CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/configuration-management

Production config management for any backend — centralized config module, env vars, no hardcoded secrets, fail-fast validation

86

1.88x
Quality

77%

Does it follow best practices?

Impact

100%

1.88x

Average score across 5 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-4/

{
  "context": "Tests whether the agent proactively implements proper configuration management when building a Go authentication service with JWT, PostgreSQL, and bcrypt. The task does not mention config management, environment variables, or .env files.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Centralized config module",
      "description": "A dedicated config package exists (e.g. internal/config/config.go or config/config.go) that consolidates all configuration in one place. Other packages import config from this module rather than calling os.Getenv() directly in handlers, services, or repository code.",
      "max_score": 18
    },
    {
      "name": "Database URL from environment",
      "description": "The PostgreSQL connection string comes from an environment variable (e.g. DATABASE_URL), not hardcoded. The database module uses the env-based config value.",
      "max_score": 14
    },
    {
      "name": "JWT secret from environment",
      "description": "The JWT signing secret/key comes from an environment variable (e.g. JWT_SECRET), not hardcoded in source code. The JWT signing and verification use the env-based config value.",
      "max_score": 16
    },
    {
      "name": "Required config fails fast",
      "description": "Required config values (DATABASE_URL, JWT_SECRET) are validated at startup -- if any are missing, the application returns an error or exits immediately with a clear message, rather than starting and panicking later.",
      "max_score": 14
    },
    {
      "name": "No hardcoded secrets",
      "description": "No JWT secrets, database passwords, or credentials are hardcoded in source files. All sensitive values come from environment variables through the config package.",
      "max_score": 12
    },
    {
      "name": "Env file gitignored",
      "description": ".env is listed in .gitignore so secrets are not committed to the repository",
      "max_score": 10
    },
    {
      "name": ".env.example exists",
      "description": "A .env.example file documents required environment variables (DATABASE_URL, JWT_SECRET, PORT) without real secret values",
      "max_score": 8
    },
    {
      "name": "Auth endpoints functional",
      "description": "The auth endpoints are implemented with JWT token generation, password hashing, and the specified business rules",
      "max_score": 8
    }
  ]
}

evals

scenario-4

criteria.json

task.md

tile.json