CtrlK
BlogDocsLog inGet started
Tessl Logo

pantheon-ai/gitlab-ci-toolkit

Complete GitLab CI/CD toolkit with generation and validation capabilities for pipelines and configurations

97

Quality

97%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

Overview
Quality
Evals
Security
Files

criteria.jsongenerator/evals/scenario-2/

{
  "context": "Tests whether the agent creates deployment jobs with explicit environment declarations, resource_group to prevent concurrent deployments, manual approval gates for upper environments, and rules-based branch conditions rather than only/except.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "environment block on deploy jobs",
      "description": "Each deployment job (development, staging, production) includes an `environment:` key with at least a `name:` field",
      "max_score": 12
    },
    {
      "name": "environment name lowercase",
      "description": "Environment `name:` values are lowercase (development, staging, production — not Development, PRODUCTION)",
      "max_score": 8
    },
    {
      "name": "resource_group on deploy jobs",
      "description": "At least the staging and production deployment jobs include a `resource_group:` key to prevent concurrent runs",
      "max_score": 12
    },
    {
      "name": "when: manual for production",
      "description": "The production deployment job has `when: manual` (or equivalent in a rules condition)",
      "max_score": 12
    },
    {
      "name": "Production restricted to main branch",
      "description": "The production deployment job has a `rules:` condition that limits it to runs on the `main` branch",
      "max_score": 10
    },
    {
      "name": "No only/except",
      "description": "The YAML does NOT use `only:` or `except:` keywords",
      "max_score": 10
    },
    {
      "name": "Image pinned",
      "description": "All `image:` values specify a version other than `:latest`",
      "max_score": 8
    },
    {
      "name": "No hardcoded secrets",
      "description": "The YAML does NOT contain hardcoded tokens, passwords, or API keys",
      "max_score": 10
    },
    {
      "name": "Kebab-case job names",
      "description": "Deployment job names use kebab-case (e.g. deploy-production, deploy-staging)",
      "max_score": 8
    },
    {
      "name": "timeout on deploy jobs",
      "description": "Deployment jobs include a `timeout:` field",
      "max_score": 10
    }
  ]
}

generator

evals

scenario-2

capability.txt

criteria.json

task.md

instructions.json

summary_infeasible.json

summary.json

SKILL.md

tile.json