diff --git a/.claude/rules/coding-style.md b/.claude/rules/coding-style.md
index f21ac499c..4f492d4e1 100644
--- a/.claude/rules/coding-style.md
+++ b/.claude/rules/coding-style.md
@@ -1,72 +1,45 @@
 # Coding Style
 
-## Naming
+## Plan Time
+
+### Pre-Implementation Layer Check
+
+Before writing new logic, decide which layer it belongs to. Run this check at plan time (design/architecture phase, before writing any code):
+
+| Layer          | Directory                                              | Key constraints                                                            |
+| -------------- | ------------------------------------------------------ | -------------------------------------------------------------------------- |
+| DB schema      | `prisma/`                                              | Migrations are immutable after apply                                       |
+| DB access      | `src/lib/server/`                                      | Server-only; never import in client code                                   |
+| Validation     | `src/**/zod/`                                          | `z.number().int()` for Int fields; comment dual-enforcement with SQL CHECK |
+| Domain types   | `src/**/types/` (`_types/` inside `src/routes/`)       | Plural aliases; TSDoc on every export; no `any`                            |
+| Test data      | `src/**/fixtures/` (`_fixtures/` inside `src/routes/`) | Write before implementation (TDD); use realistic values                    |
+| Business logic | `src/**/services/`                                     | Return pure values or `null`; no `Response`/`json()`                       |
+| Pure utilities | `src/**/utils/` (`_utils/` inside `src/routes/`)       | No side effects; adjacent unit test required                               |
+| State          | `src/**/stores/`                                       | `.svelte.ts`; class + `$state()`; singleton export                         |
+| Route handlers | `src/routes/`                                          | Page: `redirect()`; API: `error()`                                         |
+| UI components  | `src/**/*.svelte`                                      | Svelte 5 Runes; business logic → `utils/`                                  |
+
+## Code Structure
+
+### Naming
 
 - **Abbreviations**: avoid non-standard abbreviations (`res` → `response`, `btn` → `button`). When in doubt, spell it out.
 - **Lambda parameters**: no single-character names (e.g., use `placement`, `workbook`). Iterator index `i` is the only exception.
 - **`upsert`**: only use when the implementation performs both insert and update. For insert-only, use `initialize`, `seed`, or another accurate verb.
 - **`any`**: before using `any`, check the value's origin — adding a missing `@types/*` or `devDependency` often provides the correct type.
 - **UI labels**: if a label does not match actual behavior, update it or add an inline comment explaining the intentional mismatch.
+- **New files**: before naming a new file or directory, grep the relevant `src/` directory to confirm existing conventions. Confirm at plan time, not during implementation:
+  - Custom files in routes (utilities, helpers, etc.): `snake_case` (e.g., `user_profile.ts`)
+  - SvelteKit special files: follow framework conventions (`+page.svelte`, `+page.server.ts`, `+server.ts`)
+  - Helper directories inside `src/routes/`: underscore-prefixed (`_utils/`, `_types/`, `_fixtures/`, `_components/`)
+  - Other directories: `kebab-case` (e.g., `contest-table/`)
 
-## TSDoc
-
-Add TSDoc comments to every exported function, type, and class. The minimum required fields are `@param` (for non-obvious parameters) and `@returns` (when the return value is not evident from the type). One-liner `/** ... */` is sufficient for simple cases; use multi-line only when behaviour needs explanation.
-
-```typescript
-/** Returns the URL slug for a workbook, falling back to the workbook ID. */
-export function getUrlSlugFrom(workbook: WorkbookList): string { ... }
-```
-
-## Syntax
+### Syntax
 
 - **Braces**: always use braces for single-statement `if` blocks. Never `if () return;` — write `if () { return; }`.
 - **Plural type aliases**: define `type Placements = Placement[]` instead of using `Placement[]` directly in signatures and variables.
 
-## Markdown Code Blocks
-
-Always specify a language identifier on every fenced code block. Never write bare ` ``` `.
-
-Common identifiers: `typescript`, `svelte`, `sql`, `bash`, `mermaid`, `json`, `prisma`, `html`, `css`.
-
-## SvelteKit: Routes vs API Endpoints
-
-- Page routes (`+page.server.ts`): use `redirect()` to navigate
-- API routes (`+server.ts`): use `error()` — throwing `redirect()` returns a 3xx response; `fetch` follows it by default and receives the HTML page at the redirect target instead of a JSON error
-
-## Dual-Enforcement Constraints
-
-When the same constraint is enforced in two layers (e.g. Zod validation + SQL `CHECK`), add an inline comment stating each layer's role and the obligation to keep them in sync:
-
-```typescript
-// XOR constraint: dual enforcement via Zod (early validation) and a CHECK in migration.sql (last line of defence).
-// Prisma lacks @@check, so the SQL constraint is maintained manually. Keep both in sync.
-.refine(...)
-```
-
-## Optimistic Updates
-
-Derive computed fields (flags, labels, etc.) from the canonical data source — don't
-re-implement the derivation inline. Divergence causes a "works after reload" bug where
-the server state is correct but the client-side update is wrong.
-
-**Diagnostic**: "Not reflected live, but fixed after reload" → suspect the optimistic
-update payload, not the reactivity system.
-
-## Server-side Logging
-
-Do not log user-identifiable or content data (titles, names, IDs that map to users) in server-side `console.log`. Use generic messages instead:
-
-```typescript
-// Bad: leaks content and user identity
-console.log(`Created workbook "${workBook.title}" by user ${author.id}`);
-
-// Good
-console.log('Workbook created successfully');
-```
-
-Prefer placing the single authoritative log in the service layer; remove duplicate logs in route handlers that cover the same event.
-
-## No Hard-Coded Values
+### No Hard-Coded Values
 
 Extract magic numbers and strings to named constants. Never embed literal values whose meaning is not self-evident from the type or immediate context.
 
@@ -86,7 +59,7 @@ const SUBMIT_URL = '/api/workbooks/submit';
 
 Place constants at the top of the file, or in a dedicated `constants/` module when shared across files.
 
-## Function Ordering
+### Function Ordering
 
 Within a file, order declarations as follows:
 
@@ -95,7 +68,24 @@ Within a file, order declarations as follows:
 
 Shared helper functions (used by two or more exports) should be grouped at the end of the file.
 
-## Svelte 5: Prefer Official Docs Over Training Knowledge
+## Documentation
+
+### TSDoc
+
+Add TSDoc comments to every exported function, type, and class. The minimum required fields are `@param` (for non-obvious parameters) and `@returns` (when the return value is not evident from the type). One-liner `/** ... */` is sufficient for simple cases; use multi-line only when behavior needs explanation.
+
+```typescript
+/** Returns the URL slug for a workbook, falling back to the workbook ID. */
+export function getUrlSlugFrom(workbook: WorkbookList): string { ... }
+```
+
+### Markdown Code Blocks
+
+Always specify a language identifier on every fenced code block. Never write bare ` ``` `.
+
+Common identifiers: `typescript`, `svelte`, `sql`, `bash`, `mermaid`, `json`, `prisma`, `html`, `css`.
+
+### Svelte 5: Prefer Official Docs Over Training Knowledge
 
 When Svelte 5 behavior is unclear, fetch the official docs directly via WebFetch instead of relying on training knowledge.
 
@@ -107,7 +97,42 @@ Examples:
 - Stores usage → `https://svelte.dev/docs/svelte/stores`
 - Runes overview → `https://svelte.dev/docs/svelte/what-are-runes`
 
-## Async Rollback: Capture State Before `await`
+## SvelteKit Patterns
+
+### Routes vs API Endpoints
+
+- Page routes (`+page.server.ts`): use `redirect()` to navigate
+- API routes (`+server.ts`): use `error()` — throwing `redirect()` returns a 3xx response; `fetch` follows it by default and receives the HTML page at the redirect target instead of a JSON error
+
+### Dual-Enforcement Constraints
+
+When the same constraint is enforced in two layers (e.g. Zod validation + SQL `CHECK`), add an inline comment stating each layer's role and the obligation to keep them in sync:
+
+```typescript
+// XOR constraint: dual enforcement via Zod (early validation) and a CHECK in migration.sql (last line of defense).
+// Prisma lacks @@check, so the SQL constraint is maintained manually. Keep both in sync.
+.refine(...)
+```
+
+## Security
+
+### Server-side Logging
+
+Do not log user-identifiable or content data (titles, names, IDs that map to users) in server-side `console.log`. Use generic messages instead:
+
+```typescript
+// Bad: leaks content and user identity
+console.log(`Created workbook "${workBook.title}" by user ${author.id}`);
+
+// Good
+console.log('Workbook created successfully');
+```
+
+Prefer placing the single authoritative log in the service layer; remove duplicate logs in route handlers that cover the same event.
+
+## Svelte Patterns
+
+### Async Rollback: Capture State Before `await`
 
 Capture `$state` values before the first `await` for safe rollback. A concurrent update can overwrite the variable while awaiting:
 
@@ -119,3 +144,23 @@ try {
   items = previous;
 }
 ```
+
+### Optimistic Updates
+
+Derive computed fields (flags, labels, etc.) from the canonical data source — don't
+re-implement the derivation inline. Divergence causes a "works after reload" bug where
+the server state is correct but the client-side update is wrong.
+
+**Diagnostic**: "Not reflected live, but fixed after reload" → suspect the optimistic
+update payload, not the reactivity system.
+
+## Code Review
+
+### CodeRabbit Review: Severity Triage
+
+When running `coderabbit review --plain` at a Phase milestone:
+
+- **critical / high**: fix before starting the next Phase
+- **low / info**: review before the next Phase starts; fix immediately only if security- or regression-related; otherwise defer to final PR review (alongside CodeRabbit CI comments)
+
+Run once per Phase boundary — not on every commit.
diff --git a/.claude/settings.json b/.claude/settings.json
new file mode 100644
index 000000000..de4225dd6
--- /dev/null
+++ b/.claude/settings.json
@@ -0,0 +1,13 @@
+{
+  "enabledPlugins": {
+    "superpowers@superpowers-dev": true
+  },
+  "extraKnownMarketplaces": {
+    "superpowers-dev": {
+      "source": {
+        "source": "git",
+        "url": "https://github.com/obra/superpowers.git"
+      }
+    }
+  }
+}
diff --git a/.claude/skills/refactor-plan/instructions.md b/.claude/skills/refactor-plan/instructions.md
index d988a3eaf..9a3725920 100644
--- a/.claude/skills/refactor-plan/instructions.md
+++ b/.claude/skills/refactor-plan/instructions.md
@@ -52,6 +52,8 @@ Scan the target code in this order (lowest risk first). List every concrete find
 - Order phases by risk: isolated mechanical changes first, structural changes last
 - State inter-phase dependencies explicitly
 - For uncertain changes, add an **investigation sub-step** before the implementation task
+- Each task must have single responsibility — implement one logical change (e.g., "add a field", "rename a type") even if it spans multiple layers; avoid mixing unrelated changes in one task
+- "Implementation + test + commit" should fit within one task; if not, split further
 
 ## When to Skip Tests
 
diff --git a/.coderabbit.yaml b/.coderabbit.yaml
new file mode 100644
index 000000000..ef1487b36
--- /dev/null
+++ b/.coderabbit.yaml
@@ -0,0 +1,67 @@
+language: 'ja-JP'
+tone_instructions: '簡潔に。重要度が high 以上のみ詳述し、low/info は箇条書きでまとめる。'
+
+reviews:
+  profile: 'assertive'
+  auto_review:
+    enabled: true
+    drafts: false
+  path_filters:
+    - '!node_modules/**'
+    - '!.pnpm-store/**'
+    - '!pnpm-lock.yaml'
+    - '!.svelte-kit/**'
+    - '!.vercel/**'
+    - '!coverage/**'
+  path_instructions:
+    # --- Data layer ---
+    - path: 'prisma/*'
+      instructions: |
+        - CHECK constraints added manually to migration.sql must be documented in prisma/ERD.md.
+    - path: 'prisma/migrations/**'
+      instructions: |
+        - Auto-generated by Prisma. Only flag security vulnerabilities (e.g. privilege escalation, SQL injection) or bugs that could cause data loss or critical errors.
+        - Skip style, naming, SQL formatting, and documentation issues.
+    - path: 'src/lib/server/**'
+      instructions: |
+        - This directory is server-only. Never import from client-side code or Svelte components.
+        - DB client must be accessed only via `$lib/server/database`.
+    # --- Schema / validation ---
+    - path: 'src/**/zod/**'
+      instructions: |
+        - Use `z.number().int().positive()` for Prisma `Int` fields (not `z.number().positive()`, which passes decimals).
+        - When a Zod constraint mirrors a SQL CHECK, add an inline comment noting both layers and the obligation to keep them in sync.
+    # --- Domain types ---
+    - path: 'src/**/*types/**'
+      instructions: |
+        - Array types must use a named plural alias: `type Placements = Placement[]`, not `Placement[]` directly in signatures.
+        - Add TSDoc to every exported type.
+        - Avoid `any`; check if a `@types/*` package exists first.
+    # --- Test infrastructure (defined before implementation per TDD) ---
+    - path: 'src/**/*fixtures/**'
+      instructions: |
+        - Use realistic domain values, not abstract placeholders ('t1', 'test1', etc.).
+        - Shared fixture data must be extracted to a fixture file; avoid duplicating across test cases.
+    # --- Business logic ---
+    - path: 'src/**/services/**'
+      instructions: |
+        - Service functions must return pure values or null; never Response/json().
+        - Prisma calls belong here; do not flag direct database access as a violation.
+    - path: 'src/**/*utils/**'
+      instructions: |
+        - Must be pure functions with no side effects.
+        - Each function must have an adjacent unit test.
+    # --- State / UI ---
+    - path: 'src/**/stores/**'
+      instructions: |
+        - Stores must use `.svelte.ts` extension, class-based pattern with `$state()`, and export a singleton.
+        - Legacy stores using `writable()` must be migrated before adding features or extending them.
+    - path: 'src/routes/**'
+      instructions: |
+        - Page routes (+page.server.ts): use redirect() for navigation.
+        - API routes (+server.ts): use error() — redirect() causes fetch to silently receive the HTML page at the redirect target.
+        - No direct Prisma calls; delegate to service layer.
+    - path: 'src/**/*.svelte'
+      instructions: |
+        - Use Svelte 5 Runes ($props, $state, $derived, $effect).
+        - Business logic belongs in utils/, not inside <script> blocks.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 03603e46a..aa076add2 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -25,7 +25,7 @@
   "initializeCommand": "mkdir -p ~/.claude",
   //
   // Use 'postCreateCommand' to run commands after the container is created.
-  "postCreateCommand": "npm install -g @anthropic-ai/claude-code && pnpm install",
+  "postCreateCommand": "npm install -g @anthropic-ai/claude-code && (curl -fsSL https://cli.coderabbit.ai/install.sh | sh || echo 'CodeRabbit CLI installation failed, continuing...') && pnpm install",
   //
   // Configure tool-specific properties.
   "customizations": {
diff --git a/AGENTS.md b/AGENTS.md
index 1185172f9..fab7aac0b 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -8,7 +8,11 @@ Always prefer simplicity over pathological correctness. YAGNI, KISS, DRY. No bac
 
 **When implementing:**
 
-1. Plan with a phased TODO list before starting (lower risk → higher risk order)
+1. Use `/writing-plans` to generate a phased plan (2–5-min tasks, lower risk → higher risk order). Verify each task before starting:
+   - Which layer? (prisma / server / zod / types / fixtures / services / utils / stores / routes / components) — split if 2+ layers
+   - Single responsibility: one purpose per task
+   - Existing util/service/type? Search before creating
+   - Test name: state it in the task description
 2. Before writing a new function, search `src/lib/utils/`, `src/lib/services/`, `src/features/*/utils/` and `src/features/*/services/` for existing implementations; extract shared logic there when it appears in 2+ places
 3. Write tests first, then implement production code, then verify with `pnpm test:unit`
 4. Review critically after implementing: flag YAGNI violations, over-abstraction, missing tests
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index f65983a3c..32abbd8a2 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -65,6 +65,14 @@
 - [Visual Studio Code (VS Code)](https://code.visualstudio.com/)
 - [Visual Studio Code Dev Containers](https://code.visualstudio.com/docs/remote/containers)
 
+### AI 支援ツール
+
+- [Claude Code](https://docs.anthropic.com/en/docs/claude-code) - AI コーディングアシスタント（VS Code 拡張: `anthropic.claude-code`）
+  - [superpowers plugin](https://github.com/obra/superpowers) - `/writing-plans` スキルによる実装前の詳細計画生成
+- [CodeRabbit](https://coderabbit.ai/) - AI コードレビュー
+  - CodeRabbit CLI (`coderabbit review --plain`) — milestone 区切りでのローカルレビュー
+  - CodeRabbit CI — PR 作成後の自動レビュー（最終品質ゲート）
+
 ### ホスティング、CI・CD関連
 
 - [Vercel](https://vercel.com/)
diff --git a/docs/dev-notes/2026-03-20/plan-quality-improvement/plan.md b/docs/dev-notes/2026-03-20/plan-quality-improvement/plan.md
new file mode 100644
index 000000000..bf348c87f
--- /dev/null
+++ b/docs/dev-notes/2026-03-20/plan-quality-improvement/plan.md
@@ -0,0 +1,109 @@
+# Plan Quality Improvement (#3292)
+
+## Goal
+
+初期planの精度を上げ、実装後の大規模refactorサイクル（現状: 3-4回/PR）を削減する。
+
+## 背景・現状
+
+| 指標                  | 現状        |
+| --------------------- | ----------- |
+| 大規模refactor        | 3-4回/PR    |
+| 中小refactor          | ~10回/PR    |
+| CodeRabbit CIコメント | 10-100件/PR |
+
+根本原因: TODOリストの粒度が粗いため、アーキテクチャ違反・責務混在・命名の不統一などが
+初期planに混入したまま実装が進む。
+
+## 改善方針
+
+1. **writing-plans** (superpowers plugin) — 2-5分単位の粒度でplanを生成
+2. **Rules強化** — planフェーズで参照できる設計判断チェックリストを追加
+3. **CodeRabbit CLI** — planのmilestoneで都度レビューを差し込む
+4. **CodeRabbit CI** — 現状維持（最終ゲートとして機能）
+
+## レビューチェーン（完成後の姿）
+
+```
+writing-plans で plan生成
+  → 実装（2-5分タスク単位）
+  → milestone到達時に CodeRabbit CLI レビュー
+  → PR作成後に CodeRabbit CI（最終ゲート）
+```
+
+## 計測指標（最初のタスク適用後に評価）
+
+| 指標                                          | 現状     | 目標         |
+| --------------------------------------------- | -------- | ------------ |
+| 大規模refactor回数/PR                         | 3-4回    | 1回以下      |
+| 中小refactor回数/PR                           | ~10回    | 5回以下      |
+| CodeRabbit CIコメント数/PR                    | 10-100件 | 半減         |
+| ccusage（Claude Code API 使用量の計測ツール） | 計測開始 | 許容範囲確認 |
+
+---
+
+## .coderabbit.yaml path 設計メモ
+
+### path_filters — 除外ディレクトリの判断基準
+
+自動生成物・ビルド成果物はレビュー対象外とする。
+
+| 除外パス               | 理由                                 |
+| ---------------------- | ------------------------------------ |
+| `node_modules/**`      | 依存パッケージ（変更不可）           |
+| `prisma/migrations/**` | 適用済みマイグレーション（変更禁止） |
+| `.pnpm-store/**`       | pnpm キャッシュ                      |
+| `pnpm-lock.yaml`       | ロックファイル（手動編集不要）       |
+| `.svelte-kit/**`       | SvelteKit ビルド出力（自動生成）     |
+| `.vercel/**`           | Vercel デプロイ設定の生成物          |
+| `coverage/**`          | テストカバレッジレポート（生成物）   |
+
+### path_instructions — ディレクトリ採否の判断基準
+
+CodeRabbit は `.claude/rules/` を読まない。プロジェクト固有の規約は `path_instructions` で明示しないと検出されない。採用したパスの一覧と各エントリのルールは `.coderabbit.yaml` のコメントを参照。
+
+**`path_instructions` の並び順:**
+
+依存方向（下位層 → 上位層）× TDD（型定義 → テストデータ → 実装）の順で並べる。
+
+```
+prisma/**          データモデル定義（最下位。他のすべてが依存する）
+src/lib/server/**  DB アクセス層（prisma に直接依存）
+src/**/zod/**      バリデーションスキーマ（型から導出）
+src/**/types/**    ドメイン型（スキーマ・DB モデルから導出）
+src/**/fixtures/** テストデータ（TDD 原則: 型が決まれば実装前にテストを書く）
+src/**/services/** ビジネスロジック（型 + DB に依存）
+src/**/utils/**    純粋ユーティリティ（依存なし。サービスと同位置だが副作用なし）
+src/**/stores/**   状態管理（サービス・ユーティリティを利用）
+src/routes/**      ルートハンドラ（サービス + ストアを束ねる）
+src/**/*.svelte    UI コンポーネント（最上位。ストア・ルートを消費するのみ）
+```
+
+`src/**/components/**` を `src/**/*.svelte` の代わりに使わない理由: Svelte コンポーネントは `.svelte` 拡張子で一意に識別できるため、ディレクトリ名より拡張子 glob の方が漏れがない。
+
+**不採用にしたパス:**
+
+| パス                   | 不採用理由                                                               |
+| ---------------------- | ------------------------------------------------------------------------ |
+| `src/**/components/**` | `src/**/*.svelte` で完全に包含される。二重指定は冗長                     |
+| `src/lib/constants/**` | 命名規則のみで一般ルールで対応可。規約違反頻度が低い                     |
+| `src/lib/actions/**`   | フォームアクション固有ルールは `src/routes/**` の rules と重複が多い     |
+| `src/lib/clients/**`   | HTTP クライアントの規約違反（Nock 未使用等）は CI テスト失敗で検出される |
+
+## 教訓
+
+1. **`claude plugin install --scope project` を使う**: `--scope project` で `.claude/settings.json`（git追跡）への書き込みが可能。ユーザーレベルインストールは不要。
+
+2. **`rules` ファイルの `paths` 制限に注意**: `svelte-components.md`/`prisma-db.md` は `paths` 指定があり、特定ファイルを開いたときのみロードされる。plan フェーズで常時参照したいルールは `coding-style.md`（paths 制限なし）に置く。
+
+3. **CodeRabbit CLI は npm パッケージなし**: `curl -fsSL https://cli.coderabbit.ai/install.sh | sh` のみ。`devcontainer.json` の `postCreateCommand` に追加してチーム全員に配布する。
+
+4. **plugin のマーケットプレイス名は `plugin@marketplace` 形式**: `obra/superpowers` を追加する場合は `claude plugin marketplace add --scope project https://github.com/obra/superpowers` → `claude plugin install --scope project superpowers@superpowers-dev`。
+
+5. **CodeRabbit CLI の Lefthook pre-commit 自動化は見送り**: コスト・速度のトレードオフを計測してから判断する。milestone ごとに手動実行する運用で開始。
+
+## 参考
+
+- [superpowers writing-plans skill](https://github.com/obra/superpowers)
+- [CodeRabbit CLI ドキュメント](https://docs.coderabbit.ai/cli/overview)
+- Issue: #3292
diff --git a/docs/guides/claude-code.md b/docs/guides/claude-code.md
index 633c6f375..8ea9e9094 100644
--- a/docs/guides/claude-code.md
+++ b/docs/guides/claude-code.md
@@ -63,13 +63,19 @@ paths:
 | `/commit`   | git コミット作成ワークフロー       |
 | `/simplify` | 変更済みコードの品質レビュー・改善 |
 
-**本プロジェクトの skills（`.claude/skills/`）:**
+**本プロジェクトの skills（`.claude/skills/` および superpowers plugin）:**
 
 | スキル           | 用途                                                                                                         |
 | ---------------- | ------------------------------------------------------------------------------------------------------------ |
+| `/writing-plans` | 新機能・追加実装の詳細計画を生成（2-5分単位のタスク分解）。superpowers plugin 提供                           |
 | `/refactor-plan` | Issue 番号またはパスを渡してリファクタリング計画を出力（実装はしない）                                       |
 | `/session-close` | セッション終了時のルーティン：テスト確認 → plan.md 更新 → rules 候補提示 → 肥大化チェック → 繰り返し指示検出 |
 
+**`/writing-plans` と `/refactor-plan` の使い分け:**
+
+- `/writing-plans`: 新機能・追加実装の実装前の詳細計画生成（2-5分単位のタスク分解）
+- `/refactor-plan`: リファクタリング調査チェックリスト（実装はしない）
+
 **プロジェクトローカルスキルと `Skill` ツールの違い:**
 
 - `Skill` ツール（Claude 内部のツール）はシステムプロンプトに列挙されたビルトインスキルのみ対象
@@ -107,12 +113,42 @@ paths:
 
 Claude Code を使ってリファクタリング・機能追加を行う際の標準フロー:
 
-1. **計画**: `plan.md`（またはドキュメントの TODO セクション）にフェーズ分けした TODO リストを作成する
+1. **計画**: `/writing-plans` で 2-5 分単位のフェーズ分け TODO を生成する
 2. **実装**: プロダクションコード → テスト → `pnpm test:unit` で確認
 3. **TODO 更新**: 完了タスクにチェックを入れる
-4. **レビュー**: 実装後に批判的な観点でレビューする（忖度しない。YAGNI / KISS / DRY 違反、過剰な抽象化を指摘する）
-5. **教訓整理**: 次回以降も有用な知見を `.claude/rules/` または `docs/guides/` などに記録する
-6. **クリーンアップ**: 完了した計画書・古い TODO は削除または要約する
+4. **milestone レビュー**: Phase の区切り（独立したゴールと完了条件を持つタスク群が終わった時点）で `coderabbit review --plain` を実行し、critical/high のみ対応する
+5. **レビュー**: 実装後に批判的な観点でレビューする（忖度しない。YAGNI / KISS / DRY 違反、過剰な抽象化を指摘する）
+6. **教訓整理**: 次回以降も有用な知見を `.claude/rules/` または `docs/guides/` などに記録する
+7. **クリーンアップ**: 完了した計画書・古い TODO は削除または要約する
+
+## レビューチェーン
+
+```text
+/writing-plans で plan 生成（2-5 分タスク単位）
+  → 実装
+  → Phase 区切りで coderabbit review --plain（milestone レビュー）
+  → PR 作成後に CodeRabbit CI（最終ゲート）
+```
+
+| レイヤー            | タイミング        | 対応コスト | 目的                           |
+| ------------------- | ----------------- | ---------- | ------------------------------ |
+| `/writing-plans`    | 実装前            | 低         | アーキテクチャ違反を事前に防ぐ |
+| `coderabbit review` | Phase 区切り      | 中         | critical/high を早期に潰す     |
+| CodeRabbit CI       | PR 作成後（自動） | 高         | 最終品質ゲート                 |
+
+**milestone タスクのテンプレート（writing-plans で Phase を締めるとき）:**
+
+```markdown
+## Milestone: Phase N complete
+
+- [ ] Run `coderabbit review --plain` on changed files
+- [ ] Address critical/high severity issues before next phase
+- [ ] Log CodeRabbit comment count (for metrics)
+```
+
+> **初回セットアップ**: `coderabbit auth login` でブラウザ認証。devcontainer の `postCreateCommand` でインストール済み。
+
+> severity ごとの対応基準は `.claude/rules/coding-style.md` の "CodeRabbit Review: Severity Triage" を参照。
 
 ## 参考