npm - codeninja - Versions diffs - 3.2.0 → 4.0.1 - Mend

codeninja 3.2.0 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (111) hide show

package/README.md +15 -4
package/agent/database-agent.md +24 -1
package/agent/nodejs-agent.md +79 -0
package/cli.js +27 -7
package/commands/audit.workflow.md +4 -1
package/commands/db-create-table.workflow.md +1 -1
package/commands/initialize-project.workflow.md +21 -0
package/ide/antigravity/.agents/personas/database-architect.md +431 -153
package/ide/antigravity/.agents/personas/global-orchestrator.md +202 -85
package/ide/antigravity/.agents/personas/nodejs-backend.md +368 -133
package/ide/antigravity/.agents/personas/reactjs-frontend.md +182 -101
package/ide/antigravity/.agents/skills/api-builder/SKILL.md +58 -0
package/ide/antigravity/.agents/skills/code-intelligence/SKILL.md +22 -0
package/ide/antigravity/.agents/skills/database/SKILL.md +32 -0
package/ide/antigravity/.agents/skills/mcp-and-context/SKILL.md +76 -82
package/ide/antigravity/.agents/skills/reactjs/SKILL.md +36 -0
package/ide/antigravity/.agents/workflows/codeninja-api.md +76 -83
package/ide/antigravity/.agents/workflows/codeninja-audit.md +82 -44
package/ide/antigravity/.agents/workflows/codeninja-db-create.md +107 -94
package/ide/antigravity/.agents/workflows/codeninja-db-drop.md +89 -67
package/ide/antigravity/.agents/workflows/codeninja-db-index.md +86 -54
package/ide/antigravity/.agents/workflows/codeninja-db-modify.md +126 -68
package/ide/antigravity/.agents/workflows/codeninja-db-seed.md +87 -59
package/ide/antigravity/.agents/workflows/codeninja-db-sync.md +77 -41
package/ide/antigravity/.agents/workflows/codeninja-debug.md +35 -21
package/ide/antigravity/.agents/workflows/codeninja-design.md +49 -35
package/ide/antigravity/.agents/workflows/codeninja-explain.md +41 -20
package/ide/antigravity/.agents/workflows/codeninja-init.md +479 -289
package/ide/antigravity/.agents/workflows/codeninja-integrate-api.md +253 -136
package/ide/antigravity/.agents/workflows/codeninja-modularize.md +250 -132
package/ide/antigravity/.agents/workflows/codeninja-optimize.md +71 -29
package/ide/antigravity/.agents/workflows/codeninja-refactor.md +50 -42
package/ide/antigravity/.agents/workflows/codeninja-review.md +38 -21
package/ide/antigravity/.agents/workflows/codeninja-sync.md +922 -141
package/ide/antigravity/.agents/workflows/codeninja-test.md +34 -49
package/ide/antigravity/.agents/workflows/codeninja-validate-page.md +449 -151
package/ide/claude-code/.claude/CLAUDE.md +99 -0
package/ide/claude-code/.claude/agents/database-agent.md +535 -0
package/ide/claude-code/.claude/agents/nodejs-agent.md +493 -0
package/ide/claude-code/.claude/agents/reactjs-agent.md +267 -0
package/ide/claude-code/.claude/commands/codeninja-api.md +104 -0
package/ide/claude-code/.claude/commands/codeninja-audit.md +119 -0
package/ide/claude-code/.claude/commands/codeninja-db-create.md +138 -0
package/ide/claude-code/.claude/commands/codeninja-db-drop.md +109 -0
package/ide/claude-code/.claude/commands/codeninja-db-index.md +103 -0
package/ide/claude-code/.claude/commands/codeninja-db-modify.md +165 -0
package/ide/claude-code/.claude/commands/codeninja-db-seed.md +104 -0
package/ide/claude-code/.claude/commands/codeninja-db-sync.md +106 -0
package/ide/claude-code/.claude/commands/codeninja-debug.md +99 -0
package/ide/claude-code/.claude/commands/codeninja-design.md +68 -0
package/ide/claude-code/.claude/commands/codeninja-explain.md +61 -0
package/ide/claude-code/.claude/commands/codeninja-init.md +529 -0
package/ide/claude-code/.claude/commands/codeninja-integrate-api.md +453 -0
package/ide/claude-code/.claude/commands/codeninja-modularize.md +334 -0
package/ide/claude-code/.claude/commands/codeninja-optimize.md +129 -0
package/ide/claude-code/.claude/commands/codeninja-refactor.md +76 -0
package/ide/claude-code/.claude/commands/codeninja-review.md +87 -0
package/ide/claude-code/.claude/commands/codeninja-sync.md +964 -0
package/ide/claude-code/.claude/commands/codeninja-test.md +45 -0
package/ide/claude-code/.claude/commands/codeninja-validate-page.md +548 -0
package/ide/cursor/.cursor/rules/01-global-orchestrator.mdc +12 -13
package/ide/cursor/.cursor/rules/02-mcp-and-context.mdc +47 -31
package/ide/cursor/.cursor/rules/03-api-builder.mdc +32 -110
package/ide/cursor/.cursor/rules/04-nodejs-generation.mdc +58 -0
package/ide/cursor/.cursor/rules/05-database.mdc +54 -0
package/ide/cursor/.cursor/rules/06-reactjs.mdc +36 -0
package/ide/cursor/.cursor/rules/07-reactjs-generation.mdc +49 -0
package/ide/cursor/.cursor/rules/08-code-intelligence.mdc +56 -0
package/ide/cursor/.cursor/rules/09-workflow-steps.mdc +53 -0
package/ide/vscode/.github/copilot-instructions.md +67 -382
package/ide/vscode/.vscode/instructions/code-intelligence.instructions.md +58 -0
package/ide/vscode/.vscode/instructions/database.instructions.md +55 -0
package/ide/vscode/.vscode/instructions/nodejs.instructions.md +77 -0
package/ide/vscode/.vscode/instructions/reactjs.instructions.md +42 -0
package/package.json +2 -2
package/tasks/ask-hashing-library.task.md +31 -0
package/tasks/ask-language-type.task.md +26 -0
package/tasks/ask-new-module-name.task.md +13 -0
package/tasks/ask-new-service-name.task.md +13 -0
package/tasks/ask-old-module-name.task.md +15 -0
package/tasks/ask-old-service-name.task.md +13 -0
package/tasks/ask-orm-type.task.md +26 -0
package/tasks/collect-seed-data.task.md +19 -0
package/tasks/generate-app.task.md +42 -0
package/tasks/generate-common.task.md +13 -0
package/tasks/generate-constants.task.md +13 -0
package/tasks/generate-database.task.md +32 -0
package/tasks/generate-encryption.task.md +28 -0
package/tasks/generate-fast-defaults.task.md +7 -0
package/tasks/generate-hashing.task.md +180 -0
package/tasks/generate-headerValidator.task.md +13 -0
package/tasks/generate-ioRedis.task.md +20 -0
package/tasks/generate-language-en.task.md +12 -0
package/tasks/generate-logging.task.md +12 -0
package/tasks/generate-model.task.md +74 -6
package/tasks/generate-notification.task.md +12 -0
package/tasks/generate-package-json.task.md +69 -0
package/tasks/generate-prisma-client.task.md +56 -0
package/tasks/generate-prisma-schema.task.md +71 -0
package/tasks/generate-rateLimiter.task.md +20 -0
package/tasks/generate-readme.task.md +24 -0
package/tasks/generate-response.task.md +27 -0
package/tasks/generate-route-manager.task.md +32 -0
package/tasks/generate-route.task.md +37 -0
package/tasks/generate-swagger.task.md +8 -0
package/tasks/generate-template.task.md +12 -0
package/tasks/generate-tsconfig.task.md +38 -0
package/tasks/generate-validator.task.md +31 -0
package/ide/cursor/.cursor/rules/04-database.mdc +0 -90
package/ide/cursor/.cursor/rules/05-reactjs.mdc +0 -147
package/ide/cursor/.cursor/rules/06-code-intelligence.mdc +0 -112

package/ide/cursor/.cursor/rules/02-mcp-and-context.mdc CHANGED Viewed

@@ -1,38 +1,54 @@
 ---
-description: codeninja MCP tools and context management — always applied
+description: codeninja MCP tools and context.json schema (v4.0). Always applied.
 globs: ["**/*"]
 alwaysApply: true
 ---
-# codeninja — MCP and Context
+# codeninja — MCP Tools and Context (v4.0)
-## MCP Tools Reference
-| Tool | Use |
-|------|-----|
-| `context_read` | Load project context — FIRST on every activation |
-| `context_write` | Persist changes — deep-merge, never overwrite |
-| `context_clear_scratchpad` | Clear current_* key after operation |
-| `context_check_stale` | Detect unresolved operations — Step 0 |
-| `service_scan` | Discover services on disk |
-| `migration_next_number` | Before any migration file creation |
-| `fs_read` | Read file before modifying |
-| `fs_list` | List directory contents |
-| `fs_exists` | Check existence before conditional ops |
-| `file_insert_after` | Surgical append (route_manager, swagger) |
-| `file_contains` | Check before appending to avoid duplicates |
-| `run_drift_check` | Context vs disk comparison during @sync |
-| `lint_file` | Lint after generating JS/SQL |
-| `analyze_middleware_order` | Check middleware chain during @audit |
-| `analyze_encryption_library` | Verify encryption during @audit |
-| `analyze_language_keys` | Check i18n during @audit |
-| `analyze_dependencies` | Scan package.json during @audit |
-| `analyze_env_file` | Check .env completeness during @audit |
-| `validate_redis_connection` | Test Redis during init |
-| `validate_postgres_connection` | Test DB during init |
+## MCP Tools Quick Reference
+| Tool | Purpose | When |
+|---|---|---|
+| `context_read` | Load context.json | First on every activation |
+| `context_write` | Deep-merge updates | After every completed operation |
+| `context_clear_scratchpad` | Clear current_* key | After writing context |
+| `context_check_stale` | Detect unresolved ops | Step 0 of activation |
+| `service_scan` | Discover services on disk | Step 2 of activation |
+| `migration_next_number` | Next sequential migration # | Before any migration file |
+| `fs_read` | Read file from disk | Before modifying any file |
+| `fs_list` | List directory | When scanning structure |
+| `fs_exists` | Check file existence | Before conditional ops |
+| `file_insert_after` | Surgical insert | route_manager, swagger — never rewrite |
+| `file_contains` | Check for string | Before appending |
+| `run_drift_check` | Context vs disk | During /codeninja:sync |
+| `lint_file` | Lint generated JS/TS | After JS/TS generation |
+| `analyze_middleware_order` | Check middleware chain | During audit |
+| `analyze_encryption_library` | Verify encryption | During audit |
+| `analyze_language_keys` | Check i18n keys | During audit |
-## Absolute Rules
-- NEVER read context.json with fs_read — always `context_read`
-- NEVER write context.json directly — always `context_write`
-- `change_log` is append-only — never delete entries
-- Always call `context_check_stale` before starting any workflow
-- Always call `context_clear_scratchpad` after completing a workflow
+## Context Schema (v4.0)
+```json
+{
+  "db": {
+    "type": "postgres|mysql|mongodb",
+    "orm": "none|prisma"
+  },
+  "services": {
+    "<name>": {
+      "type": "nodejs|reactjs",
+      "language": "javascript|typescript",
+      "hashing_library": "bcryptjs|argon2",
+      "port": 0,
+      "encryption_key": "", "encryption_iv": "", "api_key": ""
+    }
+  }
+}
+```
+**v4.0 new fields:** `db.orm`, `services[name].language`, `services[name].hashing_library`
+## Stale Scratchpad Recovery
+If `context_check_stale` returns stale keys:
+1. Surface to user: "Unfinished [operation] detected"
+2. Ask: continue or discard?
+3. If discard: call `context_clear_scratchpad`, then proceed

package/ide/cursor/.cursor/rules/03-api-builder.mdc CHANGED Viewed

@@ -1,124 +1,46 @@
 ---
-description: codeninja NodeJS API Builder — service scaffolding and API creation
-globs: ["**/app.js", "**/route.js", "**/*_model.js", "**/route_manager.js", "**/middleware/**", "**/utilities/**", "**/config/**"]
+description: NodeJS API architecture standards — 2-layer rule, SOP, middleware order. Applied to JS/TS files.
+globs: ["**/*.js", "**/*.ts"]
 alwaysApply: false
 ---
-# codeninja — NodeJS API Builder
+# codeninja — API Builder Standards (v4.0)
-## 2-Layer Architecture (enforced)
-```
-modules/v1/<ModuleName>/
-├── route.js          ← HTTP only: validation, middleware, res.json()
-└── <module>_model.js ← DB only: queries, business logic
-```
-Never SQL in `route.js`. Never `res.json()` in `_model.js`.
-## /codeninja:init — NodeJS Service Scaffolding
-### Phase 0 — Project Info (runs ONCE per repo, skip if context.project_info populated)
-- Ask for project info doc (URL or paste) — store in context.project_info
-- Ask for scope of work doc — store in context.project_info
-- Ask for Figma URL — store in context.project_info
-- Synthesize project summary and detected_entities[] from all provided docs
-### Phase 1 — Mode and Type
-- Ask: Fast setup (9 questions, auto-generate secure values) OR Manual setup (22 questions)
-- Ask: NodeJS service | ReactJS app | Database only
-- For NodeJS: ask client_type (reactjs|app), encrypted_transport, supported_languages[]
-### Phase 2 — Database
-- Ask: database type (postgresql|mysql|mongodb)
-- Fast mode: ask db name and user only; auto-set host/port
-- Manual mode: ask name, host, port, user individually
-- Generate database folder at REPOSITORY ROOT (never inside service folder):
-  `database/<db_type>/migrations/`, `create-schema.sql`, `setup-database.sh`,
-  `setup-database.ps1`, `reset-database.sh`, `seeds/`, `database/README.md`
-- Only if folder doesn't already exist — skip if it does
-- Generate tbl_user_deviceinfo migration for nodejs projects
-### Phase 3–5 — Service Identity, Package Info, Runtime Config
-- Ask: service_name, port (manual), description
-- Manual mode also: package_name, author, api_key, encryption_key (32 chars), redis config
-- Fast mode: auto-generate all above values; encryption_iv = first 16 chars of encryption_key
-### Phase 6 — Single Confirmation, Then Generate ALL Files
-Show summary with ALL values (auto-generated marked). Run validation:
-- BLOCKER: service name conflict, port conflict, key/iv wrong length, required fields missing
-Ask: "Confirm and generate all files? (yes / no / change a value)"
-ONE confirmation only — no per-file prompts after this.
-**Wave 1:** package.json, .env, .env.example, .gitignore, README.md,
-config/constants.js, config/template.js, logger/logging.js,
-utilities/encryption.js, languages/<lang>.js for each language,
-enc_dec.html (reactjs client) OR enc_dec.php (app client),
-pem/ + images/ + logger/logs/ directories
-**Wave 2:** config/database.js, utilities/ioRedis.js, utilities/response.js
-**Wave 3:** config/common.js, utilities/validator.js,
-utilities/notification.js, middleware/rateLimiter.js
-**Wave 4:** middleware/headerValidator.js,
-modules/v1/<ServiceName>/route.js, modules/v1/<ServiceName>/<service>_model.js,
-document/v1/swagger_doc.json (skeleton)
-**Wave 5:** modules/v1/route_manager.js, app.js
+## The 2-Layer Rule (absolute — no exceptions)
+- `route.js/ts` — HTTP only: validation, middleware, `res.json()` via sendResponse
+- `<module>_model.js/ts` — DB only: queries, business logic, no `res.json()`
-**Wave 6:** Dockerfile, .dockerignore
+## 5-Step SOP for Every New Endpoint
+1. **ROUTING** — append to `route_manager.js/ts` via `file_insert_after` (never rewrite)
+2. **VALIDATION** — validatorjs schema in `route.js/ts`
+3. **CONTROLLER** — model call + try/catch in `route.js/ts`; call `sendResponse`
+4. **MODEL** — parameterized query or Prisma call in `<module>_model.js/ts`
+5. **LOCALIZE** — all strings in `languages/en.js/ts`; use `file_contains` before adding
-**After all waves:** generate IDE configs (.vscode/mcp.json, .cursor/mcp.json),
-generate/update docker-compose.yml at repo root.
-Call `context_write` → append service to context.services. Call `context_clear_scratchpad`.
----
-## /codeninja:api — Add API Endpoint
-1. Review 1–2 existing modules for naming/auth patterns — surface summary
-2. Ask: which service, API version (default v1)
-3. Ask: module name, HTTP method, route path, description
-4. Ask: primary table (from context.db.schema.tables), requires auth (yes/no)
-5. Confirm: "Generate [METHOD] [path] in [service]/modules/[version]/[Module]?"
-6. Generate:
-   - `modules/<v>/<Module>/route.js` — validation, middleware, res.json()
-   - `modules/<v>/<Module>/<module>_model.js` — parameterized queries only
-   - Append to `route_manager.js` via `file_insert_after` MCP — NEVER rewrite
-   - Patch `swagger_doc.json` via `file_insert_after` MCP — add path key only
-7. Call `context_write` — append to context.api_routes, update modules list
----
-## Code Standards (every generated file)
-### JSDoc (every exported function — no exceptions)
-```javascript
-/**
- * One-sentence description. Active voice.
- *
- * @param {type} paramName - Description.
- * @returns {Promise<Object>} Description.
- */
+## Middleware Order (enforced — never change)
 ```
-### Route comments
-```javascript
-// POST /login — Authenticates user credentials and returns a session token.
-router.post('/login', async (req, res) => {
+rateLimiter → extractLanguage → validateApiKey → [auth if protected] → decryptRequest → routeHandler
 ```
-### Model return shape (always exactly this — no extra keys)
+## Response Contract
 ```javascript
-return { responsecode: 1, responsemsg: 'success', responsedata: data };
+// Success
+sendResponse(req, res, 1, 'success_key', resultData)
+// Error
+sendResponse(req, res, 0, 'error_key', [])
+// Session expired (triggers frontend logout)
+sendResponse(req, res, -1, 'session_expired', [])
 ```
-### Encryption library selection
-- `client_type == "reactjs"` → use `crypto-js` + generate `enc_dec.html`
-- `client_type == "app"` → use `cryptlib` + generate `enc_dec.php`
+## Password Handling (v4.0)
+- NEVER use `encryption.js` for passwords — AES is reversible, not safe for storage
+- ALWAYS use `utilities/hashing.js`: `hashPassword(plain)` / `verifyPassword(plain, hash)`
+## ORM Rule (v4.0)
+- Read `context.db.orm` before generating model files
+- orm="none": parameterized SQL (`$1`, `$2` placeholders)
+- orm="prisma": `prisma.users.create({...})` — import singleton from `config/prisma`, never `new PrismaClient()`
-### DB driver selection
-- postgresql → `pg`
-- mysql → `mysql2`
-- mongodb → `mongoose`
+## Localizify Rules
+- ONLY `headerValidator.js/ts` and `response.js/ts` may import localizify or call `t()`
+- All other files use `sendResponse()`, `getMessage()`, or `req.t("key")`

package/ide/cursor/.cursor/rules/04-nodejs-generation.mdc ADDED Viewed

@@ -0,0 +1,58 @@
+---
+description: NodeJS file generation standards — exact content for each generated file. Applied when editing service internals.
+globs: ["**/modules/**", "**/middleware/**", "**/utilities/**", "**/config/**"]
+alwaysApply: false
+---
+# codeninja — NodeJS File Generation Standards (v4.0)
+Read `.codeninja/tasks/generate-<name>.task.md` before generating each file.
+## Language Branch (FIRST step before generating ANY file)
+Read `context.services[name].language` (or `context.current_init.language`).
+- "javascript" → `.js` files, `require()`/`module.exports`
+- "typescript" → `.ts` files, `import`/`export`, typed parameters
+## utilities/hashing.js/ts
+- bcryptjs or argon2 — read `context.services[name].hashing_library`
+- Exports: `hashPassword(plain)` → `Promise<string>`, `verifyPassword(plain, hash)` → `Promise<boolean>`
+- NEVER imports from encryption.js; NEVER uses AES/KEY/IV
+## utilities/encryption.js/ts
+- AES-256-CBC transport encryption ONLY — never passwords
+- Exports: `encrypt(data)` → string, `decrypt(ciphertext)` → original value
+- Library: `crypto-js` (client_type=reactjs) or `cryptlib` (client_type=app)
+## config/database.js/ts (orm="none" only)
+- PostgreSQL: `pg.Pool` with env vars DB_HOST/PORT/NAME/USER/PASS
+- MySQL: `mysql2/promise` pool
+- MongoDB: `mongoose.connect()`
+## config/prisma.js/ts (orm="prisma" only)
+- Single `new PrismaClient()` instance exported as singleton
+- `log: ['query','error','warn']` in development only
+## middleware/headerValidator.js/ts
+- Exports: `extractLanguage`, `validateApiKey`, `validateAuthToken`, `decryptRequest`
+- Only file permitted to call localizify `t()` directly (along with response.js)
+- TypeScript: all middleware typed as `(req: Request, res: Response, next: NextFunction) => void`
+## utilities/response.js/ts
+- Exports: `sendResponse(req, res, code, messageKey, data)`
+- Checks `encrypted_transport` flag — encrypts payload if true
+- Only other file permitted to call localizify `t()` directly
+## modules/v1/<Module>/route.js/ts
+- Imports: Router, Validator, sendResponse, model functions
+- One route handler per endpoint — single try/catch wrapping model call
+- Route comment above each handler: `// POST /path — description`
+- TypeScript: `async (req: Request, res: Response) => {}`
+## modules/v1/<Module>/<module>_model.js/ts
+- Imports: db pool (orm=none) or prisma singleton (orm=prisma), hashing utilities
+- Returns exactly: `{ responsecode: 1|0|-1, responsemsg: 'key', responsedata: data }`
+- No `res.json()`, no Express imports
+## app.js/ts
+- Middleware chain: cors → helmet → express.json → express.urlencoded → /api/v1 router
+- TypeScript: `const app: Application = express()`

package/ide/cursor/.cursor/rules/05-database.mdc ADDED Viewed

@@ -0,0 +1,54 @@
+---
+description: Database standards — naming, SQL content order, index rules, Prisma conventions.
+globs: ["**/*.sql", "**/database/**", "**/prisma/**"]
+alwaysApply: false
+---
+# codeninja — Database Standards (v4.0)
+## Naming Quick Reference
+| Element | Rule | Example |
+|---|---|---|
+| Table | `tbl_` prefix, lowercase, plural | `tbl_users` |
+| Column | lowercase snake_case | `user_id`, `created_at` |
+| PK | `id`, bigint identity, first | always |
+| FK | `<ref_table_singular_no_tbl>_id` | `user_id` refs `tbl_users` |
+| Index (per-table) | `idx_<table_no_tbl>_<cols>` | `idx_users_email` |
+| Migration (create) | `<N>-setup-tbl-<name>.sql` | `3-setup-tbl-users.sql` |
+| Migration (alter) | `<N>-alter-tbl-<name>-<desc>.sql` | — |
+| Shared indexes | `111-setup-database-indexes.sql` | always last |
+## Column Types
+| Use | Type |
+|---|---|
+| Primary key | `bigint NOT NULL GENERATED ALWAYS AS IDENTITY (...)` |
+| Foreign key | `BIGINT NOT NULL DEFAULT 0` |
+| Email | `VARCHAR(132)` |
+| Password/token | `TEXT` |
+| Status | `INTEGER NOT NULL DEFAULT 0 CHECK (status IN (0, 1))` |
+| Soft delete | `BOOLEAN NOT NULL DEFAULT FALSE` |
+| Timestamp | `TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP` |
+| Financial | `NUMERIC(18,8) NOT NULL DEFAULT 0.00000000` |
+| JSON | `JSON NOT NULL DEFAULT '{}'` |
+NEVER use PostgreSQL ENUM — always `VARCHAR + CHECK constraint`.
+## SQL File Content Order (strict)
+1. Comment: `-- Creating tbl_name for purpose`
+2. `DROP TABLE IF EXISTS public.tbl_name CASCADE;`
+3. `CREATE TABLE` block
+4. `COMMENT ON COLUMN` for every enum/flag column
+5. Per-table `CREATE INDEX` statements
+6. `ALTER TABLE ... OWNER TO <db_user>`
+7. `GRANT ALL ON TABLE ... TO <db_user>`
+8. Seed `INSERT` (reference tables only)
+## Index Strategy
+Always index: every FK column, (status + is_deleted) compound, created_at DESC on log tables, email + is_deleted on user tables.
+## Prisma Conventions (v4.0 — orm="prisma" only)
+- `tbl_users` → `model Users` (strip tbl_, PascalCase) + `@@map("tbl_users")`
+- `id` BIGINT IDENTITY → `id BigInt @id @default(autoincrement())`
+- `created_at` → `createdAt DateTime @default(now()) @map("created_at")`
+- `is_deleted` → `isDeleted Boolean @default(false) @map("is_deleted")`
+- After every model addition → `npx prisma generate`

package/ide/cursor/.cursor/rules/06-reactjs.mdc ADDED Viewed

@@ -0,0 +1,36 @@
+---
+description: ReactJS architecture standards — apiClient, apiHandler, component rules.
+globs: ["**/*.jsx", "**/src/**"]
+alwaysApply: false
+---
+# codeninja — ReactJS Architecture Standards
+## apiClient.js — 4 Responsibilities
+1. Static headers: `api-key`, `Accept-Language`, `Content-Type: text/plain`
+2. Request interceptor: encrypt body + attach encrypted token from localStorage
+3. Response interceptor (success): decrypt + parse JSON; code -1 → logout redirect
+4. Response interceptor (error): ERR_NETWORK/401 → logout redirect + error message
+## apiHandler.js Standard
+- One `async` function per backend endpoint
+- No try/catch, no decryption, no response shaping here (interceptors handle it)
+- All API endpoint paths defined here — never in page components
+## Backend Linking Rule
+- ReactJS service CANNOT be initialized without a linked NodeJS backend
+- Inherits from linked backend: `encryption_key`, `encryption_iv`, `api_key`, `port`
+- These are NEVER asked from the user — always inherited from `context.services[linked]`
+## Vanilla CSS Only
+- Per-page: `<PageName>.module.css`
+- Global: `public/assets/css/style.css`
+- No Tailwind, no CSS-in-JS, no styled-components
+## .env Standard
+```
+REACT_APP_BASE_URL=http://localhost:<linked_port>/api/v1/
+REACT_APP_API_KEY=<inherited>
+REACT_APP_KEY=<inherited>
+REACT_APP_IV=<inherited>
+```

package/ide/cursor/.cursor/rules/07-reactjs-generation.mdc ADDED Viewed

@@ -0,0 +1,49 @@
+---
+description: ReactJS file generation standards — exact content for each generated React file.
+globs: ["**/src/pages/**", "**/src/components/**", "**/src/api/**"]
+alwaysApply: false
+---
+# codeninja — ReactJS File Generation Standards
+Read `.codeninja/tasks/generate-react-*.task.md` before generating each file.
+## src/api/apiClient.js
+- Axios instance with `baseURL: process.env.REACT_APP_BASE_URL`
+- Static headers: `api-key`, `Accept-Language: en`, `Content-Type: text/plain`
+- Request interceptor: `CryptoJS.AES.encrypt(JSON.stringify(data), key, {iv})` + token header
+- Response success: decrypt + JSON.parse; responsecode -1 → `logOutRedirectCall()`
+- Response error: 401 or ERR_NETWORK → `logOutRedirectCall()` + `showErrorMessage()`
+## src/api/apiHandler.js
+- Imports `axiosClient` from `./apiClient`
+- One exported async function per endpoint
+- No try/catch — interceptors handle errors
+- Example: `export const loginUser = (data) => axiosClient.post('/login', data)`
+## src/pages/Welcome/index.jsx
+- Functional component using project name from env/context
+- Imports `Welcome.module.css`
+- No data fetching, no state — pure welcome UI
+- First route in App.jsx at path `/`
+## src/App.jsx
+- React Router v6: `BrowserRouter` + `Routes` + `Route`
+- First route: `<Route path="/" element={<Welcome />} />`
+## src/index.jsx
+- `ReactDOM.createRoot(document.getElementById('root')).render(<App />)`
+## public/index.html
+- Single HTML shell with `<div id="root"></div>`
+- Links to `public/assets/css/style.css`
+- No inline JS or styles
+## .htaccess (both root and public/)
+```apache
+RewriteEngine On
+RewriteBase /
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule ^ index.html [L]
+```

package/ide/cursor/.cursor/rules/08-code-intelligence.mdc ADDED Viewed

@@ -0,0 +1,56 @@
+---
+description: Code intelligence commands — audit, debug, review, optimize checklists.
+alwaysApply: false
+---
+# codeninja — Code Intelligence Standards (v4.0)
+## /codeninja:audit Checklist
+### Security
+- [ ] API key validation on all routes?
+- [ ] Passwords HASHED using `utilities/hashing.js`? Never AES-encrypted?
+- [ ] No direct bcrypt/argon2 imports in route/model files?
+- [ ] Parameterized queries only — no string concatenation in SQL?
+- [ ] No hardcoded keys/passwords in source?
+- [ ] `.env` in `.gitignore`?
+- [ ] Middleware order: rateLimiter→extractLanguage→validateApiKey→[auth]→decryptRequest?
+### Architecture
+- [ ] 2-layer rule: no SQL in route.js, no res.json() in model files?
+- [ ] route_manager.js uses `file_insert_after` — never rewritten?
+- [ ] All routes in swagger_doc.json?
+- [ ] All routes in context.api_routes?
+### v4.0 Checks
+- [ ] If orm="prisma": no `new PrismaClient()` in model files?
+- [ ] If language="typescript": no `require()` in .ts files?
+## /codeninja:debug Trace Path
+1. extractLanguage (headerValidator) — language set?
+2. validateApiKey — api-key header matches .env?
+3. validateAuthToken (if protected) — token valid?
+4. rateLimiter — not throttled?
+5. validatorjs rules in route.js — all required fields present?
+6. Model function call — DB connection alive?
+7. DB query (SQL or Prisma) — column names match context.db.schema?
+8. sendResponse — encrypted_transport flag handled correctly?
+**Common causes:** 401=middleware order or key mismatch; 400=validation rules mismatch; 500=DB connection or column name wrong.
+## /codeninja:review Dimensions
+- Security: auth middleware present, parameterized queries, no hardcoded secrets
+- Architecture: 2-layer rule, route_manager registration, swagger coverage
+- Code quality: JSDoc on every function, no console.log, async try/catch
+- Database: column names match context, FK indexes present, LIMIT on list queries
+## /codeninja:optimize Patterns
+1. Missing index → `CREATE INDEX CONCURRENTLY`
+2. `SELECT *` → explicit column list
+3. N+1 → JOIN or IN clause
+4. `DATE(col)` in WHERE → range filter to preserve index
+5. `RANK()` with gaps → `DENSE_RANK()` for leaderboards
+6. No LIMIT on unbounded list queries
+7. Heavy middleware on lightweight routes
+8. Redis caching opportunities (repeated identical queries)
+9. `work_mem` session-level for sort-heavy queries

package/ide/cursor/.cursor/rules/09-workflow-steps.mdc ADDED Viewed

@@ -0,0 +1,53 @@
+---
+description: Full workflow steps for all codeninja commands — init phases, api creation, DB operations.
+alwaysApply: false
+---
+# codeninja — Workflow Steps Reference (v4.0)
+Read `.codeninja/commands/<workflow>.workflow.md` for the full step-by-step execution of each command.
+Read `.codeninja/tasks/<task>.task.md` before generating any file.
+## /codeninja:init — Key Phases
+**Phase 0** (once per repo): ask-project-info-doc → ask-project-scope-of-work → ask-project-figma → synthesize summary
+**Phase 1** (mode + type): ask-init-mode → ask-project-type
+- NodeJS: ask-client-type → ask-language-type → ask-encrypted-transport → ask-supported-languages
+- ReactJS: ask-linked-service → inherit encryption/api values from linked backend
+**Phase 2** (database, skip for ReactJS): ask-database-type → ask-orm-type → ask-database-config
+- Fast mode: ask-database-name + ask-database-user only
+**Phase 3–5** (service identity + config): ask-service-name → ask-service-port → ask-service-description
+- Manual NodeJS: ask-package-name → ask-package-author → ask-api-key → ask-encryption-key → ask-redis-config → ask-hashing-library
+- Fast NodeJS: generate-fast-defaults (auto-sets port, api_key, encryption_key, language="javascript", hashing_library="bcryptjs", orm="none")
+**Phase 6** (confirm + generate): show-init-summary → single confirmation → ALL files generated silently
+**NodeJS Wave 1** (Foundation): package.json, .env, .gitignore, README.md, config/constants, config/template, logger/logging, utilities/encryption, **utilities/hashing**, languages/*, enc_dec.html/php, **tsconfig.json (TS only)**
+**NodeJS Wave 2** (Infrastructure): config/database (or config/prisma if orm=prisma), utilities/ioRedis, utilities/response
+**NodeJS Wave 3** (Service): config/common, utilities/validator, utilities/notification, middleware/rateLimiter
+**NodeJS Wave 4** (Middleware + Business): middleware/headerValidator, modules/v1/<Name>/route, modules/v1/<Name>/<name>_model, document/v1/swagger_doc.json
+**NodeJS Wave 5** (Orchestration): modules/v1/route_manager, app.js/ts
+**NodeJS Wave 6** (Docker): Dockerfile, .dockerignore
+## /codeninja:api — Key Steps
+1. Review existing modules (Phase 0)
+2. ask-target-service → ask-api-version → ask-module-name → ask-http-method → ask-route-path → ask-route-description
+3. ask-primary-table → ask-requires-auth
+4. Confirm → generate route.js/ts + _model.js/ts + append route_manager + patch swagger
+## /codeninja:db:create — Key Steps
+1. ask-table-purpose → ask-table-name → ask-table-file-number
+2. ask-table-needs-status → ask-table-needs-soft-delete
+3. Column loop: ask-column-name → ask-column-type → ask-column-is-enum → repeat until done
+4. ask-table-indexes
+5. ask-table-seed-data → if yes: collect-seed-data
+6. show-db-table-summary → confirm → generate SQL file + update create-schema.sql
+7. If orm=prisma: also append model to prisma/schema.prisma + `npx prisma generate`