CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/flask-best-practices

Flask patterns -- application factory, blueprints, error handlers, extensions, request lifecycle, configuration, logging, CLI commands

98

1.28x
Quality

98%

Does it follow best practices?

Impact

98%

1.28x

Average score across 5 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-1/

{
  "context": "Tests whether the agent follows Flask best practices when building a bookstore inventory API with SQLite, rate limiting, and proper error handling.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "create_app factory",
      "description": "app/__init__.py defines a create_app() function that creates and returns a Flask app -- not a module-level app",
      "max_score": 12
    },
    {
      "name": "Blueprints in separate files",
      "description": "Books and categories routes are in separate Blueprint files under app/routes/ -- not all routes in one file or on the app directly",
      "max_score": 10
    },
    {
      "name": "Extensions init_app pattern",
      "description": "CORS and rate limiter are instantiated in extensions.py without an app argument and bound via init_app(app) inside create_app()",
      "max_score": 10
    },
    {
      "name": "Custom exception hierarchy",
      "description": "Agent defines AppError base class with NotFoundError, ValidationError subclasses -- routes raise these rather than returning error dicts manually",
      "max_score": 10
    },
    {
      "name": "Consistent error envelope",
      "description": "All error responses (validation, not-found, server error) return {\"error\": {\"code\": \"...\", \"message\": \"...\"}} -- no stack traces or inconsistent shapes",
      "max_score": 10
    },
    {
      "name": "Generic exception handler logs errors",
      "description": "The catch-all Exception handler calls app.logger.exception() or similar logging before returning a 500 with a generic message",
      "max_score": 8
    },
    {
      "name": "DB teardown with teardown_appcontext",
      "description": "Database connection cleanup uses teardown_appcontext (not after_request) to ensure connections are closed even on errors",
      "max_score": 8
    },
    {
      "name": "DB connection via flask.g",
      "description": "Database connections are stored on flask.g (g.db) -- not in module-level globals",
      "max_score": 8
    },
    {
      "name": "Config supports testing",
      "description": "create_app() accepts a config parameter and the testing config uses an in-memory SQLite database (':memory:')",
      "max_score": 8
    },
    {
      "name": "Error handlers registered in factory",
      "description": "Error handlers are registered centrally via register_error_handlers(app) inside create_app() -- not per blueprint",
      "max_score": 8
    },
    {
      "name": "Test fixtures",
      "description": "tests/conftest.py creates the app via create_app() with testing config and provides app and client fixtures",
      "max_score": 8
    }
  ]
}

evals

scenario-1

criteria.json

task.md

tile.json