CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/pytest-api-testing

Pytest patterns for Python APIs -- httpx AsyncClient, conftest fixtures, database isolation, parametrize edge cases, error response testing, auth flows, factory fixtures

99

1.23x
Quality

99%

Does it follow best practices?

Impact

100%

1.23x

Average score across 5 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-4/

{
  "context": "Tests whether the agent writes tests that cover error paths (not just happy paths), assert response body shape for both success and error responses, and verify sensitive fields are excluded from API responses.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "404 body asserted",
      "description": "At least one test asserts that a 404 response body contains 'detail' or 'error' (not just checks the status code)",
      "max_score": 10
    },
    {
      "name": "422 body asserted",
      "description": "At least one test asserts that a 422 response body contains 'detail' or 'error'",
      "max_score": 8
    },
    {
      "name": "409 tested",
      "description": "There is a test for duplicate resource creation that expects a 409 status code",
      "max_score": 8
    },
    {
      "name": "404 on delete",
      "description": "There is a test that deletes a non-existent user and expects a 404",
      "max_score": 8
    },
    {
      "name": "List response structure",
      "description": "At least one test asserts that the list response body contains a 'data' key that holds a list (not just status 200)",
      "max_score": 10
    },
    {
      "name": "Individual item structure",
      "description": "At least one test asserts that a user item in the response contains 'id', 'email', and 'name' fields",
      "max_score": 10
    },
    {
      "name": "Password not exposed",
      "description": "At least one test asserts that 'password' is NOT present in a user response body",
      "max_score": 12
    },
    {
      "name": "Password hash not exposed",
      "description": "At least one test asserts that 'password_hash' is NOT present in a user response body",
      "max_score": 12
    },
    {
      "name": "Invalid JSON tested",
      "description": "There is a test that sends non-JSON content to a POST endpoint and expects 422",
      "max_score": 8
    },
    {
      "name": "Error response is JSON",
      "description": "Error response body assertions use res.json() (not res.text), confirming the response is parseable JSON",
      "max_score": 6
    },
    {
      "name": "Multiple error types covered",
      "description": "Tests cover at least 3 distinct HTTP error status codes (e.g., 404, 409, 422) across the test suite",
      "max_score": 8
    }
  ]
}

evals

scenario-4

criteria.json

task.md

tile.json