CtrlK
BlogDocsLog inGet started
Tessl Logo

pantheon-ai/terraform-toolkit

Complete terraform toolkit with generation and validation capabilities

93

Quality

93%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

Overview
Quality
Evals
Security
Files

criteria.jsonvalidator/evals/scenario-0/

{
  "context": "Tests whether the agent follows the correct ordered validation workflow: running extract_tf_info_wrapper.sh first, reading reference files before security scans, running terraform fmt/init/validate in order, and using the checkov wrapper script for security scanning.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "extract_tf_info_wrapper first",
      "description": "The report documents running `bash scripts/extract_tf_info_wrapper.sh` (or similar path to the wrapper) as the first or an early step",
      "max_score": 10
    },
    {
      "name": "terraform fmt documented",
      "description": "The report includes a section showing `terraform fmt` was run",
      "max_score": 8
    },
    {
      "name": "terraform init before validate",
      "description": "The report shows `terraform init` was run before `terraform validate`",
      "max_score": 8
    },
    {
      "name": "terraform validate run",
      "description": "The report documents running `terraform validate`",
      "max_score": 8
    },
    {
      "name": "tflint run or skipped",
      "description": "The report either documents tflint findings or explicitly notes tflint was skipped and explains why",
      "max_score": 7
    },
    {
      "name": "checkov wrapper used",
      "description": "The report documents using `bash scripts/run_checkov.sh` (not calling checkov directly)",
      "max_score": 10
    },
    {
      "name": "reference files read before scans",
      "description": "The report mentions reading security_checklist.md and/or best_practices.md before the security scan section",
      "max_score": 10
    },
    {
      "name": "provider lookup documented",
      "description": "The report documents a provider documentation lookup for the aws provider (via Context7 or WebSearch)",
      "max_score": 8
    },
    {
      "name": "security findings reported",
      "description": "The report includes at least one security finding (the hardcoded password or the SSH open to 0.0.0.0/0)",
      "max_score": 10
    },
    {
      "name": "security_checklist cross-reference",
      "description": "At least one security finding references a specific section from security_checklist.md",
      "max_score": 10
    },
    {
      "name": "severity labels present",
      "description": "Security findings include severity labels (HIGH, MEDIUM, or LOW)",
      "max_score": 6
    },
    {
      "name": "overall summary present",
      "description": "The report ends with an overall pass/fail or summary section",
      "max_score": 5
    }
  ]
}

validator

evals

scenario-0

capability.txt

criteria.json

task.md

instructions.json

summary_infeasible.json

summary.json

SKILL.md

tile.json