{
  "context": "Tests whether the agent uses environment-scoped runtime secrets, OIDC for deploy identity (not long-lived credentials), correct secret hygiene in workflow steps, and minimal workflow permissions.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Environment-scoped runtime env",
      "description": "Keeps runtime application secrets in the production GitHub Environment or runtime secret store, rather than referencing repository-level `secrets.*` directly from the deploy step",
      "max_score": 12
    },
    {
      "name": "op:// references in template",
      "description": "An env template file is committed to the repo containing secret-store references (not plaintext secrets), e.g. `secret://production/api/DATABASE_URL` format",
      "max_score": 8
    },
    {
      "name": "OIDC for cloud credentials",
      "description": "Uses an OIDC-backed provider identity mechanism for deploy access, NOT long-lived provider credentials in repository secrets",
      "max_score": 12
    },
    {
      "name": "id-token write at job level",
      "description": "The deploy job grants `id-token: write` permission at the job level (not at the workflow root), and the workflow root uses `contents: read` only",
      "max_score": 9
    },
    {
      "name": "Root permissions minimal",
      "description": "The workflow-level `permissions:` block grants only `contents: read` (or is absent and the job-level grants are used exclusively)",
      "max_score": 7
    },
    {
      "name": "Production environment declared",
      "description": "The secret-bearing deploy job declares the production GitHub Environment before loading deploy credentials or runtime secrets",
      "max_score": 10
    },
    {
      "name": "Post-deploy handoff credential isolation",
      "description": "Any monitoring, notification, synthetic-check, or incident handoff job after deploy has read-only permissions and asserts cloud/provider credential variables are absent",
      "max_score": 10
    },
    {
      "name": "No secrets as CLI flags",
      "description": "Secret values are passed to commands via environment variables (the `env:` block), NOT as positional or named command-line arguments",
      "max_score": 7
    },
    {
      "name": "No env file dump",
      "description": "No workflow step uses `cat`, `echo`, or `print` to output the full contents of a rendered `.env` or secrets file",
      "max_score": 7
    },
    {
      "name": "non-sensitive ids in vars",
      "description": "Non-sensitive identifiers like account IDs, project IDs, regions, service names, and environment URLs are referenced from `vars.*` (not `secrets.*`) in the workflow",
      "max_score": 7
    },
    {
      "name": "Fine-grained PAT",
      "description": "Any PAT used for cross-repo operations is stored with a scoped name (e.g. `TAP_GITHUB_TOKEN`, `OPS_TRIGGER_TOKEN`) and the explanation does NOT reference a classic `ghp_` PAT or an unscoped token",
      "max_score": 6
    },
    {
      "name": "GitHub secrets only for bootstrap",
      "description": "The written explanation or comments describe repository secrets as bootstrap-only and place production deploy/runtime secrets on GitHub Environments or the runtime secret store",
      "max_score": 5
    }
  ]
}