@anhth2/spec-driven-dev-plugin 0.5.0

package/core/commands/review-context.md

@@ -0,0 +1,646 @@
+# /review-context — Review PRD or BDD for Quality & Consistency
+
+**READ-ONLY analysis mode — writes a findings file, does NOT modify the target.**
+**Use `--resume` to apply accepted findings.**
+
+## Gate
+# Gate — Universal Entry Procedure
+
+Every command must execute this gate before proceeding with its specific logic.
+
+## Step 0 — Sub-Agent Mode Check
+
+Before anything else, check if `$ARGUMENTS` is a JSON payload from an orchestrator:
+
+1. Attempt to parse `$ARGUMENTS` as JSON.
+2. If it parses successfully **and** contains `"_agent_mode": true`:
+   - **Skip Steps 1, 2, and 3 of this Gate entirely.**
+   - Set target file = `payload.target_file`
+   - Set loaded context = `payload.context` (do NOT run context-loader.md)
+   - Set UC scope = `payload.uc_id` (process only this UC)
+   - Set line range = `payload.uc_section` (read only that PRD section)
+   - Proceed directly to the command-specific logic.
+3. If `$ARGUMENTS` is not JSON or `_agent_mode` is absent → continue to Step 1 (normal mode).
+
+## Step 0-B — Model Check
+
+*Skip this step if `_agent_mode: true` (sub-agent — orchestrator already validated).*
+
+Complex generation and review commands require strong reasoning.
+Using a smaller model risks missed edge cases, incomplete spec analysis, and architecture violations.
+
+Display and wait for response:
+
+```
+⚙️  MODEL CHECK
+──────────────────────────────────────────────────────────────────
+  Recommended  : claude-opus-4-5 (or claude-opus-4)
+  Why needed   : Spec analysis, architecture review, code generation
+                 require deep reasoning. Smaller models miss edge cases.
+
+  To switch in Claude Code:
+    • Settings → Model → select "claude-opus"
+    • or: /model → choose claude-opus
+
+  Running on claude-opus?
+    Y — yes, on claude-opus → proceed
+    S — skip check (I accept lower quality risk with current model)
+──────────────────────────────────────────────────────────────────
+```
+
+- "Y" → proceed to Step 1.
+- "S" → proceed to Step 1 (user accepts risk, add ⚠️ to final report).
+- "N" or anything else → **STOP.** Output: "Please switch to claude-opus, then re-run this command."
+
+## Step 1 — Resolve Target File
+
+1. If `$ARGUMENTS` is provided and points to an existing file → use it directly as the target.
+2. If `$ARGUMENTS` is a UC-ID, ticket ID, or partial name → search for matching files in the relevant directory.
+3. If `$ARGUMENTS` is empty or no match found:
+   - List files in the relevant directory for this command (e.g., `specs/prd/**/*.md` for PRD commands, `specs/bdd/**/*.feature` for BDD commands).
+   - Present the list to the user and ask: "Which file do you want to work with? (Enter number or filename)"
+   - Wait for user selection before continuing.
+
+## Step 2 — Execute Context Loader
+
+Load all project context by following the procedure in `steps/context-loader.md`.
+Store all loaded context in memory for use throughout this command session.
+
+## Step 3 — CHECKPOINT
+
+After completing Steps 1 and 2, display a summary and wait for confirmation:
+
+```
+CHECKPOINT
+-----------
+Target     : {resolved file path}
+Project    : {project.name from project-context.yaml}
+Tech stack : {language} / {framework}
+Module     : {module if set, else "not configured"}
+Domains    : {comma-separated domain list}
+
+Proceed? (Y/N)
+```
+
+Wait for explicit "Y" or "N" from the user before continuing.
+- "Y" → proceed to the command-specific steps below.
+- "N" → stop and ask what the user wants to change.
+
+
+*Note: For this command, the target in Step 1 is either a `.md` PRD file or a `.feature` BDD file.
+If the path is in `{paths.prd_dir}` → PRD Review Mode.
+If the path ends with `.feature` → BDD Review Mode.
+If `$ARGUMENTS` contains `--resume` → skip to Resume Mode below.
+If `$ARGUMENTS` contains `--fix` → skip to Fix Mode below (apply all auto-fixable findings immediately).*
+
+## Context
+# Context Loader — Load All Project Context
+
+Execute these steps in order. Store everything in memory for the duration of the command session.
+
+**Priority guide (anti-lost-in-middle):**
+- Steps 1–2 are PROJECT-CONFIG — loaded first, resolve all paths and metadata.
+- Step 3 is CRITICAL — architecture + coding standards, the highest-priority facts for generation.
+- Step 4 is SAFETY — data protection rules, enforced silently for the entire session.
+- Steps 5–6 are DOMAIN KNOWLEDGE — terminology and entity definitions.
+- Step 7 is the WORKING MEMORY RECAP — locks critical facts into the top of working memory.
+
+---
+
+## Step 1 — [PROJECT-CONFIG] Load project-context.yaml
+
+Read `.agent/project-context.yaml`. Extract and store:
+
+**Tech Stack:**
+- `tech_stack.language` → active language (e.g., Java 17, TypeScript, C#, Go)
+- `tech_stack.framework` → active framework (e.g., Spring Boot 3.2, Angular 17, .NET 8)
+- `tech_stack.build_tool` → build tool (e.g., Maven, npm, dotnet, go)
+- `tech_stack.test_framework` → test framework (e.g., JUnit 5 + Mockito, Jest, xUnit)
+- `tech_stack.database` → database (e.g., PostgreSQL, MySQL, MongoDB)
+- `tech_stack.module` → active module profile (e.g., java-spring, angular, dotnet, golang, context-engineering)
+
+**Conventions:**
+- `conventions.build_command` → how to compile/build
+- `conventions.test_command` → how to run tests
+- `conventions.service_run` → how to start the service
+- `conventions.ticket_prefix` → ticket ID prefix (e.g., PROJ, FEAT, UC)
+
+**Domains:**
+- `domains` → list of active business domains
+
+**Paths (if present):**
+- `paths.specs_dir` → BDD specs root
+- `paths.prd_dir` → PRD documents root
+- `paths.refinement_dir` → findings/review output dir
+- `paths.product_definitions_dir` → product definitions root
+- `paths.domain_knowledge_dir` → domain knowledge root
+- `paths.business_dictionary` → path to business-dictionary.md
+- `paths.core_entities` → path to core-entities.md
+- `paths.tech_docs_dir` → technical documentation root
+- `paths.trace_dir` → trace state directory
+
+If `paths` section is absent, use these defaults:
+- `specs_dir` = `specs/bdd`
+- `prd_dir` = `specs/prd`
+- `refinement_dir` = `.agent/review`
+- `product_definitions_dir` = `specs/product-definition`
+- `domain_knowledge_dir` = `specs/domain-knowledge`
+- `business_dictionary` = `specs/domain-knowledge/business-dictionary.md`
+- `core_entities` = `specs/domain-knowledge/core-entities.md`
+- `tech_docs_dir` = `tech-docs`
+- `trace_dir` = `.trace`
+
+If `tech_stack.module` is set, also load `.agent/modules/{module}/stack-profile.yaml` if it exists.
+
+---
+
+## Step 2 — [PROJECT-CONFIG] Load module stack profile (conditional)
+
+If `tech_stack.module` is set, read `.agent/modules/{module}/stack-profile.yaml`.
+Merge framework-specific conventions (layer patterns, test patterns, naming rules) into the loaded context.
+If the file does not exist → skip silently.
+
+---
+
+## Step 3 — [CRITICAL] Load CLAUDE.md
+
+*This is the highest-priority context — it defines HOW to write code and documents for this project.*
+
+Read `CLAUDE.md`. Extract and store:
+
+- **§1 Project Overview** → project name, language, framework, build/test commands, domains
+- **§2 Architecture** → layer order (e.g., Controller → Facade → Service → Repository), architectural rules
+- **§3 Coding Standards** → naming conventions (classes, methods), response wrapper type, forbidden patterns
+- **§5 Error Handling** → exception types, HTTP status code mapping, not-found exception class name
+- **§7 Git Conventions** → branch naming pattern, commit message format
+
+If `CLAUDE.md` does not exist → note it as missing and continue with project-context.yaml data only.
+
+---
+
+## Step 4 — [SAFETY] Load Data Protection Rules
+
+Read `.agent/rules/data-protection.md` (or `rules/data-protection.md` from the framework installation).
+
+Store the sensitive file patterns — you must **never** read, write, display, or reference content from files matching those patterns for the entire session.
+
+If neither file exists → apply built-in defaults: never access `.env*`, `*.key`, `*.pem`, `*secret*`, `*password*`, `*credential*`.
+
+---
+
+## Step 5 — [DOMAIN] Load Business Dictionary (conditional)
+
+Check if the business dictionary file exists (use `paths.business_dictionary` resolved in Step 1).
+
+If it exists, read it and extract:
+- **Canonical Terms** → complete list of approved terms and their definitions
+- **Banned Terms** → complete list of banned terms and their canonical replacements
+- **Status / Enum Registry** → allowed enum values per entity
+
+Store the banned terms list for **active enforcement** throughout the command session:
+- When generating any text (PRD, BDD, code comments, tech docs), verify no banned terms appear
+- Replace banned terms with their canonical equivalents automatically
+
+If the file does not exist → skip silently. Do not warn or block.
+
+---
+
+## Step 6 — [DOMAIN] Load Core Entities (conditional)
+
+Check if the core entities file exists at `paths.core_entities` (resolved in Step 1).
+Default path: `specs/domain-knowledge/core-entities.md`.
+
+If it exists, read it and store:
+- **Entity catalog** → for each entity: its name, purpose, owner service, key fields (name + type), business invariants, and relationships
+- **Field name registry** → canonical field names to use in generated code and documents
+- **Relationship map** → how entities relate to each other (1:N, N:N, embedded, etc.)
+
+**How to use this catalog:**
+- When generating code: use the field names, types, and relationships defined here — do NOT infer from existing code
+- When generating PRD/BDD: reference entity names from this catalog for consistency
+- When generating tech-docs: use this catalog as the source-of-truth for entity definitions
+
+If the file does not exist → skip silently.
+
+---
+
+## Step 7 — [RECAP] Working Memory Recap (anti-lost-in-middle)
+
+After loading all context, synthesize and output a compact summary block.
+This recap ensures the most critical facts are stated at the END of context loading
+(recency effect — freshest in working memory when the task begins).
+
+Output exactly this block:
+```
+[CTX LOADED]
+Stack     : {language} / {framework} / {database}
+Layers    : {layer order from CLAUDE.md §2, e.g., Controller → Facade → Service → Repository}
+Ticket    : {ticket_prefix}-
+Dict      : {loaded — N canonical terms, M banned terms | missing}
+Entities  : {loaded — EntityA, EntityB, EntityC | missing}
+Status    : {FULL | PARTIAL — missing: CLAUDE.md / business-dict / core-entities | MINIMAL}
+```
+
+If any CRITICAL file is missing (CLAUDE.md), flag it clearly so the user can decide whether to proceed.
+
+---
+
+## Context Load Complete
+
+After completing all steps, you have loaded:
+- Project identity, tech stack, module conventions
+- Architecture rules and layer order  ← **[CRITICAL — hold in working memory]**
+- Coding standards and naming conventions  ← **[CRITICAL — hold in working memory]**
+- Data protection rules (sensitive file patterns to never access)
+- Terminology rules with banned-term list  ← **[DOMAIN — apply to every generated word]**
+- Entity catalog (field names, types, invariants)  ← **[DOMAIN — use for code generation]**
+- All configured paths
+
+Proceed to the next step of the calling command.
+
+
+---
+
+## Detect Review Mode
+
+After resolving the target file:
+- `.feature` file → **BDD Review Mode** (jump to BDD section)
+- `.md` in `{paths.prd_dir}/**` → **PRD Review Mode** (continue below)
+- Unknown → ask: "Is this a PRD file or a BDD feature file? (prd/bdd)"
+
+Also check flags:
+- `--fix` present → after running all checks, apply `auto_fixable: true` findings immediately (skip Review Board)
+- `--resume` present → skip analysis entirely, go to Resume Mode
+
+Derive the output findings filename:
+- PRD: `{paths.refinement_dir}/{prd-slug}-review-context-findings.yaml`
+- BDD: `{paths.refinement_dir}/{uc-id}-review-bdd-findings.yaml`
+
+---
+
+## PRD Review Mode
+
+### P1 — Terminology Check (Business Dictionary)
+
+Load `{paths.business_dictionary}`.
+Scan the entire PRD for terminology issues:
+
+1. **Banned terms** — every occurrence of a term in §Banned Terms:
+   → Severity: **critical**. AI can auto-fix in `--resume`.
+
+2. **Inconsistent usage** — same concept named differently across sections:
+   → Severity: **major**. Flag both occurrences. Human decides canonical form in Review Board note.
+
+3. **Unlisted business terms** — important terms absent from the dictionary:
+   → Severity: **minor**. Suggest adding to `business-dictionary.md`.
+
+### P2 — Ambiguity Check
+
+Scan each AC and BR for:
+
+| Signal | Example | Severity |
+|--------|---------|----------|
+| Vague quantifier | "fast", "large", "reasonable", "quickly" | Critical |
+| Missing actor | "the system should" with no trigger specified | Major |
+| Undefined reference | "{SomeThing}" used but never defined in this PRD | Major |
+| Missing negative path | AC only describes happy path but BR has error conditions | Minor |
+| Passive voice hiding actor | "Invoice is created" — who creates it? | Minor |
+
+→ AI cannot auto-fix P2 findings. Human must write the fix in Review Board "Modify" note.
+
+### P3 — Domain Conflict Check
+
+List all other PRDs in `{paths.prd_dir}/{domain}/`.
+For each one, check if this PRD contradicts a defined BR (same trigger, different outcome)
+or redefines an entity field/status transition differently.
+
+→ Severity: **critical**. Human decides which PRD is correct. Note required.
+
+### P4 — Structural Completeness
+
+- [ ] Metadata block: Version, Author, Date, Status
+- [ ] At least 1 UC with `#### {TICKET-ID}-UC{N}:` heading
+- [ ] Each UC has: Description, Actors, Preconditions, Acceptance Criteria, Business Rules
+- [ ] `## Changelog` section exists
+- [ ] No `{{PLACEHOLDER}}` values unfilled
+
+→ Missing sections: **major**. AI can add skeleton in `--resume` if accepted.
+
+### P5 — Custom Criteria (optional)
+
+If `$ARGUMENTS` contains additional criteria after the file path, evaluate them and create
+findings with `check_id: "P5"` and severity as appropriate.
+
+---
+
+## BDD Review Mode
+
+### B1 — PRD Coverage Check
+
+Load the PRD referenced by `# @trace.prd:` in the feature file header.
+Map every AC and every BR (including sub-bullets) to scenarios:
+
+```
+AC1 ({short text}) → SC1, SC2  ✅
+AC2 ({short text}) → MISSING   ❌
+BR1 ({short text}) → SC1       ✅
+BR2 ({short text}) → MISSING   ❌
+```
+
+→ Each missing AC/BR coverage: **critical** finding.
+   If accepted in Review Board, `--resume` generates the missing scenario(s).
+
+### B2 — Terminology & Entity Check
+
+Using `{paths.business_dictionary}` and `{paths.core_entities}`:
+
+1. **Banned terms in steps** → **critical**, auto-fixable in `--resume`
+2. **Non-canonical entity names** → **major**, auto-fixable
+3. **Non-canonical field names in data tables** → **major**, auto-fixable
+4. **Technically-looking sample data** (UUIDs, `item_123`) → **minor**, auto-fixable
+
+### B3 — Gherkin Rules Check (R1–R10)
+
+| Rule | Check | Auto-fixable? |
+|------|-------|---------------|
+| R1 | Every scenario has Given + When + Then | No — needs scenario redesign |
+| R2 | No chained `When … Then … When` | No — needs redesign |
+| R3 | No UI selectors / API paths / tech terms in steps | Yes — replace with business phrasing |
+| R4 | Scenario name is a business outcome | No — needs human rename |
+| R5 | Declarative WHAT, not imperative HOW | No — needs rewrite |
+| R6 | `Then` asserts observable business outcome | No — needs redesign |
+| R7 | Concrete values, not "valid data" | Yes — substitute realistic values |
+| R8 | Each scenario is independently runnable | No — needs redesign |
+| R9 | Data tables have enough columns for Then | Yes — add missing columns |
+| R10 | Cross-UC reference uses navigation phrasing + Note | Yes — add Note comment |
+
+→ R3, R7, R9, R10 violations: auto-fixable. Others require human guidance via Review Board note.
+
+### B4 — Compliance Checks (C.1–C.5)
+
+- [ ] C.1 Wireframe Coverage: every screen component/action has ≥1 SC → finding per missing item
+- [ ] C.2 PRD Traceability: same as B1 (deduplicate)
+- [ ] C.3 Business Dictionary terms used → same as B2
+- [ ] C.4 Banned Terms: 0 banned terms → **critical**, auto-fixable
+- [ ] C.5 NHÓM Grouping: if ≥3 SCs, grouped by business theme → **major**, auto-fixable
+
+### B5 — Metadata & Structural Check
+
+- [ ] File header has all `@trace.*` fields → **minor**, auto-fixable
+- [ ] Every scenario has `# @trace.scenario`, `# @trace.sc_version`, `# @trace.business_rules`, `# Side-effects:` → **minor**, auto-fixable
+- [ ] Coverage Matrix at end of file → **major**, auto-fixable (AI regenerates)
+- [ ] Pre-merge Checklist at end of file → **minor**, auto-fixable
+
+### B6 — Side-effect Completeness
+
+For each `@happy` scenario:
+- `# Side-effects:` comment lists all observable side effects
+- `Then` block has `And <side-effect>` for each listed side effect
+
+→ Missing side-effect assertion: **major**, auto-fixable.
+
+---
+
+## Write Findings File
+
+After running all checks, write `{paths.refinement_dir}/{slug}-review-*-findings.yaml`:
+
+```yaml
+source_file: "{absolute path to reviewed file}"
+generated_at: "{ISO datetime}"
+review_type: "{prd | bdd}"
+status: "pending_review"
+
+findings:
+  - id: "F001"
+    check_id: "P1"           # P1-P5 for PRD; B1-B6 for BDD
+    severity: "critical"     # critical | major | minor
+    section: "{section or scenario ID where issue was found}"
+    finding: "{clear description of the issue}"
+    suggestion: "{specific actionable fix — AI will apply this in --resume if accepted}"
+    auto_fixable: true       # true = AI can apply; false = human must write note in Review Board
+    status: "pending"        # pending | accepted | modified | rejected | deferred
+
+summary:
+  total_findings: {N}
+  by_severity: { critical: {N}, major: {N}, minor: {N} }
+  auto_fixable: {N}
+  requires_human_decision: {N}
+  recommendation: "APPROVED | NEEDS_REVISION | BLOCKED"
+```
+
+## Post-Analysis Routing
+
+After running all checks and writing the findings file:
+
+**If `--fix` flag present** → jump to Fix Mode (apply `auto_fixable: true` findings immediately).
+
+**If no flag** → print Report below and stop.
+
+## Report
+
+# Report Footer — Standard Command Output Format
+
+Every command report must end with this standard footer section.
+
+## Status Badge
+
+Choose one based on outcome:
+- `✅ Complete` — all steps succeeded, no issues found
+- `❌ Failed` — command could not complete due to a blocking error
+- `⚠️ Warnings` — completed with non-blocking issues that should be reviewed
+
+## Output Artifacts
+
+List every file created or modified by this command:
+```
+Output Artifacts:
+  {created|updated} {file-path} ({brief description})
+  {created|updated} {file-path} ({brief description})
+```
+
+If no files were written (e.g., review or analysis commands) → write `Output Artifacts: none (read-only)`.
+
+## Next Command Suggestion
+
+Suggest the logical next command based on workflow phase:
+
+| Current command         | Suggest next                                  |
+|-------------------------|-----------------------------------------------|
+| /define-product         | `/generate-prd {product-definition-file}`     |
+| /generate-prd           | `/refine-prd {prd-file}` then `/review-context {prd-file}` |
+| /refine-prd             | Open Review Board → update PRD → `/review-context {prd-file}` |
+| /review-context (PRD)   | `/generate-bdd {prd-file}` if APPROVED; fix PRD if NEEDS_FIX |
+| /generate-bdd           | `/review-context {feature-file}` to verify coverage |
+| /review-context (BDD)   | `/generate-tech-docs {UC-ID}` if APPROVED; regenerate if NEEDS_FIX |
+| /generate-tech-docs     | `/review-tech-docs {tech-design-file}`        |
+| /review-tech-docs       | `/generate-code {feature-file}` if APPROVED; fix doc if NEEDS_FIX |
+| /generate-code          | `/generate-tests {UC-ID}`                     |
+| /generate-tests         | `/run-tests {UC-ID}`                          |
+| /run-tests (passing)    | `/review-code {UC-ID}`                        |
+| /run-tests (failing)    | `/fix-bug {ticket-id}` or `/debug {error}`    |
+| /review-code            | `/smoke-test {UC-ID}` or create PR            |
+| /smoke-test             | Create PR and link to ticket                  |
+| /validate-traces        | `/generate-code {UC-ID}` for gaps             |
+| /fix-bug                | Create PR and link to ticket                  |
+| /debug                  | `/fix-bug {ticket-id}` if fix needed          |
+
+Format the footer as:
+```
+---
+Status : {badge}
+{Output Artifacts block}
+Next   : {suggested command with example arguments}
+```
+
+
+```
+/review-context Complete — {target file}
+Mode: {PRD | BDD}
+Findings: {total} | 🔴 Critical: {N} | 🟡 Major: {N} | 🟢 Minor: {N}
+Auto-fixable: {N} | Needs human decision: {N}
+
+Findings file: {paths.refinement_dir}/{slug}-findings.yaml
+
+Next options:
+  A) Quick fix  : /review-context --fix {target-file}
+                  → applies all auto-fixable findings immediately
+  B) Review Board: open findings file → accept/modify/reject
+                  → /review-context --resume {target-file}
+```
+
+---
+
+## Fix Mode — Apply Auto-Fixable Findings Immediately
+
+*Triggered when `$ARGUMENTS` contains `--fix`.*
+*Example: `/review-context --fix specs/bdd/payment/PAY-001.feature`*
+
+This mode runs the full analysis (same as default), then immediately applies every
+`auto_fixable: true` finding without going through the Review Board.
+
+Use for: BDD cleanup, terminology fixes, metadata gaps — anything the AI can safely
+correct without a human judgment call. Findings requiring human decisions are written
+to the findings file as usual and left `status: pending`.
+
+### Phase 1 — Run analysis
+
+Run all checks (P1–P5 or B1–B6) exactly as in the default mode.
+Write the findings file with all `status: "pending"` as usual.
+
+### Phase 2 — Apply auto-fixable findings
+
+For each finding where `auto_fixable: true`, in order (critical → major → minor):
+
+**For PRD files:**
+
+| check_id | What to apply |
+|----------|--------------|
+| P1 (Banned term) | Replace every banned term occurrence with canonical term |
+| P4 (Structure) | Add missing section/metadata skeleton |
+
+**For BDD files:**
+
+| check_id | What to apply |
+|----------|--------------|
+| B2 (Terminology) | Replace banned terms, fix entity/field names, fix technical sample data |
+| B3 R3 | Replace tech terms/UI selectors with business phrasing |
+| B3 R7 | Substitute concrete realistic values |
+| B3 R9 | Add missing data table columns |
+| B3 R10 | Add cross-UC navigation Note comment |
+| B4 C4 | Fix banned terms in tags |
+| B4 C5 | Add NHÓM grouping if ≥3 SCs |
+| B5 | Add missing @trace headers, regenerate Coverage Matrix / Pre-merge Checklist |
+| B6 | Add missing `And <side-effect>` to Then blocks |
+
+After applying each finding, mark it `status: "applied_automatically"` in the findings file.
+
+### Phase 3 — Version bump
+
+- **PRD**: if ≥1 finding applied → bump minor version, add Changelog entry:
+  `Auto-fix: applied {N} auto-fixable review-context findings`
+- **BDD**: if ≥1 finding applied → increment `@trace.bdd_version` by 0.1
+
+### Phase 4 — Report
+
+```
+/review-context --fix Applied — {target file}
+Mode: {PRD | BDD}
+
+Auto-fixed : {N} findings ({critical} critical, {major} major, {minor} minor)
+  - {change 1 summary}
+  - {change 2 summary}
+
+Still pending (needs human decision): {N}
+  - F00X [{severity}] {finding summary}  ← open findings file in Review Board
+
+{If PRD}: Version bumped: {old} → {new}
+{If BDD}: bdd_version: {old} → {new}
+
+Findings file: {paths.refinement_dir}/{slug}-findings.yaml
+Re-run /review-context {file} to confirm 0 remaining critical findings.
+```
+
+If 0 findings were auto-fixable → print:
+```
+Nothing to auto-fix. All {N} findings require human decision.
+Open findings file in Review Board → then run: /review-context --resume {file}
+```
+
+---
+
+## Resume Mode — Apply Accepted Findings
+
+*Triggered when `$ARGUMENTS` contains `--resume`.*
+*Example: `/review-context --resume specs/prd/payment/PAY-001.md`*
+
+### Phase 1 — Read accepted findings
+
+1. Derive findings filename from target file (same rule as above).
+2. Read `{paths.refinement_dir}/{slug}-findings.yaml`.
+3. Collect findings where `status: "accepted"` or `status: "modified"`.
+4. If none → report "No accepted findings. File unchanged." and stop.
+
+### Phase 2 — Apply fixes
+
+Apply in order: critical → major → minor.
+
+**For PRD findings:**
+| check_id | What to do |
+|----------|-----------|
+| P1 (Banned term) | Replace every occurrence of banned term with canonical term |
+| P2 (Ambiguity) | Apply the fix stated in `suggestion` or `modified` note |
+| P3 (Conflict) | Apply the resolution stated in the modified note |
+| P4 (Structure) | Add the missing section/metadata field |
+| P5 (Custom) | Apply as stated in suggestion/note |
+
+→ After applying, bump PRD version (minor) and add Changelog entry.
+
+**For BDD findings:**
+| check_id | What to do |
+|----------|-----------|
+| B1 (Coverage gap) | Generate new scenario(s) for the uncovered AC/BR and insert into correct NHÓM |
+| B2 (Terminology) | Replace banned terms, fix entity/field names |
+| B3 (Gherkin rule) | Apply rule-specific fix (replace tech terms, add concrete values, etc.) |
+| B4 (Compliance) | Add NHÓM grouping, fix @trace tags |
+| B5 (Metadata) | Add missing @trace headers, regenerate Coverage Matrix / Pre-merge Checklist |
+| B6 (Side effects) | Add missing `And <side-effect>` to Then block |
+
+→ After applying, increment `@trace.bdd_version` in file header by 0.1.
+
+### Phase 3 — Report
+
+```
+/review-context --resume Applied — {target file}
+Applied  : {N} findings ({critical} critical, {major} major, {minor} minor)
+Skipped  : {N} rejected/deferred
+
+Changes:
+  - {change 1 summary}
+  - {change 2 summary}
+
+{If PRD}: Version bumped: {old} → {new}
+{If BDD}: bdd_version: {old} → {new}
+
+Re-run /review-context {file} to confirm 0 remaining critical findings.
+```