CtrlK
BlogDocsLog inGet started
Tessl Logo

pantheon-ai/jenkinsfile-toolkit

Complete jenkinsfile toolkit with generation and validation capabilities

97

Quality

97%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

Overview
Quality
Evals
Security
Files

criteria.jsongenerator/evals/scenario-2/

{
  "context": "Tests whether the agent uses single-quote shell strings to prevent Groovy expansion of secrets, uses withCredentials for secret injection, avoids pipeline parameters for credentials, and includes a post always cleanWs block.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Single-quote sh with secrets",
      "description": "Shell commands that reference credential variables use single-quoted strings (sh 'curl ... $VAR') — NOT double-quoted strings (sh \"curl ... ${VAR}\")",
      "max_score": 16
    },
    {
      "name": "withCredentials used",
      "description": "Jenkinsfile uses withCredentials([...]) block to inject at least one secret before using it in a shell command",
      "max_score": 14
    },
    {
      "name": "No double-quote secret interpolation",
      "description": "No sh step that uses a credential variable appears inside a Groovy double-quoted string (i.e., no sh \"... ${CREDENTIAL_VAR} ...\" pattern)",
      "max_score": 14
    },
    {
      "name": "No credential parameters",
      "description": "parameters block does NOT contain string or password entries for tokens or credentials",
      "max_score": 12
    },
    {
      "name": "Credentials store references",
      "description": "Both service-registry-token and artifact-server-creds (or similarly named IDs) appear as credentialsId references rather than hardcoded values",
      "max_score": 10
    },
    {
      "name": "cleanWs in post",
      "description": "Jenkinsfile post { always { cleanWs() } } or equivalent workspace cleanup is present",
      "max_score": 8
    },
    {
      "name": "Declarative syntax",
      "description": "Jenkinsfile uses Declarative pipeline syntax (pipeline { ... }), not Scripted (node { ... })",
      "max_score": 8
    },
    {
      "name": "timeout in options",
      "description": "Jenkinsfile options block includes timeout()",
      "max_score": 6
    },
    {
      "name": "buildDiscarder in options",
      "description": "Jenkinsfile options block includes buildDiscarder(logRotator(...))",
      "max_score": 6
    },
    {
      "name": "Stages present",
      "description": "Jenkinsfile has at least 3 distinct named stages",
      "max_score": 6
    }
  ]
}

generator

evals

scenario-2

capability.txt

criteria.json

task.md

instructions.json

summary_infeasible.json

summary.json

SKILL.md

tile.json