CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/http-caching-strategy

HTTP caching for web APIs — Cache-Control headers, ETags, conditional requests,

88

25.00x
Quality

84%

Does it follow best practices?

Impact

100%

25.00x

Average score across 4 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-1/

{
  "context": "Tests whether the agent proactively adds HTTP cache headers when building a blog API. The task mentions 'high read traffic' but does NOT mention caching, Cache-Control, ETags, or performance. A skilled agent should recognize that published articles are read-heavy cacheable data, while draft articles are private/sensitive.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Cache-Control on articles list",
      "description": "GET /api/articles sets a Cache-Control header with 'public' and a max-age value appropriate for frequently-read content",
      "max_score": 16
    },
    {
      "name": "Cache-Control on single article",
      "description": "GET /api/articles/:slug sets a Cache-Control header with 'public' and a max-age value",
      "max_score": 12
    },
    {
      "name": "ETag on article endpoint",
      "description": "At least one public GET endpoint (articles list or single article) generates and sets an ETag response header",
      "max_score": 14
    },
    {
      "name": "If-None-Match with 304 response",
      "description": "At least one endpoint checks If-None-Match against the ETag and returns 304 Not Modified when matched",
      "max_score": 12
    },
    {
      "name": "stale-while-revalidate",
      "description": "At least one public endpoint includes stale-while-revalidate in Cache-Control",
      "max_score": 8
    },
    {
      "name": "no-store on drafts endpoint",
      "description": "GET /api/me/drafts sets Cache-Control with 'no-store' since it returns private author data",
      "max_score": 14
    },
    {
      "name": "private on authenticated endpoints",
      "description": "Authenticated endpoints include 'private' in Cache-Control",
      "max_score": 8
    },
    {
      "name": "no-store on mutation responses",
      "description": "POST and PUT responses set Cache-Control with 'no-store'",
      "max_score": 8
    },
    {
      "name": "Vary header on auth endpoints",
      "description": "At least one authenticated endpoint sets Vary: Authorization",
      "max_score": 8
    }
  ]
}

evals

scenario-1

criteria.json

task.md

tile.json