CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/tessl-skill-review-ci

Implements Tessl skill review CI/CD pipelines through an interactive, configuration-first wizard. Supports GitHub Actions, GitLab CI, Jenkins, Azure DevOps, and CircleCI.

94

1.75x

Quality

90%

Does it follow best practices?

Impact

100%

1.75x

Average score across 5 eval scenarios

Overview
Skills
Evals
Files

rubric.jsonevals/scenario-4/

{
  "context": "Tests whether the agent correctly implements the two-workflow architecture for a public repository, properly separating untrusted review from trusted commenting to protect secrets from fork PRs.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Two separate workflows",
      "description": "Creates two workflow files: one for review and one for commenting (not a single workflow)",
      "max_score": 12
    },
    {
      "name": "Review without PR write",
      "description": "The review workflow does NOT have pull-requests: write permission (runs in untrusted context)",
      "max_score": 10
    },
    {
      "name": "Comment via workflow_run",
      "description": "The comment workflow uses workflow_run trigger to run after the review workflow completes",
      "max_score": 10
    },
    {
      "name": "Artifact passing",
      "description": "Review results are passed from review workflow to comment workflow via artifacts (upload-artifact/download-artifact)",
      "max_score": 10
    },
    {
      "name": "Comment has PR write",
      "description": "The comment workflow has pull-requests: write permission (runs in trusted context)",
      "max_score": 8
    },
    {
      "name": "Security explanation",
      "description": "Security analysis explains that fork PRs cannot access secrets in the review workflow",
      "max_score": 10
    },
    {
      "name": "Trusted vs untrusted",
      "description": "Security analysis distinguishes between trusted context (comment workflow) and untrusted context (review workflow)",
      "max_score": 8
    },
    {
      "name": "Score diff tracking",
      "description": "Review workflow includes score comparison against cached previous scores",
      "max_score": 8
    },
    {
      "name": "Cache commit on main",
      "description": "Includes cache commit job that runs on push to main branch",
      "max_score": 8
    },
    {
      "name": "API key in checklist",
      "description": "Setup checklist mentions configuring TESSL_API_KEY as a repository secret",
      "max_score": 8
    },
    {
      "name": "Skip CI marker",
      "description": "Cache commits include [skip ci] to prevent pipeline re-triggering",
      "max_score": 8
    }
  ]
}

Install with Tessl CLI

npx tessl i tessl-labs/tessl-skill-review-ci@0.2.0

evals

scenario-4

rubric.json

task.md

azure-devops.md

circleci.md

github-actions.md

gitlab-ci.md

jenkins.md

README.md

SKILL.md

TESTING.md

tile.json