CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/configuration-management

Production config management for any backend — centralized config module, env vars, no hardcoded secrets, fail-fast validation

86

1.88x
Quality

77%

Does it follow best practices?

Impact

100%

1.88x

Average score across 5 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-2/

{
  "context": "Tests whether the agent proactively implements proper configuration management when building a Python FastAPI notification service that connects to SendGrid and SQLite. The task does not mention config management, environment variables, or .env files.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Centralized config module",
      "description": "A dedicated config module exists (e.g. app/config.py or config.py) that consolidates all configuration in one place. Application files import config from this module rather than calling os.getenv() or os.environ directly in route handlers, db.py, or email_client.py.",
      "max_score": 18
    },
    {
      "name": "SendGrid API key from environment",
      "description": "The SendGrid API key comes from an environment variable (e.g. SENDGRID_API_KEY), not hardcoded in source code. The SendGrid client is initialized using the env-based config value.",
      "max_score": 16
    },
    {
      "name": "Required config fails fast",
      "description": "Required config values (SENDGRID_API_KEY and any other secrets) are validated at startup -- if missing, the app raises an error immediately rather than starting with None values that crash later.",
      "max_score": 15
    },
    {
      "name": "No hardcoded secrets",
      "description": "No API keys, secret tokens, or credentials are hardcoded in any source file. All sensitive values come from environment variables through the config module.",
      "max_score": 15
    },
    {
      "name": "Env file gitignored",
      "description": ".env is listed in .gitignore so secrets are not committed to the repository",
      "max_score": 12
    },
    {
      "name": ".env.example exists",
      "description": "A .env.example file documents the required and optional environment variables without containing real secret values",
      "max_score": 9
    },
    {
      "name": "Database path configurable",
      "description": "The SQLite database path is configurable via environment variable with a sensible default for development, not hardcoded as a fixed path",
      "max_score": 8
    },
    {
      "name": "Notification endpoints functional",
      "description": "The notification endpoints are implemented with the specified business rules (validation, pagination, bulk send limit)",
      "max_score": 7
    }
  ]
}

evals

scenario-2

criteria.json

task.md

tile.json