CtrlK
BlogDocsLog inGet started
Tessl Logo

pantheon-ai/github-actions-toolkit

Complete GitHub Actions toolkit with generation and validation capabilities for workflows, custom actions, and CI/CD configurations

97

Quality

97%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

Overview
Quality
Evals
Security
Files

criteria.jsongenerator/evals/scenario-0/

{
  "context": "Tests whether the agent generates a Node.js CI workflow with correctly pinned action SHAs, a top-level permissions block, concurrency controls, and dependency caching. All criteria map directly to skill instructions around security, performance, and naming.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "SHA-pinned checkout",
      "description": "The `actions/checkout` step uses a full 40-character SHA (not a tag like `@v4` or a branch name) as its reference",
      "max_score": 15
    },
    {
      "name": "Version comment on SHA",
      "description": "The SHA-pinned `actions/checkout` step has an inline comment identifying the version (e.g., `# v4.x.x` or `# v5.x.x`)",
      "max_score": 8
    },
    {
      "name": "Top-level permissions block",
      "description": "The workflow file contains a top-level `permissions:` key (not only job-level) that restricts default access",
      "max_score": 12
    },
    {
      "name": "Contents read default",
      "description": "The top-level or job-level `permissions:` block sets `contents: read` (not `write-all` or absent)",
      "max_score": 10
    },
    {
      "name": "Concurrency block present",
      "description": "The workflow includes a `concurrency:` block with a `group:` and `cancel-in-progress: true`",
      "max_score": 12
    },
    {
      "name": "Dependency caching enabled",
      "description": "The `actions/setup-node` step (or an explicit `actions/cache` step) enables npm caching via the `cache: 'npm'` parameter or equivalent cache key using `package-lock.json`",
      "max_score": 12
    },
    {
      "name": "Job timeout set",
      "description": "At least one job has a `timeout-minutes:` field defined",
      "max_score": 8
    },
    {
      "name": "Workflow file lowercase-hyphen",
      "description": "The output file is named with lowercase letters and hyphens only (e.g., `ci.yml`, `ci-pipeline.yml`), not underscores or uppercase",
      "max_score": 8
    },
    {
      "name": "No branch/latest reference",
      "description": "No `uses:` step references an action via `@main`, `@master`, or `@latest`",
      "max_score": 15
    }
  ]
}

generator

evals

scenario-0

capability.txt

criteria.json

task.md

instructions.json

summary_infeasible.json

summary.json

SKILL.md

tile.json