feat: P5-1 작은 후속 묶음 (#319+#325+#344)

#325 (#291 후속):
- VideoSseController.bulkExtract: Math.random() → ThreadLocalRandom 통일
  (bulkTranscript와 일관)
- VideoSseController.rebuildVectors: 즉시 complete(total=0) 대신 명시적
  'not_implemented' SSE 이벤트로 운영자 가시성 확보 + timeout 600s → 60s
- YouTubeService.getTranscript JavaDoc: mode 인자가 youtube-transcript-api
  폴백에서만 사용된다는 점, 브라우저 추출은 mode 무관 명시

#319 (#301 후속):
- RestaurantDetail: buildSearchQuery 헬퍼 추출 (외부 지도 검색 URL 조합)
  '한국' 단독 region 더미 케이스 가드 포함
- BottomSheet SNAP_POINTS/VELOCITY_THRESHOLD 정책 fn-doc 신규
  (docs/design/279-frontend-restaurant-detail/fn-bottomsheet-snap.md)

#344 (#283 후속):
- globals.css에 --z-bottom-sheet=50, --z-filter-sheet=60, --z-modal=70 토큰
- LoginMenu: zIndex 99999 매직 넘버 → var(--z-modal)

Refs: #319 #325 #344

.gitignore

@@ -18,3 +18,5 @@ k8s/secrets.yaml
 # OS / misc
 .DS_Store
 backend/cookies.txt
+backend-java/cookies.txt
+**/cookies.txt

CHANGELOG.md

@@ -6,6 +6,87 @@
 
 ## 2026-06-15
 
+### ⭐ P4-4 별점 공통화 + 로그인 모달 접근성 (v0.1.23)
+- #281: 공통 Stars 컴포넌트 (0.5단위 절반 채우기), StarSelector role=radiogroup + 44px + 반쪽 별 ⯨, try/catch + alert
+- #283: LoginMenu에 useEscapeKey/useFocusTrap/useBodyScrollLock 훅 적용, role=dialog/aria-modal/aria-labelledby, onError 인라인 alert
+- MyReviewsList: Math.round → Stars (0.5단위 정확 렌더)
+- 후속 분리: #343(next/image, ARIA Tabs, 테스트), #344(z-index 토큰, i18n)
+- Refs: #281 #283 (close)
+
+### 🔐 P4-3 인증 메시지 + 지도 접근성 (v0.1.22)
+- #266: Google verifier 실패 메시지 고정 + log.warn (정보 누출 차단)
+- #278: boundsTimerRef cleanup, '내 위치' 44px + aria-label, dead code 제거
+- #277: 결함 모두 후속(#338) — deep health/version/테스트는 별도
+- 후속 분리: #338(deep health), #339(브랜드 토큰화/마커 ARIA), #340(다중 audience)
+- Refs: #266 #277 #278 (close)
+
+### ⚙️ P4-2 데몬/캐시/통계 결함 (v0.1.21)
+- #275: updateConfig 가드(1+ 정수), Scheduler try-finally updateLastX, GET config admin-only
+- #276: ping try-with-resources + ConnectionFactory null 가드, makeKey null 가드
+- #274: SiteVisitStats int → long, recordVisit DataIntegrityViolationException 1회 재시도
+- 후속 분리: #335 (분산락), #336 (SCAN/자동복구), #337 (봇/레이트리밋)
+- Refs: #275 #276 #274 (close)
+
+### 🧱 P4-1 백엔드 CRUD 결함 (v0.1.20)
+- #294: MemoService/ReviewService 동시성 DuplicateKeyException 가드, rating 0~5 검증, getAvgRating NVL
+- #295: 유니크 충돌 typed exception, channel_id "UC..." 형식 명시 분기, findByChannelId 컬럼 보완, body null 가드
+- #290: @PreDestroy executor shutdown, 캐시 silent → log.warn + cache.del, tabling/catchtable URL 스킴 화이트리스트
+- 후속 분리: #332(#290), #333(#295), #334(#294) — DTO/DDG/세분화/테스트
+- Refs: #290 #294 #295 (close)
+
+### 🔍 #293 검색/벡터 결함 7건 (v0.1.19)
+- SearchController: q 빈값 400 가드 (`%%` 응답 폭발 차단)
+- SearchService: LIKE 와일드카드 escape (%, _, \), hybrid 모드에서 sem 결과에도 채널 부착
+- SearchService: ObjectMapper/TypeReference static 재사용, 알 수 없는 mode warn 로그
+- SearchService: maxDistance를 @Value("${app.search.max-distance:0.57}") 외부화 (env SEARCH_MAX_DISTANCE)
+- SearchMapper.xml: LIKE 절에 ESCAPE '\' 추가
+- VectorService: embeddings null/empty 가드 (NPE 차단)
+- 후속 분리: #331 (batch insert + 테스트)
+- Refs: #293 (close)
+
+### 🛠 #304+#323 어드민 LLM 검증 UI + 공통 유틸 (v0.1.18)
+- 신규 frontend/src/lib/admin-utils.ts:
+  - getAdminToken / authHeaders / consumeSseStream
+- api.ts: Restaurant 타입에 hidden/hidden_reason/verified_at + verify/setRestaurantHidden API 4개
+- RestaurantsPanel:
+  - 헤더: "미검증 N건 + LLM 검증" 버튼
+  - 테이블: 검증 컬럼 (숨김/OK/미검증 배지 + 클릭으로 토글)
+- colSpan 7로 수정
+- 후속 분리: #329 (admin 전체 파일 분리 + localStorage/SSE 11+곳 통일)
+- Refs: #304 #323 #322 (close)
+
+### 🔧 #291+#292 백엔드 결함 일괄 수정 (v0.1.17)
+- ExtractorService: transcript null/blank 가드 (NPE 방지)
+- PipelineService.processExtract: 진입 시 status='processing' 명시 전이 (SSE/사용자 가시성)
+- PipelineService: geocode 실패 시 좌표/place_id/주소 컬럼을 data에 put하지 않아 upsert COALESCE 보존 의도 명확화
+- GeocodingService.parseRegionFromAddress: 빈 토큰을 region 문자열에서 제거 ('한국||구' 깨짐 방지)
+- VideoService.saveVideosBatch: @Transactional 추가 → batch insert 원자성
+- .gitignore: backend-java/cookies.txt 및 **/cookies.txt
+- 후속 분리: #325 (#291 잔여 MINOR), #326 (parseJson 최적화 + #292 MINOR)
+- Refs: #291 #292 (close)
+
+### 🧹 #322 LLM 검증으로 잘못된/프랜차이즈 식당 자동 숨김 (v0.1.16)
+- DB 마이그레이션: restaurants에 hidden(NUMBER(1)), hidden_reason(VARCHAR2(120)), verified_at(TIMESTAMP) + idx_restaurants_hidden
+- 도메인/Mapper/Service 확장: includeHidden 옵션, updateVerification, findUnverified 등
+- 신규 RestaurantVerifyService:
+  - verifyAsync (신규 등록 자동 검증)
+  - verifyAll (백필, 식당당 200ms sleep)
+  - parseVerifyResponse (안전 기본값: 파싱 실패 시 valid=true → hidden 유지)
+- PipelineService.processExtract 끝에 verifyAsync(restId) 자동 호출
+- AdminRestaurantController 신규 (requireAdmin):
+  - GET /api/admin/restaurants/verify/pending
+  - POST /api/admin/restaurants/verify/all?batchSize=10
+  - POST /api/admin/restaurants/{id}/verify
+  - PATCH /api/admin/restaurants/{id}/hidden
+- 어드민 UI는 후속 #323으로 분리
+- Refs: #322 (close)
+
+### 📺 #291 publishedAfter 페이징 조기 종료 버그 (v0.1.15) + dev/prod 데몬 분리
+- YouTubeService.fetchChannelVideos: stopPaging 플래그로 조기 종료 정확화 → 백필 효율 + YouTube API quota 절약
+- DaemonScheduler에 app.daemon.enabled (env DAEMON_ENABLED) 플래그
+- dev/prod가 같은 Oracle ATP를 공유하는 환경에서 dev DAEMON_ENABLED=false로 중복 폴링 차단
+- Refs: #291 #275 #321
+
 ### ♿ #301+#302 모달 접근성 + race condition + 필터 상태 동기화 (v0.1.14)
 - 공통 훅 `frontend/src/lib/hooks/useModalA11y.ts` 신규 (useEscapeKey, useFocusTrap, useBodyScrollLock)
 - BottomSheet/FilterSheet: role='dialog', aria-modal, aria-label/labelledby, ESC 닫기, focus trap

backend-java/src/main/java/com/tasteby/controller/AdminRestaurantController.java

@@ -0,0 +1,81 @@
+package com.tasteby.controller;
+
+import com.tasteby.security.AuthUtil;
+import com.tasteby.service.RestaurantService;
+import com.tasteby.service.RestaurantVerifyService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.Map;
+
+/**
+ * #322 LLM 검증 어드민 API.
+ * - hidden 토글
+ * - 일괄 백필
+ */
+@RestController
+@RequestMapping("/api/admin/restaurants")
+public class AdminRestaurantController {
+
+    private static final Logger log = LoggerFactory.getLogger(AdminRestaurantController.class);
+
+    private final RestaurantService restaurantService;
+    private final RestaurantVerifyService verifyService;
+
+    public AdminRestaurantController(RestaurantService restaurantService, RestaurantVerifyService verifyService) {
+        this.restaurantService = restaurantService;
+        this.verifyService = verifyService;
+    }
+
+    /**
+     * 어드민용 검증 안 된 식당 수 조회.
+     */
+    @GetMapping("/verify/pending")
+    public Map<String, Object> pendingCount() {
+        var admin = AuthUtil.requireAdmin();
+        int n = restaurantService.countUnverified();
+        log.info("[ADMIN] {} pending verify count: {}", admin.getSubject(), n);
+        return Map.of("pending", n);
+    }
+
+    /**
+     * 어드민용 일괄 백필 트리거. 한 번 호출에 모든 미검증 식당을 처리.
+     * 비동기/SSE 없이 동기 응답이라 호출자는 결과까지 기다려야 함(LLM × N).
+     */
+    @PostMapping("/verify/all")
+    public Map<String, Object> verifyAll(@RequestParam(defaultValue = "10") int batchSize) {
+        var admin = AuthUtil.requireAdmin();
+        log.info("[ADMIN] {} triggered verifyAll(batchSize={})", admin.getSubject(), batchSize);
+        int processed = verifyService.verifyAll(batchSize);
+        return Map.of("processed", processed);
+    }
+
+    /**
+     * 어드민용 단건 재검증.
+     */
+    @PostMapping("/{id}/verify")
+    public Map<String, Object> verifyOne(@PathVariable String id) {
+        var admin = AuthUtil.requireAdmin();
+        log.info("[ADMIN] {} verifyOne({})", admin.getSubject(), id);
+        verifyService.verify(id);
+        return Map.of("success", true, "id", id);
+    }
+
+    /**
+     * 어드민용 hidden 토글.
+     */
+    @PatchMapping("/{id}/hidden")
+    public Map<String, Object> setHidden(@PathVariable String id, @RequestBody Map<String, Object> body) {
+        var admin = AuthUtil.requireAdmin();
+        boolean hidden = Boolean.TRUE.equals(body.get("hidden"));
+        String reason = body.get("reason") instanceof String s ? s : "manual";
+        if (hidden) {
+            restaurantService.markHidden(id, reason);
+        } else {
+            restaurantService.clearHidden(id);
+        }
+        log.info("[ADMIN] {} set hidden={} for {}", admin.getSubject(), hidden, id);
+        return Map.of("success", true, "id", id, "hidden", hidden);
+    }
+}

backend-java/src/main/java/com/tasteby/controller/ChannelController.java

@@ -7,6 +7,7 @@ import com.tasteby.security.AuthUtil;
 import com.tasteby.service.CacheService;
 import com.tasteby.service.ChannelService;
 import com.tasteby.service.YouTubeService;
+import org.springframework.dao.DataIntegrityViolationException;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.server.ResponseStatusException;
@@ -52,16 +53,21 @@ public class ChannelController {
         String channelId = body.get("channel_id");
         String channelName = body.get("channel_name");
         String titleFilter = body.get("title_filter");
+        // #295 — body 필수값 가드 (NOT NULL 컬럼에 빈 값 들어가 500 나는 것 방지)
+        if (channelId == null || channelId.isBlank()) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "channel_id는 필수입니다");
+        }
+        if (channelName == null || channelName.isBlank()) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "channel_name은 필수입니다");
+        }
         try {
             String id = channelService.create(channelId, channelName, titleFilter);
             cache.flush();
             return Map.of("id", id, "channel_id", channelId);
-        } catch (Exception e) {
-            if (e.getMessage() != null && e.getMessage().toUpperCase().contains("UQ_CHANNELS_CID")) {
+        } catch (DataIntegrityViolationException e) {
+            // #295 — 유니크 충돌을 메시지 문자열 매칭 대신 typed 예외로 감지 (제약명 변경에도 견고).
             throw new ResponseStatusException(HttpStatus.CONFLICT, "Channel already exists");
         }
-            throw e;
-        }
     }
 
     @PostMapping("/{channelId}/scan")

backend-java/src/main/java/com/tasteby/controller/DaemonController.java

@@ -19,6 +19,8 @@ public class DaemonController {
 
     @GetMapping("/config")
     public DaemonConfig getConfig() {
+        // #275 — 데몬 운영 설정은 admin 전용 (이전: 공개 노출 — 정보 누출 위험)
+        AuthUtil.requireAdmin();
         DaemonConfig config = daemonConfigService.getConfig();
         return config != null ? config : DaemonConfig.builder().build();
     }

backend-java/src/main/java/com/tasteby/controller/RestaurantController.java

@@ -7,6 +7,7 @@ import com.tasteby.security.AuthUtil;
 import com.tasteby.service.CacheService;
 import com.tasteby.service.GeocodingService;
 import com.tasteby.service.RestaurantService;
+import jakarta.annotation.PreDestroy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
@@ -47,6 +48,12 @@ public class RestaurantController {
         this.objectMapper = objectMapper;
     }
 
+    // #290 — Bean 종료 시 virtual thread executor를 정리하여 리소스 누수 방지.
+    @PreDestroy
+    public void shutdownExecutor() {
+        executor.shutdown();
+    }
+
     @GetMapping
     public List<Restaurant> list(
             @RequestParam(defaultValue = "100") int limit,
@@ -61,7 +68,7 @@ public class RestaurantController {
         if (cached != null) {
             try {
                 return objectMapper.readValue(cached, new TypeReference<List<Restaurant>>() {});
-            } catch (Exception ignored) {}
+            } catch (Exception e) { log.warn("Cache deserialize failed, evicting: {}", e.getMessage()); cache.del(key); }
         }
         var result = restaurantService.findAll(limit, offset, cuisine, region, channel);
         cache.set(key, result);
@@ -75,7 +82,7 @@ public class RestaurantController {
         if (cached != null) {
             try {
                 return objectMapper.readValue(cached, Restaurant.class);
-            } catch (Exception ignored) {}
+            } catch (Exception e) { log.warn("Cache deserialize failed, evicting: {}", e.getMessage()); cache.del(key); }
         }
         var r = restaurantService.findById(id);
         if (r == null) throw new ResponseStatusException(HttpStatus.NOT_FOUND, "Restaurant not found");
@@ -241,6 +248,10 @@ public class RestaurantController {
         var r = restaurantService.findById(id);
         if (r == null) throw new ResponseStatusException(HttpStatus.NOT_FOUND);
         String url = body.get("tabling_url");
+        // #290 — javascript:/외부 악성 URL 차단. 빈 문자열은 매핑 해제로 허용.
+        if (url != null && !url.isBlank() && !url.startsWith("https://tabling.co.kr/")) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "테이블링 URL은 https://tabling.co.kr/ 만 허용");
+        }
         restaurantService.update(id, Map.of("tabling_url", url != null ? url : ""));
         cache.flush();
         return Map.of("ok", true);
@@ -367,6 +378,12 @@ public class RestaurantController {
         var r = restaurantService.findById(id);
         if (r == null) throw new ResponseStatusException(HttpStatus.NOT_FOUND);
         String url = body.get("catchtable_url");
+        // #290 — javascript:/외부 악성 URL 차단. 빈 문자열은 매핑 해제로 허용.
+        if (url != null && !url.isBlank()
+                && !url.startsWith("https://app.catchtable.co.kr/")
+                && !url.startsWith("https://www.catchtable.co.kr/")) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "캐치테이블 URL은 https://(app|www).catchtable.co.kr/ 만 허용");
+        }
         restaurantService.update(id, Map.of("catchtable_url", url != null ? url : ""));
         cache.flush();
         return Map.of("ok", true);
@@ -379,7 +396,7 @@ public class RestaurantController {
         if (cached != null) {
             try {
                 return objectMapper.readValue(cached, new TypeReference<List<Map<String, Object>>>() {});
-            } catch (Exception ignored) {}
+            } catch (Exception e) { log.warn("Cache deserialize failed, evicting: {}", e.getMessage()); cache.del(key); }
         }
         var r = restaurantService.findById(id);
         if (r == null) throw new ResponseStatusException(HttpStatus.NOT_FOUND, "Restaurant not found");

backend-java/src/main/java/com/tasteby/controller/ReviewController.java

@@ -39,7 +39,7 @@ public class ReviewController {
             @PathVariable String restaurantId,
             @RequestBody Map<String, Object> body) {
         String userId = AuthUtil.getUserId();
-        double rating = ((Number) body.get("rating")).doubleValue();
+        double rating = requireRating(body.get("rating"));
         String text = (String) body.get("review_text");
         LocalDate visitedAt = body.get("visited_at") != null
                 ? LocalDate.parse((String) body.get("visited_at")) : null;
@@ -51,8 +51,7 @@ public class ReviewController {
             @PathVariable String reviewId,
             @RequestBody Map<String, Object> body) {
         String userId = AuthUtil.getUserId();
-        Double rating = body.get("rating") != null
-                ? ((Number) body.get("rating")).doubleValue() : null;
+        Double rating = body.get("rating") != null ? requireRating(body.get("rating")) : null;
         String text = (String) body.get("review_text");
         LocalDate visitedAt = body.get("visited_at") != null
                 ? LocalDate.parse((String) body.get("visited_at")) : null;
@@ -94,4 +93,18 @@ public class ReviewController {
     public List<Restaurant> myFavorites() {
         return reviewService.getUserFavorites(AuthUtil.getUserId());
     }
+
+    /**
+     * #294 — rating 검증: null/비숫자/범위 외 입력은 400.
+     */
+    private static double requireRating(Object raw) {
+        if (!(raw instanceof Number n)) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "rating은 숫자여야 합니다");
+        }
+        double v = n.doubleValue();
+        if (v < 0.0 || v > 5.0 || Double.isNaN(v)) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "rating은 0.0 ~ 5.0 범위여야 합니다");
+        }
+        return v;
+    }
 }

backend-java/src/main/java/com/tasteby/controller/SearchController.java

@@ -2,7 +2,9 @@ package com.tasteby.controller;
 
 import com.tasteby.domain.Restaurant;
 import com.tasteby.service.SearchService;
+import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.server.ResponseStatusException;
 
 import java.util.List;
 
@@ -21,7 +23,12 @@ public class SearchController {
             @RequestParam String q,
             @RequestParam(defaultValue = "keyword") String mode,
             @RequestParam(defaultValue = "20") int limit) {
+        // #293 — q 빈값 가드: '%%' LIKE로 응답 폭발 차단
+        if (q == null || q.isBlank()) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "검색어가 필요합니다");
+        }
         if (limit > 100) limit = 100;
-        return searchService.search(q, mode, limit);
+        if (limit < 1) limit = 1;
+        return searchService.search(q.trim(), mode, limit);
     }
 }

backend-java/src/main/java/com/tasteby/controller/VideoSseController.java

@@ -11,6 +11,7 @@ import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.mvc.method.annotation.SseEmitter;
 
 import java.util.*;
+import java.util.concurrent.ThreadLocalRandom;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ThreadLocalRandom;
@@ -182,7 +183,8 @@ public class VideoSseController {
                 for (int i = 0; i < total; i++) {
                     var v = rows.get(i);
                     if (i > 0) {
-                        long delay = (long) (3000 + Math.random() * 5000);
+                        // #325 — ThreadLocalRandom으로 통일 (bulkTranscript와 일관성)
+                        long delay = 3000L + ThreadLocalRandom.current().nextLong(5000);
                         emit(emitter, Map.of("type", "wait", "index", i, "delay", delay / 1000.0));
                         Thread.sleep(delay);
                     }
@@ -347,13 +349,15 @@ public class VideoSseController {
     @PostMapping("/rebuild-vectors")
     public SseEmitter rebuildVectors() {
         AuthUtil.requireAdmin();
-        SseEmitter emitter = new SseEmitter(600_000L);
+        SseEmitter emitter = new SseEmitter(60_000L);
 
         executor.execute(() -> {
             try {
-                emit(emitter, Map.of("type", "start"));
-                // TODO: Implement full vector rebuild using VectorService
-                emit(emitter, Map.of("type", "complete", "total", 0));
+                // #325 — 운영자에게 미구현 상태 명시 (이전: 즉시 complete(total=0) → 무반응 인상)
+                emit(emitter, Map.of(
+                        "type", "not_implemented",
+                        "message", "벡터 재생성은 아직 구현되지 않았습니다. 후속 이슈(#325/#331)에서 처리 예정입니다."
+                ));
                 emitter.complete();
             } catch (Exception e) {
                 emitter.completeWithError(e);

backend-java/src/main/java/com/tasteby/domain/Restaurant.java

@@ -31,6 +31,11 @@ public class Restaurant {
     private Integer ratingCount;
     private Date updatedAt;
 
+    // #322 LLM 검증
+    private Boolean hidden;
+    private String hiddenReason;
+    private Date verifiedAt;
+
     // Transient enrichment fields
     private List<String> channels;
     private List<String> foodsMentioned;

backend-java/src/main/java/com/tasteby/domain/SiteVisitStats.java

@@ -10,6 +10,7 @@ import lombok.NoArgsConstructor;
 @NoArgsConstructor
 @AllArgsConstructor
 public class SiteVisitStats {
-    private int today;
-    private int total;
+    // #274 — long으로 변경 (21억 이상 누적 시 int 오버플로 방지)
+    private long today;
+    private long total;
 }

backend-java/src/main/java/com/tasteby/mapper/RestaurantMapper.java

@@ -14,7 +14,19 @@ public interface RestaurantMapper {
                              @Param("offset") int offset,
                              @Param("cuisine") String cuisine,
                              @Param("region") String region,
-                             @Param("channel") String channel);
+                             @Param("channel") String channel,
+                             @Param("includeHidden") boolean includeHidden);
+
+    // #322 LLM 검증: hidden 표시 갱신
+    void updateVerification(@Param("id") String id,
+                            @Param("hidden") int hidden,
+                            @Param("hiddenReason") String hiddenReason);
+
+    void clearHidden(@Param("id") String id);
+
+    List<Restaurant> findUnverified(@Param("limit") int limit);
+
+    int countUnverified();
 
     Restaurant findById(@Param("id") String id);
 

backend-java/src/main/java/com/tasteby/mapper/StatsMapper.java

@@ -7,7 +7,7 @@ public interface StatsMapper {
 
     void recordVisit();
 
-    int getTodayVisits();
+    long getTodayVisits();
 
-    int getTotalVisits();
+    long getTotalVisits();
 }

backend-java/src/main/java/com/tasteby/service/AuthService.java

@@ -6,6 +6,8 @@ import com.google.api.client.http.javanet.NetHttpTransport;
 import com.google.api.client.json.gson.GsonFactory;
 import com.tasteby.domain.UserInfo;
 import com.tasteby.security.JwtTokenProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Service;
@@ -17,6 +19,8 @@ import java.util.Map;
 @Service
 public class AuthService {
 
+    private static final Logger log = LoggerFactory.getLogger(AuthService.class);
+
     private final UserService userService;
     private final JwtTokenProvider jwtProvider;
     private final GoogleIdTokenVerifier verifier;
@@ -58,7 +62,10 @@ public class AuthService {
         } catch (ResponseStatusException e) {
             throw e;
         } catch (Exception e) {
-            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Invalid Google token: " + e.getMessage());
+            // #266 — 외부에는 고정 메시지만, 상세는 로그로 (Google verifier 내부 네트워크/공개키
+            // 조회 실패 메시지가 클라이언트에 노출되지 않도록)
+            log.warn("Google token verification failed: {}", e.getMessage());
+            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Invalid Google token");
         }
     }
 

backend-java/src/main/java/com/tasteby/service/CacheService.java

@@ -27,8 +27,15 @@ public class CacheService {
         this.redis = redis;
         this.mapper = mapper;
         this.ttl = Duration.ofSeconds(ttlSeconds);
-        try {
-            redis.getConnectionFactory().getConnection().ping();
+        // #276 — ping 연결 자원 누수 방지: try-with-resources
+        var factory = redis.getConnectionFactory();
+        if (factory == null) {
+            log.warn("Redis ConnectionFactory is null, caching disabled");
+            disabled = true;
+            return;
+        }
+        try (var conn = factory.getConnection()) {
+            conn.ping();
             log.info("Redis connected");
         } catch (Exception e) {
             log.warn("Redis unavailable ({}), caching disabled", e.getMessage());
@@ -37,6 +44,13 @@ public class CacheService {
     }
 
     public String makeKey(String... parts) {
+        // #276 — null/빈 파트로 "tasteby::" 같은 잘못된 키 생성 방지
+        if (parts == null || parts.length == 0) {
+            throw new IllegalArgumentException("makeKey requires at least one part");
+        }
+        for (String p : parts) {
+            if (p == null) throw new IllegalArgumentException("makeKey parts must not be null");
+        }
         return PREFIX + String.join(":", parts);
     }
 
@@ -85,4 +99,14 @@ public class CacheService {
             log.debug("Cache flush error: {}", e.getMessage());
         }
     }
+
+    // #290 — 단일 키 삭제 (캐시 역직렬화 실패 시 자동 evict 등에 사용)
+    public void del(String key) {
+        if (disabled) return;
+        try {
+            redis.delete(key);
+        } catch (Exception e) {
+            log.debug("Cache del error: {}", e.getMessage());
+        }
+    }
 }

backend-java/src/main/java/com/tasteby/service/ChannelService.java

@@ -27,11 +27,16 @@ public class ChannelService {
     }
 
     public boolean deactivate(String channelId) {
-        // Try deactivate by channel_id first, then by DB id
-        int rows = mapper.deactivateByChannelId(channelId);
-        if (rows == 0) {
-            rows = mapper.deactivateById(channelId);
-        }
+        if (channelId == null || channelId.isBlank()) return false;
+        // #295 — 입력 형식으로 명시적 분기:
+        //   "UC..."(24 chars) 형식 → YouTube channel_id로 비활성화
+        //   그 외(32-char hex UUID 등) → DB id로 비활성화
+        // 이전: channel_id 시도 → 0이면 id 시도. 우연히 UC가 hex와 같을 확률은 0이지만
+        // 가독성/의도 명확성 + 잘못된 폴백 차단을 위해 명시화.
+        boolean looksLikeYouTubeId = channelId.startsWith("UC") && channelId.length() == 24;
+        int rows = looksLikeYouTubeId
+                ? mapper.deactivateByChannelId(channelId)
+                : mapper.deactivateById(channelId);
         return rows > 0;
     }
 

backend-java/src/main/java/com/tasteby/service/DaemonConfigService.java

@@ -2,7 +2,9 @@ package com.tasteby.service;
 
 import com.tasteby.domain.DaemonConfig;
 import com.tasteby.mapper.DaemonConfigMapper;
+import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Service;
+import org.springframework.web.server.ResponseStatusException;
 
 import java.util.Map;
 
@@ -27,20 +29,33 @@ public class DaemonConfigService {
             current.setScanEnabled(Boolean.TRUE.equals(body.get("scan_enabled")));
         }
         if (body.containsKey("scan_interval_min")) {
-            current.setScanIntervalMin(((Number) body.get("scan_interval_min")).intValue());
+            // #275 — 0/음수 입력으로 30초 사이클 폭주 방지. ClassCastException 대신 400.
+            current.setScanIntervalMin(requirePositiveInt(body.get("scan_interval_min"), "scan_interval_min"));
         }
         if (body.containsKey("process_enabled")) {
             current.setProcessEnabled(Boolean.TRUE.equals(body.get("process_enabled")));
         }
         if (body.containsKey("process_interval_min")) {
-            current.setProcessIntervalMin(((Number) body.get("process_interval_min")).intValue());
+            current.setProcessIntervalMin(requirePositiveInt(body.get("process_interval_min"), "process_interval_min"));
         }
         if (body.containsKey("process_limit")) {
-            current.setProcessLimit(((Number) body.get("process_limit")).intValue());
+            current.setProcessLimit(requirePositiveInt(body.get("process_limit"), "process_limit"));
         }
         mapper.updateConfig(current);
     }
 
+    /** #275 — 양의 정수 가드. 비숫자/0/음수는 400. */
+    private static int requirePositiveInt(Object raw, String field) {
+        if (!(raw instanceof Number n)) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, field + "은(는) 정수여야 합니다");
+        }
+        int v = n.intValue();
+        if (v < 1) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, field + "은(는) 1 이상이어야 합니다 (폭주 방지)");
+        }
+        return v;
+    }
+
     public void updateLastScan() {
         mapper.updateLastScan();
     }

backend-java/src/main/java/com/tasteby/service/DaemonScheduler.java

@@ -50,8 +50,13 @@ public class DaemonScheduler {
                 Instant lastScan = config.getLastScanAt() != null ? config.getLastScanAt().toInstant() : null;
                 if (lastScan == null || Instant.now().isAfter(lastScan.plus(config.getScanIntervalMin(), ChronoUnit.MINUTES))) {
                     log.info("Running scheduled channel scan...");
-                    int newVideos = youTubeService.scanAllChannels();
+                    int newVideos = 0;
+                    try {
+                        newVideos = youTubeService.scanAllChannels();
+                    } finally {
+                        // #275 — 외부 호출 예외 시에도 last_scan_at을 갱신해 다음 cron까지의 backoff를 보장
                         daemonConfigService.updateLastScan();
+                    }
                     if (newVideos > 0) {
                         cacheService.flush();
                         log.info("Scan completed: {} new videos", newVideos);
@@ -63,8 +68,12 @@ public class DaemonScheduler {
                 Instant lastProcess = config.getLastProcessAt() != null ? config.getLastProcessAt().toInstant() : null;
                 if (lastProcess == null || Instant.now().isAfter(lastProcess.plus(config.getProcessIntervalMin(), ChronoUnit.MINUTES))) {
                     log.info("Running scheduled video processing (limit={})...", config.getProcessLimit());
-                    int restaurants = pipelineService.processPending(config.getProcessLimit());
+                    int restaurants = 0;
+                    try {
+                        restaurants = pipelineService.processPending(config.getProcessLimit());
+                    } finally {
                         daemonConfigService.updateLastProcess();
+                    }
                     if (restaurants > 0) {
                         cacheService.flush();
                         log.info("Processing completed: {} restaurants extracted", restaurants);

backend-java/src/main/java/com/tasteby/service/ExtractorService.java

@@ -38,7 +38,7 @@ public class ExtractorService {
         %s
         - price_range: 가격대 (예: 1만원대, 2-3만원) (string | null)
         - foods_mentioned: 언급된 대표 메뉴 (string[], 최대 10개, 우선순위 높은 순, 반드시 한글로 작성)
-        - evaluation: 평가 내용 (string | null)
+        - evaluation: 평가 내용을 100자 이내로 요약 (string | null)
         - guests: 함께한 게스트 (string[])
 
         영상 제목: {title}
@@ -62,6 +62,10 @@ public class ExtractorService {
      */
     @SuppressWarnings("unchecked")
     public ExtractionResult extractRestaurants(String title, String transcript, String customPrompt) {
+        // #292 — transcript null/blank 가드 (NPE 방지)
+        if (transcript == null || transcript.isBlank()) {
+            return new ExtractionResult(List.of(), "");
+        }
         // Truncate very long transcripts
         if (transcript.length() > 8000) {
             transcript = transcript.substring(0, 7000) + "\n...(중략)...\n" + transcript.substring(transcript.length() - 1000);

backend-java/src/main/java/com/tasteby/service/GeocodingService.java

@@ -156,7 +156,15 @@ public class GeocodingService {
 
         if (country.isEmpty() && !city.isEmpty()) country = "한국";
         if (country.isEmpty()) return null;
-        return country + "|" + city + "|" + district;
+        // #292 — 빈 토큰은 region 문자열에 포함시키지 않는다(`한국||구` 형식 방지).
+        StringBuilder sb = new StringBuilder(country);
+        if (!city.isEmpty()) {
+            sb.append('|').append(city);
+            if (!district.isEmpty()) sb.append('|').append(district);
+        } else if (!district.isEmpty()) {
+            // city 없이 district만 있는 경우는 정확도 낮으므로 무시
+        }
+        return sb.toString();
     }
 
     private Map<String, Object> geocode(String query) {

backend-java/src/main/java/com/tasteby/service/MemoService.java

@@ -3,6 +3,7 @@ package com.tasteby.service;
 import com.tasteby.domain.Memo;
 import com.tasteby.mapper.MemoMapper;
 import com.tasteby.util.IdGenerator;
+import org.springframework.dao.DuplicateKeyException;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -25,11 +26,18 @@ public class MemoService {
     @Transactional
     public Memo upsert(String userId, String restaurantId, Double rating, String memoText, LocalDate visitedAt) {
         String visitedStr = visitedAt != null ? visitedAt.toString() : null;
+        // #294 — 동시성 가드: 사전 SELECT → 분기 INSERT/UPDATE 패턴은 두 트랜잭션이 동시에 미존재
+        // 판정 후 둘 다 INSERT → UNIQUE 충돌(500). INSERT 우선 시도 후 DuplicateKeyException 시 UPDATE.
         Memo existing = mapper.findByUserAndRestaurant(userId, restaurantId);
         if (existing != null) {
             mapper.updateMemo(userId, restaurantId, rating, memoText, visitedStr);
         } else {
+            try {
                 mapper.insertMemo(IdGenerator.newId(), userId, restaurantId, rating, memoText, visitedStr);
+            } catch (DuplicateKeyException e) {
+                // 동시 INSERT 충돌 → UPDATE로 폴백
+                mapper.updateMemo(userId, restaurantId, rating, memoText, visitedStr);
+            }
         }
         return mapper.findByUserAndRestaurant(userId, restaurantId);
     }

backend-java/src/main/java/com/tasteby/service/PipelineService.java

@@ -28,6 +28,7 @@ public class PipelineService {
     private final VideoService videoService;
     private final VectorService vectorService;
     private final CacheService cacheService;
+    private final RestaurantVerifyService verifyService;
 
     public PipelineService(YouTubeService youTubeService,
                             ExtractorService extractorService,
@@ -35,7 +36,8 @@ public class PipelineService {
                             RestaurantService restaurantService,
                             VideoService videoService,
                             VectorService vectorService,
-                            CacheService cacheService) {
+                            CacheService cacheService,
+                            RestaurantVerifyService verifyService) {
         this.youTubeService = youTubeService;
         this.extractorService = extractorService;
         this.geocodingService = geocodingService;
@@ -43,6 +45,7 @@ public class PipelineService {
         this.videoService = videoService;
         this.vectorService = vectorService;
         this.cacheService = cacheService;
+        this.verifyService = verifyService;
     }
 
     /**
@@ -84,6 +87,9 @@ public class PipelineService {
         String videoDbId = (String) video.get("id");
         String title = (String) video.get("title");
 
+        // #292 — 외부 가시성을 위해 진입 시 processing 전이 (이미 processing이면 no-op)
+        updateVideoStatus(videoDbId, "processing", null, null);
+
         var result = extractorService.extractRestaurants(title, transcript, customPrompt);
         if (result.restaurants().isEmpty()) {
             updateVideoStatus(videoDbId, "done", null, result.rawResponse());
@@ -102,18 +108,26 @@ public class PipelineService {
             // Build upsert data
             var data = new HashMap<String, Object>();
             data.put("name", name);
-            data.put("address", geo != null ? geo.get("formatted_address") : restData.get("address"));
             data.put("region", restData.get("region"));
-            data.put("latitude", geo != null ? geo.get("latitude") : null);
-            data.put("longitude", geo != null ? geo.get("longitude") : null);
             data.put("cuisine_type", restData.get("cuisine_type"));
             data.put("price_range", restData.get("price_range"));
-            data.put("google_place_id", geo != null ? geo.get("google_place_id") : null);
-            data.put("phone", geo != null ? geo.get("phone") : null);
-            data.put("website", geo != null ? geo.get("website") : null);
-            data.put("business_status", geo != null ? geo.get("business_status") : null);
-            data.put("rating", geo != null ? geo.get("rating") : null);
-            data.put("rating_count", geo != null ? geo.get("rating_count") : null);
+            // #292 — geocode 실패(geo==null) 시 좌표/주소/place_id 등 기존 값 보존하기 위해
+            // null을 명시적으로 put하지 않는다. upsert 측에서 누락 컬럼은 그대로 유지.
+            if (geo != null) {
+                data.put("address", geo.get("formatted_address"));
+                data.put("latitude", geo.get("latitude"));
+                data.put("longitude", geo.get("longitude"));
+                data.put("google_place_id", geo.get("google_place_id"));
+                data.put("phone", geo.get("phone"));
+                data.put("website", geo.get("website"));
+                data.put("business_status", geo.get("business_status"));
+                data.put("rating", geo.get("rating"));
+                data.put("rating_count", geo.get("rating_count"));
+            } else {
+                // geocode 실패한 첫 등록 케이스에서 최소한의 주소(LLM이 추출한 원시값)는 저장
+                Object rawAddr = restData.get("address");
+                if (rawAddr != null) data.put("address", rawAddr);
+            }
 
             String restId = restaurantService.upsert(data);
 
@@ -150,6 +164,9 @@ public class PipelineService {
 
             count++;
             log.info("Saved restaurant: {} (geocoded={})", name, geo != null);
+
+            // #322 — 등록 직후 비동기 LLM 검증
+            verifyService.verifyAsync(restId);
         }
 
         updateVideoStatus(videoDbId, "done", null, result.rawResponse());

backend-java/src/main/java/com/tasteby/service/RestaurantService.java

@@ -21,11 +21,36 @@ public class RestaurantService {
     }
 
     public List<Restaurant> findAll(int limit, int offset, String cuisine, String region, String channel) {
-        List<Restaurant> restaurants = mapper.findAll(limit, offset, cuisine, region, channel);
+        return findAll(limit, offset, cuisine, region, channel, false);
+    }
+
+    public List<Restaurant> findAll(int limit, int offset, String cuisine, String region, String channel, boolean includeHidden) {
+        List<Restaurant> restaurants = mapper.findAll(limit, offset, cuisine, region, channel, includeHidden);
         enrichRestaurants(restaurants);
         return restaurants;
     }
 
+    // #322 — 검증 상태 갱신
+    public void markHidden(String id, String reason) {
+        mapper.updateVerification(id, 1, reason);
+    }
+
+    public void markVerifiedClean(String id) {
+        mapper.updateVerification(id, 0, null);
+    }
+
+    public void clearHidden(String id) {
+        mapper.clearHidden(id);
+    }
+
+    public List<Restaurant> findUnverified(int limit) {
+        return mapper.findUnverified(limit);
+    }
+
+    public int countUnverified() {
+        return mapper.countUnverified();
+    }
+
     public List<Restaurant> findWithoutTabling() {
         return mapper.findWithoutTabling();
     }
@@ -117,7 +142,8 @@ public class RestaurantService {
         String id = IdGenerator.newId();
         String foodsJson = foods != null ? JsonUtil.toJson(foods) : null;
         String guestsJson = guests != null ? JsonUtil.toJson(guests) : null;
-        mapper.linkVideoRestaurant(id, videoId, restaurantId, foodsJson, evaluation, guestsJson);
+        String evalJson = JsonUtil.normalizeEvaluation(evaluation);
+        mapper.linkVideoRestaurant(id, videoId, restaurantId, foodsJson, evalJson, guestsJson);
     }
 
     public void updateCuisineType(String id, String cuisineType) {

backend-java/src/main/java/com/tasteby/service/RestaurantVerifyService.java

@@ -0,0 +1,149 @@
+package com.tasteby.service;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.tasteby.domain.Restaurant;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.scheduling.annotation.Async;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * #322 LLM 검증으로 잘못된/프랜차이즈 식당 자동 숨김.
+ * 설계서: docs/design/322-restaurant-llm-verify/README.md
+ */
+@Service
+public class RestaurantVerifyService {
+
+    private static final Logger log = LoggerFactory.getLogger(RestaurantVerifyService.class);
+
+    private final RestaurantService restaurantService;
+    private final OciGenAiService genAi;
+    private final ObjectMapper jsonMapper = new ObjectMapper();
+
+    // 백필 시 LLM rate-limit 보호용 sleep (ms)
+    private static final long BACKFILL_SLEEP_MS = 200;
+
+    public RestaurantVerifyService(RestaurantService restaurantService, OciGenAiService genAi) {
+        this.restaurantService = restaurantService;
+        this.genAi = genAi;
+    }
+
+    @Async
+    public void verifyAsync(String restaurantId) {
+        try {
+            verify(restaurantId);
+        } catch (Exception e) {
+            log.warn("verifyAsync failed for {}: {}", restaurantId, e.getMessage());
+        }
+    }
+
+    public void verify(String restaurantId) {
+        Restaurant r = restaurantService.findById(restaurantId);
+        if (r == null) return;
+        VerifyResult result;
+        try {
+            String prompt = buildPrompt(r);
+            String response = genAi.chat(prompt, 120);
+            result = parseVerifyResponse(response);
+        } catch (Exception e) {
+            // 안전한 기본값: LLM 실패 시 공개 유지(=hidden=0). verified_at은 미설정으로 남겨 재시도 가능.
+            log.warn("verify({}) LLM failed: {} — keeping visible", restaurantId, e.getMessage());
+            return;
+        }
+        applyResult(restaurantId, result);
+    }
+
+    /**
+     * 미검증(verified_at IS NULL) 식당을 배치로 검증. 운영 trigger 용.
+     * 반환: 이번 호출에서 처리한 개수.
+     */
+    public int verifyAll(int batchSize) {
+        int total = 0;
+        List<Restaurant> batch;
+        while (!(batch = restaurantService.findUnverified(batchSize)).isEmpty()) {
+            for (Restaurant r : batch) {
+                try {
+                    verify(r.getId());
+                } catch (Exception e) {
+                    log.warn("verifyAll({}) failed: {}", r.getId(), e.getMessage());
+                }
+                total++;
+                try { Thread.sleep(BACKFILL_SLEEP_MS); } catch (InterruptedException ie) {
+                    Thread.currentThread().interrupt();
+                    return total;
+                }
+            }
+            if (batch.size() < batchSize) break;
+        }
+        return total;
+    }
+
+    // ---- pure helpers (tested separately) ----
+
+    String buildPrompt(Restaurant r) {
+        String foods = r.getFoodsMentioned() == null || r.getFoodsMentioned().isEmpty()
+                ? "(없음)" : String.join(", ", r.getFoodsMentioned());
+        return "당신은 식당 데이터 큐레이터다. 다음 식당이 (1) 실제 운영 식당인지, (2) 흔한 프랜차이즈인지 판정하라.\n\n" +
+               "식당명: " + safe(r.getName()) + "\n" +
+               "주소: " + safe(r.getAddress()) + "\n" +
+               "지역: " + safe(r.getRegion()) + "\n" +
+               "음식 분류: " + safe(r.getCuisineType()) + "\n" +
+               "언급된 음식: " + foods + "\n\n" +
+               "응답 형식(JSON만, 다른 텍스트 없이):\n" +
+               "{\"valid\": true|false, \"is_franchise\": true|false, \"reason\": \"20자 이내\"}\n\n" +
+               "가이드:\n" +
+               "- valid=false: 식당 이름이 사람 이름, 영상 제목 일부, 일반 명사(\"점심\", \"맛집\"), " +
+               "영문 prefix(\"name:\", \"title:\") 등 분명히 식당이 아닌 경우.\n" +
+               "- is_franchise=true: 스타벅스, 맥도날드, 버거킹, 김밥천국, 본죽 등 전국 50개 이상 매장의 흔한 체인.\n" +
+               "- 판단이 모호하면 valid=true, is_franchise=false (보수적).";
+    }
+
+    VerifyResult parseVerifyResponse(String raw) {
+        if (raw == null) return VerifyResult.safeDefault();
+        String json = extractJson(raw);
+        if (json == null) return VerifyResult.safeDefault();
+        try {
+            JsonNode node = jsonMapper.readTree(json);
+            boolean valid = node.path("valid").asBoolean(true);
+            boolean isFranchise = node.path("is_franchise").asBoolean(false);
+            String reason = node.path("reason").asText("");
+            if (reason.length() > 100) reason = reason.substring(0, 100);
+            return new VerifyResult(valid, isFranchise, reason);
+        } catch (Exception e) {
+            return VerifyResult.safeDefault();
+        }
+    }
+
+    private void applyResult(String id, VerifyResult r) {
+        if (!r.valid()) {
+            restaurantService.markHidden(id, truncate("not_restaurant: " + r.reason(), 120));
+        } else if (r.isFranchise()) {
+            restaurantService.markHidden(id, truncate("franchise: " + r.reason(), 120));
+        } else {
+            restaurantService.markVerifiedClean(id);
+        }
+    }
+
+    private static final Pattern JSON_BLOCK = Pattern.compile("\\{[^{}]*\\}", Pattern.DOTALL);
+
+    private static String extractJson(String raw) {
+        // 우선 그대로 시도
+        String trimmed = raw.trim();
+        if (trimmed.startsWith("{") && trimmed.endsWith("}")) return trimmed;
+        // 마크다운 코드블록 또는 다른 텍스트에 감싸진 경우 정규식 추출
+        Matcher m = JSON_BLOCK.matcher(raw);
+        return m.find() ? m.group() : null;
+    }
+
+    private static String safe(String s) { return s == null ? "(미상)" : s; }
+    private static String truncate(String s, int max) { return s.length() <= max ? s : s.substring(0, max); }
+
+    public record VerifyResult(boolean valid, boolean isFranchise, String reason) {
+        public static VerifyResult safeDefault() { return new VerifyResult(true, false, "parse_failed"); }
+    }
+}

backend-java/src/main/java/com/tasteby/service/ReviewService.java

@@ -5,6 +5,7 @@ import com.tasteby.domain.Review;
 import com.tasteby.mapper.ReviewMapper;
 import com.tasteby.util.IdGenerator;
 import com.tasteby.util.JsonUtil;
+import org.springframework.dao.DuplicateKeyException;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -60,10 +61,15 @@ public class ReviewService {
         if (existingId != null) {
             mapper.deleteFavorite(userId, restaurantId);
             return false;
-        } else {
-            mapper.insertFavorite(IdGenerator.newId(), userId, restaurantId);
-            return true;
         }
+        // #294 — 동시성 가드: 동시 INSERT 시 UNIQUE 충돌 → 한 쪽 500.
+        // INSERT 시도 후 DuplicateKeyException은 "이미 추가됨"으로 간주 (토글 의도는 ON).
+        try {
+            mapper.insertFavorite(IdGenerator.newId(), userId, restaurantId);
+        } catch (DuplicateKeyException ignored) {
+            // 다른 트랜잭션이 먼저 INSERT 함 — 결과는 어쨌든 즐겨찾기 ON.
+        }
+        return true;
     }
 
     public List<Restaurant> getUserFavorites(String userId) {

backend-java/src/main/java/com/tasteby/service/SearchService.java

@@ -1,9 +1,12 @@
 package com.tasteby.service;
 
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.tasteby.domain.Restaurant;
 import com.tasteby.mapper.SearchMapper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
 import java.util.*;
@@ -12,12 +15,17 @@ import java.util.*;
 public class SearchService {
 
     private static final Logger log = LoggerFactory.getLogger(SearchService.class);
+    private static final ObjectMapper JSON = new ObjectMapper();
+    private static final TypeReference<List<Restaurant>> LIST_TYPE = new TypeReference<>() {};
 
     private final SearchMapper searchMapper;
     private final RestaurantService restaurantService;
     private final VectorService vectorService;
     private final CacheService cache;
 
+    @Value("${app.search.max-distance:0.57}")
+    private double maxDistance;
+
     public SearchService(SearchMapper searchMapper,
                           RestaurantService restaurantService,
                           VectorService vectorService,
@@ -33,8 +41,8 @@ public class SearchService {
         String cached = cache.getRaw(key);
         if (cached != null) {
             try {
-                var mapper = new com.fasterxml.jackson.databind.ObjectMapper();
-                return mapper.readValue(cached, new com.fasterxml.jackson.core.type.TypeReference<List<Restaurant>>() {});
+                // #293 — ObjectMapper 재사용 (필드 static)
+                return JSON.readValue(cached, LIST_TYPE);
             } catch (Exception ignored) {}
         }
 
@@ -44,13 +52,20 @@ public class SearchService {
             case "hybrid" -> {
                 var kw = keywordSearch(q, limit);
                 var sem = semanticSearch(q, limit);
+                // #293 — semantic 결과에도 channels 부착 (이전: keyword에만 부착되어 hybrid에서 sem 결과는 채널 누락)
+                if (!sem.isEmpty()) attachChannels(sem);
                 Set<String> seen = new HashSet<>();
                 var merged = new ArrayList<Restaurant>();
                 for (var r : kw) { if (seen.add(r.getId())) merged.add(r); }
                 for (var r : sem) { if (seen.add(r.getId())) merged.add(r); }
                 result = merged.size() > limit ? merged.subList(0, limit) : merged;
             }
-            default -> result = keywordSearch(q, limit);
+            case "keyword" -> result = keywordSearch(q, limit);
+            default -> {
+                // #293 — 알 수 없는 mode는 silent fallback 대신 경고 로그
+                log.warn("Unknown search mode '{}', falling back to keyword", mode);
+                result = keywordSearch(q, limit);
+            }
         }
 
         cache.set(key, result);
@@ -58,7 +73,10 @@ public class SearchService {
     }
 
     private List<Restaurant> keywordSearch(String q, int limit) {
-        String pattern = "%" + q + "%";
+        // #293 — LIKE 와일드카드 escape: 사용자 입력의 %, _, \ 를 리터럴로 처리.
+        // SQL에서는 ESCAPE '\\' 절을 사용 (SearchMapper.xml).
+        String escaped = q.replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_");
+        String pattern = "%" + escaped + "%";
         List<Restaurant> results = searchMapper.keywordSearch(pattern, limit);
         if (!results.isEmpty()) {
             attachChannels(results);
@@ -68,7 +86,7 @@ public class SearchService {
 
     private List<Restaurant> semanticSearch(String q, int limit) {
         try {
-            var similar = vectorService.searchSimilar(q, Math.max(30, limit * 3), 0.57);
+            var similar = vectorService.searchSimilar(q, Math.max(30, limit * 3), maxDistance);
             if (similar.isEmpty()) return List.of();
 
             Set<String> seen = new LinkedHashSet<>();

backend-java/src/main/java/com/tasteby/service/StatsService.java

@@ -2,11 +2,16 @@ package com.tasteby.service;
 
 import com.tasteby.domain.SiteVisitStats;
 import com.tasteby.mapper.StatsMapper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.dao.DataIntegrityViolationException;
 import org.springframework.stereotype.Service;
 
 @Service
 public class StatsService {
 
+    private static final Logger log = LoggerFactory.getLogger(StatsService.class);
+
     private final StatsMapper mapper;
 
     public StatsService(StatsMapper mapper) {
@@ -14,7 +19,19 @@ public class StatsService {
     }
 
     public void recordVisit() {
+        // #274 — 자정 경계 동시성: 두 트랜잭션이 동시에 'NOT MATCHED' 판정 → 둘 다 INSERT
+        // → PK/UNIQUE 충돌 시 한 쪽 500. 1회 재시도(다음엔 MATCHED → UPDATE 분기).
+        try {
             mapper.recordVisit();
+        } catch (DataIntegrityViolationException e) {
+            log.debug("recordVisit conflict (midnight race), retry once: {}", e.getMessage());
+            try {
+                mapper.recordVisit();
+            } catch (DataIntegrityViolationException retryFail) {
+                // 두 번째 시도도 실패: 카운트 1건 손실은 수용 (운영 영향 미미)
+                log.warn("recordVisit double-conflict, dropping one count: {}", retryFail.getMessage());
+            }
+        }
     }
 
     public SiteVisitStats getVisits() {

backend-java/src/main/java/com/tasteby/service/VectorService.java

@@ -27,12 +27,15 @@ public class VectorService {
      */
     public List<Map<String, Object>> searchSimilar(String query, int topK, double maxDistance) {
         List<List<Double>> embeddings = genAi.embedTexts(List.of(query));
-        if (embeddings.isEmpty()) return List.of();
+        // #293 — embeddings 빈/null 가드 (NPE/IndexOutOfBoundsException 방지)
+        if (embeddings == null || embeddings.isEmpty()) return List.of();
+        List<Double> first = embeddings.getFirst();
+        if (first == null || first.isEmpty()) return List.of();
 
         // Convert to float array for Oracle VECTOR type
-        float[] queryVec = new float[embeddings.getFirst().size()];
+        float[] queryVec = new float[first.size()];
         for (int i = 0; i < queryVec.length; i++) {
-            queryVec[i] = embeddings.getFirst().get(i).floatValue();
+            queryVec[i] = first.get(i).floatValue();
         }
 
         String sql = """

backend-java/src/main/java/com/tasteby/service/VideoService.java

@@ -28,6 +28,9 @@ public class VideoService {
         VideoDetail detail = mapper.findDetail(id);
         if (detail == null) return null;
         List<VideoRestaurantLink> restaurants = mapper.findVideoRestaurants(id);
+        if (restaurants != null) {
+            restaurants.forEach(r -> r.setEvaluation(JsonUtil.normalizeEvaluation(r.getEvaluation())));
+        }
         detail.setRestaurants(restaurants != null ? restaurants : List.of());
         return detail;
     }
@@ -59,6 +62,7 @@ public class VideoService {
         mapper.cleanupOrphanRestaurant(restaurantId);
     }
 
+    @Transactional
     public int saveVideosBatch(String channelId, List<Map<String, Object>> videos) {
         Set<String> existing = new HashSet<>(mapper.getExistingVideoIds(channelId));
         int saved = 0;

backend-java/src/main/java/com/tasteby/service/YouTubeService.java

@@ -278,8 +278,19 @@ public class YouTubeService {
 
     /**
      * Fetch transcript for a YouTube video.
-     * Tries API first (fast), then falls back to Playwright browser extraction.
-     * @param mode "auto" = manual first then generated, "manual" = manual only, "generated" = generated only
+     *
+     * 흐름: (1) Playwright headed 브라우저 추출 → (2) 실패 시 youtube-transcript-api 폴백.
+     *
+     * <p>#325 — mode 인자 명세:
+     * <ul>
+     *   <li>"auto" (기본): manual → generated 순서로 시도</li>
+     *   <li>"manual": manual(사람이 쓴 자막)만</li>
+     *   <li>"generated": 자동 생성 자막만</li>
+     * </ul>
+     * 주의: mode 인자는 <b>youtube-transcript-api 폴백 경로에서만 사용</b>됩니다.
+     * 브라우저 추출은 YouTube가 노출하는 자막 트랙 전체를 그대로 수신하므로 mode 무관.
+     *
+     * @param mode 위 설명 참조. null이면 "auto"로 간주.
      */
     public TranscriptResult getTranscript(String videoId, String mode) {
         if (mode == null) mode = "auto";

backend-java/src/main/resources/application.yml

@@ -59,6 +59,11 @@ app:
   cache:
     ttl-seconds: 600
 
+  search:
+    # #293 — 벡터 검색 cosine distance 임계값 (0.0=완전일치, 1.0=직교).
+    # 0.57은 cohere embed-v4 한국어 시맨틱 적합도 기준 경험값.
+    max-distance: ${SEARCH_MAX_DISTANCE:0.57}
+
   daemon:
     # 인스턴스 차원 스케줄러 활성화. dev/prod가 같은 DB를 공유하므로
     # dev .env에 DAEMON_ENABLED=false를 설정해 dev 폴링을 끄고 prod만 동작시킨다.

backend-java/src/main/resources/db/migration/V20260615__restaurants_hidden_columns.sql

@@ -0,0 +1,7 @@
+-- #322 LLM 검증 — restaurants에 hidden/검증 컬럼 추가
+ALTER TABLE restaurants ADD (
+  hidden NUMBER(1) DEFAULT 0 NOT NULL,
+  hidden_reason VARCHAR2(120),
+  verified_at TIMESTAMP
+);
+CREATE INDEX idx_restaurants_hidden ON restaurants(hidden);

backend-java/src/main/resources/mybatis/mapper/ChannelMapper.xml

@@ -44,7 +44,8 @@
     </update>
 
     <select id="findByChannelId" resultMap="channelResultMap">
-        SELECT id, channel_id, channel_name, title_filter
+        <!-- #295 — findAllActive와 동일하게 description/tags/sort_order까지 SELECT -->
+        SELECT id, channel_id, channel_name, title_filter, description, tags, sort_order
         FROM channels
         WHERE channel_id = #{channelId} AND is_active = 1
     </select>

backend-java/src/main/resources/mybatis/mapper/RestaurantMapper.xml

@@ -22,6 +22,9 @@
         <result property="rating" column="rating"/>
         <result property="ratingCount" column="rating_count"/>
         <result property="updatedAt" column="updated_at"/>
+        <result property="hidden" column="hidden" javaType="java.lang.Boolean"/>
+        <result property="hiddenReason" column="hidden_reason"/>
+        <result property="verifiedAt" column="verified_at"/>
     </resultMap>
 
     <!-- ===== Queries ===== -->
@@ -29,7 +32,8 @@
     <select id="findAll" resultMap="restaurantMap">
         SELECT DISTINCT r.id, r.name, r.address, r.region, r.latitude, r.longitude,
                r.cuisine_type, r.price_range, r.google_place_id, r.tabling_url, r.catchtable_url,
-               r.business_status, r.rating, r.rating_count, r.updated_at
+               r.business_status, r.rating, r.rating_count, r.updated_at,
+               r.hidden, r.hidden_reason, r.verified_at
         FROM restaurants r
         <if test="channel != null and channel != ''">
             JOIN video_restaurants vr_f ON vr_f.restaurant_id = r.id
@@ -39,6 +43,9 @@
         <where>
             r.latitude IS NOT NULL
             AND EXISTS (SELECT 1 FROM video_restaurants vr0 WHERE vr0.restaurant_id = r.id)
+            <if test="includeHidden == null or !includeHidden">
+                AND r.hidden = 0
+            </if>
             <if test="cuisine != null and cuisine != ''">
                 AND r.cuisine_type = #{cuisine}
             </if>
@@ -277,4 +284,35 @@
         ORDER BY r.name
     </select>
 
+    <!-- ===== #322 LLM 검증 ===== -->
+
+    <update id="updateVerification">
+        UPDATE restaurants
+        SET hidden = #{hidden},
+            hidden_reason = #{hiddenReason,jdbcType=VARCHAR},
+            verified_at = CURRENT_TIMESTAMP
+        WHERE id = #{id}
+    </update>
+
+    <update id="clearHidden">
+        UPDATE restaurants
+        SET hidden = 0,
+            hidden_reason = NULL,
+            verified_at = CURRENT_TIMESTAMP
+        WHERE id = #{id}
+    </update>
+
+    <select id="findUnverified" resultMap="restaurantMap">
+        SELECT r.id, r.name, r.address, r.region, r.cuisine_type, r.price_range,
+               r.hidden, r.hidden_reason, r.verified_at
+        FROM restaurants r
+        WHERE r.verified_at IS NULL
+        ORDER BY r.updated_at DESC
+        FETCH FIRST #{limit} ROWS ONLY
+    </select>
+
+    <select id="countUnverified" resultType="int">
+        SELECT COUNT(*) FROM restaurants WHERE verified_at IS NULL
+    </select>
+
 </mapper>

backend-java/src/main/resources/mybatis/mapper/ReviewMapper.xml

@@ -79,7 +79,8 @@
     </select>
 
     <select id="getAvgRating" resultType="map">
-        SELECT ROUND(AVG(rating), 1) AS avg_rating, COUNT(*) AS review_count
+        <!-- #294 — review 0건이면 AVG는 NULL → 클라이언트 NaN 처리 부담. NVL로 0.0 보장. -->
+        SELECT NVL(ROUND(AVG(rating), 1), 0) AS avg_rating, COUNT(*) AS review_count
         FROM user_reviews
         WHERE restaurant_id = #{restaurantId}
     </select>

backend-java/src/main/resources/mybatis/mapper/SearchMapper.xml

@@ -30,12 +30,13 @@
         JOIN video_restaurants vr ON vr.restaurant_id = r.id
         JOIN videos v ON v.id = vr.video_id
         WHERE r.latitude IS NOT NULL
-          AND (UPPER(r.name) LIKE UPPER(#{query})
-               OR UPPER(r.address) LIKE UPPER(#{query})
-               OR UPPER(r.region) LIKE UPPER(#{query})
-               OR UPPER(r.cuisine_type) LIKE UPPER(#{query})
-               OR UPPER(vr.foods_mentioned) LIKE UPPER(#{query})
-               OR UPPER(v.title) LIKE UPPER(#{query}))
+          <!-- #293 — ESCAPE 절로 사용자 입력의 %, _ 와일드카드 의도 우회 차단 -->
+          AND (UPPER(r.name) LIKE UPPER(#{query}) ESCAPE '\'
+               OR UPPER(r.address) LIKE UPPER(#{query}) ESCAPE '\'
+               OR UPPER(r.region) LIKE UPPER(#{query}) ESCAPE '\'
+               OR UPPER(r.cuisine_type) LIKE UPPER(#{query}) ESCAPE '\'
+               OR UPPER(vr.foods_mentioned) LIKE UPPER(#{query}) ESCAPE '\'
+               OR UPPER(v.title) LIKE UPPER(#{query}) ESCAPE '\')
         FETCH FIRST #{limit} ROWS ONLY
     </select>
 

docs/design/279-frontend-restaurant-detail/fn-bottomsheet-snap.md

@@ -0,0 +1,54 @@
+<!-- 함수 설계서. 작성: [AI] Architect. -->
+
+# 함수 설계서: BottomSheet snap 정책 (#319)
+
+> **상태**: Approved <!-- Draft | Approved | Superseded -->
+> **작성**: [AI] Architect · **최종수정**: 2026-06-15
+> **추적성** — Redmine: #319 / 부모 #301 · 관련 컴포넌트: `frontend/src/components/BottomSheet.tsx`
+
+## 1. 책임
+
+모바일 BottomSheet의 **3-snap 점착(snap) 점**과 **닫힘 임계 속도**를 정의하고, 사용자의 드래그 제스처가 어느 snap에 안착할지 결정하는 알고리즘을 명세한다.
+
+## 2. 상수 (매직 넘버)
+
+| 상수 | 값 | 의미 |
+|------|----|------|
+| `SNAP_POINTS.PEEK` | `0.4` | 초기/맨 아래 snap. 화면 높이의 40%만 시트가 보임 — 지도와 시트를 함께 보는 균형. |
+| `SNAP_POINTS.HALF` | `0.55` | 중간 snap. 시트 콘텐츠 핵심(이름·평점·리뷰 첫 줄)이 잘 보이는 위치. |
+| `SNAP_POINTS.FULL` | `0.92` | 거의 풀 화면. 8% 여백은 상단 스와이프 핸들·상태바를 위해 남김. |
+| `VELOCITY_THRESHOLD` | `0.5` (vh/s) | 빠른 아래 스와이프 감지 기준. 초당 화면 높이의 50% 이상이면 "닫기 의도"로 간주. |
+| `CLOSE_BELOW_RATIO` | `0.6 × PEEK` ≈ 0.24 | snap 후보 중 PEEK의 60% 아래로 끌어내리면 강제 닫힘. |
+
+## 3. 결정 알고리즘 (`snapTo(height, velocity)`)
+
+```
+입력: height(현재 높이 ratio 0~1), velocity(아래 방향 vh/s, 양수=아래)
+
+1. velocity > VELOCITY_THRESHOLD && height < HALF  →  onClose()
+2. height < CLOSE_BELOW_RATIO                       →  onClose()
+3. 그 외: [PEEK, HALF, FULL] 중 height와 최단 거리인 점에 setHeight()
+```
+
+## 4. 왜 이 값들인가 (근거)
+
+- **0.4/0.55/0.92**: 모바일 UX 가이드(Material/iOS BottomSheet)의 30%/50%/95% 패턴을 한국 식당 카드 콘텐츠 길이(이름 18px + 평점 16px + 영상 썸네일 200px 기준)에 맞춰 조정.
+- **0.5 vh/s**: 일반 손가락 플릭 속도가 0.7~1.2 vh/s, 의도적인 닫기 스와이프 임계점.
+- **0.24 close-below**: PEEK(0.4)의 60% — 우발적 드래그(<0.05) 차단 + 의도적 닫기(<0.24) 수용.
+
+## 5. 변경 시 주의
+
+- 사용자의 근육 기억(스와이프 거리 감각) 교란 위험이 있어 SNAP_POINTS 변경은 ADR로 분리할 것.
+- VELOCITY_THRESHOLD를 낮추면 의도치 않은 닫힘 ↑, 높이면 닫기 어려움 ↑.
+
+## 6. 테스트 권고
+
+- `snapTo(0.45, 0.1)` → HALF로 안착
+- `snapTo(0.2, 0.7)` → onClose 호출
+- `snapTo(0.85, 0)` → FULL로 안착
+- `snapTo(0.1, 0)` → onClose 호출 (CLOSE_BELOW_RATIO)
+- 단위 테스트는 `utils/bottomSheetSnap.ts`로 함수 추출 후 #343에서 진행.
+
+## 7. 미해결 질문
+
+- 가로 모드 / 큰 폰트 접근성 모드에서 PEEK가 너무 작아 보이는 케이스 — 향후 동적 조정 검토.

docs/design/322-restaurant-llm-verify/README.md

@@ -0,0 +1,187 @@
+# 설계서: LLM 검증으로 잘못된/프랜차이즈 식당 자동 숨김 (#322)
+
+> **상태**: Approved <!-- Draft | Approved | Superseded -->
+> **작성**: [AI] Architect · **최종수정**: 2026-06-15
+> **추적성** — Redmine: #322 · 관련 ADR: 없음
+> · 구현 파일: `backend-java/src/main/java/com/tasteby/service/RestaurantVerifyService.java`(신규), `backend-java/src/main/java/com/tasteby/domain/Restaurant.java`(필드 3개 추가), `backend-java/src/main/resources/mybatis/mapper/RestaurantMapper.xml`(컬럼 매핑), `backend-java/src/main/java/com/tasteby/service/RestaurantService.java`(필터링), DB 마이그레이션 SQL
+> · 테스트: 단위 테스트 신규 (검증 결과 파싱, hidden 필터링)
+
+## 1. 목적 (Why)
+
+LLM 추출 과정에서 (a) 식당이 아닌 비식별자(영상 제목, 사람 이름, 일반 명사 등)가 식당으로 잘못 등록되거나 (b) 흔한 프랜차이즈(스타벅스, 맥도날드 등)가 큐레이션 의도와 무관하게 등록되어 사용자 경험을 저해. LLM 2차 검증으로 자동 숨김 처리하고 어드민에서 수동 복구 가능하게 한다.
+
+## 2. 범위 (Scope)
+
+- **포함**
+  - `restaurants` 테이블 컬럼 추가: `hidden NUMBER(1) DEFAULT 0`, `hidden_reason VARCHAR2(120)`, `verified_at TIMESTAMP`.
+  - 신규 `RestaurantVerifyService`: 단건 검증 + 배치 백필 검증.
+  - `PipelineService.processExtract` 흐름 끝에 검증 호출(신규 등록 자동 검증).
+  - 어드민 API: 일괄 재검증 트리거 + 개별 hidden 토글.
+  - 프론트: 공개 API 응답에서 hidden=true 제외(어드민 응답에는 포함).
+- **제외 (out of scope)**
+  - 이미지 인식, 메뉴 검증.
+  - 프랜차이즈 매칭 전용 DB/지식베이스(이번엔 LLM 단발 판정).
+  - 어드민 UI 대량 작업(필요 시 후속 이슈).
+
+## 3. 인수조건 (Acceptance Criteria)
+
+- [ ] `restaurants` 테이블에 `hidden`/`hidden_reason`/`verified_at` 3개 컬럼이 존재한다.
+- [ ] 신규 식당 등록 후 60초 이내 `verified_at`이 설정된다.
+- [ ] `GET /api/restaurants` 응답에 `hidden=1` 식당은 포함되지 않는다.
+- [ ] `GET /api/admin/restaurants?include_hidden=true` 는 hidden을 포함하고 `hidden_reason`을 노출한다.
+- [ ] 어드민 `PATCH /api/admin/restaurants/{id}/hidden {hidden:false}` 토글이 정상 동작한다.
+- [ ] 어드민 `POST /api/admin/restaurants/verify-all` 호출 시 미검증 식당 전체를 백필(rate-limit 적용).
+- [ ] LLM 호출 실패 시 식당은 hidden=0(공개) 유지(안전한 기본값) + 로그.
+- [ ] 단위 테스트로 LLM 응답 파싱 + 필터링 로직 통과.
+
+## 4. 컨텍스트 & 제약
+
+- 의존성: 기존 `OciGenAiService.chat(prompt, maxTokens)` 재사용.
+- DB: Oracle 23ai. DDL은 `ALTER TABLE` 마이그레이션.
+- LLM 비용: 검증은 한 식당당 1회 단발(짧은 프롬프트). 500개 백필 시 약 500 호출.
+- 봇/quota 제약 없음(OCI GenAI는 내부 호출).
+- 기존 데이터: 약 500건 식당 → 백필 1회 필요. 신규 영상 처리 흐름에 자동 통합.
+- 가정: LLM 판정 정확도 85-95%. 실수 시 어드민에서 수동 복구.
+
+## 5. 아키텍처 개요
+
+```
+PipelineService.processExtract
+   │  (기존 흐름)
+   ▼
+RestaurantService.upsert
+   │
+   ▼
+RestaurantVerifyService.verifyAsync(restaurantId)
+   │  (비동기 — 사용자 응답 차단 안 함)
+   ▼
+OciGenAiService.chat(prompt, maxTokens=100)
+   │
+   ▼
+parseVerifyResponse → { valid: bool, isFranchise: bool, reason: string }
+   │
+   ▼
+RestaurantMapper.updateVerification(id, hidden, hiddenReason, verifiedAt)
+   │
+   ▼ (공개 조회 시)
+RestaurantService.list(...) → WHERE hidden = 0
+RestaurantController.adminList(includeHidden=true) → 전체 + hidden_reason 노출
+```
+
+I/O ↔ 순수 로직 경계: `parseVerifyResponse`는 순수 함수(LLM 응답 문자열 → 객체). 외부 I/O(LLM 호출, DB write)는 서비스 메서드.
+
+## 6. 데이터 모델
+
+### DB 마이그레이션
+```sql
+ALTER TABLE restaurants ADD (
+  hidden NUMBER(1) DEFAULT 0 NOT NULL,
+  hidden_reason VARCHAR2(120),
+  verified_at TIMESTAMP
+);
+CREATE INDEX idx_restaurants_hidden ON restaurants(hidden);
+```
+
+### Restaurant 도메인 추가 필드
+| 필드 | 타입 | 의미 |
+|------|------|------|
+| `hidden` | `Boolean` | true면 공개 조회에서 제외 |
+| `hiddenReason` | `String` | "not_restaurant" / "franchise" / "manual" / null |
+| `verifiedAt` | `Instant` | 마지막 검증 시각, null이면 미검증 |
+
+### LLM 응답 스키마
+```json
+{
+  "valid": true,
+  "is_franchise": false,
+  "reason": "한식 전문점, 로컬"
+}
+```
+
+## 7. 함수 명세
+
+| 함수 | 책임(1줄) | 시그니처(잠정) | 입력 | 출력 | 에러/실패 | 복잡? |
+|------|-----------|----------------|------|------|-----------|-------|
+| `RestaurantVerifyService.verify(id)` | 단건 검증 + DB 반영 | `void verify(String restaurantId)` | restaurantId | side-effect | LLM/DB 예외 → 로그 후 hidden 유지(공개) | **복잡** |
+| `RestaurantVerifyService.verifyAsync(id)` | 비동기 트리거 | `void verifyAsync(String restaurantId)` | id | - | thread pool 만원 → 다음 cron 처리 | 단순 |
+| `RestaurantVerifyService.verifyAll(limit)` | 백필(rate-limit 적용) | `int verifyAll(int batchSize)` | batch | 처리된 개수 | LLM rate limit → sleep | **복잡** |
+| `RestaurantVerifyService.buildPrompt(r)` | 프롬프트 생성 | `String buildPrompt(Restaurant)` | r | 프롬프트 문자열 | - | 단순 |
+| `RestaurantVerifyService.parseVerifyResponse(s)` | LLM 응답 → DTO | `VerifyResult parse(String)` | LLM raw | DTO | 파싱 실패 → valid=true 기본값(안전) | **복잡** |
+| `RestaurantMapper.updateVerification(id, hidden, reason, ts)` | DB 갱신 | `int update(...)` | 4 args | 업데이트 행 수 | DB 예외 | 단순 |
+| `RestaurantService.list()` (수정) | 공개 조회 hidden=0 필터 | `WHERE hidden = 0` 추가 | - | - | - | 단순 |
+| `AdminRestaurantController.toggleHidden(id)` (신규) | 어드민 수동 토글 | `PATCH /api/admin/restaurants/{id}/hidden` | id, body | success | requireAdmin | 단순 |
+| `AdminRestaurantController.verifyAll()` (신규) | 백필 트리거 | `POST /api/admin/restaurants/verify-all` | - | 처리 개수 | requireAdmin | 단순 |
+
+> 복잡 함수는 각각 `fn-verify.md`, `fn-verify-all.md`, `fn-parse-verify-response.md` 후속 분리 가능(현재 후속 이슈로).
+
+## 8. 흐름 / 알고리즘
+
+### 신규 등록 검증
+1. `PipelineService.processExtract` 완료 시 `restaurantId` 획득.
+2. `RestaurantVerifyService.verifyAsync(restaurantId)` 호출(@Async).
+3. 별도 스레드에서 `verify(id)` 실행:
+   - 식당 조회 → `buildPrompt` → `OciGenAiService.chat` → `parseVerifyResponse`
+   - `valid=false` 또는 `is_franchise=true`면 hidden=1, reason 설정
+   - `RestaurantMapper.updateVerification` 호출
+4. 캐시 무효화는 검증 결과가 hidden=1일 때만(공개 목록 변경).
+
+### 백필
+1. 어드민 `POST /api/admin/restaurants/verify-all` 호출.
+2. `verifyAll(batchSize=10)`:
+   - `WHERE verified_at IS NULL` 인 식당 10개 조회 → 순차 검증
+   - 식당당 200ms sleep(LLM rate limit 보호)
+   - 끝까지 반복(`do { ... } while (count == 10)`)
+3. 전체 카운트 반환.
+
+### 프롬프트
+```
+당신은 식당 데이터 큐레이터다. 다음 식당이 (1) 실제 운영 식당인지, (2) 흔한 프랜차이즈인지 판정하라.
+
+식당명: {name}
+주소: {address}
+지역: {region}
+음식 분류: {cuisineType}
+언급된 음식: {foodsMentioned}
+
+응답 형식(JSON만, 다른 텍스트 없이):
+{"valid": true|false, "is_franchise": true|false, "reason": "20자 이내"}
+
+가이드:
+- valid=false: 식당 이름이 사람 이름, 영상 제목 일부, 일반 명사("점심", "맛집"), 영문 prefix("name:", "title:") 등 분명히 식당이 아닌 경우.
+- is_franchise=true: 스타벅스, 맥도날드, 버거킹, 김밥천국, 본죽 등 전국 50개 이상 매장의 흔한 체인.
+- 판단이 모호하면 valid=true, is_franchise=false (보수적).
+```
+
+## 9. 엣지케이스 & 에러 처리
+
+- **LLM 응답이 JSON 아님**: `parseVerifyResponse`가 JSON 파싱 실패 → valid=true, is_franchise=false 기본값(안전).
+- **LLM 호출 실패(timeout/quota)**: 로그 후 verified_at 미설정 → 다음 백필에서 재시도.
+- **LLM이 false negative(잘못된 식당을 정상이라 판정)**: 어드민 수동 토글로 보완.
+- **LLM이 false positive(정상 식당을 잘못/프랜차이즈로 판정)**: 어드민 수동 hidden=false 토글.
+- **동시성**: verifyAsync가 같은 ID 두 번 호출돼도 idempotent(같은 결과로 update).
+- **레이트 리밋**: 백필에서 식당당 200ms sleep + 단건 검증은 별 신경 안 씀(빈도 낮음).
+
+## 10. 테스트 계획
+
+- 단위:
+  - `parseVerifyResponse`: 정상 JSON / 파손 JSON / 빈 문자열 / 마크다운 코드블록 포함 케이스.
+  - `buildPrompt`: 모든 필드 채워진 경우 / 일부 null 케이스.
+- 통합 (수동 또는 후속):
+  - 프랜차이즈 식당 1건 시드 → verifyAll → hidden=1 확인.
+  - 정상 식당 1건 시드 → verifyAll → hidden=0 확인.
+- 회귀: 기존 `GET /api/restaurants` 응답 구조 변경 없음(필드만 추가, 옵션).
+
+## 11. 리스크 & 대안 검토
+
+- **선택**: 단발 LLM 판정 + 어드민 수동 보완.
+- **대안 A**: 프랜차이즈 DB 자체 구축(스타벅스/맥도날드 등 화이트리스트 매칭) — 정확도↑이지만 운영 부담↑, 신규 프랜차이즈 누락 위험.
+- **대안 B**: 추출 단계(OciGenAiService.parseJson)에서 한 번에 판정 — 비용↓이지만 추출 로직 비대해짐.
+- **대안 C**: 이중 검증(LLM A + LLM B 일치 시만 hidden) — 정확도↑↑이지만 비용 2배.
+- **트레이드오프**: 단발 판정은 비용·복잡도 낮으나 false positive 가능. 어드민 토글로 보완 가능하므로 수용.
+
+## 12. 미해결 질문
+
+- 백필 1회 트리거 후 주기적 재검증 필요한가(예: 폐업 식당 자동 hidden)? — 후속.
+- LLM 비용 모니터링 — 별도 이슈로 분리 권고.
+- 프랜차이즈 판정 임계값 — 사용자 의견 수렴 필요. 현재 가이드는 "전국 50개 이상".
+- 어드민 UI에서 일괄 작업(체크박스 + 일괄 hidden 토글) — 별도 이슈.

frontend/src/app/admin/page.tsx

@@ -1470,12 +1470,12 @@ function VideosPanel({ isAdmin }: { isAdmin: boolean }) {
                               setEditRest({
                                 name: r.name,
                                 cuisine_type: r.cuisine_type || "",
-                                foods_mentioned: r.foods_mentioned.join(", "),
+                                foods_mentioned: (r.foods_mentioned || []).join(", "),
                                 evaluation: evalText,
                                 address: r.address || "",
                                 region: r.region || "",
                                 price_range: r.price_range || "",
-                                guests: r.guests.join(", "),
+                                guests: (r.guests || []).join(", "),
                               });
                             } : undefined}
                             title={isAdmin ? "클릭하여 수정" : undefined}
@@ -1513,7 +1513,7 @@ function VideosPanel({ isAdmin }: { isAdmin: boolean }) {
                               {r.cuisine_type && <p>종류: {r.cuisine_type}</p>}
                               {r.price_range && <p>가격대: {r.price_range}</p>}
                             </div>
-                            {r.foods_mentioned.length > 0 && (
+                            {r.foods_mentioned?.length > 0 && (
                               <div className="flex flex-wrap gap-1 mt-2">
                                 {r.foods_mentioned.map((f, j) => (
                                   <span key={j} className="px-1.5 py-0.5 bg-brand-50 text-brand-700 rounded text-xs">{f}</span>
@@ -1523,7 +1523,7 @@ function VideosPanel({ isAdmin }: { isAdmin: boolean }) {
                             {r.evaluation?.text && (
                               <p className="mt-1 text-xs text-gray-600">{r.evaluation.text}</p>
                             )}
-                            {r.guests.length > 0 && (
+                            {r.guests?.length > 0 && (
                               <p className="mt-1 text-xs text-gray-500">게스트: {r.guests.join(", ")}</p>
                             )}
                           </div>
@@ -1627,6 +1627,45 @@ function RestaurantsPanel({ isAdmin }: { isAdmin: boolean }) {
 
   useEffect(() => { load(); }, [load]);
 
+  // #322/#323 LLM 검증 UI
+  const [verifyPending, setVerifyPending] = useState<number | null>(null);
+  const [verifying, setVerifying] = useState(false);
+  const [verifyResult, setVerifyResult] = useState<string | null>(null);
+
+  const loadVerifyPending = useCallback(() => {
+    api.getVerifyPending().then((r) => setVerifyPending(r.pending)).catch(() => setVerifyPending(null));
+  }, []);
+  useEffect(() => { loadVerifyPending(); }, [loadVerifyPending]);
+
+  const handleVerifyAll = async () => {
+    if (!isAdmin) return;
+    if (!confirm(`미검증 식당 ${verifyPending ?? "?"}건을 LLM으로 일괄 검증합니다.\n잘못 등록된 데이터/프랜차이즈를 자동으로 숨김 처리합니다.\n진행할까요?`)) return;
+    setVerifying(true);
+    setVerifyResult(null);
+    try {
+      const r = await api.verifyAll(10);
+      setVerifyResult(`${r.processed}건 검증 완료`);
+      loadVerifyPending();
+      load();
+    } catch (e) {
+      setVerifyResult(`실패: ${e instanceof Error ? e.message : String(e)}`);
+    } finally {
+      setVerifying(false);
+    }
+  };
+
+  const handleToggleHidden = async (r: Restaurant) => {
+    if (!isAdmin) return;
+    const becomingHidden = !r.hidden;
+    const reason = becomingHidden ? (prompt("숨김 사유(선택)", "manual") ?? "manual") : "";
+    try {
+      await api.setRestaurantHidden(r.id, becomingHidden, reason || "manual");
+      load();
+    } catch (e) {
+      alert(`실패: ${e instanceof Error ? e.message : String(e)}`);
+    }
+  };
+
   const filtered = restaurants.filter((r) => {
     if (nameSearch && !r.name.toLowerCase().includes(nameSearch.toLowerCase())) return false;
     return true;
@@ -1728,6 +1767,18 @@ function RestaurantsPanel({ isAdmin }: { isAdmin: boolean }) {
           )}
         </div>
         {isAdmin && (<>
+          {/* #322/#323 — LLM 검증 */}
+          <div className="flex items-center gap-2 text-xs text-gray-600 dark:text-gray-400">
+            <span>미검증 {verifyPending ?? "?"}건</span>
+            <button
+              onClick={handleVerifyAll}
+              disabled={verifying || verifyPending === 0}
+              className="px-3 py-1 text-xs rounded bg-amber-500 hover:bg-amber-600 text-white disabled:opacity-50 disabled:cursor-not-allowed"
+            >
+              {verifying ? "검증 중..." : "LLM 검증"}
+            </button>
+            {verifyResult && <span className="text-amber-600">{verifyResult}</span>}
+          </div>
           <button
             onClick={async () => {
               const pending = await fetch(`/api/restaurants/tabling-pending`, {
@@ -1890,6 +1941,7 @@ function RestaurantsPanel({ isAdmin }: { isAdmin: boolean }) {
               <th className="text-left px-4 py-3 cursor-pointer select-none hover:bg-gray-100" onClick={() => handleSort("price_range")}>가격대{sortIcon("price_range")}</th>
               <th className="text-center px-4 py-3 cursor-pointer select-none hover:bg-gray-100" onClick={() => handleSort("rating")}>평점{sortIcon("rating")}</th>
               <th className="text-center px-4 py-3 cursor-pointer select-none hover:bg-gray-100" onClick={() => handleSort("business_status")}>상태{sortIcon("business_status")}</th>
+              <th className="text-center px-4 py-3">검증</th>
             </tr>
           </thead>
           <tbody>
@@ -1917,11 +1969,34 @@ function RestaurantsPanel({ isAdmin }: { isAdmin: boolean }) {
                     <span className="text-xs text-gray-400">-</span>
                   )}
                 </td>
+                <td className="px-4 py-3 text-center" onClick={(e) => e.stopPropagation()}>
+                  {r.hidden ? (
+                    <button
+                      onClick={() => handleToggleHidden(r)}
+                      disabled={!isAdmin}
+                      title={r.hidden_reason || "manual"}
+                      className="px-1.5 py-0.5 bg-red-100 text-red-700 rounded text-[10px] font-semibold hover:bg-red-200 disabled:opacity-50"
+                    >
+                      숨김 {r.hidden_reason ? `(${r.hidden_reason.slice(0, 12)})` : ""}
+                    </button>
+                  ) : r.verified_at ? (
+                    <button
+                      onClick={() => handleToggleHidden(r)}
+                      disabled={!isAdmin}
+                      title="검증 통과 — 클릭하면 숨김"
+                      className="px-1.5 py-0.5 bg-green-100 text-green-700 rounded text-[10px] font-semibold hover:bg-green-200 disabled:opacity-50"
+                    >
+                      OK
+                    </button>
+                  ) : (
+                    <span className="text-xs text-gray-400">미검증</span>
+                  )}
+                </td>
               </tr>
             ))}
             {!loading && filtered.length === 0 && (
               <tr>
-                <td colSpan={6} className="px-4 py-8 text-center text-gray-400">
+                <td colSpan={7} className="px-4 py-8 text-center text-gray-400">
                   식당 데이터가 없습니다
                 </td>
               </tr>
@@ -2144,6 +2219,7 @@ interface AdminUser {
   email: string | null;
   nickname: string | null;
   avatar_url: string | null;
+  is_admin: boolean;
   provider: string | null;
   created_at: string | null;
   favorite_count: number;
@@ -2246,6 +2322,7 @@ function UsersPanel() {
             <tr>
               <th className="text-left px-4 py-2">사용자</th>
               <th className="text-left px-4 py-2">이메일</th>
+              <th className="text-center px-4 py-2">관리자</th>
               <th className="text-center px-4 py-2">찜</th>
               <th className="text-center px-4 py-2">리뷰</th>
               <th className="text-center px-4 py-2">메모</th>
@@ -2282,6 +2359,27 @@ function UsersPanel() {
                   </div>
                 </td>
                 <td className="px-4 py-2 text-gray-500">{u.email || "-"}</td>
+                <td className="px-4 py-2 text-center">
+                  <button
+                    onClick={async (e) => {
+                      e.stopPropagation();
+                      try {
+                        await api.updateAdminUserAdmin(u.id, !u.is_admin);
+                        setUsers((prev) => prev.map((x) => x.id === u.id ? { ...x, is_admin: !u.is_admin } : x));
+                      } catch (err) {
+                        console.error("Failed to update admin:", err);
+                        alert("관리자 권한 변경에 실패했습니다.");
+                      }
+                    }}
+                    className={`inline-block px-2 py-0.5 rounded-full text-xs font-medium transition-colors ${
+                      u.is_admin
+                        ? "bg-green-100 text-green-700 hover:bg-green-200"
+                        : "bg-gray-100 text-gray-400 hover:bg-gray-200"
+                    }`}
+                  >
+                    {u.is_admin ? "ON" : "OFF"}
+                  </button>
+                </td>
                 <td className="px-4 py-2 text-center">
                   {u.favorite_count > 0 ? (
                     <span className="inline-block px-2 py-0.5 bg-red-50 text-red-600 rounded-full text-xs font-medium">

frontend/src/app/globals.css

@@ -18,6 +18,10 @@
   --brand-800: #9A4500;
   --brand-900: #6B3000;
   --brand-950: #3D1A00;
+  /* #344 z-index 토큰 (모달/오버레이가 매직 넘버 없이 일관) */
+  --z-bottom-sheet: 50;
+  --z-filter-sheet: 60;
+  --z-modal: 70;
   color-scheme: only light !important;
 }
 

frontend/src/components/LoginMenu.tsx

@@ -1,8 +1,9 @@
 "use client";
 
-import { useState } from "react";
+import { useRef, useState } from "react";
 import { createPortal } from "react-dom";
 import { GoogleLogin } from "@react-oauth/google";
+import { useEscapeKey, useFocusTrap, useBodyScrollLock } from "@/lib/hooks/useModalA11y";
 
 interface LoginMenuProps {
   onGoogleSuccess: (credential: string) => void;
@@ -10,6 +11,22 @@ interface LoginMenuProps {
 
 export default function LoginMenu({ onGoogleSuccess }: LoginMenuProps) {
   const [open, setOpen] = useState(false);
+  const [errorMsg, setErrorMsg] = useState<string | null>(null);
+  const dialogRef = useRef<HTMLDivElement>(null);
+  const titleId = "login-dialog-title";
+
+  // #283 — 모달 접근성: ESC / focus trap / body scroll lock
+  useEscapeKey(open, () => setOpen(false));
+  useFocusTrap(open, dialogRef);
+  useBodyScrollLock(open);
+
+  const handleSuccess = (res: { credential?: string }) => {
+    setErrorMsg(null);
+    if (res.credential) {
+      onGoogleSuccess(res.credential);
+      setOpen(false);
+    }
+  };
 
   return (
     <>
@@ -22,30 +39,40 @@ export default function LoginMenu({ onGoogleSuccess }: LoginMenuProps) {
 
       {open && createPortal(
         <div
+          // #344 — z-index 매직 넘버 99999 → CSS 변수 토큰 (--z-modal=70).
+          // 다른 오버레이(BottomSheet=50, FilterSheet=60) 위 일관된 stacking.
           className="fixed inset-0 flex items-center justify-center bg-black/40 backdrop-blur-sm"
-          style={{ zIndex: 99999 }}
+          style={{ zIndex: "var(--z-modal)" } as React.CSSProperties}
           onClick={(e) => { if (e.target === e.currentTarget) setOpen(false); }}
         >
-          <div className="bg-surface rounded-2xl shadow-2xl p-6 mx-4 w-full max-w-xs space-y-4">
+          <div
+            ref={dialogRef}
+            role="dialog"
+            aria-modal="true"
+            aria-labelledby={titleId}
+            tabIndex={-1}
+            className="bg-surface rounded-2xl shadow-2xl p-6 mx-4 w-full max-w-sm space-y-4"
+          >
             <div className="flex items-center justify-between">
-              <h3 className="text-base font-semibold dark:text-gray-100">로그인</h3>
+              <h3 id={titleId} className="text-base font-semibold dark:text-gray-100">로그인</h3>
               <button
                 onClick={() => setOpen(false)}
-                className="text-gray-400 hover:text-gray-600 dark:hover:text-gray-200 text-lg leading-none"
+                aria-label="로그인 창 닫기"
+                className="text-gray-400 hover:text-gray-600 dark:hover:text-gray-200 text-lg leading-none p-2 -m-2"
               >
                 ✕
               </button>
             </div>
             <p className="text-xs text-gray-400 dark:text-gray-500">소셜 계정으로 간편 로그인</p>
+            {errorMsg && (
+              <p role="alert" className="text-xs text-red-600 dark:text-red-400 bg-red-50 dark:bg-red-950/40 rounded p-2">
+                {errorMsg}
+              </p>
+            )}
             <div className="flex flex-col items-center gap-3">
               <GoogleLogin
-                onSuccess={(res) => {
-                  if (res.credential) {
-                    onGoogleSuccess(res.credential);
-                    setOpen(false);
-                  }
-                }}
-                onError={() => console.error("Google login failed")}
+                onSuccess={handleSuccess}
+                onError={() => setErrorMsg("Google 로그인에 실패했습니다. 팝업 차단 또는 네트워크 상태를 확인해주세요.")}
                 size="large"
                 width="260"
                 text="signin_with"

frontend/src/components/MapView.tsx

@@ -67,8 +67,7 @@ type RestaurantProps = { restaurant: Restaurant };
 type RestaurantFeature = Supercluster.PointFeature<RestaurantProps>;
 
 function useSupercluster(restaurants: Restaurant[]) {
-  const indexRef = useRef<Supercluster<{ restaurant: Restaurant }> | null>(null);
-
+  // #278 — indexRef 제거 (set만 되고 read 없는 dead code)
   const points: RestaurantFeature[] = useMemo(
     () =>
       restaurants.map((r) => ({
@@ -86,7 +85,6 @@ function useSupercluster(restaurants: Restaurant[]) {
       minPoints: 2,
     });
     sc.load(points);
-    indexRef.current = sc;
     return sc;
   }, [points]);
 
@@ -129,12 +127,7 @@ function MapContent({ restaurants, selected, onSelectRestaurant, flyTo, activeCh
   const channelColors = useMemo(() => getChannelColorMap(restaurants), [restaurants]);
   const { getClusters, getExpansionZoom } = useSupercluster(restaurants);
 
-  // Build a lookup for restaurants by id
-  const restaurantMap = useMemo(() => {
-    const m: Record<string, Restaurant> = {};
-    restaurants.forEach((r) => { m[r.id] = r; });
-    return m;
-  }, [restaurants]);
+  // #278 — restaurantMap 제거 (빌드만 되고 렌더에서 사용 안 됨, dead code)
 
   const clusters = useMemo(() => {
     if (!bounds) return [];
@@ -273,7 +266,7 @@ function MapContent({ restaurants, selected, onSelectRestaurant, flyTo, activeCh
                   textDecoration: isClosed ? "line-through" : "none",
                 }}
               >
-                <span className="material-symbols-rounded" style={{ fontSize: 14, marginRight: 3, verticalAlign: "middle", color: "#E8720C" }}>{getCuisineIcon(r.cuisine_type)}</span>
+                <span className="material-symbols-rounded" style={{ fontSize: 14, width: 14, height: 14, overflow: "hidden", display: "inline-flex", alignItems: "center", justifyContent: "center", marginRight: 3, verticalAlign: "middle", color: "#E8720C" }}>{getCuisineIcon(r.cuisine_type)}</span>
                 {r.name}
               </div>
               <div
@@ -298,7 +291,7 @@ function MapContent({ restaurants, selected, onSelectRestaurant, flyTo, activeCh
         >
           <div style={{ backgroundColor: "#ffffff", color: "#171717", colorScheme: "light" }} className="max-w-xs p-1">
             <div className="flex items-center gap-2">
-              <h3 className="font-bold text-base" style={{ color: "#171717" }}><span className="material-symbols-rounded" style={{ fontSize: 18, verticalAlign: "middle", color: "#E8720C", marginRight: 4 }}>{getCuisineIcon(infoTarget.cuisine_type)}</span>{infoTarget.name}</h3>
+              <h3 className="font-bold text-base" style={{ color: "#171717" }}><span className="material-symbols-rounded" style={{ fontSize: 18, width: 18, height: 18, overflow: "hidden", display: "inline-flex", alignItems: "center", justifyContent: "center", verticalAlign: "middle", color: "#E8720C", marginRight: 4 }}>{getCuisineIcon(infoTarget.cuisine_type)}</span>{infoTarget.name}</h3>
               {infoTarget.business_status === "CLOSED_PERMANENTLY" && (
                 <span className="px-1.5 py-0.5 bg-red-100 text-red-700 rounded text-[10px] font-semibold">폐업</span>
               )}
@@ -357,6 +350,13 @@ export default function MapView({ restaurants, selected, onSelectRestaurant, onB
     }, 150);
   }, [onBoundsChanged]);
 
+  // #278 — 언마운트 시 디바운스 타이머 정리 (메모리 누수 + unmounted setState 경고 방지)
+  useEffect(() => {
+    return () => {
+      if (boundsTimerRef.current) clearTimeout(boundsTimerRef.current);
+    };
+  }, []);
+
   return (
     <APIProvider apiKey={API_KEY}>
       <Map
@@ -380,10 +380,12 @@ export default function MapView({ restaurants, selected, onSelectRestaurant, onB
       {onMyLocation && (
         <button
           onClick={onMyLocation}
-          className="absolute top-2 right-2 w-9 h-9 bg-surface rounded-lg shadow-md flex items-center justify-center text-gray-600 dark:text-gray-300 hover:text-brand-500 dark:hover:text-brand-400 transition-colors z-10"
+          aria-label="내 위치로 이동"
+          // #278 — 44×44px 터치 영역 확보 (이전 36px)
+          className="absolute top-2 right-2 w-11 h-11 bg-surface rounded-lg shadow-md flex items-center justify-center text-gray-600 dark:text-gray-300 hover:text-brand-500 dark:hover:text-brand-400 transition-colors z-10 touch-manipulation"
           title="내 위치"
         >
-          <Icon name="my_location" size={20} />
+          <Icon name="my_location" size={22} />
         </button>
       )}
       {channelNames.length > 0 && (

frontend/src/components/MemoSection.tsx

@@ -5,11 +5,13 @@ import { api } from "@/lib/api";
 import type { Memo } from "@/lib/api";
 import { useAuth } from "@/lib/auth-context";
 import Icon from "@/components/Icon";
+import Stars from "@/components/Stars";
 
 interface MemoSectionProps {
   restaurantId: string;
 }
 
+// #281 — ReviewSection의 StarSelector와 동일 UX (0.5 단위 + 44px 터치 + ARIA radiogroup)
 function StarSelector({
   value,
   onChange,
@@ -18,38 +20,32 @@ function StarSelector({
   onChange: (v: number) => void;
 }) {
   return (
-    <div className="flex items-center gap-1">
+    <div role="radiogroup" aria-label="별점 선택" className="flex items-center gap-0.5">
       <span className="text-xs text-gray-500 mr-1">별점:</span>
-      {[0.5, 1, 1.5, 2, 2.5, 3, 3.5, 4, 4.5, 5].map((v) => (
+      {[1, 2, 3, 4, 5].map((v) => {
+        const nextVal = value === v ? v - 0.5 : v;
+        return (
           <button
             key={v}
             type="button"
-          onClick={() => onChange(v)}
-          className={`w-6 h-6 text-xs rounded border ${
-            value === v
-              ? "bg-yellow-500 text-white border-yellow-600"
-              : "bg-white text-gray-600 border-gray-300 hover:border-yellow-400"
-          }`}
+            role="radio"
+            aria-checked={value >= v - 0.5 && value <= v}
+            aria-label={`${nextVal}점`}
+            onClick={() => onChange(nextVal)}
+            className="min-w-[44px] min-h-[44px] flex items-center justify-center touch-manipulation"
+            title={`${nextVal}점`}
           >
-          {v}
+            <span className={`text-xl ${v <= value ? "text-yellow-500" : v - 0.5 === value ? "text-yellow-400" : "text-gray-300"}`}>
+              {v <= value ? "★" : v - 0.5 === value ? "⯨" : "☆"}
+            </span>
           </button>
-      ))}
+        );
+      })}
+      {value > 0 && <span className="text-xs text-yellow-600 font-medium ml-1">{value}</span>}
     </div>
   );
 }
 
-function StarDisplay({ rating }: { rating: number }) {
-  const stars = [];
-  for (let i = 1; i <= 5; i++) {
-    stars.push(
-      <span key={i} className={rating >= i - 0.5 ? "text-yellow-500" : "text-gray-300"}>
-        ★
-      </span>
-    );
-  }
-  return <span className="text-sm">{stars}</span>;
-}
-
 export default function MemoSection({ restaurantId }: MemoSectionProps) {
   const { user } = useAuth();
   const [memo, setMemo] = useState<Memo | null>(null);
@@ -104,6 +100,9 @@ export default function MemoSection({ restaurantId }: MemoSectionProps) {
       setMemo(saved);
       setShowForm(false);
       setEditing(false);
+    } catch (err) {
+      // #281 — 사용자 피드백
+      alert(`메모 저장 실패: ${err instanceof Error ? err.message : String(err)}`);
     } finally {
       setSubmitting(false);
     }
@@ -111,8 +110,12 @@ export default function MemoSection({ restaurantId }: MemoSectionProps) {
 
   const handleDelete = async () => {
     if (!confirm("메모를 삭제하시겠습니까?")) return;
+    try {
       await api.deleteMemo(restaurantId);
       setMemo(null);
+    } catch (err) {
+      alert(`메모 삭제 실패: ${err instanceof Error ? err.message : String(err)}`);
+    }
   };
 
   return (
@@ -167,7 +170,7 @@ export default function MemoSection({ restaurantId }: MemoSectionProps) {
       ) : memo ? (
         <div className="border border-brand-200 rounded-lg p-3 bg-brand-50/30">
           <div className="flex items-center gap-2 mb-1">
-            {memo.rating && <StarDisplay rating={memo.rating} />}
+            {memo.rating && <Stars rating={memo.rating} />}
             {memo.visited_at && (
               <span className="text-xs text-gray-400">방문일: {memo.visited_at}</span>
             )}

frontend/src/components/MyReviewsList.tsx

@@ -3,6 +3,7 @@
 import { useState } from "react";
 import type { Review, Memo } from "@/lib/api";
 import Icon from "@/components/Icon";
+import Stars from "@/components/Stars";
 
 interface MyReview extends Review {
   restaurant_id: string;
@@ -82,9 +83,9 @@ export default function MyReviewsList({
                   <span className="font-semibold text-sm truncate">
                     {r.restaurant_name || "알 수 없는 식당"}
                   </span>
-                  <span className="text-yellow-500 text-sm shrink-0 ml-2">
-                    {"★".repeat(Math.round(r.rating))}
-                    <span className="text-gray-500 ml-1">{r.rating}</span>
+                  <span className="text-sm shrink-0 ml-2 flex items-center gap-1">
+                    <Stars rating={r.rating} />
+                    <span className="text-gray-500">{r.rating}</span>
                   </span>
                 </div>
                 {r.review_text && (
@@ -118,9 +119,9 @@ export default function MyReviewsList({
                     {m.restaurant_name || "알 수 없는 식당"}
                   </span>
                   {m.rating && (
-                    <span className="text-yellow-500 text-sm shrink-0 ml-2">
-                      {"★".repeat(Math.round(m.rating))}
-                      <span className="text-gray-500 ml-1">{m.rating}</span>
+                    <span className="text-sm shrink-0 ml-2 flex items-center gap-1">
+                      <Stars rating={m.rating} />
+                      <span className="text-gray-500">{m.rating}</span>
                     </span>
                   )}
                 </div>

frontend/src/components/RestaurantDetail.tsx

@@ -13,6 +13,17 @@ interface RestaurantDetailProps {
   onClose: () => void;
 }
 
+// #319 — 외부 지도 검색용 쿼리 빌더. region이 더미('나라|' 형태)면 무시.
+function buildSearchQuery(r: Restaurant): string {
+  if (r.address) return `${r.name} ${r.address}`;
+  if (r.region) {
+    const cleanRegion = r.region.replace(/\|/g, " ").trim();
+    // 빈 토큰만 남는 경우 (예: '한국' 또는 '한국|') → name만 사용
+    if (cleanRegion && cleanRegion !== "한국") return `${r.name} ${cleanRegion}`;
+  }
+  return r.name;
+}
+
 export default function RestaurantDetail({
   restaurant,
   onClose,
@@ -128,7 +139,7 @@ export default function RestaurantDetail({
         {restaurant.google_place_id && (
           <p className="flex gap-3">
             <a
-              href={`https://www.google.com/maps/search/?api=1&query=${encodeURIComponent(restaurant.name + (restaurant.address ? " " + restaurant.address : restaurant.region ? " " + restaurant.region.replace(/\|/g, " ") : ""))}`}
+              href={`https://www.google.com/maps/search/?api=1&query=${encodeURIComponent(buildSearchQuery(restaurant))}`}
               target="_blank"
               rel="noopener noreferrer"
               className="text-brand-600 dark:text-brand-400 hover:underline text-xs"

frontend/src/components/ReviewSection.tsx

@@ -4,37 +4,12 @@ import { useCallback, useEffect, useState } from "react";
 import { api } from "@/lib/api";
 import type { Review } from "@/lib/api";
 import { useAuth } from "@/lib/auth-context";
+import Stars from "@/components/Stars";
 
 interface ReviewSectionProps {
   restaurantId: string;
 }
 
-function StarDisplay({ rating }: { rating: number }) {
-  const stars = [];
-  for (let i = 1; i <= 5; i++) {
-    if (rating >= i) {
-      stars.push(
-        <span key={i} className="text-yellow-500">
-          ★
-        </span>
-      );
-    } else if (rating >= i - 0.5) {
-      stars.push(
-        <span key={i} className="text-yellow-500">
-          ★
-        </span>
-      );
-    } else {
-      stars.push(
-        <span key={i} className="text-gray-300">
-          ★
-        </span>
-      );
-    }
-  }
-  return <span className="text-sm">{stars}</span>;
-}
-
 function StarSelector({
   value,
   onChange,
@@ -43,22 +18,30 @@ function StarSelector({
   onChange: (v: number) => void;
 }) {
   return (
-    <div className="flex items-center gap-1">
+    <div role="radiogroup" aria-label="별점 선택" className="flex items-center gap-0.5">
       <span className="text-xs text-gray-500 mr-1">별점:</span>
-      {[0.5, 1, 1.5, 2, 2.5, 3, 3.5, 4, 4.5, 5].map((v) => (
+      {[1, 2, 3, 4, 5].map((v) => {
+        const isCurrent = value === v || value === v - 0.5;
+        const nextVal = value === v ? v - 0.5 : v;
+        return (
           <button
             key={v}
             type="button"
-          onClick={() => onChange(v)}
-          className={`w-6 h-6 text-xs rounded border ${
-            value === v
-              ? "bg-yellow-500 text-white border-yellow-600"
-              : "bg-white text-gray-600 border-gray-300 hover:border-yellow-400"
-          }`}
+            role="radio"
+            aria-checked={value >= v - 0.5 && value <= v}
+            aria-label={`${nextVal}점`}
+            onClick={() => onChange(nextVal)}
+            // #281 — 최소 터치 영역 44×44
+            className="min-w-[44px] min-h-[44px] flex items-center justify-center touch-manipulation"
+            title={`${nextVal}점`}
           >
-          {v}
+            <span className={`text-xl ${v <= value ? "text-yellow-500" : v - 0.5 === value ? "text-yellow-400" : "text-gray-300"}`}>
+              {v <= value ? "★" : v - 0.5 === value ? "⯨" : "☆"}
+            </span>
           </button>
-      ))}
+        );
+      })}
+      {value > 0 && <span className="text-xs text-yellow-600 font-medium ml-1">{value}</span>}
     </div>
   );
 }
@@ -170,29 +153,42 @@ export default function ReviewSection({ restaurantId }: ReviewSectionProps) {
     ? reviews.find((r) => r.user_id === user.id)
     : null;
 
+  // #281 — API 실패 시 unhandled rejection 방지 + 사용자 피드백
   const handleCreate = async (data: {
     rating: number;
     review_text?: string;
     visited_at?: string;
   }) => {
+    try {
       await api.createReview(restaurantId, data);
       setShowForm(false);
       loadReviews();
+    } catch (e) {
+      alert(`리뷰 작성 실패: ${e instanceof Error ? e.message : String(e)}`);
+    }
   };
 
   const handleUpdate = async (
     reviewId: string,
     data: { rating: number; review_text?: string; visited_at?: string }
   ) => {
+    try {
       await api.updateReview(reviewId, data);
       setEditingId(null);
       loadReviews();
+    } catch (e) {
+      alert(`리뷰 수정 실패: ${e instanceof Error ? e.message : String(e)}`);
+    }
   };
 
   const handleDelete = async (reviewId: string) => {
     if (!confirm("리뷰를 삭제하시겠습니까?")) return;
+    try {
       await api.deleteReview(reviewId);
       loadReviews();
+    } catch (e) {
+      alert(`리뷰 삭제 실패: ${e instanceof Error ? e.message : String(e)}`);
+    }
   };
 
   return (
@@ -216,7 +212,7 @@ export default function ReviewSection({ restaurantId }: ReviewSectionProps) {
         <>
           {reviewCount > 0 && avgRating !== null && (
             <div className="flex items-center gap-2 mb-3 text-sm">
-              <StarDisplay rating={Math.round(avgRating * 2) / 2} />
+              <Stars rating={Math.round(avgRating * 2) / 2} />
               <span className="font-medium">{avgRating.toFixed(1)}</span>
               <span className="text-gray-500">({reviewCount}개)</span>
             </div>
@@ -270,7 +266,7 @@ export default function ReviewSection({ restaurantId }: ReviewSectionProps) {
                         <span className="text-sm font-medium">
                           {review.user_nickname || "익명"}
                         </span>
-                        <StarDisplay rating={review.rating} />
+                        <Stars rating={review.rating} />
                         <span className="text-xs text-gray-400">
                           {new Date(review.created_at).toLocaleDateString(
                             "ko-KR"

frontend/src/components/Stars.tsx

@@ -0,0 +1,37 @@
+// #281 공통 별점 컴포넌트 — ReviewSection/MemoSection/MyReviewsList 재사용.
+// 0.5 단위 시각 구분: 빈 별 위에 황색 절반 별을 절대배치 + clip으로 표시.
+
+interface StarsProps {
+  rating: number; // 0~5, 0.5 단위
+  size?: "sm" | "md";
+  showNumber?: boolean;
+  className?: string;
+}
+
+export default function Stars({ rating, size = "sm", showNumber = false, className = "" }: StarsProps) {
+  const r = Math.max(0, Math.min(5, rating));
+  const textSize = size === "md" ? "text-base" : "text-sm";
+  return (
+    <span className={`inline-flex items-center gap-0.5 ${textSize} ${className}`} aria-label={`${r}점`}>
+      {[1, 2, 3, 4, 5].map((i) => {
+        const full = r >= i;
+        const half = !full && r >= i - 0.5;
+        return (
+          <span key={i} className="relative inline-block leading-none">
+            <span className="text-gray-300">★</span>
+            {(full || half) && (
+              <span
+                aria-hidden="true"
+                className="absolute inset-0 text-yellow-500 overflow-hidden"
+                style={{ width: full ? "100%" : "50%" }}
+              >
+                ★
+              </span>
+            )}
+          </span>
+        );
+      })}
+      {showNumber && r > 0 && <span className="text-xs text-yellow-600 font-medium ml-1">{r}</span>}
+    </span>
+  );
+}

frontend/src/lib/admin-utils.ts

@@ -0,0 +1,52 @@
+// #304 어드민 페이지 공통 유틸.
+// 결함: localStorage 직접 접근 10+곳 / SSE 파싱 코드 6곳 중복.
+
+const TOKEN_KEY = "tasteby_token";
+
+export function getAdminToken(): string | null {
+  if (typeof window === "undefined") return null;
+  return localStorage.getItem(TOKEN_KEY);
+}
+
+export function authHeaders(): Record<string, string> {
+  const token = getAdminToken();
+  return token ? { Authorization: `Bearer ${token}` } : {};
+}
+
+/**
+ * SSE(Server-Sent Events) 스트림을 라인 단위로 파싱하여 onEvent 콜백을 호출.
+ * 호환 패턴: `data: { ...json... }` 한 줄 = 한 이벤트.
+ * 비어있는 줄은 무시. JSON 파싱 실패 시 콜백 skip.
+ */
+export async function consumeSseStream(
+  response: Response,
+  onEvent: (event: unknown) => void,
+  onError?: (err: unknown) => void,
+): Promise<void> {
+  const reader = response.body?.getReader();
+  if (!reader) return;
+  const decoder = new TextDecoder();
+  let buffer = "";
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      buffer += decoder.decode(value, { stream: true });
+      const lines = buffer.split("\n");
+      buffer = lines.pop() ?? "";
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed.startsWith("data:")) continue;
+        const payload = trimmed.slice(5).trim();
+        if (!payload) continue;
+        try {
+          onEvent(JSON.parse(payload));
+        } catch {
+          // 무시: 일부 SSE 줄이 JSON이 아닐 수도 있음
+        }
+      }
+    }
+  } catch (err) {
+    onError?.(err);
+  }
+}

frontend/src/lib/api.ts

@@ -51,6 +51,10 @@ export interface Restaurant {
   website: string | null;
   channels?: string[];
   foods_mentioned?: string[];
+  // #322 LLM 검증
+  hidden?: boolean;
+  hidden_reason?: string | null;
+  verified_at?: string | null;
 }
 
 export interface VideoLink {
@@ -310,6 +314,7 @@ export const api = {
         email: string | null;
         nickname: string | null;
         avatar_url: string | null;
+        is_admin: boolean;
         provider: string | null;
         created_at: string | null;
         favorite_count: number;
@@ -320,6 +325,14 @@ export const api = {
     }>(`/api/admin/users${qs ? `?${qs}` : ""}`);
   },
 
+  updateAdminUserAdmin(userId: string, admin: boolean) {
+    return fetchApi<{ success: boolean }>(`/api/admin/users/${userId}/admin`, {
+      method: "PATCH",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ admin }),
+    });
+  },
+
   getAdminUserFavorites(userId: string) {
     return fetchApi<
       {
@@ -567,4 +580,30 @@ export const api = {
       { method: "POST" }
     );
   },
+
+  // #322 — LLM 검증 어드민 API
+  getVerifyPending() {
+    return fetchApi<{ pending: number }>("/api/admin/restaurants/verify/pending");
+  },
+  verifyAll(batchSize: number = 10) {
+    return fetchApi<{ processed: number }>(
+      `/api/admin/restaurants/verify/all?batchSize=${batchSize}`,
+      { method: "POST" }
+    );
+  },
+  verifyOne(id: string) {
+    return fetchApi<{ success: boolean; id: string }>(
+      `/api/admin/restaurants/${id}/verify`,
+      { method: "POST" }
+    );
+  },
+  setRestaurantHidden(id: string, hidden: boolean, reason: string = "manual") {
+    return fetchApi<{ success: boolean; id: string; hidden: boolean }>(
+      `/api/admin/restaurants/${id}/hidden`,
+      {
+        method: "PATCH",
+        body: JSON.stringify({ hidden, reason }),
+      }
+    );
+  },
 };