CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/flask-best-practices

Flask patterns -- application factory, blueprints, error handlers, extensions, request lifecycle, configuration, logging, CLI commands

98

1.28x
Quality

98%

Does it follow best practices?

Impact

98%

1.28x

Average score across 5 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-5/

{
  "context": "Tests whether the agent builds a properly structured Flask application using application factory, blueprints, custom error handling, and the init_app extension pattern when asked to build a task management API.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "create_app factory",
      "description": "app/__init__.py defines a create_app() function that creates and returns a Flask app instance -- not a module-level app = Flask(__name__) with routes on it",
      "max_score": 12
    },
    {
      "name": "Blueprints for routes",
      "description": "Routes are defined on Blueprint objects (not @app.route()). There are at least two blueprints (projects and tasks) in separate files under app/routes/",
      "max_score": 10
    },
    {
      "name": "Blueprints registered in factory",
      "description": "Blueprints are registered inside create_app() using app.register_blueprint() with url_prefix='/api' or similar",
      "max_score": 8
    },
    {
      "name": "Custom exception classes",
      "description": "Agent defines custom exception classes (e.g., NotFoundError, ValidationError) that inherit from a base AppError class -- not ad-hoc error dicts in routes",
      "max_score": 10
    },
    {
      "name": "Consistent error envelope",
      "description": "All error responses use a consistent shape like {\"error\": {\"code\": \"...\", \"message\": \"...\"}} -- not varying formats across different error handlers",
      "max_score": 10
    },
    {
      "name": "register_error_handlers called in factory",
      "description": "Error handlers are registered centrally (via a function like register_error_handlers(app)) inside create_app(), not scattered across blueprints",
      "max_score": 8
    },
    {
      "name": "Generic exception handler with logging",
      "description": "A catch-all Exception handler logs the error (app.logger.exception or similar) and returns a 500 without leaking stack traces",
      "max_score": 8
    },
    {
      "name": "Extensions in extensions.py with init_app",
      "description": "CORS (and any other extensions) are created as bare instances in extensions.py and bound via init_app(app) inside create_app() -- not CORS(app) at module level",
      "max_score": 10
    },
    {
      "name": "Config from environment",
      "description": "Configuration uses os.getenv() or config classes with defaults -- no hardcoded secrets or database URLs",
      "max_score": 8
    },
    {
      "name": "Test fixtures use factory",
      "description": "tests/conftest.py creates the app via create_app() with a testing config and provides a test client fixture",
      "max_score": 8
    },
    {
      "name": "Routes raise exceptions not return errors",
      "description": "Route handlers raise custom exceptions (raise NotFoundError(...)) rather than manually returning jsonify({'error': ...}), status_code",
      "max_score": 8
    }
  ]
}

evals

scenario-5

criteria.json

task.md

tile.json