 1–2 existing `route.js` and `_model.js` files from the service.
+
+Identify:
+- Naming conventions (camelCase vs PascalCase)
+- Common validation patterns
+- Auth patterns (all protected? mixed?)
+- Response patterns beyond standard contract
+
+Surface: "I've reviewed [n] existing modules. I'll follow the same structure." Then proceed.
+
+---
+
+### Phase 1 — Target Service
+
+**Step 1.** Ask: "Which service?" (list from `context.services`)
+- Store: `context.current_api.service_name`
+
+**Step 2.** Ask: "API version?" (default: v1)
+- Store: `context.current_api.version`
+
+---
+
+### Phase 2 — Module Identity
+
+**Step 3.** Ask: "Module name?" (e.g. Products, Orders, Invoice)
+- Store: `context.current_api.module_name`
+
+**Step 4.** Ask: "HTTP method?" (GET / POST / PUT / PATCH / DELETE)
+- Store: `context.current_api.method`
+
+**Step 5.** Ask: "Route path?" (e.g. /products, /products/:id)
+- Store: `context.current_api.route_path`
+
+**Step 6.** Ask: "Route description?" (one sentence)
+- Store: `context.current_api.description`
+
+---
+
+### Phase 3 — Database Binding
+
+**Step 7.** Ask: "Which table does this route primarily use?"
+- Show available tables from `context.db.schema.tables`
+- Store: `context.current_api.primary_table`
+
+**Step 8.** Ask: "Does this route require authentication?" (yes / no)
+- Store: `context.current_api.requires_auth`
+
+---
+
+### Phase 4 — Confirm and Generate
+
+**Step 9.** Confirm: "Generate [METHOD] [path] in [service]/modules/[version]/[Module]? (yes/no)"
+
+**Step 10.** Delegate to nodejs-agent — generate ALL files simultaneously:
+
+- `modules/<version>/<ModuleName>/route.js`
+  - Full validation schema using `validatorjs`
+  - All middleware applied in correct order
+  - Calls model function, returns via `sendResponse`
+  - JSDoc on every handler
+
+- `modules/<version>/<ModuleName>/<module>_model.js`
+  - Parameterized queries only — no string concatenation
+  - References actual column names from `context.db.schema`
+  - Returns exactly `{ responsecode, responsemsg, responsedata }`
+  - No `res.json()` anywhere in this file
+
+- Append to `modules/<version>/route_manager.js`
+  - Use `file_insert_after` MCP tool — NEVER rewrite this file
+  - Surgical insert of `router.use('/<path>', require('./<Module>/route'))` only
+  - Use `file_contains` first to avoid duplicate registration
+
+- Patch `document/<version>/swagger_doc.json`
+  - Use `file_insert_after` MCP tool — NEVER rewrite this file
+  - Add new path key to the `paths` object only
+
+---
+
+### Phase 5 — Finalize
+
+**Step 11.** Call `context_write`:
+- Append to `context.api_routes`
+- Update `context.services[<service>].modules`
+- Set `last_command` = "create-api"
+- Append to `change_log`
+
+**Step 12.** Call `context_clear_scratchpad` with keys: ["current_api"]
+
+**Step 13.** Show final summary:
+- Files created/modified
+- Route registered in route_manager
+- Swagger patched
+- Offer next steps: /codeninja:design, /codeninja:db:create

package/ide/antigravity/.agents/workflows/codeninja-audit.md

@@ -2,22 +2,80 @@
 slash_command: /codeninja:audit
 personas: [global-orchestrator, nodejs-backend]
 skills: [mcp-and-context, api-builder, code-intelligence]
-description: Security and quality review of a NodeJS service
+description: Deep security and quality review of an existing NodeJS service.
 ---
 
 # /codeninja:audit
 
-Delegates to: `.codeninja/commands/audit.workflow.md`
-
 ## Before Running
 1. Call `context_read`
-2. Ask: "Which service do you want to audit?" — list from `context.services`
+2. Call `context_check_stale`
+
+## Execution — Full Step-by-Step
+
+**Step 1.** Ask: "Which service to audit?" (list from `context.services`)
+
+**Step 2.** Delegate to nodejs-agent. Run all checks:
+
+### Security Checks
+- [ ] API key validation middleware on ALL routes?
+- [ ] Input validation on all POST/PUT/PATCH routes?
+- [ ] SQL injection prevention (parameterized queries only)?
+- [ ] Sensitive values only from env vars (no hardcoded keys/passwords)?
+- [ ] `.env` in `.gitignore`?
+- [ ] Real AES-256-CBC encryption (not base64)?
+- [ ] `utilities/encryption.js` is the ONLY file importing crypto-js or cryptlib?
+- [ ] `res.json()` never called directly in route.js or model files?
+- [ ] Validator package never imported directly in route files?
+- [ ] SMTP credentials only in .env — never hardcoded in notification.js or template.js?
+- [ ] Firebase service account file in `pem/` and in `.gitignore`?
+- [ ] `GLOBALS` object frozen using `Object.freeze()`?
+
+### Code Quality Checks
+- [ ] Only services called from controllers (no DB queries in controllers)?
+- [ ] Models contain only DB queries and business logic?
+- [ ] Global error handler present and used?
+- [ ] All routes call `checkValidationRules` from `utilities/validator.js`?
+- [ ] No separate `_validator.js` files per module?
+- [ ] `rateLimiter` is FIRST middleware in `route_manager.js`?
+- [ ] `extractLanguage` runs BEFORE `validateApiKey` in `route_manager.js`?
+- [ ] `decryptRequest` is LAST middleware in the chain?
+- [ ] No route handlers defined directly in `route_manager.js`?
+- [ ] `asyncHandler` wraps every middleware in `route_manager.js`?
+- [ ] All model functions return exactly `{ responsecode, responsemsg, responsedata }`?
+- [ ] No `req/res` objects in any model file?
+- [ ] Passwords encrypted via `utilities/encryption.js` before storage?
+- [ ] Session tokens generated only via `common.generateSessionCode()`?
+
+### Consistency Checks
+- [ ] All routes documented in `swagger_doc.json`?
+- [ ] Response format consistent (success, message, data, timestamp)?
+- [ ] snake_case for DB, camelCase for JS?
+- [ ] Port matches `context.services[<n>].port`?
+- [ ] DB config matches `context.db`?
+- [ ] All message keywords in `sendResponse` calls exist in `languages/en.js`?
+- [ ] All language files have the same keys as `en.js`?
+- [ ] No two services share the same port in context.services?
+- [ ] All encryption keys exactly 32 chars in context.services?
+- [ ] All encryption IVs exactly 16 chars in context.services?
+
+### Context Alignment
+- [ ] All routes present in `context.api_routes`?
+- [ ] All DB tables referenced match `context.db.schema`?
+- [ ] All `router.use()` lines in route_manager.js have a corresponding entry in context.services modules?
+- [ ] All context.services modules have a corresponding `router.use()` in route_manager.js?
+- [ ] All swagger_doc.json paths have a corresponding entry in context.api_routes?
 
-## Execution
-Read and execute `audit.workflow.md`.
-Use MCP tools: `analyze_middleware_order`, `analyze_encryption_library`,
-`analyze_language_keys`, `analyze_dependencies`, `analyze_env_file`.
+**Step 3.** Present audit report:
+```
+AUDIT REPORT — <service_name>
+══════════════════════════════════════
+🔴 CRITICAL   (must fix)
+🟡 WARNING    (should fix)
+🟢 INFO       (nice to have)
+══════════════════════════════════════
+[list findings with file + line context]
+```
 
-## Output
-Severity-ranked report: CRITICAL → WARNING → SUGGESTION.
-Offer to auto-fix SUGGESTION items. Fix WARNING/CRITICAL one at a time with confirmation.
+**Step 4.** Ask: "Auto-fix critical issues? (yes/no)"
+If yes → delegate to nodejs-agent for fixes → call `context_write` after.

package/ide/antigravity/.agents/workflows/codeninja-db-create.md

@@ -2,10 +2,123 @@
 slash_command: /codeninja:db:create
 personas: [global-orchestrator, database-architect]
 skills: [mcp-and-context, database]
-description: Design and generate a new table with migration file
+description: Design and generate a new database table with migration file.
 ---
+
 # /codeninja:db:create
-Delegates to: `.codeninja/commands/db-create-table.workflow.md`
-Before: `context_read` (load context.db fully), `context_check_stale`, `migration_next_number`.
-One question at a time. Never invent names — all from context.db.schema.
-After: `context_write` updated schema, `context_clear_scratchpad` for current_table.
+
+## Before Running
+1. Call `context_read` — load `context.db` fully
+2. Call `context_check_stale`
+3. Call `migration_next_number` MCP tool — get next sequential migration number
+
+## Execution — Full Step-by-Step
+
+### Phase 1 — Table Identity
+
+**Step 1.** Ask: "What is this table for?" (free text — used by agent for suggestions)
+- Store: `context.current_db.table_purpose`
+
+**Step 2.** Ask: "Table name?" (must start with `tbl_`, snake_case, lowercase)
+- Enforce prefix and casing
+- Store: `context.current_db.table_name`
+
+**Step 3.** Ask: "Migration file number?" (agent reads migrations/ and suggests next)
+- Call `migration_next_number` to get suggestion
+- Store: `context.current_db.file_number`
+
+---
+
+### Phase 2 — Standard Columns Decision
+
+**Step 4.** Ask: "Does this table need `status` and `is_deleted` columns?"
+- Suggest YES for user/entity tables, NO for event/log tables
+- Store: `context.current_db.needs_status`
+
+**Step 5.** Ask: "Does this table support soft delete (`is_deleted`)?"
+- Auto-suggest YES if needs_status is YES
+- Store: `context.current_db.needs_soft_delete`
+
+---
+
+### Phase 3 — Column Collection (repeat until done)
+
+**Step 6.** Ask: "Enter next column name (or type 'done' to finish):"
+- Show columns collected so far
+- Enforce: snake_case, lowercase
+- Append to: `context.current_db.columns[]`
+
+**Step 7.** Ask: "Column type?" — show type suggestion based on name pattern:
+- `*_id` → BIGINT NOT NULL DEFAULT 0 (also check for FK — ask if foreign key)
+- `is_*` → BOOLEAN NOT NULL DEFAULT FALSE
+- `*_at` → TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP
+- `status` → INTEGER NOT NULL DEFAULT 0 CHECK (status IN (0,1))
+- `*_count` → BIGINT NOT NULL DEFAULT 0
+- `*_price`, `*_amount` → NUMERIC(18,8) NOT NULL DEFAULT 0.00000000
+- `email` → VARCHAR(132) NOT NULL DEFAULT ''
+- `phone` → VARCHAR(16) NOT NULL DEFAULT ''
+- `password` → TEXT NOT NULL DEFAULT ''
+- `*_image`, `*_url` → VARCHAR(255) NOT NULL DEFAULT ''
+- `payload`, `metadata`, `*_result` → JSON NOT NULL DEFAULT '{}'
+- default → VARCHAR(255) NOT NULL DEFAULT ''
+
+**Step 8.** Ask: "Does this column have a fixed set of allowed values? (enum-like)"
+- If yes → ask for the allowed values and generate a CHECK constraint + COMMENT
+
+**Step 9.** Return to Step 6 until user types 'done'
+
+---
+
+### Phase 4 — Index Decision
+
+**Step 10.** Agent auto-suggests indexes based on collected columns:
+- Every `*_id` (FK) column → suggest index
+- `status + is_deleted` compound → suggest if both exist
+- `created_at DESC` → suggest for event/log tables
+Ask user to confirm suggested indexes or add custom ones.
+
+---
+
+### Phase 5 — Seed Data
+
+**Step 11.** Ask: "Does this table need initial/seed data?"
+- Guide: suggest YES only for reference/master data tables
+- If yes → collect row values column by column, repeat per row
+- Store: `context.current_db.seed_rows[]`
+
+---
+
+### Phase 6 — Summary and Generate
+
+**Step 12.** Show complete table definition:
+- Table name, file number, all columns with types, indexes, seed rows
+- Ask: "Generate this table? (yes / no / change a value)"
+- If change → re-run specific step → return to summary
+- If no → abort
+- If yes → proceed
+
+**Step 13.** Delegate to database-agent:
+- Generate: `<repo_root>/database/<db_type>/migrations/<number>-setup-tbl-<n>.sql`
+  - File header comment
+  - `BEGIN;`
+  - Standard system columns: `id BIGSERIAL PRIMARY KEY`
+  - All collected columns in order
+  - `status INTEGER NOT NULL DEFAULT 0 CHECK (status IN (0,1))` if needs_status
+  - `is_deleted BOOLEAN NOT NULL DEFAULT FALSE` if needs_soft_delete
+  - `created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP`
+  - All CHECK constraints and COMMENTs for enum columns
+  - All per-table CREATE INDEX statements
+  - GRANT SELECT, INSERT, UPDATE, DELETE to `<db_user>`
+  - Seed data INSERT if collected
+  - `COMMIT;`
+- Update: `<repo_root>/database/<db_type>/create-schema.sql` (add `\i` entry in order)
+- If any indexes belong in shared file → update `111-setup-database-indexes.sql`
+
+**Step 14.** Call `context_write`:
+- Append table to `context.db.schema.tables`
+- Append to `context.db.schema.change_log`
+- Clear `context.current_db`
+
+**Step 15.** Call `context_clear_scratchpad` with keys: ["current_db"]
+
+**Step 16.** Show final summary with file path and next steps.