codeninja 3.1.0 → 4.0.0

package/ide/antigravity/.agents/skills/mcp-and-context/SKILL.md

@@ -1,111 +1,105 @@
 ---
 skill: mcp-and-context
-scope: always-loaded
+scope: all-commands
+loaded-for:
+  - all commands (always active)
 description: >
-  MCP tool usage rules and context management protocol. Loaded on every
-  session. Governs how every persona reads, writes, and protects context.json.
+  All MCP tools available in this project, the complete context.json schema
+  (including v4.0 fields), and the stale scratchpad recovery procedure.
 ---
 
-# Skill: MCP and Context Management
+# Skill: MCP and Context
 
-This skill governs all interaction with the codeninja MCP server and
-context.json. Every persona must follow these rules without exception.
-
----
-
-## Available MCP Tools
+## All MCP Tools
 
 | Tool | Purpose | When to use |
-|------|---------|-------------|
-| `context_read` | Load full project context | First thing on every activation |
-| `context_write` | Persist changes (deep-merge) | After every completed operation |
-| `context_clear_scratchpad` | Clear a current_* key | After writing context |
-| `context_check_stale` | Detect unresolved scratchpad | Step 0 of activation |
-| `service_scan` | Discover all services on disk | Step 2 of activation |
-| `migration_next_number` | Get next sequential migration number | Before creating any migration file |
+|---|---|---|
+| `context_read` | Load full context.json into memory | FIRST on every activation |
+| `context_write` | Deep-merge updates into context.json | After every completed operation |
+| `context_clear_scratchpad` | Clear current_* scratchpad key | After writing context post-workflow |
+| `context_check_stale` | Detect unresolved scratchpad operations | Step 0 of every activation |
+| `service_scan` | Discover all service directories on disk | Step 2 of activation; compare with context.services |
+| `migration_next_number` | Get next sequential migration number | Before generating any migration file |
 | `fs_read` | Read a file from disk | Before modifying any existing file |
-| `fs_list` | List directory contents | When scanning structure |
-| `fs_exists` | Check if file/directory exists | Before conditional operations |
-| `file_insert_after` | Surgical file insertion | Appending to route_manager.js, etc. |
-| `file_contains` | Check if string exists in file | Before appending to avoid duplicates |
-| `run_drift_check` | Compare context vs disk | During @sync workflow |
-| `lint_file` | Lint a generated file | After generating JS/SQL files |
-| `npm_check_package` | Look up npm package info | When verifying dependencies |
-| `npm_install` | Install a package | When adding new dependencies |
-| `validate_redis_connection` | Test Redis connectivity | During service init |
-| `validate_postgres_connection` | Test DB connectivity | During service init |
-| `analyze_middleware_order` | Check middleware chain | During @audit |
-| `analyze_encryption_library` | Verify encryption setup | During @audit |
-| `analyze_language_keys` | Check i18n completeness | During @audit |
-| `analyze_dependencies` | Scan package.json | During @audit / @sync |
-| `analyze_env_file` | Check .env completeness | During @audit |
-
----
-
-## Absolute Rules
-
-- NEVER read `context.json` directly with `fs_read` — always use `context_read`
-- NEVER write `context.json` directly — always use `context_write`
-- `context_write` deep-merges — it never overwrites the whole file
-- `change_log` is append-only — never delete entries
-- NEVER assume a stored value — always read from loaded context object
-- `context_version` is managed automatically — if `context_read` returns a
-  higher version than expected, the file was modified externally — re-read before acting
-
----
-
-## Context Schema Reference
+| `fs_list` | List directory contents | When scanning project structure |
+| `fs_exists` | Check if a file/directory exists | Before conditional operations |
+| `file_insert_after` | Surgically insert content after a marker | route_manager.js, swagger_doc.json — never rewrite |
+| `file_contains` | Check if file already contains a string | Before appending to avoid duplicates |
+| `run_drift_check` | Compare context vs actual files on disk | During /codeninja:sync |
+| `lint_file` | Lint a generated JS/TS file | After any JS/TS file generation |
+| `analyze_middleware_order` | Verify middleware chain order | During /codeninja:audit |
+| `analyze_encryption_library` | Verify encryption library usage | During /codeninja:audit |
+| `analyze_language_keys` | Check i18n key consistency | During /codeninja:audit |
+| `analyze_dependencies` | Scan package.json for issues | During /codeninja:audit |
+| `analyze_env_file` | Check .env completeness | During /codeninja:audit |
+| `validate_redis_connection` | Test Redis connectivity | During /codeninja:init |
+| `validate_postgres_connection` | Test PostgreSQL connectivity | During /codeninja:init |
+
+## Context.json Schema (v4.0)
 
 ```json
 {
   "context_version": 0,
   "project_name": "",
+  "initialized_at": "",
+  "last_updated_at": "",
+  "last_command": "",
+  "repository_state": "fresh|existing",
   "project_info": {
     "summary": "",
     "detected_entities": [],
-    "features": [],
-    "from_doc": { "project_name": "", "domain": "", "purpose": "", "features": [], "entities": [], "tech_preferences": [] },
-    "from_sow": { "integrations": [] },
-    "from_figma": { "screens": [] }
+    "has_doc": false,
+    "has_sow": false,
+    "has_figma": false
   },
   "db": {
-    "type": "",
-    "name": "",
-    "host": "",
-    "port": 0,
-    "user": "",
-    "schema": {}
+    "type": "postgres|mysql|mongodb",
+    "orm": "none|prisma",
+    "name": "", "host": "", "port": 0, "user": "",
+    "schema": { "tables": {}, "change_log": [] }
+  },
+  "services": {
+    "<service_name>": {
+      "type": "nodejs|reactjs",
+      "language": "javascript|typescript",
+      "hashing_library": "bcryptjs|argon2",
+      "port": 0,
+      "client_type": "reactjs|app",
+      "encrypted_transport": true,
+      "supported_languages": ["en"],
+      "encryption_key": "",
+      "encryption_iv": "",
+      "api_key": "",
+      "modules": [],
+      "linked_service": "",
+      "linked_service_port": 0
+    }
   },
-  "services": {},
   "api_routes": [],
-  "change_log": []
+  "change_log": [],
+  "current_init": {},
+  "current_api": {},
+  "current_action": {}
 }
 ```
 
----
-
-## Scratchpad Keys (current_* pattern)
-
-Temporary keys written during multi-step workflows:
+**New v4.0 fields:**
+- `db.orm` — "none" (raw driver) or "prisma" (Prisma ORM)
+- `services[name].language` — "javascript" or "typescript"
+- `services[name].hashing_library` — "bcryptjs" or "argon2"
 
-| Key | Used by |
-|-----|---------|
-| `current_init` | initialize-project workflow |
-| `current_api` | create-api workflow |
-| `current_table` | db-create-table workflow |
-| `current_modify` | db-modify-table workflow |
-| `current_index` | db-add-index workflow |
-| `current_design` | design workflow |
+## Context Rules
 
-After `context_write` with final results → always call `context_clear_scratchpad`
-for the relevant key. This prevents stale data from persisting across sessions.
-
----
+- `context_write` deep-merges — it never replaces the whole file
+- `change_log` is append-only — never delete or modify entries
+- `context_version` auto-increments on each write
+- Stale scratchpad: if `context_check_stale` returns unresolved keys, resolve them before any other operation
+- After every completed workflow: call `context_write` then `context_clear_scratchpad`
 
 ## Stale Scratchpad Recovery
 
-When `context_check_stale` returns stale keys:
-1. Show the user what was in progress
-2. Ask: "Resume this operation or discard it?"
-3. If resume → re-read the scratchpad and continue from where it left off
-4. If discard → call `context_clear_scratchpad` and start fresh
+If `context_check_stale` returns stale `current_*` keys:
+1. Read the stale key contents
+2. Ask user: "There's an unfinished [operation] — continue it or discard?"
+3. If continue: resume the workflow from the summary step
+4. If discard: call `context_clear_scratchpad` for that key, then proceed

package/ide/antigravity/.agents/skills/reactjs/SKILL.md

@@ -209,3 +209,39 @@ export default App;
 5. Wire form submit and button clicks to handler functions
 6. Add loading state (boolean), error state (string), success state
 7. Show loading spinner during API call, error message on failure, success feedback on completion
+
+---
+
+## Wave Generation Order (v4.0)
+
+Wave 1 — Foundation (read `.codeninja/tasks/generate-react-package-json.task.md` etc.):
+- `package.json` → task: generate-react-package-json
+- `.env` + `.env.example` → task: generate-react-env
+- `.gitignore` → task: generate-react-gitignore
+- `README.md` → task: generate-readme
+- `public/index.html` → task: generate-react-index-html
+- `.htaccess` (root + public) → task: generate-react-htaccess
+
+Wave 2 — API Layer:
+- `src/api/apiClient.js` → task: generate-react-api-client
+- `src/api/apiHandler.js` → task: generate-react-api-handler
+
+Wave 3 — Application Shell:
+- `src/pages/Welcome/index.jsx` → task: generate-react-welcome-page
+- `src/App.jsx` → task: generate-react-app-jsx
+- `src/index.jsx` → task: generate-react-index-jsx
+
+Wave 4 — Docker:
+- `Dockerfile` + `nginx.conf` → task: generate-react-dockerfile
+
+## .htaccess Pattern
+
+Two files are always generated — one at service root, one in `public/`:
+
+```apache
+RewriteEngine On
+RewriteBase /
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule ^ index.html [L]
+```

package/ide/antigravity/.agents/workflows/codeninja-api.md

@@ -1,28 +1,104 @@
+This workflow runs when user invokes /codeninja:api
+
+---
+type: workflow
+name: create-api
+description: >
+  Add a new API module (route.js + model.js) to an existing NodeJS service.
+  Appends to route_manager.js and patches swagger_doc.json surgically —
+  never rewrites existing files. Fully context-aware.
+---
+
+# Workflow: @create-api
+
+## Goal
+Scaffold a complete API module inside an existing NodeJS service.
+Every generated file references actual DB columns from context.
+
+## Rules
+- Ask ONE question at a time
+- Never invent table or column names — read from `context.db.schema`
+- Always add the new route to `context.api_routes`
+- Always update `swagger_doc.json` with the new endpoint
+
+---
+
+## Step-by-Step Execution
+
+### Phase 0 — Existing Pattern Review
+Before asking any questions, read the existing modules in
+context.services[<service_name>].modules and scan 1–2 existing
+route.js and _model.js files from the service.
+
+Identify:
+- Naming conventions in use (camelCase vs PascalCase for functions)
+- Common validation patterns (which fields always get required rules)
+- Any project-specific response patterns beyond the standard contract
+- Auth pattern used across existing routes (all full? mixed?)
+
+Surface a one-line summary: "I've reviewed [n] existing modules.
+I'll follow the same structure." Then proceed to Phase 1.
+
+### Phase 1 — Target Service
+1. Run task: `ask-target-service`
+   - List available services from `context.services`
+   - Stores: `context.current_api.service_name`
+
+2. Run task: `ask-api-version`
+   - Default: v1
+   - Stores: `context.current_api.version`
+
+---
+
+### Phase 2 — Module Identity
+3. Run task: `ask-module-name`
+   - Example: Products, Orders, Invoice
+   - Stores: `context.current_api.module_name`
+
+4. Run task: `ask-http-method`
+   - Options: GET, POST, PUT, PATCH, DELETE
+   - Stores: `context.current_api.method`
+
+5. Run task: `ask-route-path`
+   - Example: /products, /products/:id
+   - Stores: `context.current_api.route_path`
+
+6. Run task: `ask-route-description`
+   - Stores: `context.current_api.description`
+
 ---
-slash_command: /codeninja:api
-personas: [global-orchestrator, nodejs-backend]
-skills: [mcp-and-context, api-builder]
-description: Add a new API endpoint to an existing NodeJS service using the 5-step SOP
+
+### Phase 3 — Database Binding
+7. Run task: `ask-primary-table`
+   - Show available tables from `context.db.schema.tables`
+   - Stores: `context.current_api.primary_table`
+
+8. Run task: `ask-requires-auth`
+   - Options: yes / no
+   - Stores: `context.current_api.requires_auth`
+
 ---
 
-# /codeninja:api
+### Phase 4 — Generate
+9. Confirm with user: "Generate [METHOD] [path] in [service]/modules/[version]/[Module]? (yes/no)"
 
-Delegates to: `.codeninja/commands/create-api.workflow.md`
+> **Multi-agent:** Delegate to `nodejs-backend` via Task invocation for parallel execution.
+> Read `.codeninja/tasks/generate-route.task.md` and `.codeninja/tasks/generate-model.task.md` before generating each file.
 
-## Before Running
-1. Call `context_check_stale`
-2. Call `context_read` — load `context.services` and `context.db.schema`
-3. Read 1–2 existing modules in the target service to understand current patterns
+10. Delegate to `nodejs-agent`:
+    - Generate: `route.js` — run task: generate-route
+      (new file — always a full write)
+    - Generate: `<module>_model.js` — run task: generate-model
+      (new file — always a full write)
+    - Append to: `modules/<version>/route_manager.js`
+      run task: generate-route-manager (Mode 2 — append only)
+      NEVER rewrite this file — surgical insert only
+    - Patch: `document/<version>/swagger_doc.json`
+      run task: generate-swagger (Mode 2 — patch paths object only)
+      NEVER rewrite this file — add new path key only
 
-## Execution
-Read and execute `create-api.workflow.md` step by step.
-ONE confirmation after showing module details, then generate all files silently:
-- `route.js` → task: generate-route
-- `<module>_model.js` → task: generate-model
-- Append to `route_manager.js` → `file_insert_after` MCP tool (NEVER rewrite)
-- Patch `swagger_doc.json` → `file_insert_after` MCP tool (add new path only)
+11. Run task: `write-context`
+    - Append to `context.api_routes`
+    - Update `context.services[<service>].modules`
 
-## After Running
-Call `context_write` — append to `context.api_routes`, update `context.services[<n>].modules`.
-Call `context_clear_scratchpad` for `current_api`.
-Show `show-final-summary` task output.
+12. Run task: `show-final-summary`

package/ide/antigravity/.agents/workflows/codeninja-audit.md

@@ -1,23 +1,119 @@
+This workflow runs when user invokes /codeninja:audit
+
 ---
-slash_command: /codeninja:audit
-personas: [global-orchestrator, nodejs-backend]
-skills: [mcp-and-context, api-builder, code-intelligence]
-description: Security and quality review of a NodeJS service
+type: workflow
+name: audit
+description: >
+  Review an existing service for code quality, security issues, naming
+  consistency, missing middleware, and context alignment.
 ---
 
-# /codeninja:audit
+# Workflow: @audit
+
+## Goal
+Produce a structured audit report for a service. Identify issues by severity.
+Optionally auto-fix low-risk issues.
+
+## When to use @audit vs @sync drift detection
+
+`@sync` drift detection: runs automatically with every @sync. Checks
+structural markers only — middleware order, library consistency,
+export patterns. Fast, read-only, always safe.
+
+`@audit`: run manually when you want deep code quality analysis —
+security checks, SQL injection patterns, response format consistency,
+context alignment. Slower, comprehensive, covers logic not just structure.
+
+Run @sync regularly. Run @audit before releasing a service or after
+a major refactor.
+
+---
+
+## Step-by-Step Execution
+
+1. Run task: `ask-target-service`
+
+> **Multi-agent:** Delegate to `nodejs-backend` or `database-architect` based on service type via Task invocation for parallel execution.
+> Read `.codeninja/tasks/` task files relevant to the service before running checks.
+
+2. Delegate to relevant agent(s) based on service type.
+
+3. Agent checks:
+
+### Security Checks
+- [ ] API key validation middleware applied to all routes?
+- [ ] Input validation on all POST/PUT/PATCH routes?
+- [ ] SQL injection prevention (parameterized queries)?
+- [ ] Sensitive values only from env vars (no hardcoded keys/passwords)?
+- [ ] `.env` in `.gitignore`?
+- [ ] Encryption using real AES-256-CBC (not base64)?
+- [ ] utilities/encryption.js is the only file importing crypto-js or cryptlib?
+- [ ] res.json() is never called directly in route.js or model files?
+- [ ] Validator package never imported directly in route files?
+- [ ] SMTP credentials only in .env — never hardcoded in
+      notification.js or template.js?
+- [ ] Firebase service account file in pem/ and in .gitignore?
+- [ ] GLOBALS object is frozen using Object.freeze?
+
+### Code Quality Checks
+- [ ] Controllers only call services (no DB queries in controllers)?
+- [ ] Services contain business logic (no Express req/res objects)?
+- [ ] Models contain only DB queries?
+- [ ] Global error handler present and used?
+- [ ] All routes call checkValidationRules from utilities/validator.js
+      before calling model functions?
+- [ ] No separate _validator.js files exist per module?
+- [ ] rateLimiter is the first middleware in route_manager.js?
+- [ ] extractLanguage runs before validateApiKey in route_manager.js?
+- [ ] decryptRequest is the last middleware in the chain?
+- [ ] No route handlers defined directly in route_manager.js?
+- [ ] asyncHandler wraps every middleware in route_manager.js?
+- [ ] All model functions return exactly { responsecode, responsemsg,
+      responsedata } — no extra keys, no throws?
+- [ ] No req/res objects in any model file?
+- [ ] Passwords HASHED (not encrypted) using `utilities/hashing.js` before storage?
+      Correct: `await hashPassword(plainText)` — one-way bcrypt/argon2 hash
+      Wrong: `encrypt(password)` from encryption.js — reversible AES, not safe for passwords
+- [ ] No direct bcrypt/argon2 imports in route.js or model files? All hashing routed through utilities/hashing.js?
+- [ ] Session tokens generated only via common.generateSessionCode?
+- [ ] No crypto-js or cryptlib imported directly in model files?
+- [ ] No direct res.json() calls in route.js files?
 
-Delegates to: `.codeninja/commands/audit.workflow.md`
+### Consistency Checks
+- [ ] All routes documented in `swagger_doc.json`?
+- [ ] Response format consistent (success, message, data, timestamp)?
+- [ ] Naming follows snake_case for DB, camelCase for JS?
+- [ ] Port matches `context.services[<name>].port`?
+- [ ] DB config matches `context.db`?
+- [ ] All message keywords used in sendResponse calls exist in
+      languages/en.js?
+- [ ] All language files contain the same set of keys as en.js?
+- [ ] No two services share the same port in context.services?
+- [ ] All encryption keys in context.services are exactly 32 characters?
+- [ ] All encryption IVs in context.services are exactly 16 characters?
+- [ ] No service name in context.services conflicts with a folder name
+      that already exists on disk for a different service?
 
-## Before Running
-1. Call `context_read`
-2. Ask: "Which service do you want to audit?" — list from `context.services`
+### Context Alignment
+- [ ] All routes present in `context.api_routes`?
+- [ ] All DB tables referenced match `context.db.schema`?
+- [ ] All router.use() lines in route_manager.js have a corresponding
+      entry in context.services[<name>].modules?
+- [ ] All context.services[<name>].modules entries have a corresponding
+      router.use() line in route_manager.js?
+- [ ] All paths in swagger_doc.json have a corresponding entry in
+      context.api_routes?
 
-## Execution
-Read and execute `audit.workflow.md`.
-Use MCP tools: `analyze_middleware_order`, `analyze_encryption_library`,
-`analyze_language_keys`, `analyze_dependencies`, `analyze_env_file`.
+4. Present audit report:
+```
+AUDIT REPORT — <service_name>
+══════════════════════════════════════
+🔴 CRITICAL   (must fix)
+🟡 WARNING    (should fix)
+🟢 INFO       (nice to have)
+══════════════════════════════════════
+[list findings with file + line context]
+```
 
-## Output
-Severity-ranked report: CRITICAL → WARNING → SUGGESTION.
-Offer to auto-fix SUGGESTION items. Fix WARNING/CRITICAL one at a time with confirmation.
+5. Ask: "Auto-fix critical issues? (yes/no)"
+6. If yes → delegate to relevant agent for fixes → run task: `write-context`

package/ide/antigravity/.agents/workflows/codeninja-db-create.md

@@ -1,11 +1,137 @@
+This workflow runs when user invokes /codeninja:db:create
+
 ---
-slash_command: /codeninja:db:create
-personas: [global-orchestrator, database-architect]
-skills: [mcp-and-context, database]
-description: Design and generate a new table with migration file
+type: workflow
+name: db-create-table
+command: "@db:create-table"
+description: >
+  Design and generate a new database table following all project conventions.
+  Collects table purpose, name, columns one at a time, then generates the
+  numbered SQL file, updates create-schema.sql, and records in context.
 ---
-# /codeninja:db:create
-Delegates to: `.codeninja/commands/db-create-table.workflow.md`
-Before: `context_read` (load context.db fully), `context_check_stale`, `migration_next_number`.
-One question at a time. Never invent names — all from context.db.schema.
-After: `context_write` updated schema, `context_clear_scratchpad` for current_table.
+
+# Workflow: @db:create-table
+
+## Goal
+Generate a complete, convention-compliant SQL table file. Every generated
+file must pass ALL rules defined in database-agent.md.
+
+## Rules
+- Ask ONE question at a time — never bundle column definitions
+- Always enforce tbl_ prefix and snake_case naming
+- Never create a table file without updating create-schema.sql
+- Always record in context.db.schema after generation
+
+---
+
+## Step-by-Step Execution
+
+### Phase 1 — Table Identity
+1. Run task: `ask-table-purpose`
+   - Stores: `context.current_db.table_purpose`
+   - Used by agent to suggest column names and structure
+
+2. Run task: `ask-table-name`
+   - Enforce: lowercase, snake_case, must start with `tbl_`
+   - Stores: `context.current_db.table_name`
+
+3. Run task: `ask-table-file-number`
+   - Agent reads existing files in `database/<db_type>/migrations/`
+   - Suggests next available number
+   - Stores: `context.current_db.file_number`
+
+---
+
+### Phase 2 — Standard Columns Decision
+4. Run task: `ask-table-needs-status`
+   - Ask: "Does this table need status and is_deleted columns?"
+   - Agent guidance: suggest YES for user/entity tables, NO for event/log tables
+   - Stores: `context.current_db.needs_status`
+
+5. Run task: `ask-table-needs-soft-delete`
+   - Ask: "Does this table support soft delete (is_deleted)?"
+   - Auto-suggest: YES if needs_status is YES
+   - Stores: `context.current_db.needs_soft_delete`
+
+---
+
+### Phase 3 — Column Collection (repeat until done)
+6. Run task: `ask-column-name`
+   - Show columns collected so far
+   - Ask: "Enter the next column name (or type 'done' to finish)"
+   - Enforce: snake_case, lowercase
+   - Stores: appends to `context.current_db.columns[]`
+
+7. Run task: `ask-column-type`
+   - Show suggested type based on column name pattern:
+     - `*_id` → BIGINT NOT NULL DEFAULT 0
+     - When a column name ends in `_id`:
+         - Cross-reference context.db.schema.tables for a table whose name
+         matches the prefix (e.g. user_id → tbl_users)
+         - If found → suggest: "This looks like a foreign key to tbl_users.
+         Add FK constraint? (yes/no)"
+         - If yes → add REFERENCES clause to the column definition
+     - `is_*` → BOOLEAN NOT NULL DEFAULT FALSE
+     - `*_at` → TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP
+     - `status` → INTEGER NOT NULL DEFAULT 0 CHECK (status IN (0,1))
+     - `*_count` → BIGINT NOT NULL DEFAULT 0
+     - `*_price`, `*_amount` → NUMERIC(18,8) NOT NULL DEFAULT 0.00000000
+     - `email` → VARCHAR(132) NOT NULL DEFAULT ''
+     - `phone` → VARCHAR(16) NOT NULL DEFAULT ''
+     - `password` → TEXT NOT NULL DEFAULT ''
+     - `*_image`, `*_url` → VARCHAR(255) NOT NULL DEFAULT ''
+     - `payload`, `metadata`, `*_result` → JSON NOT NULL DEFAULT '{}'
+     - default → VARCHAR(255) NOT NULL DEFAULT ''
+   - Stores: in current column entry
+
+8. Run task: `ask-column-is-enum`
+   - Ask: "Does this column have a fixed set of allowed values? (enum-like)"
+   - If yes → run task: `ask-column-enum-values`
+   - Stores: check constraint and comment text
+
+9. Return to step 6 until user types 'done'
+
+---
+
+### Phase 4 — Index Decision
+10. Run task: `ask-table-indexes`
+    - Agent auto-suggests indexes based on collected columns:
+      - Every `*_id` (foreign key) column → suggest index
+      - `status + is_deleted` compound → suggest if both exist
+      - `created_at DESC` → suggest for event/log tables
+    - Ask user to confirm suggested indexes or add custom ones
+
+---
+
+### Phase 5 — Seed Data
+11. Run task: `ask-table-seed-data`
+    - Ask: "Does this table need seed/initial data?"
+    - Guidance: suggest YES only for reference/master data tables
+    - If yes → run task: `collect-seed-data`
+    - Stores: `context.current_db.seed_rows[]`
+
+---
+
+### Phase 6 — Summary and Generate
+12. Run task: `show-db-table-summary`
+    - Display complete table definition as it will be generated
+    - Show: table name, file number, all columns with types, indexes, seed data
+    - Ask: "Generate this table? (yes / no / change a value)"
+    - If change → re-run specific task → return to this step
+    - If no → abort, nothing created
+    - If yes → proceed
+
+> **Multi-agent:** Delegate to `database-architect` via Task invocation for parallel execution.
+> Read `.codeninja/tasks/generate-prisma-schema.task.md` and relevant task files before generating each file.
+
+13. Delegate to `database-agent`:
+    - Generate: `<repo_root>/database/<db_type>/migrations/<number>-setup-tbl-<name>.sql`
+    - Update: `<repo_root>/database/<db_type>/create-schema.sql`
+    - If any indexes belong in shared file → update: `111-setup-database-indexes.sql`
+
+14. Run task: `write-context`
+    - Append table to `context.db.schema.tables`
+    - Append to `context.db.schema.change_log`
+    - Clear `context.current_db`
+
+15. Run task: `show-final-summary`