CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/http-caching-strategy

HTTP caching for web APIs — Cache-Control headers, ETags, conditional requests,

88

25.00x
Quality

84%

Does it follow best practices?

Impact

100%

25.00x

Average score across 4 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-2/

{
  "context": "Tests whether the agent proactively adds HTTP cache headers when building a product catalog API. The task describes a 'high-traffic public storefront' but does NOT mention caching, Cache-Control, ETags, or performance optimization. A skilled agent should recognize that a public product catalog = cacheable data, and that authenticated endpoints need no-store.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Cache-Control on product list endpoint",
      "description": "GET /api/products sets a Cache-Control header with 'public' and a max-age value (e.g., 'public, max-age=60, stale-while-revalidate=300' or similar)",
      "max_score": 16
    },
    {
      "name": "Cache-Control on single product endpoint",
      "description": "GET /api/products/:id sets a Cache-Control header with 'public' and a max-age value",
      "max_score": 12
    },
    {
      "name": "Cache-Control on categories endpoint",
      "description": "GET /api/categories sets a Cache-Control header with 'public' and a max-age value",
      "max_score": 10
    },
    {
      "name": "stale-while-revalidate on list endpoints",
      "description": "At least one public GET endpoint includes stale-while-revalidate in the Cache-Control header",
      "max_score": 10
    },
    {
      "name": "ETag on cacheable endpoint",
      "description": "At least one cacheable GET endpoint (products or categories) generates and sets an ETag response header",
      "max_score": 14
    },
    {
      "name": "If-None-Match handling with 304",
      "description": "At least one endpoint checks the If-None-Match request header against the ETag and returns 304 Not Modified when they match",
      "max_score": 12
    },
    {
      "name": "no-store on authenticated user endpoint",
      "description": "GET /api/me sets Cache-Control with 'no-store' (not just no-cache) since it returns authenticated user data",
      "max_score": 14
    },
    {
      "name": "private on authenticated endpoints",
      "description": "Authenticated endpoints (GET /api/me) include 'private' in Cache-Control to prevent CDN caching",
      "max_score": 6
    },
    {
      "name": "Vary header on authenticated endpoint",
      "description": "At least one authenticated endpoint sets a Vary header that includes Authorization",
      "max_score": 6
    }
  ]
}

evals

scenario-2

criteria.json

task.md

tile.json