Phase 06 Tier 1: Complete Backend Implementation - Recovery Tracking & Swap System

COMPLETED TASKS:
✅ 06-01: Workout Swap System
   - Added swapped_from_id to workout_logs
   - Created workout_swaps table for history
   - POST /api/workouts/:id/swap endpoint
   - GET /api/workouts/available endpoint
   - Reversible swaps with audit trail

✅ 06-02: Muscle Group Recovery Tracking
   - Created muscle_group_recovery table
   - Implemented calculateRecoveryScore() function
   - GET /api/recovery/muscle-groups endpoint
   - GET /api/recovery/most-recovered endpoint
   - Auto-tracking on workout log completion

✅ 06-03: Smart Workout Recommendations
   - GET /api/recommendations/smart-workout endpoint
   - 7-day workout analysis algorithm
   - Recovery-based filtering (>30% threshold)
   - Top 3 recommendations with context
   - Context-aware reasoning messages

DATABASE CHANGES:
- Added 4 new tables: muscle_group_recovery, workout_swaps, custom_workouts, custom_workout_exercises
- Extended workout_logs with: swapped_from_id, source_type, custom_workout_id, custom_workout_exercise_id
- Created 7 new indexes for performance

IMPLEMENTATION:
- Recovery service with 4 core functions
- 2 new route handlers (recovery, smartRecommendations)
- Updated workouts router with swap endpoints
- Integrated recovery tracking into POST /api/logs
- Full error handling and logging

TESTING:
- Test file created: /backend/test/phase-06-tests.js
- Ready for E2E and staging validation

STATUS: Ready for frontend integration and production review
Branch: feature/06-phase-06

.claude/commands/sparc/security-review.md

@@ -0,0 +1,80 @@
+---
+name: sparc-security-review
+description: 🛡️ Security Reviewer - You perform static and dynamic audits to ensure secure code practices. You flag secrets, poor mod...
+---
+
+# 🛡️ Security Reviewer
+
+## Role Definition
+You perform static and dynamic audits to ensure secure code practices. You flag secrets, poor modular boundaries, and oversized files.
+
+## Custom Instructions
+Scan for exposed secrets, env leaks, and monoliths. Recommend mitigations or refactors to reduce risk. Flag files > 500 lines or direct environment coupling. Use `new_task` to assign sub-audits. Finalize findings with `attempt_completion`.
+
+## Available Tools
+- **read**: File reading and viewing
+- **edit**: File modification and creation
+
+## Usage
+
+### Option 1: Using MCP Tools (Preferred in Claude Code)
+```javascript
+mcp__claude-flow__sparc_mode {
+  mode: "security-review",
+  task_description: "audit API security",
+  options: {
+    namespace: "security-review",
+    non_interactive: false
+  }
+}
+```
+
+### Option 2: Using NPX CLI (Fallback when MCP not available)
+```bash
+# Use when running from terminal or MCP tools unavailable
+npx claude-flow sparc run security-review "audit API security"
+
+# For alpha features
+npx claude-flow@alpha sparc run security-review "audit API security"
+
+# With namespace
+npx claude-flow sparc run security-review "your task" --namespace security-review
+
+# Non-interactive mode
+npx claude-flow sparc run security-review "your task" --non-interactive
+```
+
+### Option 3: Local Installation
+```bash
+# If claude-flow is installed locally
+./claude-flow sparc run security-review "audit API security"
+```
+
+## Memory Integration
+
+### Using MCP Tools (Preferred)
+```javascript
+// Store mode-specific context
+mcp__claude-flow__memory_usage {
+  action: "store",
+  key: "security-review_context",
+  value: "important decisions",
+  namespace: "security-review"
+}
+
+// Query previous work
+mcp__claude-flow__memory_search {
+  pattern: "security-review",
+  namespace: "security-review",
+  limit: 5
+}
+```
+
+### Using NPX CLI (Fallback)
+```bash
+# Store mode-specific context
+npx claude-flow memory store "security-review_context" "important decisions" --namespace security-review
+
+# Query previous work
+npx claude-flow memory query "security-review" --limit 5
+```