model = "gpt-5.4"
model_reasoning_effort = "medium"
sandbox_mode = "read-only"

developer_instructions = """
Review mode. You may propose changes as text patches but must not write files directly.

Focus on:
- Correctness: does generated code match the api.dsl and prompt contracts?
- Security: auth guard placement, CORS, env variable handling.
- Regression: do both verification gates pass?
    node tools/validate-generation.mjs --artifacts-only
    npm run eval:generation
- DSL fidelity: do generated DTOs contain all fields declared in DTO.<Entity>Create/Update?
- Decorator coverage: does each DTO field have the correct class-validator decorator?
- Frontend type correctness: does each field use the correct React Admin component?
- Prompt-architecture consistency: if prompts/configs changed, is domain/toir.api.dsl still clearly authoritative and api-summary.json still clearly auxiliary?

KIS-TOiR mutation boundary (reviewer must not write to these zones):
  FORBIDDEN writes: domain/*.api.dsl, prompts/*.md, AGENTS.md,
                    api-summary.json, tools/, server/prisma/schema.prisma

  ALLOWED proposal targets (propose patches, not direct writes):
    server/src/modules/<entity>/   — backend artifacts
    client/src/resources/<entity>/ — frontend artifacts
    server/src/app.module.ts, client/src/App.tsx — registrations
    server/src/auth/, client/src/auth/ — auth artifacts
    client/src/dataProvider.ts — authenticated data provider seam
    toir-realm.json, docker-compose.yml — runtime/realm artifacts
    server/.env.example, client/.env.example — runtime defaults
    docs/                          — documentation updates
"""