Hardcoded token limit numbers (if (tokens > 4000)) become silently wrong when you upgrade a model. GPT-3.5 turbo ran at 4K, then 16K. GPT-4o runs at 128K. Claude Sonnet at 200K. If the magic number in your route handler was written for an old model and the model is later swapped, every conversation will truncate far too aggressively — or not at all — with no indication that the limit constant is stale. ISO 25010 maintainability requires that configuration be centralized and named, not scattered as bare literals.
Low because stale magic number limits degrade behavior silently on model upgrades but do not cause immediate crashes or security failures.
Define a centralized MODEL_CONFIG object in src/lib/ai/models.ts that maps each model to its context window and pricing, then reference it by name throughout the codebase. Never write bare token-limit numbers in route handlers.
// src/lib/ai/models.ts
export const MODEL_CONFIG = {
"gpt-4o": { contextWindow: 128000, inputPricePer1M: 2.50, outputPricePer1M: 10.00 },
"gpt-4o-mini": { contextWindow: 128000, inputPricePer1M: 0.15, outputPricePer1M: 0.60 },
"claude-3-5-sonnet-20241022": { contextWindow: 200000, inputPricePer1M: 3.00, outputPricePer1M: 15.00 },
} as const;
export type SupportedModel = keyof typeof MODEL_CONFIG;
Verify by searching the codebase for bare token limit numbers (4096, 16384, 128000) in route handlers — none should appear as inline literals.
ID: ai-token-optimization.context-management.max-context-config
Severity: low
What to look for: Look for a configuration object or constants file that defines context limits per model (e.g., GPT4O_CONTEXT = 128000). This is separate from any runtime calculation — it's the static configuration that the application uses as its source of truth for model capabilities. Check whether magic numbers appear directly in API route logic (e.g., if (tokens > 4000)) without referencing a named constant. Count all instances found and enumerate each.
Pass criteria: Model context limits are defined in a centralized configuration (a constants file or model config object) and referenced by name throughout the codebase, rather than scattered as inline magic numbers. At least 1 implementation must be confirmed.
Fail criteria: Magic number token limits appear inline in route handlers or utility functions without being tied to named constants, or there is no centralized awareness of model context limits at all.
Skip (N/A) when: The project is very small (single AI call, single model, no complex routing) and the limit check is trivially obvious from the one location where it appears. Signal: Only one file makes AI calls, that file has a single clearly-named limit constant inline, and there is no model switching.
Detail on fail: "Context limits are magic numbers — switching models will silently use wrong limits"
Remediation: Different models have dramatically different context windows (GPT-3.5 turbo: 16K, GPT-4o: 128K, Claude Sonnet: 200K). Hardcoded numbers become incorrect when models are upgraded or swapped.
Centralize model configuration:
// src/lib/ai/models.ts
export const MODEL_CONFIG = {
"gpt-4o": {
contextWindow: 128000,
costPerInputToken: 0.0000025,
costPerOutputToken: 0.000010,
},
"gpt-4o-mini": {
contextWindow: 128000,
costPerInputToken: 0.00000015,
costPerOutputToken: 0.0000006,
},
"claude-3-5-sonnet-20241022": {
contextWindow: 200000,
costPerInputToken: 0.000003,
costPerOutputToken: 0.000015,
},
} as const;
export type SupportedModel = keyof typeof MODEL_CONFIG;
Then reference MODEL_CONFIG[model].contextWindow throughout the codebase. Verify by searching for raw token numbers (4096, 8192, 16384, 128000) in API routes — none should appear as bare literals.