tessl-labs/fastify-best-practices
Fastify patterns — always apply schema-first validation, plugin encapsulation, structured error handling, hooks lifecycle, decorators, TypeScript type providers, production hardening (CORS, helmet, rate limiting), pino logging, graceful shutdown, and correct async handler patterns
89
2.75x
Quality
89%
Does it follow best practices?
Impact
91%
2.75xAverage score across 5 eval scenarios
Securityby
Passed
No known issues
criteria.jsonevals/scenario-5/
{
"context": "Tests whether the agent proactively applies Fastify best practices when building a CRUD order API. The task describes business requirements only -- it says nothing about JSON Schema validation, response schemas, additionalProperties, error handling, logging, or security. The agent should apply these on its own.",
"type": "weighted_checklist",
"checklist": [
{
"name": "body-schema-with-constraints",
"description": "POST and PATCH routes define JSON Schema for the request body with required fields, type constraints (minLength, minimum, enum), and additionalProperties: false. The agent was NOT told to add schema validation.",
"max_score": 14
},
{
"name": "params-schema-defined",
"description": "Routes with :id parameter define a params schema with type: 'string' (and optionally format: 'uuid'). The agent was NOT told to validate params.",
"max_score": 8
},
{
"name": "querystring-schema-defined",
"description": "The GET /api/orders route defines a querystring schema for the optional status filter parameter with an enum constraint. The agent was NOT told to validate query params.",
"max_score": 8
},
{
"name": "response-schemas-defined",
"description": "Routes define response schemas for success status codes (200, 201) to enable fast serialization and prevent accidental data leaks. The agent was NOT told to add response schemas.",
"max_score": 12
},
{
"name": "routes-in-registered-plugin",
"description": "Order routes are defined inside a Fastify plugin function and registered with app.register(), not defined directly on the root app instance.",
"max_score": 10
},
{
"name": "custom-error-handler",
"description": "A custom error handler is set via app.setErrorHandler() that returns structured error responses with code/message fields, distinguishing validation errors from application errors. The agent was NOT told to set up error handling.",
"max_score": 10
},
{
"name": "not-found-throws-404",
"description": "GET /api/orders/:id and PATCH routes throw a proper 404 error (using @fastify/error or a custom error with statusCode) when the order is not found, rather than returning null or an empty response.",
"max_score": 8
},
{
"name": "pino-logger-not-console",
"description": "Fastify is instantiated with logger: true or a logger config. Code uses request.log or app.log for logging, never console.log. The agent was NOT told about logging.",
"max_score": 8
},
{
"name": "async-return-pattern",
"description": "Route handlers consistently use the return pattern (preferred) or reply.send() but never mix both in the same handler. No fire-and-forget promises.",
"max_score": 6
},
{
"name": "additional-properties-false",
"description": "Object schemas use additionalProperties: false to reject unexpected fields. The agent was NOT told about mass assignment prevention.",
"max_score": 8
},
{
"name": "graceful-shutdown",
"description": "Server startup code handles SIGINT/SIGTERM signals by calling app.close() for graceful shutdown. The agent was NOT told about shutdown handling.",
"max_score": 8
}
]
}evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
skills
fastify-best-practices
verifiers