// Frontend Design Doc compliance and security validation with optional auto-fixes using React-specific quality checks.
Documentation creation criteria for PRD, ADR, Design Doc, UI Spec, and Work Plan with templates. Use when: creating or reviewing technical documents, determining which documents are required, or following document templates.
Execute decomposed backend tasks in autonomous execution mode using task-executor and quality-fixer.
Execute frontend tasks in autonomous execution mode using task-executor-frontend and quality-fixer-frontend.
Create frontend work plan from design document with test skeleton generation.
Execute decomposed fullstack tasks with layer-aware agent routing between backend and frontend executors.
Create work plan from design document with optional test skeleton generation.
| name | recipe-front-review |
| description | Frontend Design Doc compliance and security validation with optional auto-fixes using React-specific quality checks. |
Context: Post-implementation quality assurance for React/TypeScript frontend
coding-rules -- coding standardstesting -- test strategy and quality gatesai-development-guide -- AI development patternsSpawn rule: every spawn_agent call MUST pass fork_turns="none" or fork_context=false for context isolation.
Orchestrator spawns agents and passes structured data between them.
Design Doc (uses most recent if omitted): $ARGUMENTS
Identify the Design Doc in docs/design/ and check implementation files changed from the default branch (detect via git symbolic-ref refs/remotes/origin/HEAD or fall back to current branch diff).
If a single active work plan is explicitly provided or unambiguously resolved for that Design Doc, read its Review Scope line. Otherwise set Work Plan: none and Review Scope: none; do not infer.
[STOP -- BLOCKING] If no Design Doc or implementation files found, notify user and halt. CANNOT proceed without both a Design Doc and implementation files.
Spawn code-reviewer agent: "Validate Design Doc compliance for [design-doc-path]. Work Plan: [resolved work plan path or none]. Review Scope: [literal Review Scope value or none]. Implementation files: [git diff file list]. Review mode: full. Return structured JSON report per your Output Format specification."
Store output as: $STEP_2_OUTPUT
Spawn security-reviewer agent: "Design Doc: [path]. Implementation files: [file list from git diff in Step 1]. Review security compliance."
Store output as: $STEP_3_OUTPUT and $STEP_1_FILES (the initial file list)
If security-reviewer returned blocked: Stop immediately. Report the blocked finding and escalate to user. Do not proceed to fix steps.
Code compliance criteria (considering project stage):
Security criteria:
approved or approved_with_notes -> Passneeds_revision -> FailReport both results independently using subagent output fields only (do not add fields that are not in the subagent response):
Code Compliance: [complianceRate from code-reviewer]
Verdict: [verdict from code-reviewer]
Identifier Match Rate: [identifierMatchRate from code-reviewer]
Acceptance Criteria:
- [fulfilled] [item] (confidence: [high/medium/low])
- [partially_fulfilled] [item]: [gap] — [suggestion]
- [unfulfilled] [item]: [gap] — [suggestion]
Identifier Mismatches (show only mismatches; write `None` if all identifiers match):
- None
- [identifier]: DD=[designDocValue] Code=[codeValue] at [location] (confidence: [high/medium/low])
Quality Findings:
- [category] [location]: [description] — [rationale]
Security Review: [status from security-reviewer]
Findings by category:
- [confirmed_risk] [location]: [description] — [rationale]
- [defense_gap] [location]: [description] — [rationale]
- [hardening] [location]: [description] — [rationale]
- [policy] [location]: [description] — [rationale]
Notes: [notes from security-reviewer, if present]
Resolve discrepancies by route:
c) Code-side fix
d) Design-side update
s) Skip
Default: accept all recommended routes.
Accepted response formats:
- empty input -- accept every recommended route
- `all-recommended` -- accept every recommended route
- `all:c`, `all:d`, or `all:s` -- apply one route to every finding
- Per-finding routes, e.g. `F1:c, F2:d, F3:s`
Before presenting results, recommend a route for each finding:
d when implementation intent matches the requirement but the Design Doc is stale or too narrow.c when code drifted from a still-correct Design Doc, or when the finding is reliability, security, or maintainability related.s only when the user explicitly accepts the current state without changes.[STOP -- BLOCKING] Wait for user response on routes. CANNOT proceed with fixes or document updates without user approval.
If all findings are skipped: Skip fix steps, proceed to Final Report.
d, spawn technical-designer-frontend in update mode, then document-reviewer, then design-sync when multiple Design Docs exist. If both d and c routes exist, re-evaluate c findings against the updated Design Doc and drop any now satisfied.docs/plans/tasks/review-fixes-YYYYMMDD.md. Include only code compliance issues and security requiredFixes routed to c.ENFORCEMENT: Auto-fixes MUST go through quality-fixer-frontend before re-validation. Skipping quality checks invalidates fixes.
Delete the review-fix task file this recipe created, if present. Its work is committed; docs/plans/ is ephemeral working state.
Code Compliance:
Initial: [X]%
Final: [Y]% (if fixes executed)
Security Review:
Initial: [status]
Final: [status] (if fixes executed)
Notes: [notes from approved_with_notes, if any]
Remaining issues:
- [items requiring manual intervention]
Scope: Design Doc compliance validation, security review, and auto-fixes.