CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/http-caching-strategy

HTTP caching for web APIs — Cache-Control headers, ETags, conditional requests,

88

25.00x
Quality

84%

Does it follow best practices?

Impact

100%

25.00x

Average score across 4 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-3/

{
  "context": "Tests whether the agent proactively adds HTTP cache headers for a restaurant menu API. The task mentions 'millions of daily app users' but does NOT mention caching. A skilled agent should recognize that menu data is classic read-heavy cacheable content, while user order history and favorites are private.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Cache-Control on menu endpoint",
      "description": "GET /api/menu sets a Cache-Control header with 'public' and a max-age value (menu data rarely changes)",
      "max_score": 16
    },
    {
      "name": "Cache-Control on menu item endpoint",
      "description": "GET /api/menu/:itemId sets a Cache-Control header with 'public' and a max-age value",
      "max_score": 10
    },
    {
      "name": "Cache-Control on locations endpoint",
      "description": "GET /api/locations sets a Cache-Control header with 'public' and a max-age value (locations rarely change)",
      "max_score": 8
    },
    {
      "name": "stale-while-revalidate",
      "description": "At least one public endpoint includes stale-while-revalidate in Cache-Control",
      "max_score": 10
    },
    {
      "name": "ETag on cacheable endpoint",
      "description": "At least one cacheable endpoint generates and sets an ETag response header",
      "max_score": 12
    },
    {
      "name": "If-None-Match with 304",
      "description": "At least one endpoint checks If-None-Match and returns 304 Not Modified",
      "max_score": 10
    },
    {
      "name": "no-store on order history",
      "description": "GET /api/me/orders sets Cache-Control with 'no-store' since it returns private user data",
      "max_score": 14
    },
    {
      "name": "no-store on favorites",
      "description": "GET /api/me/favorites sets Cache-Control with 'no-store' or 'private, no-cache'",
      "max_score": 8
    },
    {
      "name": "private on authenticated endpoints",
      "description": "Authenticated endpoints include 'private' in Cache-Control",
      "max_score": 6
    },
    {
      "name": "Vary Authorization on auth endpoints",
      "description": "At least one authenticated endpoint sets Vary: Authorization",
      "max_score": 6
    }
  ]
}

evals

scenario-3

criteria.json

task.md

tile.json