speccrew 0.5.9 → 0.5.11

package/.speccrew/skills/speccrew-dev-desktop-tauri/SKILL.md

@@ -0,0 +1,341 @@
+---
+name: speccrew-dev-desktop-tauri
+description: SpecCrew Tauri Desktop Development Skill. Implements desktop application features using Tauri framework based on system design documents. Handles Rust backend commands, frontend integration, Tauri Command API, and Tauri Build packaging.
+tools: Read, Write, Glob, Grep, Bash
+---
+
+# Trigger Scenarios
+
+- System Designer Agent has completed Tauri desktop system design
+- User asks "Start Tauri development", "Implement Tauri app"
+- Design documents confirmed in `03.system-design/{platform_id}/`
+
+# Workflow
+
+## Absolute Constraints
+
+> **These rules apply to Task Record document generation. Violation = task failure.**
+
+1. **FORBIDDEN: Full-file rewrite for Task Record** — After the Task Record is initially created in Step 3.1a, NEVER use `create_file` or full-content overwrite on it. All subsequent updates MUST use targeted `search_replace` on specific sections.
+
+2. **FORBIDDEN: Full-file rewrite** — NEVER replace the entire Task Record content in a single operation. Always use targeted `search_replace` on specific sections.
+
+3. **MANDATORY: Template-first workflow** — Copy template MUST execute before fill sections. Skipping copy and writing content directly is FORBIDDEN.
+
+4. **CLARIFICATION: Source code is NOT template-filled** — Actual source code files are written directly based on design blueprints. The template-fill workflow applies ONLY to the Task Record document.
+
+## Step 1: Read Design Documents
+
+**Input**: Single module design document path `design_doc_path` (provided by upstream system-developer agent).
+
+Read in order:
+
+1. **Module design document**: `design_doc_path` (single module design document)
+2. **API Contract**: `speccrew-workspace/iterations/{number}-{type}-{name}/02.feature-design/[feature-name]-api-contract.md`
+3. **Techs Knowledge** (paths from agent context):
+   - `speccrew-workspace/knowledges/techs/{platform_id}/tech-stack.md`
+   - `speccrew-workspace/knowledges/techs/{platform_id}/architecture.md`
+   - `speccrew-workspace/knowledges/techs/{platform_id}/conventions-design.md`
+   - `speccrew-workspace/knowledges/techs/{platform_id}/conventions-dev.md`
+
+## Step 2: Analyze Existing Code Structure
+
+Use Glob/Grep to understand current Tauri codebase:
+
+| Target | Glob Pattern | Purpose |
+|--------|-------------|---------|
+| Rust commands | `src-tauri/src/**/*.rs` | Understand Tauri command structure |
+| Frontend integration | `src/**/*.{tsx,vue}` | Understand frontend structure |
+| Tauri commands | `src-tauri/src/commands/**/*.rs` | Understand command patterns |
+| Window management | `src-tauri/src/window/**/*.rs` | Understand window patterns |
+| State management | `src/stores/**/*` | Understand store pattern |
+| API layer | `src/apis/**/*` | Understand API encapsulation |
+| Configuration files | `package.json`, `tauri.conf.json` | Build and config patterns |
+| Cargo.toml | `src-tauri/Cargo.toml` | Rust dependencies |
+
+Document findings for reference in later steps.
+
+## Step 3: Extract Task List and Create Task Record
+
+### 3.1 Create Task Record File Using Template-Fill Workflow
+
+**Path**: `speccrew-workspace/iterations/{number}-{type}-{name}/04.development/{platform_id}/[feature-name]-task.md`
+
+#### 3.1a Copy Template to Task Record Path
+
+> Note: This is the ONLY step where `create_file` is allowed for the Task Record. All later updates in Step 4-6 MUST use `search_replace` on individual sections.
+
+1. **Read the template file**: `templates/TASK-RECORD-TEMPLATE.md`
+2. **Replace top-level placeholders** (feature name, platform ID, iteration info)
+3. **Create the document** using `create_file`:
+   - Target path: `speccrew-workspace/iterations/{number}-{type}-{name}/04.development/{platform_id}/[feature-name]-task.md`
+   - Content: Template with top-level placeholders replaced
+4. **Verify**: Document has complete section structure ready for filling
+
+#### 3.1b Fill Task Record Sections Using search_replace
+
+Fill each section with task checklist and design metadata extracted from input documents.
+
+> ⚠️ **CRITICAL CONSTRAINTS:**
+> - **FORBIDDEN: `create_file` to rewrite the entire document**
+> - **MUST use `search_replace` to fill each section individually**
+> - **All section titles MUST be preserved**
+
+### 3.2 Tauri-Specific Task Types
+
+**Conditional Task Selection:**
+
+```
+IF task involves Rust backend logic THEN
+  → Create Tauri Command task
+IF task involves UI components in frontend THEN
+  → Create Frontend Component task
+IF task involves process communication THEN
+  → Create Tauri Command + Frontend Invoke task
+IF task involves native APIs THEN
+  → Create Native Integration task
+IF task involves menus or shortcuts THEN
+  → Create Menu/Shortcut task
+IF task involves auto-update THEN
+  → Create Auto-Update task
+IF task involves security configuration THEN
+  → Create Security Hardening task
+```
+
+| Task Type | Description | Example |
+|-----------|-------------|---------|
+| Tauri Command | Rust backend command | `#[tauri::command]` functions |
+| Frontend Component | UI components | React/Vue components, pages |
+| Command Handler | Frontend-to-Rust communication | `invoke()` calls |
+| Window Management | Window creation, lifecycle | `WindowBuilder`, window config |
+| Native Integration | File system, notifications | `std::fs`, `tauri::api` |
+| Menu/Shortcut | Application menus, shortcuts | Menu templates, accelerators |
+| Auto-Update | Update mechanism | `tauri-updater` |
+| Security Hardening | CSP, permissions | `tauri.conf.json` security |
+
+### Task ID Prefix
+
+Use `TR-` prefix for Tauri tasks: `TR-001`, `TR-002`, etc.
+
+### Task Checklist Table
+
+| Task ID | Module | Description | Target Files | Command Name | Native Integration | Dependencies | Status |
+|---------|--------|-------------|--------------|--------------|-------------------|--------------|--------|
+| TR-001 | Commands | Create file operations command | `src-tauri/src/commands/file.rs` | `read_file`, `write_file` | File system | - | Pending |
+| TR-002 | Frontend | Create main window UI | `src/pages/Main.tsx` | `file:*` | - | TR-001 | Pending |
+
+**Status**: Pending / In Progress / Completed / Blocked
+
+**Proceed directly to implementation — no user confirmation required.**
+
+## Step 4: Implement Tasks
+
+### 4.1 Implementation Order
+
+Follow dependency order:
+1. Tauri commands (Rust backend)
+2. Frontend integration
+3. Native integrations
+4. Security configurations
+5. Auto-update mechanism
+
+### 4.2 Coding Standards
+
+- **Rust Commands**: Follow conventions-dev.md for Tauri backend code
+- **Frontend**: Follow frontend conventions (React/Vue/etc.)
+- **Command Names**: Use exact names from design document
+- **Types**: Use TypeScript types defined in design document
+- **Error Handling**: Use `Result<T, String>` for command returns
+
+### 4.3 Status Markers
+
+Use markers from design document:
+
+| Marker | Meaning | Action |
+|--------|---------|--------|
+| `[EXISTING]` | Reuse current code | Verify compatibility, no modification needed |
+| `[MODIFIED]` | Enhance existing code | Implement changes carefully |
+| `[NEW]` | Create brand new | Full implementation required |
+
+## Step 5: Local Checks (Per Task)
+
+After completing each task, run the following checks:
+
+### 5.1 Rust Checks
+
+```bash
+cd src-tauri
+cargo check
+cargo clippy
+cargo test
+```
+
+### 5.2 Frontend Build Verification
+
+```bash
+npm run build
+# or
+npm run tauri build --debug
+```
+
+### 5.3 Lint Check
+
+```bash
+npm run lint
+# or
+npx eslint [modified-files]
+```
+
+### 5.4 Type Check (TypeScript projects)
+
+```bash
+npx tsc --noEmit
+```
+
+### 5.5 Quick Verify
+
+- Application window launches without crash
+- No console errors in DevTools
+- Tauri commands respond correctly
+- Native integrations work as expected
+
+**If checks fail**: Fix issues before marking task complete. Record complex issues in task file.
+
+## Step 6: Record Deviations
+
+If implementation deviates from design document:
+
+1. Stop and document the deviation
+2. Explain reason for deviation
+3. Get user confirmation or proceed with documented reason
+
+**Record in task file**:
+```markdown
+### Deviation Log
+- TR-002: Changed command return type from {original} to {new} because {reason}
+```
+
+## Step 7: Record Technical Debt
+
+If technical debt is identified:
+
+**Write to**: `speccrew-workspace/iterations/{number}-{type}-{name}/tech-debt/[feature-name]-tech-debt.md`
+
+**Categories**:
+- Security: Temporary security relaxations
+- Performance: Known performance issues
+- Refactoring: Code that needs cleanup
+- Dependencies: Version constraints or workarounds
+
+## Step 8: Complete Notification
+
+After all tasks complete, present summary:
+
+```
+Tauri Development Complete: {feature-name}
+Platform: {platform_id}
+Framework: Tauri
+
+Tasks Completed: {count}
+├── Tauri Commands: {count}
+├── Frontend Integration: {count}
+├── Native Integration: {count}
+└── Security/Other: {count}
+
+Deviations Recorded: {count}
+Technical Debt Items: {count}
+
+Task Record: speccrew-workspace/iterations/{number}-{type}-{name}/04.development/{platform_id}/[feature-name]-task.md
+```
+
+## Task Completion Report
+
+At the end of Step 8 (or if the skill fails at any point), output a structured Task Completion Report:
+
+### Success Report
+
+```
+## Task Completion Report
+- **Status**: SUCCESS
+- **Task ID**: {task_id from dispatch context}
+- **Platform**: {platform_id}
+- **Module**: {module_name}
+- **Output Files**:
+  - {file_path_1}
+  - {file_path_2}
+  - ...
+- **Summary**: Tauri module {module_name} implemented with {X} tasks completed
+```
+
+### Failure Report
+
+If the skill fails at any step:
+
+```
+## Task Completion Report
+- **Status**: FAILED
+- **Task ID**: {task_id from dispatch context}
+- **Platform**: {platform_id}
+- **Module**: {module_name}
+- **Output Files**: {list of partially generated files, or "None"}
+- **Summary**: {one-line description of what was attempted}
+- **Error**: {detailed error description}
+- **Error Category**: {DEPENDENCY_MISSING | BUILD_FAILURE | VALIDATION_ERROR | RUNTIME_ERROR | BLOCKED}
+- **Partial Outputs**: {list of files that were generated before failure, or "None"}
+- **Recovery Hint**: {suggestion for how to resolve and retry}
+```
+
+**Error Category Definitions**:
+- `DEPENDENCY_MISSING`: Required Rust crate or Node.js dependency not available
+- `BUILD_FAILURE`: Tauri build error, Rust compilation failure
+- `VALIDATION_ERROR`: Clippy, ESLint, TypeScript type check, or test failure
+- `RUNTIME_ERROR`: App crash on launch, runtime exception, command invocation failure
+- `BLOCKED`: Blocked by external dependency or unresolved design issue
+
+---
+
+# Reference Guides
+
+## Security Audit Checklist
+
+| Check | Method |
+|-------|--------|
+| CSP | Verify `csp` in `tauri.conf.json` |
+| Dangerous APIs | Check `allowlist` scope |
+| Command Validation | Verify input validation in commands |
+
+---
+
+# Key Rules
+
+| Rule | Description |
+|------|-------------|
+| **Design Document READ-ONLY** | Design documents are reference only - do not modify. Record deviations in task file. |
+| **Actual Framework Syntax** | All code MUST use actual Tauri/Rust API syntax |
+| **Status Markers Required** | Use [EXISTING], [MODIFIED], [NEW] markers for all components and commands |
+| **Follow Techs Conventions** | Naming, directory structure, patterns must follow techs knowledge |
+| **Security First** | Minimize dangerous API allowlist scope |
+| **Error Handling** | All commands must return `Result<T, E>` |
+| **Task Per File Group** | Each task should map to a logical file group or component |
+| **Local Checks Mandatory** | Run cargo check, lint, and quick verify before marking task complete |
+| **Tech Debt Recorded** | All technical debt must be written to iterations/{iter}/tech-debt/ |
+
+# Checklist
+
+- [ ] Design document loaded before implementation (single module design_doc_path)
+- [ ] Existing code structure analyzed via Glob/Grep
+- [ ] Task record created with complete checklist
+- [ ] Task list extracted and recorded in task file
+- [ ] All modules in the design document covered in task list
+- [ ] All Tauri commands from design implemented
+- [ ] CSP configured in tauri.conf.json
+- [ ] Command input validation implemented
+- [ ] Native integrations follow security best practices
+- [ ] Rust checks pass (cargo check, clippy, test)
+- [ ] Frontend build verification passes
+- [ ] Lint check passes with no errors
+- [ ] Type check passes (TypeScript projects)
+- [ ] Quick verify: App launches without crash
+- [ ] All deviations recorded in task file
+- [ ] Technical debt recorded in tech-debt/ directory
+- [ ] Task record status updated to complete

package/.speccrew/skills/speccrew-dev-desktop-tauri/templates/TASK-RECORD-TEMPLATE.md

@@ -0,0 +1,145 @@
+# Tauri Development Task Record - [Feature Name]
+
+> Based on Design Document: [Link to 03.system-design/{platform_id}/[feature-name]-design.md]
+> Platform: {platform_id} | Framework: Tauri
+
+## Task Checklist
+
+| Task ID | Module | Description | Target Files | Command Name | Native Integration | Dependencies | Status |
+|---------|--------|-------------|--------------|--------------|-------------------|--------------|--------|
+| TR-001 | Commands | [Description] | `src-tauri/src/commands/...` | `command:name` | [None/FileSystem/etc] | - | Pending |
+| TR-002 | Frontend | [Description] | `src/...` | `command:name` | - | TR-001 | Pending |
+
+> Status: Pending / In Progress / Completed / Blocked
+
+## Command Registry
+
+| Command Name | Input Type | Output Type | Handler Location | Description | Status |
+|--------------|------------|-------------|------------------|-------------|--------|
+| [command:name] | [Input] | [Output] | `src-tauri/src/commands/[file].rs` | [Description] | [NEW/MODIFIED/EXISTING] |
+
+## Native Integration Status
+
+| Integration Type | Feature | Implementation File | Status | Notes |
+|------------------|---------|---------------------|--------|-------|
+| File System | [Read/Write/Dialog] | `src-tauri/src/commands/fs.rs` | [Done/Pending] | [Notes] |
+| System Tray | [Icon/Menu] | `src-tauri/src/tray.rs` | [Done/Pending] | [Notes] |
+| Notifications | [OS Notifications] | `src-tauri/src/notify.rs` | [Done/Pending] | [Notes] |
+| Menu Bar | [App Menu] | `src-tauri/src/menu.rs` | [Done/Pending] | [Notes] |
+| Shortcuts | [Global/Local] | `src-tauri/src/shortcuts.rs` | [Done/Pending] | [Notes] |
+| Protocol Handler | [Custom Protocol] | `src-tauri/src/protocol.rs` | [Done/Pending] | [Notes] |
+| Auto Update | [Check/Download/Install] | `src-tauri/src/updater.rs` | [Done/Pending] | [Notes] |
+
+## Security Checklist
+
+| Check Item | Configuration | Verified |
+|------------|---------------|----------|
+| CSP | Configured in `tauri.conf.json` | [ ] Yes / [ ] No |
+| Dangerous APIs | Minimal allowlist scope | [ ] Yes / [ ] No |
+| Command Validation | Input validation implemented | [ ] Yes / [ ] No |
+| Permission Scope | [Limited permissions] | [ ] Yes / [ ] No |
+
+## Window Management
+
+| Window Name | Type | Status | Configuration |
+|-------------|------|--------|---------------|
+| [MainWindow] | Window | [NEW/MODIFIED/EXISTING] | [Size/frame/etc] |
+| [ModalWindow] | Window | [NEW/MODIFIED/EXISTING] | [Size/frame/etc] |
+
+## Implementation Progress
+
+### Completed Tasks
+
+- [TR-001] [Description] - Completed at [timestamp]
+- [TR-002] [Description] - Completed at [timestamp]
+
+### In Progress
+
+- [TR-003] [Description] - Started at [timestamp]
+
+### Blocked Tasks
+
+| Task ID | Block Reason | Blocking Issue | Planned Resolution |
+|---------|--------------|----------------|-------------------|
+| [TR-XXX] | [Reason] | [Issue link/description] | [Resolution plan] |
+
+## Deviation Log
+
+| Task ID | Original Design | Implementation | Reason |
+|---------|-----------------|----------------|--------|
+| [TR-XXX] | [Original approach] | [Actual implementation] | [Why changed] |
+
+## Issues and Resolutions
+
+| Issue ID | Task ID | Description | Severity | Resolution | Status |
+|----------|---------|-------------|----------|------------|--------|
+| [ISSUE-001] | [TR-XXX] | [Description] | [High/Med/Low] | [How resolved] | [Resolved/Pending] |
+
+## Local Verification Results
+
+### Build Verification
+
+| Check | Command | Result | Notes |
+|-------|---------|--------|-------|
+| Rust Check | `cargo check` | [Pass/Fail] | [Notes] |
+| Dev Build | `npm run tauri dev` | [Pass/Fail] | [Notes] |
+| Production Build | `npm run tauri build` | [Pass/Fail] | [Notes] |
+
+### Code Quality
+
+| Check | Command | Result | Notes |
+|-------|---------|--------|-------|
+| Rust Lint | `cargo clippy` | [Pass/Fail] | [Notes] |
+| Rust Test | `cargo test` | [Pass/Fail] | [Notes] |
+| Frontend Lint | `npm run lint` | [Pass/Fail] | [Notes] |
+| Type Check | `npx tsc --noEmit` | [Pass/Fail] | [Notes] |
+| Unit Tests | `npm test` | [Pass/Fail] | [Notes] |
+
+### Security Verification
+
+| Check | Method | Result | Notes |
+|-------|--------|--------|-------|
+| CSP Config | Config review | [Pass/Fail] | [Notes] |
+| Allowlist Scope | Config review | [Pass/Fail] | [Notes] |
+| Input Validation | Code review | [Pass/Fail] | [Notes] |
+
+### Functional Verification
+
+| Check | Result | Notes |
+|-------|--------|-------|
+| App launches without crash | [Pass/Fail] | [Notes] |
+| Tauri commands respond correctly | [Pass/Fail] | [Notes] |
+| Native integrations work | [Pass/Fail] | [Notes] |
+| No console errors | [Pass/Fail] | [Notes] |
+
+## Technical Debt
+
+Technical debt recorded in: `../tech-debt/[feature-name]-tech-debt.md`
+
+| Item | Category | Description | Priority |
+|------|----------|-------------|----------|
+| [TD-001] | [Security/Performance/Refactor] | [Description] | [High/Med/Low] |
+
+## Completion Summary
+
+- **Total Tasks**: [N]
+- **Completed**: [N]
+- **Blocked**: [N]
+- **Deviations**: [N]
+- **Technical Debt Items**: [N]
+
+### Final Checklist
+
+- [ ] All tasks completed or documented as blocked
+- [ ] All Tauri commands tested
+- [ ] Security checklist verified
+- [ ] Local checks (cargo check, lint, type, build) passing
+- [ ] Deviations documented with reasons
+- [ ] Technical debt recorded
+- [ ] Task record updated
+
+---
+
+**Status**: In Progress / Completed  
+**Last Updated**: [Timestamp]  
+**Developer**: [Agent/User name]

package/.speccrew/skills/speccrew-dev-review-backend/SKILL.md

@@ -0,0 +1,212 @@
+---
+name: speccrew-dev-review-backend
+description: SpecCrew Backend Code Review Skill. Reviews backend implementation code against system design documents, API contracts, and coding standards. Generates structured review reports with PASS/PARTIAL/FAIL verdict.
+tools: Read, Glob, Grep
+---
+
+# Trigger Scenarios
+
+- When speccrew-system-developer dispatches backend code review for a completed module
+- When user requests "Review this backend module's implementation"
+- When user asks "Check if backend code matches design"
+- When incremental review is needed after partial backend implementation
+
+# Input Parameters
+
+| Parameter | Required | Description |
+|-----------|----------|-------------|
+| `design_doc_path` | Yes | Path to backend module design document |
+| `implementation_report_path` | Yes | Path to backend development report |
+| `source_root` | Yes | Root directory of backend source code |
+| `platform_id` | Yes | Backend platform (backend-spring, backend-nodejs) |
+| `api_contract_path` | No | Path to API contract file for endpoint validation |
+| `task_id` | Yes | Task identifier from dispatch context |
+| `previous_review_path` | No | Path to previous review report for incremental review |
+
+# Workflow
+
+## Absolute Constraints
+
+> **Violation = review failure.**
+
+1. **READ-ONLY OPERATION** — NEVER modify source code files. Only read and report findings.
+2. **FORBIDDEN: Code fixes** — Do NOT attempt to fix issues. Only document them.
+3. **MANDATORY: Actionable output** — PARTIAL/FAIL results MUST include specific "Re-dispatch Guidance".
+4. **INCREMENTAL REVIEW SUPPORT** — If `previous_review_path` provided, skip items already marked as passed.
+
+## Step 1: Load Documents
+
+### 1.1 Validate Inputs
+
+Verify all required parameters provided. If any missing → Report error, stop.
+
+### 1.2 Read Design Document
+
+Extract from backend design document:
+
+| Section | Information to Extract |
+|---------|------------------------|
+| Module Overview | Module name, responsibilities |
+| File Structure | Required files (DO, VO, Mapper, Service, Controller, Convert, Enums) |
+| Class Specifications | Class names, inheritance requirements, annotations |
+| API Endpoints | Endpoint definitions, HTTP methods, paths |
+| Business Logic | Service methods, transaction requirements |
+
+### 1.3 Read Implementation Report
+
+Extract: Completed Files, Implementation Status, Known Issues.
+
+### 1.4 Read API Contract (if provided)
+
+Extract for validation: Endpoint Definitions, Request/Response Schemas, HTTP Methods, Error Codes.
+
+## Step 2: File Completeness Check
+
+### 2.1 Build Expected File List
+
+Backend file categories:
+
+| Category | Pattern | Example |
+|----------|---------|---------|
+| Enums | `enums/*.java` | `enums/ErrorCodeConstants.java` |
+| DO | `dal/dataobject/**/*.java` | `dal/dataobject/employee/EmployeeDO.java` |
+| VO | `controller/admin/vo/**/*.java` | `controller/admin/vo/EmployeeRespVO.java` |
+| Mapper | `dal/mapper/**/*.java` | `dal/mapper/employee/EmployeeMapper.java` |
+| Service | `service/**/*.java` | `service/employee/EmployeeService.java` |
+| Controller | `controller/admin/**/*.java` | `controller/admin/employee/EmployeeController.java` |
+| Convert | `convert/**/*.java` | `convert/employee/EmployeeConvert.java` |
+
+### 2.2 Scan Actual Files
+
+Use `Glob` to scan `source_root` for implemented files.
+
+### 2.3 Calculate Completeness
+
+Generate completeness matrix and percentage: `completeness_pct = (created / required) * 100`
+
+## Step 3: Backend-Specific Compliance Check
+
+### 3.1 DO/VO/DTO Compliance
+
+| Check | Rule | Severity |
+|-------|------|----------|
+| Base Class | Must extend correct base class (e.g., `TenantBaseDO`) | ERROR |
+| @TableName | Must have `@TableName` with correct table name | ERROR |
+| @Schema | Must have `@Schema` for documentation | WARN |
+| Validation | Required fields must have `@NotNull` or similar | ERROR |
+| Desensitization | Sensitive fields must have desensitization | ERROR |
+
+### 3.2 Service Layer Check
+
+| Check | Rule | Severity |
+|-------|------|----------|
+| Interface | Must have Service interface and implementation separation | WARN |
+| @Service | Implementation must have `@Service` annotation | ERROR |
+| @Transactional | DB write methods must have `@Transactional` | ERROR |
+| Method Coverage | All methods in design must be implemented | ERROR |
+| Data Permission | Must check data permissions where required | ERROR |
+
+### 3.3 Controller Layer Check
+
+| Check | Rule | Severity |
+|-------|------|----------|
+| @RestController | Must have `@RestController` annotation | ERROR |
+| @RequestMapping | Must have base `@RequestMapping` annotation | ERROR |
+| @Operation | Endpoints should have `@Operation` for documentation | WARN |
+| @PreAuthorize | Must have permission annotations where required | ERROR |
+| @Valid | Request VO parameters must have `@Valid` | ERROR |
+
+### 3.4 Database Mapping Validation
+
+- Verify Entity fields match design document
+- Check MyBatis XML mappers exist alongside Mapper interfaces
+- Validate Lombok `@Data` or similar on DO/VO classes
+
+## Step 4: API Consistency Check
+
+If `api_contract_path` provided:
+
+| Check | Description | Severity |
+|-------|-------------|----------|
+| Endpoint Coverage | All contract endpoints exist in Controller | ERROR |
+| HTTP Method | Methods match contract | ERROR |
+| Path Match | URL paths match contract exactly | ERROR |
+| VO Fields | All contract fields present in VO | ERROR |
+| Field Types | Data types match contract | ERROR |
+
+## Step 5: Generate Review Report
+
+### 5.1 Determine Result
+
+| Result | Criteria |
+|--------|----------|
+| **PASS** | 100% files created, 0 ERROR-level issues |
+| **PARTIAL** | 70-99% files created, or non-critical ERROR issues |
+| **FAIL** | <70% files created, or critical blockers present |
+
+### 5.2 Write Report
+
+Generate report at: `speccrew-workspace/iterations/{number}-{type}-{name}/04.development/{platform_id}/[module]-review-report.md`
+
+Use template from `templates/REVIEW-REPORT-TEMPLATE.md`.
+
+## Step 6: Task Completion Report
+
+### Success
+
+```markdown
+## Task Completion Report
+- **Status**: SUCCESS
+- **Task ID**: review-{original_task_id}
+- **Platform**: {platform_id}
+- **Module**: {module_name}
+- **Output Files**: {review_report_path}
+- **Summary**: Review {result}: {completed}/{total} files, {error_count} errors
+```
+
+### Failure
+
+```markdown
+## Task Completion Report
+- **Status**: FAILED
+- **Task ID**: review-{original_task_id}
+- **Platform**: {platform_id}
+- **Module**: {module_name}
+- **Output Files**: None
+- **Summary**: Review failed during {step}
+- **Error**: {detailed error description}
+- **Error Category**: DEPENDENCY_MISSING | VALIDATION_ERROR | BLOCKED
+- **Recovery Hint**: {suggestion}
+```
+
+# Severity Levels
+
+| Level | Definition | Action Required |
+|-------|------------|-----------------|
+| **CRITICAL** | Security vulnerability or data integrity issue | Must fix immediately |
+| **ERROR** | Blocking functionality or violating core requirements | Must fix before PASS |
+| **WARN** | Best practice violation or missing documentation | Should fix |
+| **LOW** | Code style or minor optimization suggestion | Optional |
+
+# Key Rules
+
+| Rule | Description |
+|------|-------------|
+| **Read-Only** | NEVER modify any source code |
+| **Blueprint-Driven** | Validate against design document specifications |
+| **Actionable Output** | PARTIAL/FAIL must include specific fix guidance |
+| **Incremental Support** | Skip already-passed items when previous review provided |
+| **Completeness First** | File existence is primary check before content validation |
+
+# Checklist
+
+- [ ] All required inputs validated
+- [ ] Design document loaded and parsed
+- [ ] File completeness check completed with category breakdown
+- [ ] DO classes checked for base class and annotations
+- [ ] VO classes checked for validation and desensitization
+- [ ] Service classes checked for @Transactional and permissions
+- [ ] Controller classes checked for annotations and endpoints
+- [ ] API contract validated against implementation (if provided)
+- [ ] Review report written with clear verdict
+- [ ] Re-dispatch guidance provided for PARTIAL/FAIL