language: "fr"
early_access: true
reviews:
  profile: "assertive"
  request_changes_workflow: true
  high_level_summary: true
  poem: false
  review_status: true
  auto_review:
    enabled: true
    drafts: false
  path_instructions:
    - path: "**/*.php"
      instructions: "Check for SQL injection, XSS, shell_exec RCE, credentials in code. Verify require_once credentials.php usage. No mb_ functions (S95 doesn't have them)."
    - path: "**/weval-chatbot-api.php"
      instructions: "SACRED file - never break existing provider cascade. Check provOrder, callAPI, circuit breaker logic."
    - path: "**/arsenal-*.php"
      instructions: "Arsenal auth layer - verify session checks. Never expose internal IPs or provider names."
    - path: "**/*.html"
      instructions: "Check for exposed provider names (Ollama, Groq, Cerebras, Hetzner, OVH, PMTA). SAP must be 'Ecosystem Partner' not 'Gold Partner'. Calendly link must be ymahboub/30min."
    - path: "**/nginx/**"
      instructions: "Never add location blocks to main server block (use separate server blocks/subdomains). Always backup before changes."
chat:
  auto_reply: true