codeninja 3.1.0 → 4.0.0

package/tasks/generate-package-json.task.md

@@ -81,6 +81,75 @@ Include based on context values:
 
 ---
 
+## Hashing Library Dependencies
+
+Read `context.current_init.hashing_library` (or `context.services[name].hashing_library`).
+
+If `hashing_library == "bcryptjs"`:
+Add to `dependencies`:
+```json
+"bcryptjs": "^2.4.3"
+```
+If TypeScript (`language == "typescript"`), also add to `devDependencies`:
+```json
+"@types/bcryptjs": "^2.4.4"
+```
+
+If `hashing_library == "argon2"`:
+Add to `dependencies`:
+```json
+"argon2": "^0.31.0"
+```
+(argon2 ships its own TypeScript types — no @types package needed)
+
+---
+
+## ORM Dependencies
+
+Read `context.db.orm`.
+
+If `orm == "prisma"`:
+Add to `dependencies`:
+```json
+"@prisma/client": "^5.0.0"
+```
+Add to `devDependencies`:
+```json
+"prisma": "^5.0.0"
+```
+Add to `scripts`:
+```json
+"postinstall": "prisma generate"
+```
+
+---
+
+## TypeScript Package.json Additions
+
+When `context.current_init.language == "typescript"`:
+
+Replace the default `"start": "node app.js"` with these scripts:
+```json
+"dev": "nodemon --exec ts-node app.ts",
+"build": "tsc",
+"start": "node dist/app.js",
+"start:dev": "ts-node app.ts"
+```
+
+Add to `devDependencies`:
+```json
+"typescript": "^5.4.0",
+"ts-node": "^10.9.2",
+"nodemon": "^3.1.0",
+"@types/node": "^20.14.0",
+"@types/express": "^4.17.21",
+"@types/cors": "^2.8.17"
+```
+
+Note: If `hashing_library == "bcryptjs"`, also add `"@types/bcryptjs": "^2.4.4"` to devDependencies (already covered in Hashing Library Dependencies section — do not duplicate).
+
+---
+
 ## Dev Dependencies (always included)
 ```json
 "devDependencies": {

package/tasks/generate-prisma-client.task.md

@@ -0,0 +1,56 @@
+---
+type: task
+name: generate-prisma-client
+---
+
+# Task: generate-prisma-client
+
+Condition: only run if `context.db.orm == "prisma"`. Otherwise skip entirely.
+
+Read: `context.current_init.language`
+
+Generate: `<service_name>/config/prisma.js` OR `<service_name>/config/prisma.ts`
+
+This file is the shared PrismaClient singleton. Model files import from here — never
+instantiate PrismaClient directly in model files (creates multiple connection pools).
+
+---
+
+## JavaScript variant
+
+```javascript
+const { PrismaClient } = require('@prisma/client');
+
+const prisma = new PrismaClient({
+    log: process.env.NODE_ENV === 'development' ? ['query', 'error', 'warn'] : ['error'],
+});
+
+module.exports = prisma;
+```
+
+---
+
+## TypeScript variant
+
+```typescript
+import { PrismaClient } from '@prisma/client';
+
+const prisma = new PrismaClient({
+    log: process.env.NODE_ENV === 'development' ? ['query', 'error', 'warn'] : ['error'],
+});
+
+export default prisma;
+```
+
+---
+
+## Import rule (enforce in all model files)
+
+```javascript
+// CORRECT — import the singleton
+const prisma = require('../../config/prisma');
+
+// WRONG — never instantiate directly in model files
+const { PrismaClient } = require('@prisma/client');
+const prisma = new PrismaClient(); // creates a new connection pool per instantiation
+```

package/tasks/generate-prisma-schema.task.md

@@ -0,0 +1,71 @@
+---
+type: task
+name: generate-prisma-schema
+---
+
+# Task: generate-prisma-schema
+
+Condition: only run if `context.db.orm == "prisma"`. Otherwise skip entirely.
+
+Read: `context.db.type`, `context.db.name`
+
+Generate: `<service_name>/prisma/schema.prisma`
+
+---
+
+## PostgreSQL
+
+```prisma
+generator client {
+  provider = "prisma-client-js"
+}
+
+datasource db {
+  provider = "postgresql"
+  url      = env("DATABASE_URL")
+}
+
+// Models are added by the @db:create-table command.
+// Each tbl_* table maps to a PascalCase Prisma model.
+// Example: tbl_users → model Users { ... } with @@map("tbl_users")
+```
+
+---
+
+## MySQL
+
+```prisma
+generator client {
+  provider = "prisma-client-js"
+}
+
+datasource db {
+  provider = "mysql"
+  url      = env("DATABASE_URL")
+}
+
+// Models are added by the @db:create-table command.
+```
+
+---
+
+## MongoDB
+
+```prisma
+generator client {
+  provider = "prisma-client-js"
+}
+
+datasource db {
+  provider = "mongodb"
+  url      = env("DATABASE_URL")
+}
+
+// Models are added by the @db:create-table command.
+// Note: MongoDB requires a replica set URL for Prisma.
+```
+
+---
+
+After generating, inform the user:
+"Run `npx prisma generate` after adding models to regenerate the Prisma client."

package/tasks/generate-rateLimiter.task.md

@@ -16,6 +16,26 @@ as all other responses in the service.
 
 ---
 
+## Language Branch
+
+Read `context.current_init.language` (or `context.services[name].language`).
+
+**TypeScript — generate `middleware/rateLimiter.ts`:**
+```typescript
+import rateLimit from 'express-rate-limit';
+
+export const rateLimiter = rateLimit({
+    windowMs: parseInt(process.env.RATE_LIMIT_WINDOW_MS || '900000', 10),
+    max: parseInt(process.env.RATE_LIMIT_MAX || '100', 10),
+    standardHeaders: true,
+    legacyHeaders: false,
+});
+```
+
+**JavaScript — generate `middleware/rateLimiter.js` (existing behavior — see below)**
+
+---
+
 ## Dependencies to Import
 
 - `express-rate-limit` — the rate limiting library. Imported as

package/tasks/generate-readme.task.md

@@ -14,6 +14,30 @@ from context to produce a readme specific to this service.
 
 ---
 
+## TypeScript README additions
+
+When `language == "typescript"`, add these commands to the generated README under a `## Development` heading:
+
+```markdown
+## Development
+
+```bash
+npm run dev       # Start with ts-node (hot reload, no build)
+npm run build     # Compile TypeScript to dist/
+npm start         # Run compiled output (production)
+npm test          # Run Jest tests
+```
+
+**First-time TypeScript setup:**
+```bash
+npm install
+npm run build
+npm start
+```
+```
+
+---
+
 ## Sections to Include
 
 ---

package/tasks/generate-response.task.md

@@ -15,6 +15,33 @@ response shape in one place.
 
 ---
 
+## Language Branch
+
+Read `context.current_init.language` (or `context.services[name].language`).
+
+**TypeScript — generate `response.ts`:**
+```typescript
+import { Request, Response } from 'express';
+
+/**
+ * Sends a standardized API response, encrypting if transport is encrypted.
+ *
+ * @param {Request} req - Express request object.
+ * @param {Response} res - Express response object.
+ * @param {number} code - Response code: 1 = success, 0 = error, -1 = session expired.
+ * @param {string} messageKey - Localization key for the message.
+ * @param {unknown[]} data - Response data array.
+ * @returns {Response} The Express response.
+ */
+export function sendResponse(req: Request, res: Response, code: number, messageKey: string, data: unknown[]): Response {
+    // implementation same as JS variant
+}
+```
+
+**JavaScript — generate `response.js` (existing behavior — see below)**
+
+---
+
 ## Dependencies to Import
 
 - `../utilities/encryption` — imports `encrypt` only

package/tasks/generate-route-manager.task.md

@@ -15,6 +15,38 @@ new module means adding exactly one line to this file.
 
 ---
 
+## Language Branch
+
+Read `context.current_init.language` (or `context.services[name].language`).
+
+**TypeScript — generate `route_manager.ts`:**
+```typescript
+import { Router } from 'express';
+import { rateLimiter } from '../../middleware/rateLimiter';
+import {
+    extractLanguage,
+    validateApiKey,
+    validateAuthToken,
+    decryptRequest
+} from '../../middleware/headerValidator';
+import <ModuleName>Router from './<ModuleName>/route';
+
+const router = Router();
+
+router.use(rateLimiter);
+router.use(extractLanguage);
+router.use(validateApiKey);
+// router.use(validateAuthToken); // uncomment for protected routes
+router.use(decryptRequest);
+router.use('/<path>', <ModuleName>Router);
+
+export { router };
+```
+
+**JavaScript — generate `route_manager.js` (existing behavior — see below)**
+
+---
+
 ## Dependencies to Import
 
 - `express` — for `express.Router()`.

package/tasks/generate-route.task.md

@@ -19,6 +19,43 @@ primary table, and auth requirements for the new route being added.
 
 ---
 
+## Language Branch
+
+Read `context.current_init.language` (or `context.services[name].language`).
+
+**TypeScript — generate `route.ts`:**
+```typescript
+import { Router, Request, Response } from 'express';
+import Validator from 'validatorjs';
+import { sendResponse } from '../../utilities/response';
+import * as Model from './<module>_model';
+
+const router = Router();
+
+// POST /<path> — <endpoint description>
+router.post('/<path>', async (req: Request, res: Response) => {
+    const rules: Record<string, string> = {
+        field: 'required|string'
+    };
+    const validation = new Validator(req.body, rules);
+    if (validation.fails()) {
+        return sendResponse(req, res, 0, 'validation_error', validation.errors.all());
+    }
+    try {
+        const result = await Model.functionName(req.body, 0, '');
+        return sendResponse(req, res, result.responsecode, result.responsemsg, result.responsedata);
+    } catch (err) {
+        return sendResponse(req, res, 0, 'server_error', []);
+    }
+});
+
+export default router;
+```
+
+**JavaScript — generate `route.js` (existing behavior — see below)**
+
+---
+
 ## Dependencies to Import
 
 - `express` — for `express.Router()`

package/tasks/generate-swagger.task.md

@@ -17,6 +17,14 @@ returns.
 
 ---
 
+## Language Branch
+
+TypeScript services generate the same `swagger_doc.json` file as JavaScript services.
+The swagger document is always JSON — no TypeScript syntax is involved.
+No branching needed for this task — generate identically for both languages.
+
+---
+
 ## Generation Modes
 
 This task is called in two different situations. The agent reads the

package/tasks/generate-template.task.md

@@ -16,6 +16,18 @@ fully responsive, and styled for modern email clients.
 
 ---
 
+## Language Branch
+
+Read `context.current_init.language` (or `context.services[name].language`).
+
+**TypeScript — generate `config/template.ts`:**
+Same email/notification template content as JS variant.
+Use `export const` and add string type annotations where applicable.
+
+**JavaScript — generate `config/template.js` (existing behavior — see below)**
+
+---
+
 ## Dependencies to Import
 
 - `./constants` — imported as `GLOBALS`. Used for APP_NAME, LOGO,

package/tasks/generate-tsconfig.task.md

@@ -0,0 +1,38 @@
+---
+type: task
+name: generate-tsconfig
+---
+
+# Task: generate-tsconfig
+
+Condition: only run if `context.current_init.language == "typescript"`. Otherwise skip entirely.
+
+Generate: `<service_name>/tsconfig.json`
+
+```json
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "module": "commonjs",
+    "lib": ["ES2020"],
+    "outDir": "./dist",
+    "rootDir": "./",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true
+  },
+  "include": [
+    "./**/*.ts"
+  ],
+  "exclude": [
+    "node_modules",
+    "dist",
+    "**/*.test.ts"
+  ]
+}
+```

package/tasks/generate-validator.task.md

@@ -15,6 +15,37 @@ invalid input without throwing.
 
 ---
 
+## Language Branch
+
+Read `context.current_init.language` (or `context.services[name].language`).
+
+**TypeScript — generate `utilities/validator.ts`:**
+```typescript
+import Validator from 'validatorjs';
+import { Request, Response, NextFunction } from 'express';
+
+/**
+ * Validates request body against validatorjs rules; calls next() if valid, sends 400 if not.
+ *
+ * @param {Record<string, string>} rules - Validatorjs rule object.
+ * @returns Express middleware function.
+ */
+export function checkValidationRules(rules: Record<string, string>) {
+    return (req: Request, res: Response, next: NextFunction): void => {
+        const validation = new Validator(req.body, rules);
+        if (validation.fails()) {
+            res.status(400).json({ status: 0, message: 'Validation failed', data: validation.errors.all() });
+            return;
+        }
+        next();
+    };
+}
+```
+
+**JavaScript — generate `utilities/validator.js` (existing behavior — see below)**
+
+---
+
 ## Dependencies to Import
 
 - `validatorjs` — imported as `Validator` (capital V). This is the

package/ide/cursor/.cursor/rules/04-database.mdc

@@ -1,87 +0,0 @@
----
-description: codeninja database standards — loaded for SQL migration files and database work
-globs: ["**/database/**", "**/*.sql", "**/migrations/**"]
-alwaysApply: false
----
-
-# codeninja — Database Architect
-
-## Before Any SQL Generation
-Call `migration_next_number` MCP tool. NEVER invent table or column names.
-Load `context.db` fully. `database/` folder ALWAYS at repository root.
-
-## Naming (strict — no exceptions)
-| Element | Rule | Example |
-|---------|------|---------|
-| Table | `tbl_` prefix, lowercase, plural | `tbl_users` |
-| Column | lowercase snake_case | `user_id`, `created_at` |
-| PK | `id` bigint identity, first | always |
-| FK | `<table_singular_no_prefix>_id` | `user_id` → `tbl_users` |
-| Index (per-table) | `idx_<table_no_prefix>_<cols>` | `idx_users_email` |
-| Index (global) | `idx_tbl_<table>_<cols>` | `idx_tbl_users_email_is_deleted` |
-| Create file | `<N>-setup-tbl-<n>.sql` | `3-setup-tbl-users.sql` |
-| Alter file | `<N>-alter-tbl-<n>-<desc>.sql` | `12-alter-tbl-users-add-kyc.sql` |
-| Drop file | `<N>-drop-tbl-<n>.sql` | `13-drop-tbl-sessions.sql` |
-| Shared indexes | `111-setup-database-indexes.sql` | always last |
-
-## Primary Key (exact format)
-```sql
-id bigint NOT NULL GENERATED ALWAYS AS IDENTITY (INCREMENT 1 START 1 MINVALUE 1 MAXVALUE 9223372036854775807 CACHE 1),
-```
-`PRIMARY KEY (id)` at END of column block — never inline.
-
-## Column Types
-| Use | Type |
-|-----|------|
-| FK | `BIGINT NOT NULL DEFAULT 0` |
-| Names | `VARCHAR(64)`–`VARCHAR(255)` |
-| Short codes | `VARCHAR(8)`–`VARCHAR(32)` |
-| Email | `VARCHAR(132)` |
-| Token/password | `TEXT` |
-| Timestamp | `TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP` |
-| Status flag | `INTEGER NOT NULL DEFAULT 0 CHECK (status IN (0, 1))` |
-| Soft delete | `BOOLEAN NOT NULL DEFAULT FALSE` |
-| Price | `NUMERIC(18,8) NOT NULL DEFAULT 0.00000000` |
-| JSON | `JSON NOT NULL DEFAULT '{}'` |
-
-NEVER use PostgreSQL ENUM — always `VARCHAR + CHECK constraint`.
-Apply `NOT NULL` to every column by default.
-
-## SQL File Content Order (strict)
-```
-1. -- Comment: Creating <table> for <purpose>
-2. DROP TABLE IF EXISTS public.<table> CASCADE;
-3. CREATE TABLE block (id first, timestamps last)
-4. COMMENT ON COLUMN for every enum/flag column
-5. Per-table CREATE INDEX statements
-6. ALTER TABLE public.<table> OWNER TO <context.db.user>;
-7. GRANT ALL ON TABLE public.<table> TO <context.db.user>;
-8. INSERT seed data (reference tables only)
-```
-
-## Required Columns
-| Column | Every table | Entity tables | Log tables |
-|--------|------------|---------------|------------|
-| `id` | ✓ | ✓ | ✓ |
-| `created_at` | ✓ | ✓ | ✓ |
-| `status` | — | ✓ | — |
-| `is_deleted` | — | ✓ | — |
-
-## Index Rules — Always Index
-- Every FK column
-- `(status, is_deleted)` compound on entity tables
-- `created_at DESC` on log/event tables
-- `email` compound with `is_deleted` on user tables
-- Any WHERE or ORDER BY column in business queries
-
-## create-schema.sql
-Lives at `<repo_root>/database/<db_type>/create-schema.sql`. Auto-generated, never hand-edited.
-After every table operation: update `\i` entries in numeric order.
-`111-setup-database-indexes.sql` always last.
-
-## Permissions (end of every file)
-```sql
-ALTER TABLE public.<table> OWNER TO <context.db.user>;
-GRANT ALL ON TABLE public.<table> TO <context.db.user>;
-```
-Always from `context.db.user` — never hardcode username.

package/ide/cursor/.cursor/rules/05-reactjs.mdc

@@ -1,83 +0,0 @@
----
-description: codeninja ReactJS standards — loaded for React app files
-globs: ["**/src/**", "**/public/**", "**/*.jsx", "**/*.css", "**/apiClient*", "**/apiHandler*"]
-alwaysApply: false
----
-
-# codeninja — ReactJS Frontend
-
-## Backend Linking (enforced before any generation)
-```
-context.current_init.linked_service → backend service name
-context.services[linked].port       → REACT_APP_BASE_URL
-context.services[linked].encryption_key → REACT_APP_KEY
-context.services[linked].encryption_iv  → REACT_APP_IV
-context.services[linked].api_key        → REACT_APP_API_KEY
-```
-These 4 values are ALWAYS inherited. NEVER ask the user. NEVER hardcode.
-
-## File Structure
-```
-<service>/
-  public/
-    assets/css/style.css   ← global styles
-    index.html             ← single HTML shell
-    .htaccess              ← Apache SPA rewrite
-  src/
-    api/
-      apiClient.js         ← Axios + encrypt/decrypt interceptors
-      apiHandler.js        ← one export per API endpoint
-    components/            ← shared reusable components
-    pages/Welcome/
-      index.jsx
-      Welcome.module.css
-    App.jsx                ← React Router root
-    index.jsx              ← ReactDOM.createRoot
-  .env                     ← gitignored
-  .env.example             ← committed, values blank
-```
-
-## apiClient.js — 4 Responsibilities
-1. Static headers: `api-key`, `Accept-Language`, `Content-Type: text/plain`
-2. Request: encrypt body via AES-256-CBC; attach encrypted `token` from `localStorage('wa_token')` if present
-3. Response success: decrypt body; parse JSON; if `status === -1` → `logOutRedirectCall()`; if decrypt fails → return raw
-4. Response error: `ERR_NETWORK` or `401` → `logOutRedirectCall()` + `showErrorMessage()`
-
-KEY/IV: `CryptoJS.enc.Hex.parse(process.env.REACT_APP_KEY/IV)`.
-`logOutRedirectCall` and `showErrorMessage` imported from `../pages/common/Utils`.
-
-## apiHandler.js — Pattern
-```javascript
-export const functionName = async (data) => {
-  const res = await axiosClient.post('/path', data);
-  return res.data;
-};
-```
-- One async function per endpoint — no try/catch, no decryption
-- Session saving in handler, not in UI components
-- Functions match routes in `context.api_routes` for linked service
-
-## Code Style
-- Functional components only — no class components
-- JSDoc above every exported function and component
-- No inline styles — `.module.css` per page, `global.css` shared
-- No `console.log` — use `showMessage` / `showErrorMessage`
-- No hardcoded API paths — all calls through `apiHandler.js`
-
-## .env Contents
-```
-REACT_APP_BASE_URL=http://localhost:<linked_port>/api/v1/
-REACT_APP_API_KEY=<inherited>
-REACT_APP_KEY=<inherited>
-REACT_APP_IV=<inherited>
-```
-
-## @modularize
-Scan pages, find repeated layout blocks, extract to `src/components/<Name>/`.
-Rewrite pages to use component. Never change data-fetching or state.
-
-## @validate-page
-Client-side only. Per-field error messages below inputs. Preferred library from user.
-
-## @integrate-api
-Add handler in `apiHandler.js`. Wire buttons/forms. Add loading, error, success states.