CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/configuration-management

Production config management for any backend — centralized config module, env vars, no hardcoded secrets, fail-fast validation

86

1.88x
Quality

77%

Does it follow best practices?

Impact

100%

1.88x

Average score across 5 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-1/

{
  "context": "Tests whether the agent proactively implements proper configuration management when building a CMS API that connects to PostgreSQL and AWS S3. The task does not mention config management, environment variables, or .env files.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Centralized config module",
      "description": "A dedicated config module exists (e.g. src/config.ts) that consolidates all configuration in one place. Application files import config from this module rather than reading process.env directly in route handlers, db.ts, or other modules.",
      "max_score": 18
    },
    {
      "name": "Database URL from environment",
      "description": "The PostgreSQL connection string comes from an environment variable (e.g. DATABASE_URL), not hardcoded. The database module uses the env-based config value.",
      "max_score": 14
    },
    {
      "name": "AWS credentials from environment",
      "description": "AWS credentials and S3 bucket configuration (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, S3_BUCKET, AWS_REGION or similar) come from environment variables, not hardcoded in source code.",
      "max_score": 14
    },
    {
      "name": "Required config fails fast",
      "description": "Required config values (DATABASE_URL, AWS credentials, S3 bucket) are validated at startup -- if any are missing, the app throws a clear error immediately.",
      "max_score": 14
    },
    {
      "name": "No hardcoded secrets",
      "description": "No AWS keys, database passwords, or other credentials hardcoded anywhere in the source files.",
      "max_score": 12
    },
    {
      "name": "Env file gitignored",
      "description": ".env is listed in .gitignore so secrets are not committed to the repository",
      "max_score": 10
    },
    {
      "name": ".env.example exists",
      "description": "A .env.example file documents all required environment variables (DATABASE_URL, AWS_*, S3_BUCKET, PORT, etc.) without real secret values",
      "max_score": 8
    },
    {
      "name": "Post endpoints functional",
      "description": "The blog post CRUD endpoints and image upload are implemented with the specified business rules",
      "max_score": 10
    }
  ]
}

evals

scenario-1

criteria.json

task.md

tile.json