{
  "context": "Evaluates whether the solution uses make-fetch-happen's integrity-aware fetch pipeline, including ssri-backed verification events and caching of verified hashes, to implement an integrity-checked downloader.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Uses make-fetch",
      "description": "Requests are performed through make-fetch-happen's fetch API (direct call or fetch.defaults), not a generic fetch/polyfill, with options passed to that client.",
      "max_score": 20
    },
    {
      "name": "Integrity option",
      "description": "The fetch call supplies the expected SRI string via the make-fetch-happen `integrity` option so mismatches surface as EINTEGRITY failures rather than manual hash checks.",
      "max_score": 25
    },
    {
      "name": "Algorithms & size",
      "description": "When algorithms/size are provided, they are forwarded to make-fetch-happen using the `algorithms` and `size` options to tighten ssri verification instead of custom validation logic.",
      "max_score": 15
    },
    {
      "name": "Integrity events",
      "description": "Response streams have listeners wired to the ssri-driven `integrity` and `size` events exposed by make-fetch-happen, and those events drive the telemetry callback without re-emitting synthetic data.",
      "max_score": 20
    },
    {
      "name": "Verified caching",
      "description": "Cache behavior relies on make-fetch-happen by setting a `cachePath` (and appropriate cache mode) so verified responses are stored with integrity metadata and served on repeat calls as cache hits instead of re-downloading.",
      "max_score": 20
    }
  ]
}