Test fixture
Secure code changes, vulnerability recognition, and safe defaults.
The model receives the prompt (and optional system message). The run uses scorer rubric_json_metrics with the JSON configuration below. Pass/fail and partial credit are determined entirely by that scorer against the model output; no human grading.
Return JSON only with keys verdict, risk, mitigation. Review a secret scanner that only matches API_KEY= and misses private keys, bearer tokens, and high-entropy assignments.
{
"metrics": {
"correct": {
"checks": [
{
"contains": [
"secret"
]
},
{
"contains": [
"private key"
]
},
{
"contains": [
"bearer"
]
},
{
"contains": [
"entropy"
]
},
{
"contains": [
"token"
]
}
]
},
"hidden": {
"checks": [
{
"contains": [
"regex"
]
},
{
"contains": [
"false positive"
]
},
{
"contains": [
"redact"
]
},
{
"contains": [
"rotation"
]
},
{
"contains": [
"allowlist"
]
}
]
}
}
}temperature
0
max_tokens
420
timeout (s)
120
type
scored
file
sec-secret-detector.json