diff --git a/.claude/rules/coding-style.md b/.claude/rules/coding-style.md
index 33ac38cae..d19e42138 100644
--- a/.claude/rules/coding-style.md
+++ b/.claude/rules/coding-style.md
@@ -1,143 +1,64 @@
 # Coding Style
 
-## Plan Time
-
-### Pre-Implementation Layer Check
-
-Before writing new logic, decide which layer it belongs to. Run this check at plan time (design/architecture phase, before writing any code):
-
-| Layer          | Directory                                              | Key constraints                                                            |
-| -------------- | ------------------------------------------------------ | -------------------------------------------------------------------------- |
-| DB schema      | `prisma/`                                              | Migrations are immutable after apply                                       |
-| DB access      | `src/lib/server/`                                      | Server-only; never import in client code                                   |
-| Validation     | `src/**/zod/`                                          | `z.number().int()` for Int fields; comment dual-enforcement with SQL CHECK |
-| Domain types   | `src/**/types/` (`_types/` inside `src/routes/`)       | Plural aliases; TSDoc on every export; avoid `any`; see alternatives       |
-| Test data      | `src/**/fixtures/` (`_fixtures/` inside `src/routes/`) | Write before implementation (TDD); use realistic values                    |
-| Business logic | `src/**/services/`                                     | Return pure values or `null`; no `Response`/`json()`                       |
-| Pure utilities | `src/**/utils/` (`_utils/` inside `src/routes/`)       | No side effects; adjacent unit test required                               |
-| State          | `src/**/stores/`                                       | `.svelte.ts`; class + `$state()`; singleton export                         |
-| Route handlers | `src/routes/`                                          | Page: `redirect()`; API: `error()`                                         |
-| UI components  | `src/**/*.svelte`                                      | Svelte 5 Runes; business logic → `utils/`                                  |
-
-## Code Structure
-
-### Naming
-
-- **Abbreviations**: avoid non-standard abbreviations (`res` → `response`, `btn` → `button`). When in doubt, spell it out.
-- **Lambda parameters**: no single-character names (e.g., use `placement`, `workbook`). Iterator index `i` is the only exception.
-- **`upsert`**: only use when the implementation performs both insert and update. For insert-only, use `initialize`, `seed`, or another accurate verb.
-- **Function verbs**: every function name must start with a verb. Noun-only names (`pointOnCircle`, `arcPath`) are ambiguous — use `calcPointOnCircle`, `buildArcPath`, etc. Common prefixes: `get` (read existing), `build`/`create` (construct new), `calc`/`compute` (derive by formula), `update`, `fetch`, `resolve`.
-- **`any`**: Before using `any`, check the value's origin. If unavoidable: use `ReturnType<typeof fn>` for complex returns, `Partial<T>` for partial objects, `obj as T & { prop: U }` for property extension. Last resort: `as unknown as T`.
-
-- **UI labels**: if a label does not match actual behavior, update it or add an inline comment explaining the intentional mismatch.
-- **Constant names**: reflect what the value IS (content), not what it is used for (purpose). e.g., a set holding all enum tab values is `EXISTING_TABS`, not `VALID_TABS`.
-- **New files**: before naming a new file or directory, grep the relevant `src/` directory to confirm existing conventions. Confirm at plan time, not during implementation:
-  - Custom files in routes (utilities, helpers, etc.): `snake_case` (e.g., `user_profile.ts`)
-  - SvelteKit special files: follow framework conventions (`+page.svelte`, `+page.server.ts`, `+server.ts`)
-  - Helper directories inside `src/routes/`: underscore-prefixed (`_utils/`, `_types/`, `_fixtures/`, `_components/`)
-  - Other directories: `kebab-case` (e.g., `contest-table/`)
-
-### Syntax
-
-- **Braces**: always use braces for single-statement `if` blocks. Never `if () return;` — write `if () { return; }`.
-- **Domain types over `string`**: when the Prisma schema uses an enum (e.g. `grade: TaskGrade`), the corresponding app-layer type must use the same enum — not `string`. A loose `string` type hides misspellings in fixtures and forces `as TaskGrade` casts throughout the codebase. When a field comes from an external source (form data, query params), validate and narrow it at the boundary; inside the app it must always be the domain type.
-- **Plural type aliases**: define `type Placements = Placement[]` instead of using `Placement[]` directly in signatures and variables.
-- **Empty `catch` blocks**: never use `catch { }` to silence errors. Either re-throw, log, or add a comment justifying suppression. Silent swallowing hides bugs.
+## Pre-Implementation Layer Check
 
-```typescript
-try { ... } catch (error) { console.error('...'); throw error; }  // good
-try { localStorage.setItem(key, value); } catch { /* unavailable */ }  // good + comment
-```
-
-### No Hard-Coded Values
-
-Extract magic numbers and strings to named constants. Never embed literal values whose meaning is not self-evident from the type or immediate context.
-
-```typescript
-// Bad: magic literals embedded inline
-if (grade >= 11) { ... }
-
-const response = await fetch('/api/workbooks/submit', options);
-
-// Good
-const MIN_GRADE = 11;
-const SUBMIT_URL = '/api/workbooks/submit';
-
-if (grade >= MIN_GRADE) { ... }
-
-const response = await fetch(SUBMIT_URL, options);
-```
-
-Place constants at the top of the file, or in a dedicated `constants/` module when shared across files.
-
-### Function Ordering
-
-Within a file, order declarations as follows:
-
-1. Exported functions and classes (public API first)
-2. Internal helper functions (supporting the exports above)
+Before writing logic, decide which layer it belongs to:
 
-Place a private helper immediately after the single export that uses it. Place helpers shared by two or more exports at the end of the file.
+| Layer          | Directory                                   | Constraints                                             |
+| -------------- | ------------------------------------------- | ------------------------------------------------------- |
+| DB schema      | `prisma/`                                   | Migrations immutable after apply                        |
+| DB access      | `src/lib/server/`                           | Server-only; never in client                            |
+| Validation     | `src/**/zod/`                               | `z.number().int()` for Int; dual-enforce with SQL CHECK |
+| Domain types   | `src/**/types/`                             | Plural aliases; TSDoc; avoid `any`                      |
+| Test data      | `src/**/fixtures/`                          | Write before impl (TDD); realistic values               |
+| Business logic | `src/**/services/`                          | Pure values/`null`; no `Response`/`json()`              |
+| External APIs  | `src/lib/clients/` or `*/internal_clients/` | Shared → `lib`; feature-scoped → `internal_clients`     |
+| Utilities      | `src/**/utils/`                             | No side effects; adjacent unit test required            |
+| State          | `src/**/stores/`                            | `.svelte.ts`; class + `$state()`; singleton export      |
+| Route handlers | `src/routes/`                               | Page: `redirect()`; API: `error()`                      |
+| Components     | `src/**/*.svelte`                           | Svelte 5 Runes; logic → `utils/`                        |
 
-### URL Parameter Patterns
+## Naming
 
-#### null-as-ALL: Omitting Params for "All" State
+- **No abbreviations** unless standard (e.g., `id`, `url`)
+- **Lambda params**: no single-char (except `i` for loops)
+- **Function verbs**: `get` (read), `build`/`create` (construct), `calc`/`compute` (derive), `update`, `fetch`, `resolve`
+- **Domain enums**: use domain type, not `string` (validates at boundary, stays typed inside)
+- **Constants**: reflect content not purpose; extract magic numbers/strings
+- **Files**: `snake_case` in routes, `kebab-case` dirs, underscore-prefix helpers (`_utils/`, `_types/`)
 
-When a filter has an "all" or "unfiltered" state, omit the parameter entirely rather than using a magic value (e.g., "ALL", "\*").
+## Syntax
 
-**Pattern:**
+- **Braces**: always for single-statement `if` blocks
+- **Catch blocks**: never silent; re-throw, log, or comment
+- **Plural aliases**: `type Items = Item[]` in signatures
+- **TSDoc**: every export; `@param`/`@returns` when non-obvious
 
-- Parse function defaults to `null` when param is absent
-- `null` → "show all" (no filter applied)
-- URL: `/workbooks?tab=solution` (no `categories=`)
-- Browser back button naturally restores default "all" view
+## Type Guards at API Boundaries
 
-**Benefit:** Cleaner URLs, intuitive history behavior, smaller sessionStorage footprint.
-
-**Example:** `parseWorkBookCategory()` defaults to `null` = all categories
-
-### Type Guards: Precise Narrowing for Excluded Values
-
-When a type guard intentionally excludes enum members, use `Exclude<T, 'VALUE'>` in the return type to match runtime behavior. Caller code then trusts the type system; no `as` casts needed.
-
-### Layer-Specific Responsibility: Normalization vs Filtering
-
-When filtering data by multiple criteria (format + role):
-
-- **Service layer**: Normalize raw data format (e.g., `null → PENDING`). Return all data; stay framework-agnostic and testable.
-- **UI layer**: Filter by role/context (e.g., "admin sees PENDING, user doesn't"). Apply display rules in component.
-
-**Benefit**: Services remain pure and unit-testable without mocking roles; UI logic explicit in one place.
-
-### Function Composition: Single Responsibility
-
-Separate independent transformations into distinct functions. Compose at call site.
+When receiving enum values from external APIs, validate with a type guard:
 
 ```typescript
-// groupBySolutionCategory(): pure grouping (testable)
-// filterGroupsByRole(): pure filtering by role (testable)
-let filtered = $derived(filterGroupsByRole(groupBySolutionCategory(workbooks, map), role));
+// Good: `isValidTaskGrade(value): value is TaskGrade`
+const grade = isValidTaskGrade(data.grade) ? data.grade : null;
 ```
 
-**Benefit**: Each function testable in isolation; reusable in different contexts.
-
-## Documentation
-
-### Language Policy
+Extract to `src/lib/utils/` with adjacent tests.
 
-Write all project documentation (plans, dev-notes, guides, refactor notes) in Japanese. Write all source code comments, TSDoc, commit messages, and test titles in English. This keeps documentation readable for the team while keeping code comments universally accessible and searchable.
+## Dead Code: Three-Condition Rule
 
-**Exception**: The `## CodeRabbit Findings` section in `plan.md` must quote findings verbatim in their original language (English). Do not translate CodeRabbit output.
+Delete function only if: (1) zero callers, (2) replacement exists, (3) dependent fields also deleted.
 
-### TSDoc
-
-Add TSDoc to every exported function, type, class. Minimum: `@param` (non-obvious), `@returns` (not evident from type). One-liner OK; multi-line for complex behavior only.
-
-### Documentation
+## Documentation
 
-Write plans/dev-notes/guides in Japanese. Source code comments in English. Always specify language on code blocks (e.g., `typescript`, `sql`, `bash`). For Svelte 5 unclear behavior: fetch official docs via WebFetch, not training knowledge.
+- **Plans/dev-notes**: Japanese
+- **Code/commits/tests**: English
+- **TSDoc**: required on all exports
+- **Code blocks**: specify language (`typescript`, `sql`, `bash`)
 
-## Security & Code Review
+## Security
 
-- **Logging**: No user-identifiable data in `console.log`. Single authoritative log in service layer.
-- **CodeRabbit**: Run after all phases complete. Write `critical`/`high`/`medium` findings to `plan.md` verbatim; defer `nitpick` to PR CI.
+- No user-identifiable data in logs
+- No Prisma imports in route handlers
+- Validate input at system boundaries
+- Return safe defaults on service errors
diff --git a/.claude/rules/prisma-db.md b/.claude/rules/prisma-db.md
index dc6228746..0fed30a3d 100644
--- a/.claude/rules/prisma-db.md
+++ b/.claude/rules/prisma-db.md
@@ -83,6 +83,32 @@ automatically excluded. This is not an IS NOT NULL check; the mechanism is the J
 When documenting this behavior, write "excluded by INNER JOIN" rather than
 "implicitly includes IS NOT NULL".
 
+## FK Relations: Always Define @relation
+
+Any field that references another model's ID must have an explicit `@relation` defined. Without `@relation`, Prisma does not generate FK constraints automatically, leading to referential integrity gaps.
+
+```prisma
+// Bad: FK without @relation
+userId String
+
+// Good: explicit @relation generates FK constraint
+userId String
+user   User @relation(fields: [userId], references: [id])
+```
+
+## DB-Level Value Constraints
+
+Add `CHECK` constraints via manual migration SQL. Document with inline `schema.prisma` comments (e.g., `/// CHECK: count >= 0`). Note: `prisma-erd-generator` may overwrite `ERD.md` on each migration—always keep the constraint definition in `schema.prisma` as the source of truth.
+
+## Service Layer Error Handling
+
+Catch Prisma errors in service functions, return domain values:
+
+- `P2025` (record not found) → `null` (no exception)
+- Other errors → re-throw (caller handles as 500)
+
+This removes Prisma imports from route handlers and enables easy testing with mocked returns.
+
 ## Dual-Enforcement Constraints
 
 When the same constraint is enforced in both Zod (early validation) and SQL `CHECK` (last line of defense), add an inline comment stating each layer's role and the obligation to keep them in sync:
@@ -99,9 +125,10 @@ Prisma does not support `@@check`. To add one:
 
 1. `pnpm exec prisma migrate dev --create-only --name <description>` — generate migration without applying
 2. Edit the generated `migration.sql` to add the CHECK constraint manually
-3. `pnpm exec prisma migrate dev` — apply
+3. Add an inline comment in `schema.prisma` (e.g., `/// CHECK: constraint description`)
+4. `pnpm exec prisma migrate dev` — apply
 
-Document the constraint in `prisma/ERD.md` (the only place it's visible):
+For visibility, also document complex constraints in `prisma/ERD.md`:
 
 ```mermaid
 %% XOR constraint: workbookplacement_xor_grade_category — exactly one of taskGrade or solutionCategory must be non-null
diff --git a/.claude/rules/svelte-components.md b/.claude/rules/svelte-components.md
index 61c23fa7d..4569ac508 100644
--- a/.claude/rules/svelte-components.md
+++ b/.claude/rules/svelte-components.md
@@ -8,9 +8,9 @@ paths:
 
 # Svelte Components
 
-## Runes Mode (Required)
+## Runes (Required)
 
-Use `$props()`, `$state()`, `$derived()`, `$effect()` in all components. Props pattern:
+Use `$props()`, `$state()`, `$derived()`, `$effect()` in all components:
 
 ```svelte
 <script lang="ts">
@@ -25,203 +25,63 @@ Use `$props()`, `$state()`, `$derived()`, `$effect()` in all components. Props p
 ## File Naming
 
 - Components: `PascalCase.svelte`
-- Stores: `snake_case.svelte.ts` in `src/lib/stores/`, class-based with `$state()`, export singleton. Pre-Runes stores (using `writable()`, `.ts` extension) must be migrated to this pattern before adding features or extending them.
+- Stores: `snake_case.svelte.ts`; class-based with `$state()`, singleton export
 
-## Flowbite Svelte
-
-Import from `flowbite-svelte`. Use Tailwind CSS v4 utility classes. Dark mode: `dark:` prefix. Important modifier: `dark:text-xxx!` (v4 syntax) — the v3 form `dark:!text-xxx` is invalid.
-
-### ButtonGroup: No Responsive Wrapping
-
-`ButtonGroup` uses `flex` internally — buttons do not wrap on narrow screens. When wrapping is needed, use `<div class="flex flex-wrap gap-1">` with individual `Button` components (reference: `TaskTable.svelte`).
-
-When copying button styles from a reference component, always check all three axes: `color`, `size`, and `class`. Omitting `color` applies Flowbite's default (filled blue).
-
-## Complex `{#if}` Conditions — Extract to Named Functions
-
-When a template condition requires API-specific knowledge or combines multiple null checks, extract it to a private function in `<script>`. A named function communicates intent at the call site; the implementation detail stays in one place. This applies even when the function is used only once.
-
-```svelte
-<!-- Bad: requires knowing $app/state's null semantics to understand -->
-{#if navigating.from !== null && navigating.from.route.id !== navigating.to?.route.id}
-
-<!-- Good: intent readable without knowing the API -->
-function isCrossRouteNavigation(): boolean { ... }
-
-{#if isCrossRouteNavigation()}
-```
-
-## `{@const}` Placement
-
-`{@const}` must be an **immediate child** of a block statement (`{#if}`, `{#each}`, `{:else}`, `{#snippet}`, etc.). Placing it inside an HTML element is a compile error:
-
-## `{#snippet}` Placement
+## Props & Reactivity
 
-Define snippets at the **top level**, outside component tags. Inside a tag = named slot = type error:
+- Pass **model objects**, not individual fields; derive computed values inside
+- For `data.*` in `+page.svelte`: use `$derived` to sync after `load()` re-runs
+- Use `$derived` for computed values over `$state` + `$effect`
+- Capture state **before** first `await` for safe rollback
 
-```svelte
-<!-- Good -->
-{#snippet footer()}...{/snippet}
-<Dialog {footer} />
-
-<!-- Bad: named slot, not a snippet prop -->
-<Dialog>{#snippet footer()}...{/snippet}</Dialog>
-```
-
-## `{#snippet}` Parameter Types
+## `{#each}` Patterns
 
-Snippet parameters do not infer types from call sites — always annotate explicitly or TypeScript will error with "implicitly has an 'any' type":
+- Always key: `(item.id)` or `(i)`
+- Filter **before**, not inside with `{#if}`
+- Use `{:else}` for empty lists
 
 ```svelte
-<!-- Bad: implicit any → svelte-check error -->
-{#snippet segmentLabel(segment)}
-
-<!-- Good -->
-{#snippet segmentLabel(segment: DonutSegment)}
-```
-
-Import the type in `<script lang="ts">` as usual.
-
-## Snippet vs Component
-
-Prefer `{#snippet}` when: (1) needs direct `$state` access, (2) pure display only, (3) same-file DRY.
-Promote to component when: independent state/lifecycle needed, exceeds ~30 lines, or reused across files.
-
-**Sibling consistency** — when one sibling block warrants snippet extraction, extract its parallel siblings too, even if they are short. A parent template that mixes inline markup with `{@render}` calls is harder to scan than one where every top-level section is a named snippet.
-
-## Component Boundaries
-
-- One component, one responsibility: don't mix display, state management, and data fetching
-- Extract `$derived`/`$effect` logic exceeding ~5 lines to a custom store
-- Extract repeated UI patterns (2+ uses) to a snippet or component (see Snippet vs Component)
-
-## Keep Components Thin
-
-Business logic and pure utilities belong outside `<script>` blocks — in the nearest `utils/` (or `_utils/` for routes), with adjacent unit tests. See `docs/guides/architecture.md` for layer-specific placement.
-
-## Pure Functions and Side Effect Separation
-
-Extract business logic as pure functions to `utils/` (or `_utils/` for routes); keep side effects in the caller:
-
-```typescript
-// Pure function in _utils/ — testable, no side effects
-export function buildUpdatedUrl(url: URL, activeTab: ActiveTab): URL { ... }
-
-// Side effect stays in the caller
-replaceState(buildUpdatedUrl($page.url, activeTab), {});
-```
-
-## `{#each}` — Keys and Empty-list Fallback
-
-Always provide a key expression on every `{#each}` block. Prefer a unique field (`id`, `name`, etc.); fall back to the index `(i)` only when no unique field exists.
-
-```svelte
-{#each items as item (item.id)}   <!-- unique field preferred -->
-{#each labels as label (i)}        <!-- index fallback -->
-```
-
-**Filter before `{#each}`, not inside it.** When visibility depends on a predicate (e.g. `canRead`), derive a filtered list once and iterate over it — never repeat the predicate inside a `{#if}` within the loop. This avoids computing the condition twice and keeps the template clean:
-
-```svelte
-<!-- Bad: canRead computed twice — once for count, once in template -->
-let visibleCount = $derived(items.filter((i) => canRead(i)).length);
-
-{#each items as item (item.id)}
-  {#if canRead(item)}
-    <Row {item} />
-  {/if}
-{/each}
-
-<!-- Good: filter once, iterate over the result -->
-let visibleItems = $derived(items.filter((i) => canRead(i)));
-
 {#each visibleItems as item (item.id)}
   <Row {item} />
-{/each}
-```
-
-An inner `{#if}` inside `{#each}` is still valid for conditions unrelated to list membership (e.g. feature flags, role checks that don't affect count).
-
-Use `{:else}` to render a placeholder when the list is empty — no wrapper conditional needed:
-
-```svelte
-{#each items as item (item.id)}
-  <Card {item} />
 {:else}
-  <p>No items yet.</p>
+  <p>No items.</p>
 {/each}
 ```
 
-## Directory Structure: `list/` Subdirectories
+## Snippets vs Components
 
-Consider introducing a `list/` subdirectory (or other domain-scoped subdirectory) when the component count in a directory starts to feel unwieldy — roughly 20 files is a reasonable prompt to reconsider. Below that threshold, flat organization is preferred — subdirectories add navigation cost without proportional benefit.
+- **Snippet**: needs `$state` access, pure display, same-file; params require explicit type `{#snippet label(item: Item)}`
+- **Component**: independent logic, >30 lines, multi-file reuse
+- Define snippets at **top level** (outside tags)
 
-## Eliminate Branching with Records
+## Async/Abort Handling
 
-Replace `if`/ternary chains with `Record<EnumType, T>`:
+When user can trigger same action multiple times, use `AbortController`:
 
-```typescript
-const TAB_CONFIGS: Record<ActiveTab, TabConfig> = {
-  curriculum: { label: 'Curriculum', ... },
-  solution:   { label: 'Solution',   ... },
-};
-```
-
-Use the enum type as the key type, not `string`.
+1. New abort on each submission: `voteAbortController?.abort(); voteAbortController = new AbortController()`
+2. Pass signal to fetches: `fetchMedian(taskId, signal)`
+3. Validate `signal?.aborted` in `.then()` to silently drop intentional aborts
 
-When not all enum keys need an entry, use `Partial<Record<K, V>>` as a **type annotation** — not `satisfies`. `as const satisfies Partial<Record<K, V>>` preserves the narrowed literal type, so indexing with other enum values causes a type error:
+## SSR Safety
 
-```typescript
-// NG: satisfies narrows the type — obj[key] errors for keys not in the literal
-const map = { [WorkBookType.SOLUTION]: SolutionTable }
-  as const satisfies Partial<Record<WorkBookType, Component<Props>>>;
-
-// OK: type annotation makes map[key] return Component<Props> | undefined
-const map: Partial<Record<WorkBookType, Component<Props>>> = {
-  [WorkBookType.SOLUTION]: SolutionTable,
-};
-// Safe to guard with: {#if map[type]} or if (map[type])
-```
+- No `crypto.randomUUID()` or `Math.random()` at component init (hydration mismatch)
+- Derive IDs deterministically: `const id = item.task_id`
+- Browser APIs: check `globalThis.location?.origin` before `browser` flag; warn only as last resort
 
-## Props — Pass Domain Model Objects; Derive Computed Values Internally
-
-When a component's data comes from a domain model, pass the model object as a single prop
-rather than individual fields. This keeps the call site in sync with the model automatically.
-
-Computed values (status, labels, flags derived from multiple fields) must NOT be props —
-they belong inside the component as `$derived`.
-
-```typescript
-// Bad: individual fields + derived value as prop
-interface Props {
-  handle: string;
-  validationCode: string;
-  isValidated: boolean;
-  status: string;  // derived — should not be a prop
-}
-
-// Good: model object as prop; status derived inside
-// (username is from User model; atCoderAccount is from a separate domain model — two props is correct here)
-interface Props {
-  username: string;
-  atCoderAccount: { handle: string; validationCode: string; isValidated: boolean };
-}
-let { username, atCoderAccount }: Props = $props();
-const status = $derived(atCoderAccount.isValidated ? 'validated' : ...);
-```
+## Flowbite Svelte
 
-Call site passes the object directly from `$derived(data.atCoderAccount)`.
+Import from `flowbite-svelte`. Use Tailwind v4 `dark:` prefix. When copying button styles, check `color`, `size`, `class`. Omitting `color` applies Flowbite's filled blue default.
 
-## $derived for data.\* Fields in +page.svelte
+`ButtonGroup` uses `flex` internally (no wrap). For wrapping, use `<div class="flex flex-wrap gap-1">` with individual `Button` components.
 
-When reading fields from `data` in a `+page.svelte`, use `$derived` rather than plain assignment:
+## Component Structure
 
-```typescript
-// Bad: stale after load() re-runs following a form action
-const atCoderAccount = data.atCoderAccount;
+- Extract conditional logic to private functions: `function isCrossRouteNavigation() { ... }`
+- Move business logic to `_utils/` or `utils/` with tests
+- Keep components thin: one responsibility
 
-// Good: stays in sync when SvelteKit re-runs load() after an action
-const atCoderAccount = $derived(data.atCoderAccount);
-```
+## Reactive Data Pitfalls
 
-`data` is a reactive prop that SvelteKit updates after each form action. A plain assignment captures the initial value only.
+- `let` captures initial value only; use `$derived` for derived/prop data
+- Inside `$effect`, use `$store` syntax, not `get(store)` (bypasses reactivity)
+- `$derived.by(() => { ... })` for multi-statement logic
diff --git a/.claude/rules/svelte-runes.md b/.claude/rules/svelte-runes.md
index 6d339bbb1..86145381b 100644
--- a/.claude/rules/svelte-runes.md
+++ b/.claude/rules/svelte-runes.md
@@ -8,83 +8,44 @@ paths:
 
 # Svelte Runes & Reactivity
 
-## `SvelteMap<K, V>` — Always Provide Type Parameters
+## `$state()` & `$props()`
 
-`SvelteMap` without type parameters makes `.get()` return `unknown`. Always declare with explicit types:
+- `let` captures initial value only; use `$derived` for props/server data
+- Referencing `$props()` in `$state()` initializer? Wrap with `untrack` if intentional (seed-only)
+- `pnpm check` warns: "This reference only captures the initial value"
 
-```typescript
-// Bad: .get() returns unknown — causes type errors at call sites
-const map = new SvelteMap();
-
-// Good: .get() returns TaskResults | undefined
-const map = new SvelteMap<TaskGrade, TaskResults>();
-```
-
-`$state()` wrapping is unnecessary — `SvelteMap` is already reactive (`svelte/no-unnecessary-state-wrap`). Reset with `.clear()` rather than reassigning.
-
-`svelte/prefer-svelte-reactivity` targets only `$state` contexts. Inside `$derived`, a plain `new Map()` is sufficient — the reactive dependency is tracked at the `$derived` level, not via `SvelteMap` mutation signals. Do not introduce `SvelteMap` inside `$derived` solely to satisfy this rule.
+## `SvelteMap<K, V>` — Always Type
 
-## `let`/`const` — Reactive Data Requires `$derived`
-
-Plain `let` or `const` in Svelte 5 component `<script>` executes once at component creation. Values derived from props or server data must use `$derived()`:
+`SvelteMap` without type params makes `.get()` return `unknown`. Always declare:
 
 ```typescript
-// Bad: captures only the initial value — won't update when data reloads
-let user = data.loggedInUser;
-
-// Good
-let user = $derived(data.loggedInUser);
+const map = new SvelteMap<TaskGrade, TaskResults>();
 ```
 
-`pnpm check` warns: "This reference only captures the initial value."
+`$state()` wrapping unnecessary — `SvelteMap` is reactive. Reset with `.clear()` not reassign.
 
-## `$state()` Initialization with `$props()`
+Inside `$derived`, plain `new Map()` suffices — reactive dependency tracked at `$derived` level.
 
-Referencing `$props()` inside `$state()` initializer triggers "This reference only captures the initial value". Wrap with `untrack` if intentional:
-
-```svelte
-let count = $state(untrack(() => initialCount)); // intentional: prop is initial seed only
-```
+## `$derived` & `$effect`
 
-## `$effect` — Store Reading
+- Prefer `$derived` over `$state` + `$effect` for computed values
+- No arrow functions: `$derived(() => fn(x))` stores the function, doesn't call it
+- Use `.by()` for multi-statement: `$derived.by(() => { ... })`
+- Inside `$effect`, use `$store` syntax, not `get(store)` (bypasses signal graph)
 
-Inside `$effect`, use `$store` syntax, not `get(store)`. `get()` bypasses the signal graph — the effect will not re-run when the store updates:
+## Optimistic Updates
 
-```svelte
-// Bad: get() takes a snapshot; effect won't react to store changes
-$effect(() => {
-  const grade = get(myStore).get(key) ?? fallback;
-});
+Derive computed fields from canonical data source, not re-implement inline. Divergence → "works after reload" bugs.
 
-// Good: $store subscribes and re-runs the effect on updates
-$effect(() => {
-  const grade = $myStore.get(key) ?? fallback;
-});
-```
+Diagnostic: "Not reflected live, but fixed after reload" → check optimistic update payload.
 
-## `$derived` — Prefer Over `$state` + `$effect`
+## Async Rollback
 
-When a value is purely computed from other state, use `$derived` instead of initializing with `$state` and updating in `$effect`:
+Capture state **before** first `await`:
 
 ```typescript
-// Bad: unnecessary mutation via $effect
-let items = $state<Item[]>([]);
-$effect(() => {
-  items = source.filter(isActive);
-});
-
-// Good: $derived — reactive, no mutation needed
-let items = $derived(source.filter(isActive));
-```
-
-**Do not pass an arrow function to `$derived`**: `$derived(() => fn(x))` stores the arrow function itself as the derived value — `fn` is never called and `x` is not tracked as a dependency. Use `$derived(fn(x))` for single expressions, or `$derived.by(() => { ... })` when multiple statements are needed. `$derived(expr)` is equivalent to `$derived.by(() => expr)` — the `.by` variant exists solely to allow a multi-statement function body.
-
-## Async Rollback: Capture State Before `await`
+const previous = items;
 
-Capture `$state` values before the first `await` for safe rollback. A concurrent update can overwrite the variable while awaiting:
-
-```typescript
-const previous = items; // capture before await
 try {
   await saveToServer(items);
 } catch {
@@ -92,8 +53,4 @@ try {
 }
 ```
 
-## Optimistic Updates
-
-Derive computed fields (flags, labels, etc.) from the canonical data source — don't re-implement the derivation inline. Divergence causes a "works after reload" bug where the server state is correct but the client-side update is wrong.
-
-**Diagnostic**: "Not reflected live, but fixed after reload" → suspect the optimistic update payload, not the reactivity system.
+Concurrent updates can overwrite variable while awaiting; capturing prevents data loss.
diff --git a/.claude/rules/sveltekit.md b/.claude/rules/sveltekit.md
index 2ef8dc86b..97232b062 100644
--- a/.claude/rules/sveltekit.md
+++ b/.claude/rules/sveltekit.md
@@ -9,98 +9,102 @@ paths:
 
 ## Routes vs API Endpoints
 
-- Page routes (`+page.server.ts`): use `redirect()` to navigate
-- API routes (`+server.ts`): use `error()` — throwing `redirect()` returns a 3xx response; `fetch` follows it by default and receives the HTML page at the redirect target instead of a JSON error
+- Page routes: use `redirect()` to navigate
+- API routes (`+server.ts`): use `error()` — `redirect()` returns 3xx; `fetch` follows and gets HTML not JSON
 
-## Internal Navigation: `resolve()` Wrapping
+## Internal Navigation: `resolve()`
 
-`svelte/no-navigation-without-resolve` requires all internal navigation to use `resolve()` from `$app/paths`. Two patterns apply:
+All internal navigation must use `resolve()` from `$app/paths`:
 
-**Parameterized routes** — type-safe, preferred:
+- **Parameterized** (preferred): `resolve('/workbooks/[slug]', { slug: workbook.slug })`
+- **Static**: `resolve('/')` + `@ts-expect-error` (AppTypes merging quirk)
+- **With search/hash**: `resolve(pathname + search + hash)` (concatenate inside, not outside)
+- **External**: no `resolve()`, use `rel="noreferrer external"`
 
-```typescript
-import { resolve } from '$app/paths';
-resolve('/workbooks/[slug]', { slug: workbook.slug });
-```
+## Form Data Validation
 
-**Static routes and computed string paths** — TypeScript declaration merging causes `ReturnType<AppTypes['RouteId']>` to resolve as `string` (the base overload in `@sveltejs/kit/types/index.d.ts` wins), making all routes require 2 arguments. Suppress with a description, and pre-compute in `<script>` when used in templates (where `@ts-expect-error` cannot be placed inline). A wrapper function does not help — the ESLint rule may not recognize `resolve()` calls inside wrappers.
+`formData.get()` returns `string | File | null`. Always validate before casting:
 
 ```typescript
-// @ts-expect-error svelte-check TS2554: AppTypes declaration merging causes RouteId to resolve as string, requiring params. Runtime behavior is correct.
-const homeHref = resolve('/');
-```
-
-**External links** — add `rel="noreferrer external"` instead of wrapping with `resolve()`.
-
-**With query string or hash** — `svelte/no-navigation-without-resolve` (eslint-plugin-svelte 3.16.0+) requires the _entire_ first argument to be a direct `resolve()` call. Concatenating `resolve(path) + search` is now rejected. Pass path, search, and hash as a single concatenated string inside `resolve()`:
+// Bad: unsafe cast, null reaches DB layer
+const taskId = data.get('taskId') as string;
 
-```typescript
-// Bad — rejected by eslint-plugin-svelte 3.16.0+
-goto(resolve(url.pathname) + url.search);
-replaceState(resolve(url.pathname) + url.search + url.hash, state);
+// Good: validate first
+const taskId = data.get('taskId');
 
-// Good
-goto(resolve(url.pathname + url.search));
-replaceState(resolve(url.pathname + url.search + url.hash), state);
+if (typeof taskId !== 'string' || !taskId) return fail(...);
 ```
 
-## Server-side Form Data Validation
-
-`formData.get()` returns `string | File | null`. Never cast directly with `as string` or `as TaskGrade` — always validate first:
+For enum fields:
 
 ```typescript
-// Bad — unsafe cast, null reaches the DB layer
-const taskId = data.get('taskId') as string;
-const grade = data.get('grade') as TaskGrade;
+const gradeRaw = data.get('grade');
 
-// Good — validate before use
-const taskId = data.get('taskId');
-const grade = data.get('grade');
-if (typeof taskId !== 'string' || !taskId || typeof grade !== 'string') {
-  return { success: false };
+if (!(Object.values(TaskGrade) as string[]).includes(gradeRaw)) {
+  return fail(BAD_REQUEST, { message: 'Invalid grade.' });
 }
-// taskId and grade are now string, safe to pass onward
+
+const grade = gradeRaw as TaskGrade; // Safe now
 ```
 
-For enum fields, add a membership check after the type guard:
+## Page Component Props
+
+`+page.svelte` accepts only `data` and `form` props (`svelte/valid-prop-names-in-kit-pages`).
+
+## load() Return Structure
+
+Group domain model fields as objects with defaults absorbed at boundary:
 
 ```typescript
-if (!(Object.values(TaskGrade) as string[]).includes(gradeRaw)) {
-  return fail(BAD_REQUEST, { message: 'Invalid grade value.' });
+// Bad: scattered fields
+export async function load() {
+  return {
+    username: user?.name ?? '',
+    atcoderHandle: user?.atCoder?.handle ?? '',
+    isValidated: user?.atCoder?.isValidated ?? false,
+  };
+}
+
+// Good: grouped by model
+export async function load() {
+  return {
+    username: user?.name ?? '',
+    atCoderAccount: {
+      handle: user?.atCoder?.handle ?? '',
+      isValidated: user?.atCoder?.isValidated ?? false,
+    },
+  };
 }
-const grade = gradeRaw as TaskGrade;
 ```
 
-The same pattern applies to `url.searchParams.get()` in `+server.ts` handlers.
+Consume with `$derived` in `+page.svelte` to sync after `load()` re-runs.
 
-## `$app/state`: navigating Idle Check
+## Error Handling in load()
 
-`navigating` from `$app/state` always exists as an object. Use `navigating.from === null` to detect the idle state — not `navigating === null`.
+Wrap service calls in try-catch, return safe defaults:
 
-To limit spinner display to cross-route navigation only, compare `navigating.from.route.id` with `navigating.to?.route.id`. Same-route query-param changes produce equal ids.
+```typescript
+const data = await service.fetch(...).catch(() => []);
+```
 
-## Page Component Props
+Prevents single service error from crashing entire page.
+
+## Auth Audit
 
-SvelteKit page components (`+page.svelte`) accept only `data` and `form` as props (`svelte/valid-prop-names-in-kit-pages`). Commented-out features that reference other props are not "dead code" — remove only the violating prop declaration, preserve the feature code.
+When adding guard to one action in `+page.server.ts`, audit all other actions. Asymmetric guards (some protected, others not) are a recurring vulnerability.
 
-## load() — Group Related Model Fields as Objects
+## success Flag & message Consistency
 
-When a `load()` function returns fields from the same domain model (e.g., `AtCoderAccount`),
-group them as an object rather than flattening to top-level keys.
-Apply default values at this boundary so the page component typically does not need to handle `undefined`.
+When action returns `success: false`, `message` and `message_type` must reflect failure. Contradicting flags are silent bugs:
 
 ```typescript
-// Bad: flat, scattered across top-level keys
-atcoder_username: user?.atCoderAccount?.handle ?? '',
-atcoder_validationcode: user?.atCoderAccount?.validationCode ?? '',
-is_validated: user?.atCoderAccount?.isValidated ?? false,
-
-// Good: grouped by model, defaults absorbed here
-atCoderAccount: {
-  handle:         user?.atCoderAccount?.handle         ?? '',
-  validationCode: user?.atCoderAccount?.validationCode ?? '',
-  isValidated:    user?.atCoderAccount?.isValidated    ?? false,
-},
+// Bad: success contradicts message
+return { success: true, message: 'Failed to save' };
+
+// Good
+return { success: false, message: 'Failed to save' };
 ```
 
-When consuming in `+page.svelte`, use `$derived` to maintain reactivity across load() re-runs after form actions (see svelte-components.md).
+## navigating State
+
+`navigating` from `$app/state` always exists (never null). Check idle: `navigating.from === null`. For cross-route navigation only: compare `navigating.from.route.id` with `navigating.to?.route.id` (same-route param changes have equal ids).
diff --git a/.claude/rules/testing-e2e.md b/.claude/rules/testing-e2e.md
index 5347acea8..7c8063c4e 100644
--- a/.claude/rules/testing-e2e.md
+++ b/.claude/rules/testing-e2e.md
@@ -7,47 +7,40 @@ paths:
 
 # E2E Tests (Playwright)
 
-## No Path Aliases
+## Setup
 
-The `e2e/` directory is outside SvelteKit's build pipeline — `$lib`, `$features`, and other path aliases are not resolved. Define string constant values as local constants with a reference comment:
+- File extension: **must** be `.spec.ts` (`.test.ts` not detected by `playwright.config.ts`)
+- No path aliases (`$lib`, `$features` not resolved outside SvelteKit). Use type-only imports for types:
 
 ```typescript
-// Mirrors WorkBookTab.SOLUTION from $features/workbooks/types/workbook
-const TAB_SOLUTION = 'solution';
-```
-
-Avoid importing values from `src/` in E2E test files. Type-only imports (`import type`) are acceptable since they are erased at compile time:
-
-```typescript
-// Bad: runtime import — path alias not resolved in e2e/
+// Bad: runtime import fails in E2E
 import { TAB_SOLUTION } from '$features/workbooks/types/workbook';
 
-// Good: type-only import — compile-time only
+// Good: type-only import + local constant
 import type { WorkBookTab } from '$features/workbooks/types/workbook';
+
 const TAB_SOLUTION: WorkBookTab = 'solution';
 ```
 
 ## Describe Hierarchy
 
-When a `describe` block for a user role grows large, split it by behavioral dimension rather than adding more flat `test()` calls:
+Split large `describe` blocks by behavioral dimension, not flat `test()` calls:
 
 ```typescript
 test.describe('logged-in user', () => {
   test.describe('tab visibility', () => { ... });
-  test.describe('URL parameter handling', () => { ... });
-  test.describe('navigation interactions', () => { ... });
-  test.describe('session state', () => { ... });
+  test.describe('URL parameters', () => { ... });
+  test.describe('navigation', () => { ... });
 });
 ```
 
 ## Parameterized Tests
 
-Playwright has no native `test.each`. Use `for...of` loops — the official recommended pattern.
+Playwright has no native `test.each`. Use `for...of` loops (official pattern):
 
-**Single test with a loop** — use when testing a sequence or workflow within one test:
+**Single test with loop** — testing a sequence within one test:
 
 ```typescript
-// Mirrors TaskGrade from $lib/types/task — do not import from src/ in E2E files
 const GRADES = ['Q10', 'Q9', 'Q8'] as const;
 
 for (const grade of GRADES) {
@@ -56,13 +49,11 @@ for (const grade of GRADES) {
 }
 ```
 
-**Multiple tests from parameters** — use when each parameter represents an independent case:
+**Multiple tests from parameters** — independent cases:
 
 ```typescript
-const GRADES = ['Q10', 'Q9', 'Q8'] as const;
-
 for (const grade of GRADES) {
-  test(`filters by grade ${grade}`, async ({ page }) => {
+  test(`filters by ${grade}`, async ({ page }) => {
     await page.goto('/tasks');
     await gradeButton(page, grade).click();
     await expect(page).toHaveURL(`?grades=${grade}`);
@@ -70,81 +61,48 @@ for (const grade of GRADES) {
 }
 ```
 
-## Assertions
-
-After an interaction that changes element state (active tab, toggle, selection), assert the _new_ state — not just that the element is visible, which may have been true before the interaction. Assert an active CSS class, `aria-selected`, or similar attribute instead of `toBeVisible()`.
-
-### Prefer Semantic Attributes Over CSS Classes
-
-Assert element state via accessibility attributes (`aria-pressed`, `aria-selected`, `data-*`), not CSS classes (which are implementation details and break on style refactors).
-
-**Bad:** Brittle to styling changes
-
-```typescript
-await expect(button).toHaveClass(/text-primary-700/);
-```
-
-**Good:** Resilient to refactors
-
-```typescript
-await expect(button).toHaveAttribute('aria-pressed', 'true');
-// or
-await expect(button).toHaveAttribute('data-active', 'true');
-```
-
-**Note:** If component library doesn't expose the attribute, add it (or contribute PR). Teaching tests brittle selectors is not sustainable.
-
-## Flowbite Toggle
-
-Flowbite's `Toggle` renders an `sr-only` `<input type="checkbox">` inside a `<label>`. Clicking the input directly fails because the visual `<span>` sibling intercepts pointer events. Click the label wrapper instead:
-
-```typescript
-const toggleInput = page.locator('input[aria-label="<aria-label value>"]');
-const toggleLabel = page.locator('label:has(input[aria-label="<aria-label value>"])');
-
-await toggleLabel.click();
-await expect(toggleInput).toBeChecked({ checked: true });
-```
-
-The same pattern applies to any Flowbite component that visually overlays its native input (e.g. `Checkbox`, `Radio`).
+## Selectors & Assertions
 
-## Waiting for Svelte Transitions
+### Stable Selectors
 
-Svelte's `{#if}/{:else}` blocks with transitions may temporarily render multiple elements with the same selector during outro/intro overlap. Playwright locators may match either element non-deterministically, causing flaky tests.
+Prefer in order:
 
-Use `waitForFunction` with `Array.from(elements).every(...)` to explicitly wait until **all** matching elements reach the desired state before asserting — checking every element guards against the transient window where multiple elements coexist. **Do not use assertions as implicit sleeps** — separating wait logic from assertions makes test intent clear and avoids timing-dependent failures.
+1. Semantic: `getByRole('button', { name: /submit/i })`
+2. Test IDs: `getByTestId('save-button')`
+3. Avoid CSS classes (refactor-fragile) and internal text unless content is stable
 
-This pattern applies to any Svelte component with transitions: modals, drawers, dropdowns, etc.
+### Assertion Best Practices
 
-## Strict Mode: Scope Locators to the Content Area
+- After interaction (click tab, toggle), assert **new state** not just visibility
+- Assert via accessibility attributes (`aria-pressed`, `aria-selected`, `data-*`), not CSS classes
+- `toBeVisible()` may have been true before; assert the change instead:
 
-When the navbar and page body both contain a link or button with the same text (e.g., a breadcrumb and a nav link share the same label), `getByRole` in strict mode will find multiple matches and throw. Scope the locator to the page's content container:
-
-```typescript
-// Bad: matches navbar link AND breadcrumb link
-await page.getByRole('link', { name: 'グレード投票' }).click();
+  ```typescript
+  // Bad: doesn't confirm interaction changed state
+  await tab.click();
+  await expect(content).toBeVisible();
 
-// Good: scoped to page content only
-await page.locator('.container').locator('nav').getByRole('link', { name: 'グレード投票' }).click();
-await page.locator('.container').getByRole('link', { name: 'ログイン' }).click();
-```
+  // Good: asserts content became visible
+  await tab.click();
+  await expect(page).toHaveURL('?tab=details');
+  ```
 
-Use `.container` (page content wrapper) to exclude the global navbar. Prefer the narrowest scope that remains stable — breadcrumb `nav` inside `.container` is more precise than `.container` alone when the link only appears there.
+## Setup & Teardown
 
-## Conditional Skip Based on Runtime State
+- Use `test.beforeEach` / `test.afterEach` for per-test setup
+- Use `test.describe.configure({ mode: 'parallel' })` for parallelization within a describe block
+- Clean up auth state / fixtures after each test (`test.afterEach(() => { ... })`)
 
-When a test depends on DB or session state that may vary across environments (e.g., a user's AtCoder verification status), use `test.skip(condition, reason)` inside the test body instead of a static `test.skip`. This way the test runs automatically when the precondition is met:
+## Debugging
 
-```typescript
-test('sees vote grade buttons', async ({ page }) => {
-  await page.goto(url);
+- `page.screenshot()` to capture state at assertion
+- `page.pause()` for interactive debugging
+- Logs: `page.on('console', msg => console.log(msg.text()))`
 
-  const isUnverified = await page.getByText('AtCoderアカウントの認証が必要です').isVisible();
-  test.skip(isUnverified, 'test user is not AtCoder-verified');
+## E2E Lessons from Votes Tests
 
-  // assertions below run only when precondition holds
-  await expect(page.locator('form[action="?/voteAbsoluteGrade"]')).toBeVisible();
-});
-```
+Recent fixes (detailed in plan.md):
 
-Prefer this over a hard-coded `test.skip` whenever the condition is observable on the page.
+- Dropdown selectors drift when UI changes; re-verify on refactors
+- Abort signal prevents stale response race; update signal if fetch signature changes
+- Toast messages are temporary; use waiter pattern, not fixed delay
diff --git a/.claude/rules/testing.md b/.claude/rules/testing.md
index 3ceda46cc..22fce4087 100644
--- a/.claude/rules/testing.md
+++ b/.claude/rules/testing.md
@@ -9,103 +9,156 @@ paths:
 
 # Testing
 
-## Test Titles
+## Core Principles
 
-Write all test titles in English. Use descriptive sentences that state the expected behavior (e.g., `'returns empty array when workbooks is empty'`). Japanese is only acceptable in inline comments or fixture strings that represent real user-facing content.
+- **Tests ship with implementation**: same commit, feature not done until tests pass
+- **English only**: describe expected behavior (e.g., `'returns empty array when workbooks is empty'`)
+- **Test integrity**: never weaken assertions to make tests pass; fix implementation instead
+- **Unused imports**: signal missing tests, not dead code—add the test case first
 
-## Tests Ship with the Implementation
+## Test Types
 
-Tests must be included in the same commit as the implementation they cover. "Add tests later" is not acceptable — a feature or fix is not done until its tests pass.
+| Type | Tool       | Location                  | Command          |
+| ---- | ---------- | ------------------------- | ---------------- |
+| Unit | Vitest     | `src/test/` or co-located | `pnpm test:unit` |
+| E2E  | Playwright | `e2e/`                    | `pnpm test:e2e`  |
 
-If a task description does not mention tests, add them anyway for any non-trivial logic.
+E2E files: **must** use `.spec.ts` extension (`.test.ts` not detected).
 
-## Test Integrity
+## Unit Testing Patterns
 
-- Never delete, comment out, or weaken assertions (e.g. `toEqual` → `toBeDefined`) to make tests pass
-- Fix the implementation, not the test; if the test itself is wrong, explain why in a comment or commit message
+### Assertions
 
-## Unused Imports in Test Files
+- Use `toBe(true)` / `toBe(false)` not `toBeTruthy()` / `toBeFalsy()`
+- DB query tests: assert `orderBy`, `include` with `expect.objectContaining`, not just `where`
+- Enum membership: `Object.hasOwn(Enum, value)` not `in` (avoids prototype chain)
 
-Unused imports signal a missing test, not dead code. Before deleting, add the corresponding test case.
+### Describe Organization
 
-## Test Types
+Group by scenario (successful vs error cases), not flat:
+
+```typescript
+describe('validate', () => {
+  describe('successful case', () => { ... });
+  describe('error cases', () => {
+    describe('returns false', () => { ... });
+    describe('throws', () => { ... });
+  });
+});
+```
 
-| Type | Tool       | Location                                                          | Run Command      |
-| ---- | ---------- | ----------------------------------------------------------------- | ---------------- |
-| Unit | Vitest     | `src/test/` (mirrors `src/lib/`) or co-located in `src/features/` | `pnpm test:unit` |
-| E2E  | Playwright | `e2e/`                                                            | `pnpm test:e2e`  |
+### Test Data
 
-E2E test files must use the `.spec.ts` extension. `playwright.config.ts` matches only `*.spec.ts`, so `.test.ts` files will not be detected.
+- Use realistic values (real task IDs, grade names), not `'t1'` placeholders
+- Extract shared fixture data to file scope; inline for single-use
+- Verify fixture alignment: test name "tie-break" must exercise that code path
+- Shared fixtures at `describe` scope avoid duplication (DRY + auto-sync)
 
-## Assertions
+### Service Layer Mocking
 
-- Use `toBe(true)` / `toBe(false)` over `toBeTruthy()` / `toBeFalsy()`
-- For DB query tests, assert `orderBy`, `include`, and other significant parameters with `expect.objectContaining` — not just `where`. When a returned field (e.g. `authorName`) depends on an `include` relation, that `include` clause must be part of the assertion, or a regression in the query shape will go undetected
-- Enum membership: `in` traverses the prototype chain; use `Object.hasOwn(Enum, value)` instead
+Mock Prisma with `vi.mock('$lib/server/database', ...)` — no real DB mutations. Use helpers:
 
-## Test Stubs
+```typescript
+const mockFindUnique = (data) => db.task.findUnique.mockResolvedValue(data);
+const mockFindMany = (data) => db.task.findMany.mockResolvedValue(data);
+```
 
-Test stub parameter types must match the production function's signature — use domain types (e.g. `TaskGrade`), not `string`; a mismatch compiles silently but lets the stub accept inputs the real function would reject.
+### HTTP Mocking (Nock)
 
-## Test Data
+Extract setup into helpers, declare once at describe scope:
 
-- Use realistic fixture values (real task IDs, grade names) instead of placeholders like `'t1'`
-- Extract shared data into fixture files; inline is fine for single-use cases
-- After `.filter()` on fixtures, verify actual contents — same ID may refer to a different entity after fixture updates
-- **Description ↔ code path alignment**: when a test name describes a specific scenario (e.g. "tie-break"), verify the fixture actually exercises that code path
+```typescript
+const mockGetUser = (statusCode, user?) => {
+  nock('http://localhost')
+    .get('/api/user')
+    .reply(statusCode, user ? { user } : undefined);
+};
+```
 
-### Fixture Sharing in describe() Scope
+### Parameterized Tests
 
-When multiple tests in a `describe` block use identical fixture data, define it once at block scope instead of duplicating in each test. Benefit: DRY + fixture changes sync automatically. Only use if fixture is immutable within tests (no mutations).
+Test enum boundaries + typical value, then separate test for distinct behavior:
 
 ```typescript
-describe('filterByRole', () => {
-  const testGroups = [{ role: ADMIN }, { role: PENDING }];
+test.each([TaskGrade.PENDING, TaskGrade.Q11, TaskGrade.Q10, TaskGrade.D6])(
+  'returns grade %s', (grade) => { ... }
+);
+test('returns null when no vote', () => { ... });
+```
 
-  test('admin sees all', () => {
-    expect(filter(testGroups, ADMIN)).toHaveLength(2);
-  });
-  test('user sees filtered', () => {
-    expect(filter(testGroups, USER)).toHaveLength(1);
-  });
+### Environment Variables
+
+Use `vi.stubEnv()` + `vi.unstubAllEnvs()`:
+
+```typescript
+beforeEach(() => {
+  vi.stubEnv('MY_VAR', 'value');
+});
+afterEach(() => {
+  vi.unstubAllEnvs();
 });
 ```
 
-## Coverage
+### Test Stubs
 
-- Run `pnpm coverage` for coverage report
-- Target: 80% lines, 80% branches
+Parameter types **must match** production signature — use domain types (`TaskGrade`), not `string`. Mismatch compiles silently but breaks type safety.
 
-## Test Order Mirrors Source Order
+## Component Testing
 
-Order `describe` blocks in service and utils test files to match the declaration order of functions in the source file. Misalignment makes it harder to cross-reference tests and implementation.
+- Extract logic to `utils/` or `_utils/` and test there, not in component
+- Omit component Vitest if template-only **and** E2E covers rendering paths
 
-### Describe Block Organization: Multi-Scenario Functions
+## Coverage
 
-Split `describe` blocks by scenario (not all cases flat) when a function behaves differently by mode. Example: separate `describe('func with modeA')` and `describe('func with modeB')` rather than mixing all cases. Benefit: better test discovery and names.
+Target: 80% lines, 80% branches. Run `pnpm coverage`.
 
-## Service Layer Unit Tests
+## Test Files Ship with Code
 
-Service tests mock Prisma via `vi.mock('$lib/server/database', ...)` — no real DB mutations occur.
+Never defer tests. For non-trivial logic without explicit test requirement, add them anyway.
 
-### Mock Helpers
+## Multiple Test Location Patterns
 
-Extract repeated mock patterns into helpers. Use `mockFindUnique`, `mockFindMany`, `mockCount` as the standard trio for Prisma model tests. Add `mockCreate`, `mockTransaction`, `mockDelete` when needed.
+During migration, support both centralized (`src/test/`) and co-located (`src/features/`, `src/lib/`) tests.
+Configure `vite.config.ts` with explicit ordering:
 
-### Cleanup for Integration Tests
+```typescript
+include: [
+  'src/lib/**/*.test.ts',        // shared utilities (adjacent)
+  'src/test/**/*.test.ts',       // legacy centralized
+  'src/features/**/*.test.ts',   // feature co-location
+],
+```
 
-For tests with real side effects (DB mutations, file changes, API calls), wrap assertions in `try/finally` — a failing assertion skips cleanup and contaminates later tests.
+## Mocking globalThis Properties
 
-### File Split for Testability
+Save and restore `globalThis` state to prevent test leaks:
 
-When a service mixes DB operations and pure functions, split into `crud.ts` (DB; Prisma mocks needed) and `initializers.ts` (pure; no mocks). Skip split if cohesion suffers.
+```typescript
+const original = globalThis.location;
 
-## Component & Utility Tests
+beforeEach(() => {
+  Object.defineProperty(globalThis, 'location', {
+    value: { origin: 'http://test' },
+    writable: true,
+  });
+});
+
+afterEach(() => {
+  if (original !== undefined) {
+    Object.defineProperty(globalThis, 'location', { value: original, writable: true });
+  }
+});
+```
 
-- Extract component logic to `utils/` and test there, not in the component.
-- Omit component Vitest test if template-only **and** E2E tests cover rendering paths.
-- Add utility tests at extraction time; assert immutability (URLs) and all affected parts (multi-column operations).
+## Guard Clause Reachability
 
-## HTTP Mocking
+Ensure guard clauses don't make later code unreachable. Example anti-pattern:
+
+```typescript
+// Bad: 'http://localhost' is unreachable
+if (location?.origin) return location.origin;
+if (!browser) return '';
+return 'http://localhost'; // Never reached in browser
+```
 
-Use Nock for external HTTP calls. See `src/test/lib/clients/` for examples.
+Simplify to remove dead code after the final guard.
diff --git a/.github/workflows/resolve-migration.yml b/.github/workflows/resolve-migration.yml
new file mode 100644
index 000000000..e2d848a17
--- /dev/null
+++ b/.github/workflows/resolve-migration.yml
@@ -0,0 +1,26 @@
+name: Resolve Failed Migration (one-time use)
+on:
+  workflow_dispatch:
+
+jobs:
+  resolve:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: pnpm/action-setup@v5
+        with:
+          package_json_file: package.json
+          run_install: false
+      - uses: actions/setup-node@v6
+        with:
+          node-version: 24
+          cache: 'pnpm'
+          cache-dependency-path: pnpm-lock.yaml
+      - run: pnpm install
+      - name: Resolve failed migration in staging DB
+        run: |
+          pnpm exec prisma migrate resolve \
+            --rolled-back 20260406112057_add_vote_grade_check_constraints
+        env:
+          DATABASE_URL: ${{ secrets.PREVIEW_DATABASE_URL }}
+          DIRECT_URL: ${{ secrets.PREVIEW_DIRECT_URL }}
diff --git a/docs/dev-notes/2026-04-09/fix-vote-grade-check-constraints/plan.md b/docs/dev-notes/2026-04-09/fix-vote-grade-check-constraints/plan.md
new file mode 100644
index 000000000..5a3a3dad2
--- /dev/null
+++ b/docs/dev-notes/2026-04-09/fix-vote-grade-check-constraints/plan.md
@@ -0,0 +1,153 @@
+# staging 環境の failed migration 修復計画
+
+## 概要
+
+`20260406112057_add_vote_grade_check_constraints` migration が staging DB で P3009 エラー（失敗中状態）で止まっており、以降の migration deploy が全てブロックされている状態を GHA 経由で修復する。
+
+## 根本原因
+
+migration.sql 内のテーブル名が Pascal Case クォート形式（例: `"VotedGradeCounter"`）で記述されているが、`schema.prisma` の `@@map` により実際の PostgreSQL テーブル名は小文字（`votedgradecounter`）。
+
+```sql
+-- 誤（失敗した migration）
+ALTER TABLE "VotedGradeCounter" ADD CONSTRAINT ...
+
+-- 正（@@map に合わせた正しい記述）
+ALTER TABLE "votedgradecounter" ADD CONSTRAINT ...
+```
+
+PostgreSQL はクォート付きの識別子を大文字小文字区別で処理するため、`"VotedGradeCounter"` は存在しないテーブルを参照して ALTER TABLE が失敗。`_prisma_migrations` に `finished_at = NULL` のレコードが残り P3009 状態となった。
+
+## 他 AI 提案のレビュー・却下理由
+
+| 提案内容                                 | 評価              | 理由                                                                                                                  |
+| ---------------------------------------- | ----------------- | --------------------------------------------------------------------------------------------------------------------- |
+| `migrate resolve --rolled-back` の使用   | ✅ 正しい         | P3009 を解消する唯一の手段                                                                                            |
+| 同名 `migration.sql` を修正して再 deploy | ❌ **機能しない** | `--rolled-back` にマークされた migration は `migrate deploy` が永久にスキップする。同ファイルを修正しても実行されない |
+
+**正しいアプローチ:** rolled-back 解消後は、**新しいタイムスタンプで新 migration ファイルを作成**して deploy する必要がある。
+
+## 設計方針・却下した代替案
+
+### 採用: workflow_dispatch + 新 migration 作成
+
+- GHA の `workflow_dispatch` トリガーで `migrate resolve` を一度だけ実行
+- 旧 migration ファイルを git から削除（ローカル開発環境で `migrate dev` が失敗しないよう）
+- 新タイムスタンプで正しいテーブル名の migration を作成
+
+### 却下: ci.yml への一時追記
+
+- `resolve` ステップを既存 `preview` ジョブに追記する案
+- 問題: すでに成功した将来の deploy でも毎回 resolve コマンドが走る（冪等ではあるが冗長）
+- `workflow_dispatch` の方がスコープが明確で安全
+
+### 却下: DB への直接接続
+
+- staging DB に直接アクセスして `_prisma_migrations` を操作する案
+- 方針: GHA 経由でのみ DB を操作するため却下
+
+## 実装フェーズ
+
+### Phase 1: 変更を staging へ push（GHA に workflow_dispatch を公開）
+
+**変更ファイル:**
+
+| 操作 | パス                                                                              |
+| ---- | --------------------------------------------------------------------------------- |
+| 追加 | `.github/workflows/resolve-migration.yml`                                         |
+| 削除 | `prisma/migrations/20260406112057_add_vote_grade_check_constraints/`              |
+| 追加 | `prisma/migrations/20260409000000_fix_vote_grade_check_constraints/migration.sql` |
+
+**`.github/workflows/resolve-migration.yml` 内容:**
+
+```yaml
+name: Resolve Failed Migration (one-time use)
+on:
+  workflow_dispatch:
+
+jobs:
+  resolve:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: pnpm/action-setup@v5
+        with:
+          package_json_file: package.json
+          run_install: false
+      - uses: actions/setup-node@v6
+        with:
+          node-version: 24
+          cache: 'pnpm'
+          cache-dependency-path: pnpm-lock.yaml
+      - run: pnpm install
+      - name: Resolve failed migration in staging DB
+        run: |
+          pnpm exec prisma migrate resolve \
+            --rolled-back 20260406112057_add_vote_grade_check_constraints
+        env:
+          DATABASE_URL: ${{ secrets.PREVIEW_DATABASE_URL }}
+          DIRECT_URL: ${{ secrets.PREVIEW_DIRECT_URL }}
+```
+
+**新 migration SQL:**
+
+```sql
+-- VotedGradeCounter.count must never go negative (application guard + DB last line of defense)
+ALTER TABLE "votedgradecounter" ADD CONSTRAINT "votedgradecounter_count_non_negative"
+  CHECK (count >= 0);
+
+-- VoteGrade.grade must not be PENDING (only non-pending grades are valid votes)
+ALTER TABLE "votegrade" ADD CONSTRAINT "votegrade_grade_not_pending"
+  CHECK (grade != 'PENDING');
+
+-- VotedGradeCounter.grade must not be PENDING
+ALTER TABLE "votedgradecounter" ADD CONSTRAINT "votedgradecounter_grade_not_pending"
+  CHECK (grade != 'PENDING');
+
+-- VotedGradeStatistics.grade must not be PENDING (median must be a real grade)
+ALTER TABLE "votedgradestatistics" ADD CONSTRAINT "votedgradestatistics_grade_not_pending"
+  CHECK (grade != 'PENDING');
+```
+
+> この push で preview ジョブが起動するが、staging DB はまだ stuck 状態のため `migrate deploy` は P3009 で失敗する。これは想定内。
+
+### Phase 2: workflow_dispatch を手動トリガー
+
+GitHub Actions UI から操作:
+
+1. リポジトリの Actions タブを開く
+2. "Resolve Failed Migration (one-time use)" を選択
+3. "Run workflow" → **staging ブランチ**を選択して実行
+
+これにより staging DB の `_prisma_migrations` の対象レコードに `rolled_back_at` がセットされ、P3009 が解消される。
+
+### Phase 3: 失敗した preview ジョブを再実行
+
+GitHub Actions UI から Phase 1 の push で失敗した preview ジョブを "Re-run jobs" で再実行。今度は `migrate deploy` が P3009 なしで通り、新 migration `20260409000000_fix_vote_grade_check_constraints` が適用される。
+
+## 検証
+
+| タイミング     | 確認内容                                                     |
+| -------------- | ------------------------------------------------------------ |
+| Phase 2 完了後 | `workflow_dispatch` ジョブの終了コードが 0                   |
+| Phase 3 完了後 | GHA の "Apply all pending migrations" ステップが成功         |
+| Phase 3 完了後 | staging の Vercel デプロイが完了                             |
+| Phase 3 完了後 | staging アプリで投票機能が正常動作（CHECK 制約が DB に存在） |
+
+## ローカル開発環境への影響
+
+旧 migration ファイルを git から削除することで、開発者が `git pull` 後に `migrate dev` を実行しても旧 SQL は実行されず、代わりに新 migration が適用される。
+
+ただし、**旧 migration をすでにローカル DB に適用しようとして failed 状態にしている開発者**は別途対応が必要:
+
+```bash
+# ローカル DB の stuck 状態を解消
+pnpm exec prisma migrate resolve --rolled-back 20260406112057_add_vote_grade_check_constraints
+
+# その後 migrate dev を実行
+pnpm exec prisma migrate dev
+```
+
+## 事後処理
+
+`resolve-migration.yml` は使い捨て。fix 確認後に削除 PR を出してもよい（再実行しても冪等なので必須ではない）。
diff --git a/e2e/votes.spec.ts b/e2e/votes.spec.ts
index 17bc86914..6d104ec38 100644
--- a/e2e/votes.spec.ts
+++ b/e2e/votes.spec.ts
@@ -5,6 +5,8 @@ import { loginAsAdmin, loginAsUser } from './helpers/auth';
 const TIMEOUT = 60 * 1000;
 const VOTES_LIST_URL = '/votes';
 const VOTE_MANAGEMENT_URL = '/vote_management';
+const KNOWN_TASK_ID = 'abc422_a'; // From prisma/tasks.ts seed data
+const KNOWN_VOTE_DETAIL_URL = '/votes/abc422_a'; // From prisma/tasks.ts seed data
 
 // ---------------------------------------------------------------------------
 // Votes list page (/votes)
@@ -14,17 +16,17 @@ test.describe('votes list page (/votes)', () => {
   test('unauthenticated user can view the page without redirect', async ({ page }) => {
     await page.goto(VOTES_LIST_URL);
     await expect(page).toHaveURL(VOTES_LIST_URL, { timeout: TIMEOUT });
-    await expect(page.getByRole('heading', { name: 'グレード投票' })).toBeVisible({
+    await expect(page.getByRole('heading', { name: '投票' })).toBeVisible({
       timeout: TIMEOUT,
     });
   });
 
   test('task table is visible to unauthenticated user', async ({ page }) => {
     await page.goto(VOTES_LIST_URL);
-    await expect(page.getByRole('columnheader', { name: '問題' })).toBeVisible({
+    await expect(page.getByRole('columnheader', { name: '問題名' })).toBeVisible({
       timeout: TIMEOUT,
     });
-    await expect(page.getByRole('columnheader', { name: 'コンテスト' })).toBeVisible({
+    await expect(page.getByRole('columnheader', { name: '出典' })).toBeVisible({
       timeout: TIMEOUT,
     });
   });
@@ -33,14 +35,14 @@ test.describe('votes list page (/votes)', () => {
     await loginAsUser(page);
     await page.goto(VOTES_LIST_URL);
     await expect(page).toHaveURL(VOTES_LIST_URL, { timeout: TIMEOUT });
-    await expect(page.getByRole('heading', { name: 'グレード投票' })).toBeVisible({
+    await expect(page.getByRole('heading', { name: '投票' })).toBeVisible({
       timeout: TIMEOUT,
     });
   });
 
   test('search input filters tasks by title', async ({ page }) => {
     await page.goto(VOTES_LIST_URL);
-    const searchInput = page.getByPlaceholder('問題名・問題ID・コンテストIDで検索');
+    const searchInput = page.getByPlaceholder('問題名・問題ID・出典で検索');
     await expect(searchInput).toBeVisible({ timeout: TIMEOUT });
 
     // Type a string unlikely to match any task to get 0 results
@@ -57,28 +59,42 @@ test.describe('votes list page (/votes)', () => {
 
 test.describe('vote detail page (/votes/[slug])', () => {
   /**
-   * Navigates to the first task in the vote list.
-   * Assumes at least one task exists in the DB.
+   * Navigates to the first task in the vote list by searching for a known task ID,
+   * then clicking the first result link.
+   * Callers must check page.url() and call test.skip if still on the list page.
    */
   async function navigateToFirstVoteDetailPage(page: Page): Promise<void> {
     await page.goto(VOTES_LIST_URL);
-    await expect(page.getByRole('columnheader', { name: '問題' })).toBeVisible({
+    await expect(page.getByRole('columnheader', { name: '問題名' })).toBeVisible({
       timeout: TIMEOUT,
     });
-    // Click the first task title link in the table
-    await page.locator('table').getByRole('link').first().click();
+
+    // Fill search to render task rows (table body is empty until search !== '')
+    const searchInput = page.getByPlaceholder('問題名・問題ID・出典で検索');
+    await searchInput.fill(KNOWN_TASK_ID);
+
+    const firstLink = page.locator('table').getByRole('link').first();
+    const hasTask = await firstLink.isVisible();
+
+    if (!hasTask) {
+      return; // No matching tasks in DB — callers must call test.skip
+    }
+
+    await firstLink.click();
     await expect(page).toHaveURL(/\/votes\/.+/, { timeout: TIMEOUT });
   }
 
   test.describe('unauthenticated user', () => {
     test('can view the task detail page without redirect', async ({ page }) => {
       await navigateToFirstVoteDetailPage(page);
+      const onDetailPage = /\/votes\/.+/.test(page.url());
+      test.skip(!onDetailPage, 'no matching tasks in DB');
       // Should stay on /votes/[slug], not redirected
       await expect(page).toHaveURL(/\/votes\/.+/, { timeout: TIMEOUT });
     });
 
     test('sees login prompt instead of vote buttons', async ({ page }) => {
-      await navigateToFirstVoteDetailPage(page);
+      await page.goto(KNOWN_VOTE_DETAIL_URL);
 
       const content = page.locator('.container');
 
@@ -94,18 +110,14 @@ test.describe('vote detail page (/votes/[slug])', () => {
     });
 
     test('does not see vote grade buttons', async ({ page }) => {
-      await navigateToFirstVoteDetailPage(page);
+      await page.goto(KNOWN_VOTE_DETAIL_URL);
       // Grade buttons are only rendered inside the vote form (not shown when logged out)
       await expect(page.locator('form[action="?/voteAbsoluteGrade"]')).not.toBeAttached();
     });
 
     test('breadcrumb link navigates back to /votes', async ({ page }) => {
-      await navigateToFirstVoteDetailPage(page);
-      await page
-        .locator('.container')
-        .locator('nav')
-        .getByRole('link', { name: 'グレード投票' })
-        .click();
+      await page.goto(KNOWN_VOTE_DETAIL_URL);
+      await page.locator('.container').locator('nav').getByRole('link', { name: '投票' }).click();
       await expect(page).toHaveURL(VOTES_LIST_URL, { timeout: TIMEOUT });
     });
   });
@@ -116,12 +128,12 @@ test.describe('vote detail page (/votes/[slug])', () => {
     });
 
     test('can view the task detail page', async ({ page }) => {
-      await navigateToFirstVoteDetailPage(page);
+      await page.goto(KNOWN_VOTE_DETAIL_URL);
       await expect(page).toHaveURL(/\/votes\/.+/, { timeout: TIMEOUT });
     });
 
     test('sees vote grade buttons', async ({ page }) => {
-      await navigateToFirstVoteDetailPage(page);
+      await page.goto(KNOWN_VOTE_DETAIL_URL);
 
       // Skip if the test user is not AtCoder-verified.
       // Wait for either the vote form or the unverified message to appear before deciding.
@@ -141,7 +153,7 @@ test.describe('vote detail page (/votes/[slug])', () => {
     });
 
     test('does not see login prompt', async ({ page }) => {
-      await navigateToFirstVoteDetailPage(page);
+      await page.goto(KNOWN_VOTE_DETAIL_URL);
       await expect(page.getByText('投票するにはログインが必要です')).not.toBeVisible();
     });
   });
diff --git a/prisma/ERD.md b/prisma/ERD.md
index 1881d0bb4..c2ebaf6c5 100644
--- a/prisma/ERD.md
+++ b/prisma/ERD.md
@@ -301,3 +301,16 @@ ANALYSIS ANALYSIS
     "votedgradestatistics" |o--|| "TaskGrade" : "enum:grade"
     "votedgradestatistics" |o--|| task : "task"
 ```
+
+## Database Constraints
+
+### CHECK Constraints
+
+The following `CHECK` constraints are applied at the database level (via migration SQL):
+
+- `votedgradecounter_count_non_negative` — `VotedGradeCounter.count >= 0`
+- `votegrade_grade_not_pending` — `VoteGrade.grade != 'PENDING'`
+- `votedgradecounter_grade_not_pending` — `VotedGradeCounter.grade != 'PENDING'`
+- `votedgradestatistics_grade_not_pending` — `VotedGradeStatistics.grade != 'PENDING'`
+
+These constraints enforce domain rules at the database level as a last line of defense. Application-layer guards are documented in the schema comments.
diff --git a/prisma/migrations/20260409000000_fix_vote_grade_check_constraints/migration.sql b/prisma/migrations/20260409000000_fix_vote_grade_check_constraints/migration.sql
new file mode 100644
index 000000000..2977b970b
--- /dev/null
+++ b/prisma/migrations/20260409000000_fix_vote_grade_check_constraints/migration.sql
@@ -0,0 +1,15 @@
+-- VotedGradeCounter.count must never go negative (application guard + DB last line of defense)
+ALTER TABLE "votedgradecounter" ADD CONSTRAINT "votedgradecounter_count_non_negative"
+  CHECK (count >= 0);
+
+-- VoteGrade.grade must not be PENDING (only non-pending grades are valid votes)
+ALTER TABLE "votegrade" ADD CONSTRAINT "votegrade_grade_not_pending"
+  CHECK (grade != 'PENDING');
+
+-- VotedGradeCounter.grade must not be PENDING
+ALTER TABLE "votedgradecounter" ADD CONSTRAINT "votedgradecounter_grade_not_pending"
+  CHECK (grade != 'PENDING');
+
+-- VotedGradeStatistics.grade must not be PENDING (median must be a real grade)
+ALTER TABLE "votedgradestatistics" ADD CONSTRAINT "votedgradestatistics_grade_not_pending"
+  CHECK (grade != 'PENDING');
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index 342fa041e..79713d513 100755
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -255,6 +255,7 @@ model VoteGrade {
   id         String   @unique
   userId     String
   taskId     String
+  // CHECK (grade != 'PENDING') enforced in migration SQL. Application layer uses NON_VOTABLE_GRADES guard.
   grade      TaskGrade
   createdAt  DateTime @default(now())
   updatedAt  DateTime @updatedAt
@@ -269,7 +270,10 @@ model VoteGrade {
 model VotedGradeCounter {
   id         String   @unique
   taskId     String
+  // CHECK (grade != 'PENDING') enforced in migration SQL. Application layer uses NON_VOTABLE_GRADES guard.
   grade      TaskGrade
+  // count is also constrained by CHECK (count >= 0) in migration SQL (DB last line of defense).
+  // Application layer guards this via decrementOldGradeCounter (WHERE count > 0).
   count      Int
   createdAt  DateTime @default(now())
   updatedAt  DateTime @updatedAt
@@ -283,6 +287,7 @@ model VotedGradeCounter {
 model VotedGradeStatistics {
   id             String    @id
   taskId         String    @unique
+  // CHECK (grade != 'PENDING') enforced in migration SQL. Application layer uses NON_VOTABLE_GRADES guard.
   grade          TaskGrade
   isExperimental Boolean   @default(false)
   createdAt      DateTime  @default(now())
diff --git a/src/features/account/components/settings/AtCoderVerificationForm.svelte b/src/features/account/components/settings/AtCoderVerificationForm.svelte
index 319358776..506cb4b28 100644
--- a/src/features/account/components/settings/AtCoderVerificationForm.svelte
+++ b/src/features/account/components/settings/AtCoderVerificationForm.svelte
@@ -1,38 +1,13 @@
 <script lang="ts">
   import { untrack } from 'svelte';
-  import { Label, Input, P } from 'flowbite-svelte';
+  import { Label, Input, P, Clipboard } from 'flowbite-svelte';
   import ClipboardCopy from '@lucide/svelte/icons/clipboard-copy';
+  import Check from '@lucide/svelte/icons/check';
   import ContainerWrapper from '$lib/components/ContainerWrapper.svelte';
   import FormWrapper from '$lib/components/FormWrapper.svelte';
   import LabelWrapper from '$lib/components/LabelWrapper.svelte';
   import SubmissionButton from '$lib/components/SubmissionButton.svelte';
 
-  // TODO: Use Flowbite's ClipboardCopy component when available
-  const copyToClipboard = async (text: string): Promise<void> => {
-    try {
-      await navigator.clipboard.writeText(text);
-      console.log('Text copied to clipboard successfully');
-    } catch (error) {
-      // Fallback for older browsers that do not support the Clipboard API
-      const textArea = document.createElement('textarea');
-      textArea.value = text;
-      textArea.style.position = 'fixed';
-      textArea.style.opacity = '0';
-      document.body.appendChild(textArea);
-      textArea.focus();
-      textArea.select();
-
-      try {
-        document.execCommand('copy');
-        console.log('Text copied fallback method');
-      } catch (fallbackError) {
-        console.error('Both Clipboard API and fallback failed:', error, fallbackError);
-      }
-
-      document.body.removeChild(textArea);
-    }
-  };
-
   interface Props {
     username: string;
     atCoderAccount: {
@@ -61,12 +36,6 @@
       editableHandle = atCoderAccount.handle;
     }
   });
-
-  // TODO: Add a "Copied!" message when clicking
-  // WHY: To provide feedback when the copy operation succeeds
-  const handleClick = () => {
-    copyToClipboard(atCoderAccount.validationCode);
-  };
 </script>
 
 {#if status === 'nothing'}
@@ -112,23 +81,29 @@
 
       <Label class="flex flex-col gap-2">
         <span>本人確認用の文字列</span>
-        <div>
-          <Input size="md" value={atCoderAccount.validationCode}>
-            {#snippet right()}
-              <ClipboardCopy class="w-5 h-5" onclick={handleClick} />
+        <div class="flex items-center gap-2">
+          <Input size="md" value={atCoderAccount.validationCode} readonly />
+
+          <Clipboard value={atCoderAccount.validationCode} color="alternative">
+            {#snippet children(success)}
+              {#if success}
+                <Check class="w-5 h-5 text-green-500" />
+              {:else}
+                <ClipboardCopy class="w-5 h-5" />
+              {/if}
             {/snippet}
-          </Input>
+          </Clipboard>
         </div>
       </Label>
 
       <SubmissionButton labelName="本人確認" />
     </FormWrapper>
 
-    <FormWrapper action="?/reset" marginTop="">
+    <FormWrapper action="?/reset" marginTop="mt-4">
       <Input size="md" type="hidden" name="username" value={username} />
       <Input size="md" type="hidden" name="handle" value={atCoderAccount.handle} />
 
-      <SubmissionButton labelName="リセット" />
+      <SubmissionButton color="alternative" labelName="リセット" />
     </FormWrapper>
   </ContainerWrapper>
 {:else if status === 'validated'}
diff --git a/src/features/account/services/atcoder_verification.test.ts b/src/features/account/services/atcoder_verification.test.ts
index 729bae50e..929d1f0a7 100644
--- a/src/features/account/services/atcoder_verification.test.ts
+++ b/src/features/account/services/atcoder_verification.test.ts
@@ -17,6 +17,8 @@ vi.mock('$lib/utils/hash', () => ({
   sha256: vi.fn().mockResolvedValue('mocked-hash'),
 }));
 
+import { Roles, type AtCoderAccount } from '@prisma/client';
+
 import prisma from '$lib/server/database';
 import { generate, validate, reset } from './atcoder_verification';
 
@@ -24,7 +26,7 @@ import { generate, validate, reset } from './atcoder_verification';
 // Type aliases
 // ---------------------------------------------------------------------------
 
-type PrismaUserWithAccount = Awaited<ReturnType<typeof prisma.user.findUniqueOrThrow>> & {
+type UserWithAtCoderAccount = Awaited<ReturnType<typeof prisma.user.findUniqueOrThrow>> & {
   atCoderAccount: {
     userId: string;
     handle: string;
@@ -40,28 +42,29 @@ type PrismaUserWithAccount = Awaited<ReturnType<typeof prisma.user.findUniqueOrT
 // ---------------------------------------------------------------------------
 
 const SAMPLE_TIMESTAMP = new Date('2024-01-01T00:00:00Z');
-const SAMPLE_USER_ID = 'user-1';
+// Lucia (auth library) auto-generates User.id in UUID format
+const SAMPLE_USER_ID = '550e8400-e29b-41d4-a716-446655440000';
 const SAMPLE_USERNAME = 'alice';
 const SAMPLE_HANDLE = 'alice_ac';
 const SAMPLE_VALIDATION_CODE = 'mocked-hash';
 const SAMPLE_API_URL = 'https://example.com/api';
 
-function makeUser(
-  atCoderAccount: PrismaUserWithAccount['atCoderAccount'] = null,
-): PrismaUserWithAccount {
+function prepareUser(
+  atCoderAccount: UserWithAtCoderAccount['atCoderAccount'] = null,
+): UserWithAtCoderAccount {
   return {
     id: SAMPLE_USER_ID,
     username: SAMPLE_USERNAME,
-    role: 'USER',
+    role: Roles.USER,
     created_at: SAMPLE_TIMESTAMP,
     updated_at: SAMPLE_TIMESTAMP,
     atCoderAccount,
-  } as unknown as PrismaUserWithAccount;
+  } as unknown as UserWithAtCoderAccount;
 }
 
-function makeAtCoderAccount(
-  overrides: Partial<NonNullable<PrismaUserWithAccount['atCoderAccount']>> = {},
-): NonNullable<PrismaUserWithAccount['atCoderAccount']> {
+function prepareAtCoderAccount(
+  overrides: Partial<NonNullable<UserWithAtCoderAccount['atCoderAccount']>> = {},
+): NonNullable<UserWithAtCoderAccount['atCoderAccount']> {
   return {
     userId: SAMPLE_USER_ID,
     handle: SAMPLE_HANDLE,
@@ -77,12 +80,28 @@ function makeAtCoderAccount(
 // Mock helpers
 // ---------------------------------------------------------------------------
 
-function mockFindUniqueOrThrow(value: PrismaUserWithAccount) {
+function mockFindUniqueOrThrow(value: UserWithAtCoderAccount) {
   vi.mocked(prisma.user.findUniqueOrThrow).mockResolvedValue(
     value as Awaited<ReturnType<typeof prisma.user.findUniqueOrThrow>>,
   );
 }
 
+function mockUpsert(value: Partial<AtCoderAccount> = {}): void {
+  vi.mocked(prisma.atCoderAccount.upsert).mockResolvedValue(value as AtCoderAccount);
+}
+
+function mockUpdate(value: Partial<AtCoderAccount> = {}): void {
+  vi.mocked(prisma.atCoderAccount.update).mockResolvedValue(value as AtCoderAccount);
+}
+
+function mockDeleteMany(count: number = 1): void {
+  vi.mocked(prisma.atCoderAccount.deleteMany).mockResolvedValue({ count });
+}
+
+function mockFindUniqueOrThrowError(message: string = 'not found'): void {
+  vi.mocked(prisma.user.findUniqueOrThrow).mockRejectedValue(new Error(message));
+}
+
 function mockFetch(body: unknown, ok = true): void {
   vi.stubGlobal(
     'fetch',
@@ -99,11 +118,11 @@ function mockFetch(body: unknown, ok = true): void {
 
 beforeEach(() => {
   vi.clearAllMocks();
-  process.env.CONFIRM_API_URL = SAMPLE_API_URL;
+  vi.stubEnv('CONFIRM_API_URL', SAMPLE_API_URL);
 });
 
 afterEach(() => {
-  delete process.env.CONFIRM_API_URL;
+  vi.unstubAllEnvs();
   vi.unstubAllGlobals();
 });
 
@@ -112,132 +131,160 @@ afterEach(() => {
 // ---------------------------------------------------------------------------
 
 describe('generate', () => {
-  test('returns the sha256 validation code', async () => {
-    mockFindUniqueOrThrow(makeUser());
-    vi.mocked(prisma.atCoderAccount.upsert).mockResolvedValue({} as never);
-
-    const result = await generate(SAMPLE_USERNAME, SAMPLE_HANDLE);
-
-    expect(result).toBe(SAMPLE_VALIDATION_CODE);
+  describe('successful cases', () => {
+    test('returns the sha256 validation code', async () => {
+      mockFindUniqueOrThrow(prepareUser());
+      mockUpsert();
+
+      const result = await generate(SAMPLE_USERNAME, SAMPLE_HANDLE);
+
+      expect(result).toBe(SAMPLE_VALIDATION_CODE);
+    });
+
+    test('calls upsert with correct create and update payloads', async () => {
+      mockFindUniqueOrThrow(prepareUser());
+      mockUpsert();
+
+      await generate(SAMPLE_USERNAME, SAMPLE_HANDLE);
+
+      expect(prisma.atCoderAccount.upsert).toHaveBeenCalledWith(
+        expect.objectContaining({
+          where: { userId: SAMPLE_USER_ID },
+          create: expect.objectContaining({
+            userId: SAMPLE_USER_ID,
+            handle: SAMPLE_HANDLE,
+            validationCode: SAMPLE_VALIDATION_CODE,
+            isValidated: false,
+          }),
+          update: expect.objectContaining({
+            handle: SAMPLE_HANDLE,
+            validationCode: SAMPLE_VALIDATION_CODE,
+            isValidated: false,
+          }),
+        }),
+      );
+    });
   });
 
-  test('calls upsert with correct create and update payloads', async () => {
-    mockFindUniqueOrThrow(makeUser());
-    vi.mocked(prisma.atCoderAccount.upsert).mockResolvedValue({} as never);
-
-    await generate(SAMPLE_USERNAME, SAMPLE_HANDLE);
+  describe('error cases', () => {
+    test('throws when user not found', async () => {
+      mockFindUniqueOrThrowError();
 
-    expect(prisma.atCoderAccount.upsert).toHaveBeenCalledWith(
-      expect.objectContaining({
-        where: { userId: SAMPLE_USER_ID },
-        create: expect.objectContaining({
-          userId: SAMPLE_USER_ID,
-          handle: SAMPLE_HANDLE,
-          validationCode: SAMPLE_VALIDATION_CODE,
-          isValidated: false,
-        }),
-        update: expect.objectContaining({
-          handle: SAMPLE_HANDLE,
-          validationCode: SAMPLE_VALIDATION_CODE,
-          isValidated: false,
-        }),
-      }),
-    );
+      await expect(generate(SAMPLE_USERNAME, SAMPLE_HANDLE)).rejects.toThrow();
+    });
   });
 });
 
 describe('validate', () => {
-  test('propagates error when db lookup fails', async () => {
-    vi.mocked(prisma.user.findUniqueOrThrow).mockRejectedValue(new Error('not found'));
-
-    await expect(validate(SAMPLE_USERNAME)).rejects.toThrow();
+  describe('successful case', () => {
+    test('returns true and marks account as validated when the external API confirms the code', async () => {
+      mockFindUniqueOrThrow(prepareUser(prepareAtCoderAccount()));
+      mockFetch({ contents: [SAMPLE_VALIDATION_CODE] });
+      mockUpdate();
+
+      const result = await validate(SAMPLE_USERNAME);
+
+      expect(result).toBe(true);
+      expect(prisma.atCoderAccount.update).toHaveBeenCalledWith(
+        expect.objectContaining({
+          where: { userId: SAMPLE_USER_ID },
+          data: { validationCode: '', isValidated: true },
+        }),
+      );
+    });
   });
 
-  test('returns false when user has no AtCoderAccount', async () => {
-    mockFindUniqueOrThrow(makeUser(null));
+  describe('error cases', () => {
+    describe('returns false', () => {
+      test('when user has no AtCoderAccount', async () => {
+        mockFindUniqueOrThrow(prepareUser(null));
 
-    const result = await validate(SAMPLE_USERNAME);
+        const result = await validate(SAMPLE_USERNAME);
 
-    expect(result).toBe(false);
-  });
+        expect(result).toBe(false);
+      });
 
-  test('returns false when validationCode is empty', async () => {
-    mockFindUniqueOrThrow(makeUser(makeAtCoderAccount({ validationCode: '' })));
+      test('when validationCode is empty', async () => {
+        mockFindUniqueOrThrow(prepareUser(prepareAtCoderAccount({ validationCode: '' })));
 
-    const result = await validate(SAMPLE_USERNAME);
+        const result = await validate(SAMPLE_USERNAME);
 
-    expect(result).toBe(false);
-  });
-
-  test('returns false when the external API does not confirm the code', async () => {
-    mockFindUniqueOrThrow(makeUser(makeAtCoderAccount()));
-    mockFetch({ contents: ['other-code'] });
+        expect(result).toBe(false);
+      });
 
-    const result = await validate(SAMPLE_USERNAME);
+      test('when the external API does not confirm the code', async () => {
+        mockFindUniqueOrThrow(prepareUser(prepareAtCoderAccount()));
+        mockFetch({ contents: ['other-code'] });
 
-    expect(result).toBe(false);
-    expect(prisma.atCoderAccount.update).not.toHaveBeenCalled();
-  });
+        const result = await validate(SAMPLE_USERNAME);
 
-  test('returns true and marks account as validated when the external API confirms the code', async () => {
-    mockFindUniqueOrThrow(makeUser(makeAtCoderAccount()));
-    mockFetch({ contents: [SAMPLE_VALIDATION_CODE] });
-    vi.mocked(prisma.atCoderAccount.update).mockResolvedValue({} as never);
+        expect(result).toBe(false);
+        expect(prisma.atCoderAccount.update).not.toHaveBeenCalled();
+      });
 
-    const result = await validate(SAMPLE_USERNAME);
+      test('when the external API returns invalid JSON', async () => {
+        mockFindUniqueOrThrow(prepareUser(prepareAtCoderAccount()));
+        vi.stubGlobal(
+          'fetch',
+          vi.fn().mockResolvedValue({
+            ok: true,
+            json: vi.fn().mockRejectedValue(new SyntaxError('Unexpected token')),
+          }),
+        );
 
-    expect(result).toBe(true);
-    expect(prisma.atCoderAccount.update).toHaveBeenCalledWith(
-      expect.objectContaining({
-        where: { userId: SAMPLE_USER_ID },
-        data: { validationCode: '', isValidated: true },
-      }),
-    );
-  });
+        const result = await validate(SAMPLE_USERNAME);
 
-  test('throws when the external API returns non-OK response', async () => {
-    mockFindUniqueOrThrow(makeUser(makeAtCoderAccount()));
-    mockFetch({}, false);
+        expect(result).toBe(false);
+      });
+    });
 
-    await expect(validate(SAMPLE_USERNAME)).rejects.toThrow();
-  });
+    describe('throws errors', () => {
+      test('when db lookup fails', async () => {
+        mockFindUniqueOrThrowError();
 
-  test('returns false when the external API returns invalid JSON', async () => {
-    mockFindUniqueOrThrow(makeUser(makeAtCoderAccount()));
-    vi.stubGlobal(
-      'fetch',
-      vi.fn().mockResolvedValue({
-        ok: true,
-        json: vi.fn().mockRejectedValue(new SyntaxError('Unexpected token')),
-      }),
-    );
+        await expect(validate(SAMPLE_USERNAME)).rejects.toThrow();
+      });
 
-    const result = await validate(SAMPLE_USERNAME);
+      test('when the external API returns non-OK response', async () => {
+        mockFindUniqueOrThrow(prepareUser(prepareAtCoderAccount()));
+        mockFetch({}, false);
 
-    expect(result).toBe(false);
-  });
+        await expect(validate(SAMPLE_USERNAME)).rejects.toThrow();
+      });
 
-  test('throws when CONFIRM_API_URL is not set', async () => {
-    delete process.env.CONFIRM_API_URL;
-    mockFindUniqueOrThrow(makeUser(makeAtCoderAccount()));
+      test('when CONFIRM_API_URL is not set', async () => {
+        vi.stubEnv('CONFIRM_API_URL', '');
+        mockFindUniqueOrThrow(prepareUser(prepareAtCoderAccount()));
 
-    await expect(validate(SAMPLE_USERNAME)).rejects.toThrow(
-      'Failed to confirm AtCoder affiliation',
-    );
+        await expect(validate(SAMPLE_USERNAME)).rejects.toThrow(
+          'Failed to confirm AtCoder affiliation',
+        );
+      });
+    });
   });
 });
 
 describe('reset', () => {
-  test('calls deleteMany with the correct userId (deleteMany is intentional: tolerates missing record)', async () => {
-    mockFindUniqueOrThrow(makeUser());
-    vi.mocked(prisma.atCoderAccount.deleteMany).mockResolvedValue({ count: 1 });
+  describe('successful case', () => {
+    test('calls deleteMany with the correct userId (deleteMany is intentional: tolerates missing record)', async () => {
+      mockFindUniqueOrThrow(prepareUser());
+      mockDeleteMany(1);
+
+      await reset(SAMPLE_USERNAME);
+
+      expect(prisma.atCoderAccount.deleteMany).toHaveBeenCalledWith(
+        expect.objectContaining({
+          where: { userId: SAMPLE_USER_ID },
+        }),
+      );
+    });
+  });
 
-    await reset(SAMPLE_USERNAME);
+  describe('error cases', () => {
+    test('throws when user not found', async () => {
+      mockFindUniqueOrThrowError();
 
-    expect(prisma.atCoderAccount.deleteMany).toHaveBeenCalledWith(
-      expect.objectContaining({
-        where: { userId: SAMPLE_USER_ID },
-      }),
-    );
+      await expect(reset(SAMPLE_USERNAME)).rejects.toThrow();
+    });
   });
 });
diff --git a/src/features/votes/actions/vote_actions.ts b/src/features/votes/actions/vote_actions.ts
index 41ebd438c..4c3c4abc5 100644
--- a/src/features/votes/actions/vote_actions.ts
+++ b/src/features/votes/actions/vote_actions.ts
@@ -53,6 +53,7 @@ export const voteAbsoluteGrade = async ({
 
   try {
     await upsertVoteGradeTables(userId, taskId, grade);
+    return { success: true as const };
   } catch (error) {
     console.error('Failed to vote absolute grade: ', error);
     return fail(INTERNAL_SERVER_ERROR, { message: 'Failed to record vote.' });
diff --git a/src/features/votes/components/VotableGrade.svelte b/src/features/votes/components/VotableGrade.svelte
index f02f483a8..c428afd4f 100644
--- a/src/features/votes/components/VotableGrade.svelte
+++ b/src/features/votes/components/VotableGrade.svelte
@@ -8,10 +8,16 @@
   import FlaskConical from '@lucide/svelte/icons/flask-conical';
 
   import { TaskGrade, getTaskGrade, type TaskResult } from '$lib/types/task';
+  import { errorMessageStore } from '$lib/stores/error_message';
+  import {
+    fetchMyVote,
+    submitVote,
+    fetchMedianVote,
+  } from '$features/votes/internal_clients/vote_grade';
+
   import { getTaskGradeLabel } from '$lib/utils/task';
   import { nonPendingGrades, resolveDisplayGrade } from '$features/votes/utils/grade_options';
   import { SIGNUP_PAGE, LOGIN_PAGE, EDIT_PROFILE_PAGE } from '$lib/constants/navbar-links';
-  import { errorMessageStore } from '$lib/stores/error_message';
 
   import GradeLabel from '$lib/components/GradeLabel.svelte';
   import InputFieldWrapper from '$lib/components/InputFieldWrapper.svelte';
@@ -35,6 +41,7 @@
   // Use task_id as a deterministic component ID to avoid SSR/hydration mismatches.
   const componentId = taskResult.task_id;
 
+  // @ts-expect-error svelte-check TS2554: AppTypes declaration merging causes RouteId to resolve as string, requiring params. Runtime behavior is correct.
   const editProfileHref = `${resolve(EDIT_PROFILE_PAGE)}?tab=atcoder`;
 
   let selectedVoteGrade = $state<TaskGrade>();
@@ -47,21 +54,15 @@
 
   let isOpening = $state(false);
   let votedGrade = $state<TaskGrade | null>(null);
+  let voteAbortController: AbortController | null = null;
 
   async function onTriggerClick() {
-    if (!isLoggedIn || isAtCoderVerified === false || isOpening) return;
+    if (!isLoggedIn || isAtCoderVerified === false || isOpening) {
+      return;
+    }
     isOpening = true;
     try {
-      const res = await fetch(
-        `/problems/getMyVote?taskId=${encodeURIComponent(taskResult.task_id)}`,
-        {
-          headers: { Accept: 'application/json' },
-        },
-      );
-      if (res.ok) {
-        const data = await res.json();
-        votedGrade = data.grade;
-      }
+      votedGrade = await fetchMyVote(taskResult.task_id);
     } catch (err) {
       console.error(err);
     } finally {
@@ -70,6 +71,9 @@
   }
 
   async function handleClick(voteGrade: string): Promise<void> {
+    // Cancel any in-flight vote request before starting a new one.
+    voteAbortController?.abort();
+    voteAbortController = new AbortController();
     selectedVoteGrade = getTaskGrade(voteGrade);
     showForm = true;
     // Wait for Svelte to render the form, then submit via the enhance directive.
@@ -90,34 +94,27 @@
       // Cancel the default form submission.
       cancel();
 
-      // Submit data manually using fetch API.
-      fetch(action, {
-        method: 'POST',
-        body: formData,
-        headers: {
-          Accept: 'application/json',
-        },
-      })
-        .then(async (res) => {
-          if (!res.ok) throw new Error('vote failed');
-
-          // 投票したグレードをローカル状態に反映（チェックマーク更新）
+      const signal = voteAbortController?.signal;
+
+      submitVote(action, formData, signal)
+        .then(async (succeeded) => {
+          if (signal?.aborted) {
+            return; // Intentional abort — user selected a different grade
+          }
+
+          if (!succeeded) {
+            throw new Error('vote failed');
+          }
+
+          // Reflect the voted grade in local state (to update the checkmark in the dropdown), even though the server response may later indicate a different median grade due to other voters or admin overrides.
           votedGrade = selectedVoteGrade ?? null;
 
-          // 成功したらサーバから最新の中央値を取得して表示を更新
-          try {
-            const taskId = formData.get('taskId') as string;
-            const medianRes = await fetch(
-              `/problems/getMedianVote?taskId=${encodeURIComponent(taskId)}`,
-              { headers: { Accept: 'application/json' } },
-            );
-            if (medianRes.ok) {
-              const data = await medianRes.json();
-              // DBグレード付与済みはそちらを優先表示するため更新しない
-              if (data?.grade && taskResult.grade === TaskGrade.PENDING) displayGrade = data.grade;
-            }
-          } catch (err) {
-            console.error('Failed to fetch median after vote', err);
+          // Update the displayed grade to the latest median from the server, which may differ from the just-submitted vote due to other voters or admin overrides.
+          const taskId = formData.get('taskId') as string;
+          const medianGrade = await fetchMedianVote(taskId, signal);
+
+          if (medianGrade !== null && taskResult.grade === TaskGrade.PENDING) {
+            displayGrade = medianGrade;
           }
         })
         .catch((error) => {
diff --git a/src/features/votes/constants/statistics.ts b/src/features/votes/constants/statistics.ts
new file mode 100644
index 000000000..40e27aa03
--- /dev/null
+++ b/src/features/votes/constants/statistics.ts
@@ -0,0 +1,5 @@
+/**
+ * Minimum number of votes required to compute and store the median grade.
+ * Below this threshold the sample size is too small to be meaningful.
+ */
+export const MIN_VOTES_FOR_STATISTICS = 3;
diff --git a/src/features/votes/internal_clients/vote_grade.test.ts b/src/features/votes/internal_clients/vote_grade.test.ts
new file mode 100644
index 000000000..8121f971e
--- /dev/null
+++ b/src/features/votes/internal_clients/vote_grade.test.ts
@@ -0,0 +1,178 @@
+import { describe, test, expect, beforeEach, afterEach } from 'vitest';
+import nock from 'nock';
+
+import { TaskGrade } from '$lib/types/task';
+
+import { fetchMyVote, submitVote, fetchMedianVote } from './vote_grade';
+
+import * as statusCodes from '$lib/constants/http-response-status-codes';
+
+const BASE_URL = 'http://localhost';
+const TASK_ID = 'abc_a';
+
+const originalLocation = globalThis.location;
+
+beforeEach(() => {
+  nock.cleanAll();
+  // Set globalThis.location for test environment
+  Object.defineProperty(globalThis, 'location', {
+    value: { origin: BASE_URL },
+    writable: true,
+  });
+});
+
+afterEach(() => {
+  nock.cleanAll();
+  // Restore original location to prevent test state leak
+  if (originalLocation !== undefined) {
+    Object.defineProperty(globalThis, 'location', {
+      value: originalLocation,
+      writable: true,
+    });
+  }
+});
+
+describe('fetchMyVote', () => {
+  const endpoint = '/problems/getMyVote';
+
+  const mockGetMyVote = (statusCode: number, grade?: TaskGrade | null) => {
+    nock(BASE_URL)
+      .get(endpoint)
+      .query({ taskId: TASK_ID })
+      .reply(statusCode, grade !== undefined ? { grade } : undefined);
+  };
+
+  describe('successful case', () => {
+    test.each([
+      TaskGrade.PENDING,
+      TaskGrade.Q11,
+      TaskGrade.Q10,
+      TaskGrade.Q1,
+      TaskGrade.D1,
+      TaskGrade.D6,
+    ])('returns grade %s when voted', async (grade) => {
+      mockGetMyVote(statusCodes.OK, grade);
+
+      const result = await fetchMyVote(TASK_ID);
+
+      expect(result).toBe(grade);
+    });
+
+    test('returns null when no vote exists', async () => {
+      mockGetMyVote(statusCodes.OK, null);
+
+      const result = await fetchMyVote(TASK_ID);
+
+      expect(result).toBeNull();
+    });
+  });
+
+  describe('error cases', () => {
+    test('returns null when unauthorized', async () => {
+      mockGetMyVote(statusCodes.UNAUTHORIZED);
+
+      const result = await fetchMyVote(TASK_ID);
+
+      expect(result).toBeNull();
+    });
+
+    test('returns null when server error', async () => {
+      mockGetMyVote(statusCodes.INTERNAL_SERVER_ERROR);
+
+      const result = await fetchMyVote(TASK_ID);
+
+      expect(result).toBeNull();
+    });
+  });
+});
+
+describe('submitVote', () => {
+  const endpoint = '/votes?/voteAbsoluteGrade';
+  const actionUrl = new URL(`${BASE_URL}${endpoint}`);
+  const formData = (() => {
+    const data = new FormData();
+    data.append('taskId', TASK_ID);
+    data.append('grade', TaskGrade.Q11);
+    return data;
+  })();
+
+  describe('successful case', () => {
+    test('returns true when status code is 2xx', async () => {
+      nock(BASE_URL).post(endpoint).reply(statusCodes.OK, { success: true });
+
+      const result = await submitVote(actionUrl, formData);
+
+      expect(result).toBe(true);
+    });
+  });
+
+  describe('error cases', () => {
+    test.each([
+      statusCodes.BAD_REQUEST,
+      statusCodes.UNAUTHORIZED,
+      statusCodes.FORBIDDEN,
+      statusCodes.INTERNAL_SERVER_ERROR,
+    ])('returns false when status code is %s', async (statusCode) => {
+      nock(BASE_URL).post(endpoint).reply(statusCode);
+
+      const result = await submitVote(actionUrl, formData);
+
+      expect(result).toBe(false);
+    });
+
+    test('returns false when request is aborted', async () => {
+      const controller = new AbortController();
+      controller.abort();
+
+      const result = await submitVote(actionUrl, formData, controller.signal);
+
+      expect(result).toBe(false);
+    });
+  });
+});
+
+describe('fetchMedianVote', () => {
+  const endpoint = '/problems/getMedianVote';
+
+  const mockGetMedianVote = (statusCode: number, grade?: TaskGrade | null) => {
+    nock(BASE_URL)
+      .get(endpoint)
+      .query({ taskId: TASK_ID })
+      .reply(statusCode, grade !== undefined ? { grade } : undefined);
+  };
+
+  describe('successful case', () => {
+    test.each([
+      TaskGrade.PENDING,
+      TaskGrade.Q11,
+      TaskGrade.Q10,
+      TaskGrade.Q1,
+      TaskGrade.D1,
+      TaskGrade.D6,
+    ])('returns grade %s when fetched', async (grade) => {
+      mockGetMedianVote(statusCodes.OK, grade);
+
+      const result = await fetchMedianVote(TASK_ID);
+
+      expect(result).toBe(grade);
+    });
+
+    test('returns null when no median exists', async () => {
+      mockGetMedianVote(statusCodes.OK, null);
+
+      const result = await fetchMedianVote(TASK_ID);
+
+      expect(result).toBeNull();
+    });
+  });
+
+  describe('error cases', () => {
+    test('returns null when server error', async () => {
+      mockGetMedianVote(statusCodes.INTERNAL_SERVER_ERROR);
+
+      const result = await fetchMedianVote(TASK_ID);
+
+      expect(result).toBeNull();
+    });
+  });
+});
diff --git a/src/features/votes/internal_clients/vote_grade.ts b/src/features/votes/internal_clients/vote_grade.ts
new file mode 100644
index 000000000..96fabbeb2
--- /dev/null
+++ b/src/features/votes/internal_clients/vote_grade.ts
@@ -0,0 +1,96 @@
+import type { TaskGrade } from '$lib/types/task';
+import { isValidTaskGrade } from '$lib/utils/task_grade';
+
+/**
+ * Fetches the current user's vote grade for a given task.
+ * @returns The voted grade, or null if not voted or request fails.
+ */
+export async function fetchMyVote(taskId: string): Promise<TaskGrade | null> {
+  try {
+    const response = await fetch(
+      `${getBaseUrl()}/problems/getMyVote?taskId=${encodeURIComponent(taskId)}`,
+      {
+        credentials: 'same-origin',
+        headers: { Accept: 'application/json' },
+      },
+    );
+
+    if (!response.ok) {
+      return null;
+    }
+
+    const data = await response.json();
+    return isValidTaskGrade(data.grade) ? data.grade : null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Submits a vote via POST to the given action URL.
+ * @param signal - Optional AbortSignal to cancel an in-flight request.
+ * @returns true if the server responded with ok status, false otherwise.
+ */
+export async function submitVote(
+  action: URL,
+  formData: FormData,
+  signal?: AbortSignal,
+): Promise<boolean> {
+  try {
+    const response = await fetch(action, {
+      method: 'POST',
+      body: formData,
+      credentials: 'same-origin',
+      headers: { Accept: 'application/json' },
+      signal,
+    });
+
+    return response.ok;
+  } catch {
+    // AbortError or network error
+    return false;
+  }
+}
+
+/**
+ * Fetches the current median vote grade for a given task.
+ * @returns The median grade, or null if not enough votes or request fails.
+ */
+export async function fetchMedianVote(
+  taskId: string,
+  signal?: AbortSignal,
+): Promise<TaskGrade | null> {
+  try {
+    const response = await fetch(
+      `${getBaseUrl()}/problems/getMedianVote?taskId=${encodeURIComponent(taskId)}`,
+      {
+        credentials: 'same-origin',
+        headers: { Accept: 'application/json' },
+        signal,
+      },
+    );
+
+    if (!response.ok) {
+      return null;
+    }
+
+    const data = await response.json();
+    return isValidTaskGrade(data.grade) ? data.grade : null;
+  } catch {
+    return null;
+  }
+}
+
+// Helper to get base URL (works in browser and Node.js test environments)
+function getBaseUrl(): string {
+  if (typeof globalThis !== 'undefined' && globalThis.location?.origin) {
+    return globalThis.location.origin;
+  }
+
+  console.warn(
+    'getBaseUrl() called in SSR context where browser APIs are unavailable. ' +
+      'This should only be called from client-side code.',
+  );
+
+  return '';
+}
diff --git a/src/features/votes/services/vote_grade.ts b/src/features/votes/services/vote_grade.ts
index 0e1f7ea1c..0136de0f6 100644
--- a/src/features/votes/services/vote_grade.ts
+++ b/src/features/votes/services/vote_grade.ts
@@ -3,6 +3,7 @@ import { TaskGrade } from '@prisma/client';
 import { sha256 } from '$lib/utils/hash';
 import type { VoteGradeResult } from '$features/votes/types/vote_result';
 import { computeMedianGrade } from '$features/votes/utils/median';
+import { MIN_VOTES_FOR_STATISTICS } from '$features/votes/constants/statistics';
 
 export async function getVoteGrade(userId: string, taskId: string): Promise<VoteGradeResult> {
   const voteRecord = await prisma.voteGrade.findUnique({
@@ -22,16 +23,12 @@ export async function getVoteGrade(userId: string, taskId: string): Promise<Vote
   };
 }
 
-// Minimum number of votes required to compute and store the median grade.
-// Below this threshold the distribution is too sparse to be meaningful.
-const MIN_VOTES_FOR_STATISTICS = 3;
-
 // 概念実装（読み込み→処理を同一トランザクション内で行う）
 export async function upsertVoteGradeTables(
   userId: string,
   taskId: string,
   grade: TaskGrade,
-): Promise<void> {
+): Promise<{ success: true }> {
   await prisma.$transaction(async (tx) => {
     const existing = await tx.voteGrade.findUnique({
       where: { userId_taskId: { userId, taskId } },
@@ -60,6 +57,7 @@ export async function upsertVoteGradeTables(
 
     await updateVoteStatistics(tx, taskId, latestCounters);
   });
+  return { success: true };
 }
 
 // ---------------------------------------------------------------------------
diff --git a/src/features/votes/utils/median.ts b/src/features/votes/utils/median.ts
index 29e8bb334..ede766196 100644
--- a/src/features/votes/utils/median.ts
+++ b/src/features/votes/utils/median.ts
@@ -1,5 +1,6 @@
 import { TaskGrade } from '@prisma/client';
 import { getGradeOrder, taskGradeOrderInfinity } from '$lib/utils/task';
+import { MIN_VOTES_FOR_STATISTICS } from '$features/votes/constants/statistics';
 
 /** Maps grade order (1=Q11 … 17=D6) back to the corresponding TaskGrade enum value. */
 const ORDER_TO_TASK_GRADE: Map<number, TaskGrade> = new Map([
@@ -30,10 +31,14 @@ type GradeCounter = { grade: TaskGrade; count: number };
  * Returns `null` when the total vote count is below the minimum threshold.
  *
  * @param counters - Grade counters sorted by grade ascending.
- * @param minVotes - Minimum votes required to compute a median. Defaults to 3.
+ * @param minVotes - Minimum votes required to compute a median. Defaults to MIN_VOTES_FOR_STATISTICS.
+ *
  * @returns The median TaskGrade, or `null` if there are fewer than `minVotes` total votes.
  */
-export function computeMedianGrade(counters: GradeCounter[], minVotes = 3): TaskGrade | null {
+export function computeMedianGrade(
+  counters: GradeCounter[],
+  minVotes = MIN_VOTES_FOR_STATISTICS,
+): TaskGrade | null {
   const total = counters.reduce((sum, counter) => sum + counter.count, 0);
   if (total < minVotes) {
     return null;
diff --git a/src/lib/components/FormWrapper.svelte b/src/lib/components/FormWrapper.svelte
index aa5c02d7a..bf806b63b 100644
--- a/src/lib/components/FormWrapper.svelte
+++ b/src/lib/components/FormWrapper.svelte
@@ -1,9 +1,8 @@
 <script lang="ts">
   import { enhance } from '$app/forms';
+  import { setContext } from 'svelte';
   import type { Snippet } from 'svelte';
 
-  // See:
-  // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/form#attributes_for_form_submission
   interface Props {
     method?: 'POST' | 'GET' | 'DIALOG' | 'post' | 'get' | 'dialog' | null | undefined;
     action: string;
@@ -19,9 +18,34 @@
     spaceYAxis = 'space-y-6',
     children,
   }: Props = $props();
+
+  let isSubmitting = $state(false);
+
+  setContext('form', {
+    get isSubmitting() {
+      return isSubmitting;
+    },
+  });
+
+  function handleEnhance() {
+    isSubmitting = true;
+
+    return async ({ update }: { update: () => Promise<void> }) => {
+      try {
+        await update();
+      } finally {
+        isSubmitting = false;
+      }
+    };
+  }
 </script>
 
-<form {method} {action} class={`w-full max-w-md ${marginTop} ${spaceYAxis}`} use:enhance>
+<form
+  {method}
+  {action}
+  class={`w-full max-w-md ${marginTop} ${spaceYAxis}`}
+  use:enhance={handleEnhance}
+>
   {#if children}
     {@render children()}
   {/if}
diff --git a/src/lib/components/SubmissionButton.svelte b/src/lib/components/SubmissionButton.svelte
index ef389c9fb..e48d2d66c 100644
--- a/src/lib/components/SubmissionButton.svelte
+++ b/src/lib/components/SubmissionButton.svelte
@@ -1,12 +1,21 @@
 <script lang="ts">
+  import { getContext } from 'svelte';
+
   import { Button } from 'flowbite-svelte';
+  import type { ButtonColor } from '$lib/types/flowbite-svelte-wrapper';
 
   interface Props {
     width?: string;
     labelName: string;
+    loading?: boolean;
+    color?: ButtonColor;
   }
 
-  let { width = 'w-full', labelName }: Props = $props();
+  let { width = 'w-full', labelName, loading = false, color = 'primary' }: Props = $props();
+
+  // Get isSubmitting from FormWrapper's context, default to false if undefined.
+  const formContext = getContext<{ isSubmitting: boolean } | undefined>('form');
+  const isLoading = $derived(loading || (formContext?.isSubmitting ?? false));
 </script>
 
-<Button type="submit" class={width}>{labelName}</Button>
+<Button type="submit" {color} class={width} loading={isLoading}>{labelName}</Button>
diff --git a/src/lib/services/tasks.ts b/src/lib/services/tasks.ts
index 16e56ed5c..dfbdcde5b 100644
--- a/src/lib/services/tasks.ts
+++ b/src/lib/services/tasks.ts
@@ -1,3 +1,4 @@
+import { Prisma } from '@prisma/client';
 import { default as db } from '$lib/server/database';
 
 import { getContestTaskPairs } from '$lib/services/contest_task_pairs';
@@ -179,42 +180,29 @@ export async function createTask(
   console.log(task);
 }
 
-export async function updateTask(task_id: string, task_grade: TaskGrade) {
-  const task = await db.task.update({
-    where: { task_id: task_id },
-    data: {
-      grade: task_grade,
-    },
-  });
+/**
+ * Updates a task's grade by task_id.
+ *
+ * @param task_id - The task ID to update
+ * @param task_grade - The new grade value
+ *
+ * @returns undefined if successful, null if task not found (P2025)
+ */
+export async function updateTask(task_id: string, task_grade: TaskGrade): Promise<void | null> {
+  try {
+    const task = await db.task.update({
+      where: { task_id: task_id },
+      data: {
+        grade: task_grade,
+      },
+    });
 
-  console.log(task);
-}
+    console.log(task);
+  } catch (error) {
+    if (error instanceof Prisma.PrismaClientKnownRequestError && error.code === 'P2025') {
+      return null;
+    }
 
-// TODO: deleteTask()
-
-// Note:
-// Uncomment only when executing the following commands directly from the script.
-//
-// pnpm dlx vite-node ./prisma/tasks.ts
-//
-//
-// async function main() {
-//   const tasks = getTasks();
-//   console.log(tasks);
-
-//   const task_id = 'abc322_e';
-//   const task = getTask(task_id);
-//   console.log(task);
-
-//   // updateTask(task_id, TaskGrade.Q1);
-//   // console.log(task);
-// }
-
-// main()
-//   .catch(async (e) => {
-//     console.error(e);
-//     process.exit(1);
-//   })
-//   .finally(async () => {
-//     await db.$disconnect();
-//   });
+    throw error;
+  }
+}
diff --git a/src/lib/types/flowbite-svelte-wrapper.ts b/src/lib/types/flowbite-svelte-wrapper.ts
index c9ba06d21..11ec8d984 100644
--- a/src/lib/types/flowbite-svelte-wrapper.ts
+++ b/src/lib/types/flowbite-svelte-wrapper.ts
@@ -1,19 +1,7 @@
-// ドキュメントで公開されている型の一覧に載っておらず、ボタンコンポーネントの内部でのみ定義されている
-// FIXME: ButtonColorTypeをインポートすると、ts2322エラーが出る
-// HACK: 同じ属性を使っているのに、以下のようにハードコーディングするとなぜかエラーが出ない
+// Extract ButtonColor from ButtonProps (Flowbite Svelte exports ButtonProps)
+import type { ButtonProps } from 'flowbite-svelte';
 
-// See:
-// https://flowbite-svelte.com/docs/pages/typescript
-// https://github.com/themesberg/flowbite-svelte/blob/main/src/lib/buttons/Button.svelte
-// https://github.com/iamrishupatel/trello-clone/blob/16635c8bfcc46ffca1ab89c26752d745b2326b6f/src/lib/components/NewTask/NewTask.component.svelte
-export type ButtonColor =
-  | 'alternative'
-  | 'blue'
-  | 'dark'
-  | 'green'
-  | 'light'
-  | 'primary'
-  | 'purple'
-  | 'red'
-  | 'yellow'
-  | 'none';
+/**
+ * Valid color variants for Flowbite Svelte button component.
+ */
+export type ButtonColor = NonNullable<ButtonProps['color']>;
diff --git a/src/lib/utils/task_grade.test.ts b/src/lib/utils/task_grade.test.ts
new file mode 100644
index 000000000..760bd4ec7
--- /dev/null
+++ b/src/lib/utils/task_grade.test.ts
@@ -0,0 +1,41 @@
+import { describe, test, expect } from 'vitest';
+
+import { taskGradeValues, TaskGrade } from '$lib/types/task';
+import { isValidTaskGrade } from '$lib/utils/task_grade';
+
+describe('isValidTaskGrade', () => {
+  describe('successful cases', () => {
+    test('returns true for all valid TaskGrade values', () => {
+      taskGradeValues.forEach((grade) => {
+        expect(isValidTaskGrade(grade)).toBe(true);
+      });
+    });
+
+    test('is a type guard that narrows type to TaskGrade', () => {
+      const value: unknown = 'Q1';
+
+      if (isValidTaskGrade(value)) {
+        // value is narrowed to TaskGrade at this point
+        const grade: typeof value = value;
+        expect(grade).toBe(TaskGrade.Q1);
+      }
+    });
+  });
+
+  describe('failure cases', () => {
+    test('returns false for invalid string values', () => {
+      expect(isValidTaskGrade('INVALID')).toBe(false);
+      expect(isValidTaskGrade('invalid')).toBe(false);
+      expect(isValidTaskGrade('PENDING_')).toBe(false);
+    });
+
+    test('returns false for non-string values', () => {
+      expect(isValidTaskGrade(null)).toBe(false);
+      expect(isValidTaskGrade(undefined)).toBe(false);
+      expect(isValidTaskGrade(123)).toBe(false);
+      expect(isValidTaskGrade(true)).toBe(false);
+      expect(isValidTaskGrade({})).toBe(false);
+      expect(isValidTaskGrade([])).toBe(false);
+    });
+  });
+});
diff --git a/src/lib/utils/task_grade.ts b/src/lib/utils/task_grade.ts
new file mode 100644
index 000000000..89ffb5aed
--- /dev/null
+++ b/src/lib/utils/task_grade.ts
@@ -0,0 +1,10 @@
+import { taskGradeValues, type TaskGrade } from '$lib/types/task';
+
+/**
+ * Type guard to validate if an unknown value is a valid TaskGrade.
+ * @param value - The value to validate
+ * @returns true if value is a valid TaskGrade enum member
+ */
+export function isValidTaskGrade(value: unknown): value is TaskGrade {
+  return typeof value === 'string' && taskGradeValues.includes(value as TaskGrade);
+}
diff --git a/src/routes/(admin)/tasks/+page.server.ts b/src/routes/(admin)/tasks/+page.server.ts
index 5020e5af5..e6c582bd5 100644
--- a/src/routes/(admin)/tasks/+page.server.ts
+++ b/src/routes/(admin)/tasks/+page.server.ts
@@ -179,7 +179,14 @@ export const actions: Actions = {
         };
       }
 
-      await taskService.updateTask(task_id, task_grade);
+      const updateResult = await taskService.updateTask(task_id, task_grade);
+
+      if (updateResult === null) {
+        return {
+          success: false,
+        };
+      }
+
       const contest_id = formData.get('contest_id')?.toString() as string;
 
       const tasks = await apiClient.getTasks();
diff --git a/src/routes/(admin)/vote_management/+page.server.ts b/src/routes/(admin)/vote_management/+page.server.ts
index 036d5853e..a610f4d56 100644
--- a/src/routes/(admin)/vote_management/+page.server.ts
+++ b/src/routes/(admin)/vote_management/+page.server.ts
@@ -51,7 +51,13 @@ export const actions: Actions = {
     ) {
       return { success: false };
     }
-    await updateTask(taskId, grade as TaskGrade);
+
+    const result = await updateTask(taskId, grade as TaskGrade);
+
+    if (result === null) {
+      return { success: false, message: `Not found task: ${taskId}` };
+    }
+
     return { success: true };
   },
 };
diff --git a/src/routes/votes/[slug]/+page.svelte b/src/routes/votes/[slug]/+page.svelte
index a60b52a94..79e24a8de 100644
--- a/src/routes/votes/[slug]/+page.svelte
+++ b/src/routes/votes/[slug]/+page.svelte
@@ -13,11 +13,13 @@
     toChangeTextColorIfNeeds,
   } from '$lib/utils/task';
   import { qGrades, dGrades } from '$features/votes/utils/grade_options';
+  import { MIN_VOTES_FOR_STATISTICS } from '$features/votes/constants/statistics';
   import { SIGNUP_PAGE, LOGIN_PAGE, EDIT_PROFILE_PAGE } from '$lib/constants/navbar-links';
   import VoteDonutChart from '$features/votes/components/VoteDonutChart.svelte';
 
   let { data } = $props();
 
+  // @ts-expect-error svelte-check TS2554: AppTypes declaration merging causes RouteId to resolve as string, requiring params. Runtime behavior is correct.
   const editProfileHref = `${resolve(EDIT_PROFILE_PAGE)}?tab=atcoder`;
 
   const totalVotes = $derived(
@@ -43,7 +45,7 @@
         <FlaskConical class="w-5 h-5" />
       </span>
       <Tooltip triggeredBy="#flask-icon" placement="bottom">
-        3票以上集まると中央値が暫定グレードとして一覧表に反映されます。
+        {MIN_VOTES_FOR_STATISTICS}票以上集まると中央値が暫定グレードとして一覧表に反映されます。
       </Tooltip>
     {/if}
     <GradeLabel taskGrade={displayGrade} />
diff --git a/src/test/lib/services/tasks.test.ts b/src/test/lib/services/tasks.test.ts
new file mode 100644
index 000000000..b7fb6140f
--- /dev/null
+++ b/src/test/lib/services/tasks.test.ts
@@ -0,0 +1,66 @@
+import { describe, test, expect, beforeEach, vi } from 'vitest';
+
+import { Prisma } from '@prisma/client';
+
+import { TaskGrade } from '$lib/types/task';
+import { updateTask } from '$lib/services/tasks';
+
+vi.mock('$lib/server/database', () => ({
+  default: {
+    task: {
+      update: vi.fn(),
+    },
+  },
+}));
+
+import db from '$lib/server/database';
+
+describe('updateTask', () => {
+  const mockDb = db as unknown as { task: { update: ReturnType<typeof vi.fn> } };
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  describe('successful case', () => {
+    test('returns undefined when task is updated successfully', async () => {
+      mockDb.task.update.mockResolvedValue({
+        id: '1',
+        task_id: 'abc450_d',
+        grade: TaskGrade.Q1,
+      });
+
+      const result = await updateTask('abc450_d', TaskGrade.Q2);
+
+      expect(result).toBeUndefined();
+      expect(mockDb.task.update).toHaveBeenCalledWith({
+        where: { task_id: 'abc450_d' },
+        data: { grade: TaskGrade.Q2 },
+      });
+    });
+  });
+
+  describe('error cases', () => {
+    test('returns null when task is not found (P2025)', async () => {
+      const error = new Prisma.PrismaClientKnownRequestError(
+        'An operation failed because it depends on one or more records that were required but not found. Record to update not found.',
+        { code: 'P2025', clientVersion: '5.0.0' },
+      );
+
+      mockDb.task.update.mockRejectedValue(error);
+
+      const result = await updateTask('nonexistent_task', TaskGrade.Q1);
+
+      expect(result).toBeNull();
+    });
+
+    test('re-throws non-P2025 errors', async () => {
+      const error = new Error('Database connection error');
+      mockDb.task.update.mockRejectedValue(error);
+
+      await expect(updateTask('abc450_d', TaskGrade.Q1)).rejects.toThrow(
+        'Database connection error',
+      );
+    });
+  });
+});
diff --git a/src/test/lib/services/users.test.ts b/src/test/lib/services/users.test.ts
new file mode 100644
index 000000000..d7e91b58f
--- /dev/null
+++ b/src/test/lib/services/users.test.ts
@@ -0,0 +1,159 @@
+import { describe, test, expect, vi, beforeEach } from 'vitest';
+import { Roles, type User } from '@prisma/client';
+
+vi.mock('$lib/server/database', () => ({
+  default: {
+    user: {
+      findUnique: vi.fn(),
+      delete: vi.fn(),
+    },
+  },
+}));
+
+import db from '$lib/server/database';
+import { getUser, getUserById, deleteUser } from '$lib/services/users';
+
+// ---------------------------------------------------------------------------
+// Type aliases
+// ---------------------------------------------------------------------------
+
+type UserWithAccount = User & {
+  atCoderAccount: {
+    userId: string;
+    handle: string;
+    isValidated: boolean;
+    validationCode: string;
+    createdAt: Date;
+    updatedAt: Date;
+  };
+};
+
+// ---------------------------------------------------------------------------
+// Fixtures
+// ---------------------------------------------------------------------------
+
+const SAMPLE_TIMESTAMP = new Date('2024-01-01');
+const SAMPLE_USER_ID = 'user-abc123';
+const SAMPLE_USERNAME = 'testuser';
+const SAMPLE_HANDLE = 'testuser_ac';
+
+function prepareUser(overrides: Partial<UserWithAccount> = {}): UserWithAccount {
+  return {
+    id: SAMPLE_USER_ID,
+    username: SAMPLE_USERNAME,
+    role: Roles.USER,
+    created_at: SAMPLE_TIMESTAMP,
+    updated_at: SAMPLE_TIMESTAMP,
+    atCoderAccount: {
+      userId: SAMPLE_USER_ID,
+      handle: SAMPLE_HANDLE,
+      isValidated: true,
+      validationCode: 'code-xyz',
+      createdAt: SAMPLE_TIMESTAMP,
+      updatedAt: SAMPLE_TIMESTAMP,
+    },
+    ...overrides,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Mock helpers
+// ---------------------------------------------------------------------------
+
+function mockFindUnique(value: UserWithAccount | null): void {
+  vi.mocked(db.user.findUnique).mockResolvedValueOnce(value);
+}
+
+function mockDelete(value: UserWithAccount): void {
+  vi.mocked(db.user.delete).mockResolvedValueOnce(value);
+}
+
+function mockDeleteError(message: string = 'not found'): void {
+  vi.mocked(db.user.delete).mockRejectedValueOnce(new Error(message));
+}
+
+// ---------------------------------------------------------------------------
+// Setup
+// ---------------------------------------------------------------------------
+
+beforeEach(() => {
+  vi.clearAllMocks();
+});
+
+describe('getUser', () => {
+  describe('successful case', () => {
+    test('returns user with atCoderAccount when found', async () => {
+      mockFindUnique(prepareUser());
+
+      const result = await getUser(SAMPLE_USERNAME);
+
+      expect(result).toEqual(prepareUser());
+      expect(vi.mocked(db.user.findUnique)).toHaveBeenCalledWith({
+        where: { username: SAMPLE_USERNAME },
+        include: { atCoderAccount: true },
+      });
+    });
+  });
+
+  describe('error cases', () => {
+    test('returns null when user is not found', async () => {
+      mockFindUnique(null);
+
+      const result = await getUser('nonexistent');
+
+      expect(result).toBeNull();
+    });
+  });
+});
+
+describe('getUserById', () => {
+  describe('successful case', () => {
+    test('returns user with atCoderAccount when found', async () => {
+      mockFindUnique(prepareUser());
+
+      const result = await getUserById(SAMPLE_USER_ID);
+
+      expect(result).toEqual(prepareUser());
+      expect(vi.mocked(db.user.findUnique)).toHaveBeenCalledWith({
+        where: { id: SAMPLE_USER_ID },
+        include: { atCoderAccount: true },
+      });
+    });
+  });
+
+  describe('error cases', () => {
+    test('returns null when user is not found', async () => {
+      mockFindUnique(null);
+
+      const result = await getUserById('nonexistent-id');
+
+      expect(result).toBeNull();
+    });
+  });
+});
+
+describe('deleteUser', () => {
+  describe('successful case', () => {
+    test('deletes user and returns deleted user; subsequent getUser returns null', async () => {
+      mockDelete(prepareUser());
+      mockFindUnique(null); // Subsequent getUser should not find the deleted user
+
+      const deleteResult = await deleteUser(SAMPLE_USERNAME);
+      const userAfterDelete = await getUser(SAMPLE_USERNAME);
+
+      expect(deleteResult).toEqual(prepareUser());
+      expect(userAfterDelete).toBeNull();
+      expect(vi.mocked(db.user.delete)).toHaveBeenCalledWith({
+        where: { username: SAMPLE_USERNAME },
+      });
+    });
+  });
+
+  describe('error cases', () => {
+    test('throws when user not found', async () => {
+      mockDeleteError('User not found');
+
+      await expect(deleteUser(SAMPLE_USERNAME)).rejects.toThrow();
+    });
+  });
+});
diff --git a/vite.config.ts b/vite.config.ts
index b8b455a29..c28b4e23b 100755
--- a/vite.config.ts
+++ b/vite.config.ts
@@ -9,6 +9,7 @@ export default defineConfig({
   },
   test: {
     include: [
+      'src/lib/**/*.test.ts', // shared utility tests
       'src/test/**/*.test.ts', // existing tests (phase transition)
       'src/features/**/*.test.ts', // feature co-location tests
     ],