{
  "context": "Tests whether the agent correctly enables HTTPSRedirectMiddleware only in production (gated by environment variable), and configures uvicorn with a request size limit of 1MB.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "HTTPSRedirectMiddleware imported",
      "description": "HTTPSRedirectMiddleware is imported from starlette.middleware.httpsredirect",
      "max_score": 8
    },
    {
      "name": "HTTPS middleware added conditionally",
      "description": "HTTPSRedirectMiddleware is only added when a condition is true — it is NOT added unconditionally",
      "max_score": 15
    },
    {
      "name": "Production env check",
      "description": "The condition that enables HTTPSRedirectMiddleware reads from an environment variable (os.getenv or os.environ) to detect the production environment",
      "max_score": 15
    },
    {
      "name": "uvicorn request size limit set",
      "description": "uvicorn.run() is called with the limit_max_request_size parameter set",
      "max_score": 15
    },
    {
      "name": "Request size limit is 1MB",
      "description": "limit_max_request_size is set to 1048576 (1MB) or an equivalent expression (e.g., 1_048_576)",
      "max_score": 15
    },
    {
      "name": "Security headers middleware present",
      "description": "An HTTP middleware adds at least X-Content-Type-Options and X-Frame-Options to all responses",
      "max_score": 8
    },
    {
      "name": "TrustedHostMiddleware present",
      "description": "TrustedHostMiddleware from starlette is added to the app",
      "max_score": 8
    },
    {
      "name": "CORS middleware present",
      "description": "CORSMiddleware is added to the app without using allow_origins=['*']",
      "max_score": 8
    },
    {
      "name": "Rate limiting present",
      "description": "slowapi Limiter is configured and at least one route has a @limiter.limit() decorator",
      "max_score": 8
    }
  ]
}