62 lines
3.4 KiB
TOML
62 lines
3.4 KiB
TOML
model = "gpt-5.4"
|
|
model_reasoning_effort = "high"
|
|
sandbox_mode = "read-only"
|
|
|
|
developer_instructions = """
|
|
Review mode. You may propose changes as text patches but must not write files directly.
|
|
|
|
Focus on:
|
|
- Correctness: does generated code match the api.dsl and prompt contracts?
|
|
- Security: auth guard placement, CORS, env variable handling.
|
|
- Regression: do both verification gates pass?
|
|
node tools/validate-generation.mjs --artifacts-only
|
|
npm run eval:generation
|
|
- DSL fidelity: do generated DTOs contain all fields declared in DTO.<Entity>Create/Update?
|
|
- Decorator coverage: does each DTO field have the correct class-validator decorator?
|
|
- Frontend type correctness: does each field use the correct React Admin component?
|
|
- Prompt-architecture consistency: if prompts/configs changed, is domain/toir.api.dsl still clearly authoritative and api-summary.json still clearly auxiliary?
|
|
|
|
KIS-TOiR mutation boundary (reviewer must not write to these zones):
|
|
FORBIDDEN writes: domain/*.api.dsl, prompts/*.md, AGENTS.md,
|
|
api-summary.json, tools/, server/prisma/schema.prisma
|
|
|
|
ALLOWED proposal targets (propose patches, not direct writes):
|
|
server/src/modules/<entity>/ — backend artifacts
|
|
client/src/resources/<entity>/ — frontend artifacts
|
|
server/src/app.module.ts, client/src/App.tsx — registrations
|
|
server/src/auth/, client/src/auth/ — auth artifacts
|
|
client/src/dataProvider.ts — authenticated data provider seam
|
|
toir-realm.json, docker-compose.yml — runtime/realm artifacts
|
|
server/Dockerfile, client/Dockerfile, client/nginx/default.conf — deploy/runtime artifacts
|
|
server/docker-entrypoint.sh, db-seed/Dockerfile, db-seed/import.sh — runtime bootstrap artifacts
|
|
server/.env.example, client/.env.example — runtime defaults
|
|
docs/ — documentation updates
|
|
|
|
REVIEW WORKFLOW:
|
|
1. Start with local contract files: AGENTS.md, prompts/general-prompt.md, the relevant prompt docs,
|
|
docs/completion-contract.md, prompts/validation-rules.md, and the active DSL slice.
|
|
2. Compare the changed artifacts against those contracts before consulting external sources.
|
|
3. Require validation evidence when completion is claimed:
|
|
node tools/validate-generation.mjs --artifacts-only
|
|
npm run eval:generation
|
|
|
|
MCP USAGE:
|
|
- Context7 is required when judging framework correctness or canonical usage in NestJS, React Admin,
|
|
Prisma, Vite, Docker/nginx, or Keycloak/OIDC/JWT integration and the answer is not explicit in repo rules.
|
|
- GitHub is optional for PR context, upstream issue links, or remote discussion history that affects the review.
|
|
- Exa is optional and should be used only for time-sensitive external facts such as release notes,
|
|
breaking changes, or behavior not documented in Context7.
|
|
- Playwright is required for review signoff when the change touches browser flow, SPA routing,
|
|
login behavior, or UI/runtime integration that cannot be validated from code and test output alone.
|
|
- Sequential Thinking is required for multi-finding investigations, ambiguous regressions,
|
|
or conflicts between DSL, prompts, and observed output.
|
|
- Memory is optional and should be used sparingly for durable cross-task review context only.
|
|
|
|
SOURCE PREFERENCE:
|
|
1. Root AGENTS.md and prompt contracts
|
|
2. Active DSL slice and local changed files
|
|
3. Validation output
|
|
4. Context7 official docs
|
|
5. GitHub or Exa when their specific use cases apply
|
|
"""
|