docs
evals
scenario-1
scenario-10
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
{
"context": "This evaluation assesses how well the engineer uses the oauth-sign package's cryptographic key construction capabilities. It focuses on proper HMAC key construction, RSA key handling, RFC 3986 encoding implementation, and edge case handling for OAuth 1.0 signature generation.",
"type": "weighted_checklist",
"checklist": [
{
"name": "HMAC Key Construction",
"description": "Uses proper HMAC signing key construction by concatenating RFC 3986-encoded consumer secret, ampersand separator (&), and RFC 3986-encoded token secret. Should follow the pattern from oauth-sign's internal key building approach.",
"max_score": 25
},
{
"name": "RFC 3986 Encoding",
"description": "Implements RFC 3986 percent-encoding correctly using oauth-sign's rfc3986() function or equivalent logic that encodes additional characters (!, *, ', (, )) beyond standard encodeURIComponent().",
"max_score": 20
},
{
"name": "Empty Secret Handling",
"description": "Handles missing, undefined, or empty secrets correctly by treating them as empty strings while maintaining the ampersand separator. Should match oauth-sign's behavior for edge cases.",
"max_score": 20
},
{
"name": "Special Character Encoding",
"description": "Properly encodes special characters in secrets before key construction. Should apply RFC 3986 encoding to consumer and token secrets containing characters like !, @, #, $, %, ^, etc.",
"max_score": 15
},
{
"name": "RSA Key Validation",
"description": "Validates RSA private keys are in proper PEM format (checking for 'BEGIN RSA PRIVATE KEY' or 'BEGIN PRIVATE KEY' markers). Should ensure keys are ready for cryptographic operations.",
"max_score": 15
},
{
"name": "Key Construction Order",
"description": "Constructs HMAC keys in the correct order: encoded consumer secret first, then ampersand, then encoded token secret. Matches OAuth 1.0 specification requirements.",
"max_score": 5
}
]
}