{
  "context": "Tests whether the agent produces security findings in the correct structured format, including all required fields (Check ID, Finding, Resource with file:line, Severity, Reference to security_checklist.md section, Remediation Pattern, Recommended Fix) and cross-references the security checklist.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Check ID present",
      "description": "Each finding section includes the Checkov check ID (e.g., CKV_AWS_24)",
      "max_score": 8
    },
    {
      "name": "Resource with file:line",
      "description": "Each finding includes the resource name AND its file path with line numbers (e.g., `aws_security_group.bastion (main.tf:12-45)`)",
      "max_score": 10
    },
    {
      "name": "Severity labels",
      "description": "Each finding includes a severity level (HIGH, MEDIUM, or LOW)",
      "max_score": 10
    },
    {
      "name": "security_checklist.md reference",
      "description": "At least one finding includes a Reference field pointing to a named section in security_checklist.md",
      "max_score": 12
    },
    {
      "name": "Remediation pattern included",
      "description": "At least one finding includes an HCL code block showing the remediation pattern",
      "max_score": 12
    },
    {
      "name": "Recommended Fix field",
      "description": "Each finding includes a specific recommended fix for that particular resource configuration",
      "max_score": 10
    },
    {
      "name": "Finding description",
      "description": "Each finding includes a human-readable description of what the issue is (not just the check ID)",
      "max_score": 8
    },
    {
      "name": "All 5 findings documented",
      "description": "The report documents all 5 Checkov failures from the input (CKV_AWS_24, CKV_AWS_8, CKV_AWS_20, CKV_AWS_18, CKV_AWS_53)",
      "max_score": 10
    },
    {
      "name": "Human review note for HIGH findings",
      "description": "The report includes a note that HIGH severity findings require human review before merging (not just automated remediation)",
      "max_score": 10
    },
    {
      "name": "SSH fix specificity",
      "description": "The remediation for CKV_AWS_24 (SSH from 0.0.0.0/0) suggests replacing with a variable or specific CIDR range rather than just disabling the rule",
      "max_score": 10
    }
  ]
}

tile.json

pantheon-ai/terraform-toolkit

criteria.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}validator/evals/scenario-1/

criteria.jsonvalidator/evals/scenario-1/