CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/go-error-handling

Error handling for Go HTTP servers — structured error responses, error wrapping,

88

1.80x
Quality

81%

Does it follow best practices?

Impact

99%

1.80x

Average score across 5 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-4/

{
  "context": "Tests whether the agent proactively adds production error handling when building a multi-resource Go recipe API with authorization logic. The task does not mention error handling -- criteria check for structured errors, recovery middleware, proper authorization error codes, and validation with details.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Custom error type",
      "description": "A custom error struct with StatusCode, Code, and Message fields is defined, implementing the error interface",
      "max_score": 12
    },
    {
      "name": "Structured JSON error responses",
      "description": "All error responses use a consistent JSON shape with code and message fields. No bare http.Error, no plain text, no inconsistent formats across handlers.",
      "max_score": 12
    },
    {
      "name": "writeError helper",
      "description": "A centralized writeError function handles all error response formatting. Handlers do not inline error JSON.",
      "max_score": 8
    },
    {
      "name": "Recovery middleware",
      "description": "A panic recovery middleware using defer/recover is present that returns structured 500 JSON instead of crashing",
      "max_score": 12
    },
    {
      "name": "Graceful shutdown",
      "description": "Server uses signal.Notify for SIGTERM/SIGINT and srv.Shutdown with a context timeout",
      "max_score": 7
    },
    {
      "name": "Authorization error as 403",
      "description": "When a user tries to update or delete a recipe they did not author, the API returns 403 Forbidden (not 401 or 500) with a structured error",
      "max_score": 10
    },
    {
      "name": "Validation with field details",
      "description": "Validation errors include details about which fields failed (e.g. title is required, score must be 1-5) -- not just a generic error message",
      "max_score": 10
    },
    {
      "name": "Not-found returns 404",
      "description": "Requests for non-existent recipes or ratings return 404 with a structured error, not 500 or 200",
      "max_score": 8
    },
    {
      "name": "No internal error leaks",
      "description": "Internal errors return a generic client-safe message -- no raw error strings or internal details exposed",
      "max_score": 8
    },
    {
      "name": "Appropriate status codes",
      "description": "Different error types use correct HTTP codes: 400 for validation, 403 for authorization, 404 for not found, 500 for unexpected",
      "max_score": 8
    },
    {
      "name": "All endpoints functional",
      "description": "All seven endpoints are implemented and return appropriate success status codes",
      "max_score": 5
    }
  ]
}

evals

scenario-4

criteria.json

task.md

tile.json