# Optional per-repo Gadfly config. Place at the repo ROOT as `.gadfly.yml` # (or point GADFLY_CONFIG at it). It's read from the PR's checked-out tree, so # it's version-controlled and reviewed like any other file. # # Precedence for specialist DEFINITIONS: built-ins < this file < GADFLY_SPECIALIST_* env. # Precedence for SELECTION: GADFLY_SPECIALISTS env > this file's `specialists:` > default suite. # Which specialists run. Omit this key to use the default suite # (security, correctness, maintainability, performance, error-handling). # Built-in opt-ins you can add: tests, docs, conventions, improvements. Or "all". specialists: - security - correctness - maintainability - tests - migrations # a custom one, defined below # Add new specialists, or override a built-in by reusing its name (e.g. give # `security` a repo-specific focus). `focus` is appended to the base reviewer # prompt as that lens's instruction. define: - name: migrations title: "🗃️ DB migrations" focus: > Review database schema migrations for destructive operations (DROP/ALTER that loses data), missing or unindexed foreign keys, non-idempotent steps, and changes that would lock a large table on deploy. Check that any new column added to a domain struct is wired through every storage layer. - name: security title: "🔒 Security (house rules)" focus: > In addition to the usual security review, this repo requires: all web routes use the auth middleware, no secrets in logs, and all external HTTP calls set a timeout. Flag any violation.