pantheon-ai/fluentbit-toolkit
Complete fluentbit toolkit with generation and validation capabilities
92
Quality
92%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Securityby
Passed
No known issues
criteria.jsongenerator/evals/scenario-1/
{
"context": "Tests that the agent removes a hardcoded password from a Fluent Bit config and replaces it with an environment variable reference, adds the missing tail-input safety fields, and documents required env vars.",
"type": "weighted_checklist",
"checklist": [
{
"name": "Password via env var",
"description": "HTTP_Passwd uses ${ENV_VAR} syntax (e.g., ${HTTP_PASSWD} or ${FLUENTBIT_PASSWORD}) — the literal string 'secretpassword123' does NOT appear in the config",
"max_score": 20
},
{
"name": "No plaintext secret",
"description": "No password, token, or key appears as a literal string value anywhere in the config file",
"max_score": 15
},
{
"name": "Env var documented",
"description": "The notes.md (or equivalent output) names the environment variable(s) that the deployment team must inject",
"max_score": 10
},
{
"name": "Mem_Buf_Limit added",
"description": "The tail INPUT plugin now includes a Mem_Buf_Limit setting",
"max_score": 15
},
{
"name": "DB path added",
"description": "The tail INPUT plugin now includes a DB setting for position tracking",
"max_score": 10
},
{
"name": "tls.verify present",
"description": "The OUTPUT plugin includes tls.verify On, or tls.verify Off with an explanatory comment",
"max_score": 10
},
{
"name": "Retry_Limit present",
"description": "The OUTPUT plugin retains a numeric Retry_Limit (not False)",
"max_score": 10
},
{
"name": "storage.total_limit_size",
"description": "The OUTPUT plugin or SERVICE section includes a storage.total_limit_size setting",
"max_score": 5
},
{
"name": "compression gzip",
"description": "The HTTP OUTPUT plugin includes Compress gzip or compression gzip",
"max_score": 5
}
]
}