Score zones
| Score | Zone | Meaning |
|---|---|---|
| 🟢 80–100 | Ship-ready | Repo is well-configured for agent-assisted work |
| 🟡 60–79 | Needs work | Active findings that limit agent effectiveness |
| 🔴 50–59 | Blocked | One or more Blocker-severity findings present |
| 🔴 0–49 | Critical | Raw secret detected in an agent-visible location |
max(0, 100 − B×20 − H×10 − M×4 − L×1), where B/H/M/L are Blocker, High, Medium, and Low finding counts. Hard caps override the formula: any secret finding locks the score at ≤49; any blocker finding locks it at ≤59.
What Charter evaluates
Context
Can the agent orient itself? Charter checks that an AGENTS.md exists, stays current, declares edit boundaries, and fits within a context window.
Safety
Is the repo safe to operate on? Charter checks for raw secrets in agent-visible files, unpinned MCP servers, and dangerous hook commands.
Operability
Can the agent run and verify its work? Charter checks for automated tests, a discoverable verification command, a reproducible toolchain, and a CI gate.
What Charter is not
Not a code reviewer
Not a code reviewer
Charter does not inspect your code for bugs, style violations, or logic errors. It evaluates the repo’s structural readiness for agents — the scaffolding around the code, not the code itself.
Not a package vulnerability scanner
Not a package vulnerability scanner
Charter does not audit dependency versions or CVEs. Use Dependabot, Snyk, or similar tools for supply-chain vulnerability scanning. Charter’s supply-chain checks are limited to MCP server pinning and provenance.
Not a runtime agent monitor
Not a runtime agent monitor
Charter is a static, offline scanner. It does not observe agents as they run, intercept tool calls, or detect misbehavior at runtime.
Not a secrets vault
Not a secrets vault
Charter detects raw secrets in agent-visible locations and tells you to move them. It does not manage, rotate, or store secrets. Use a dedicated secrets manager for that.
Not a git history scanner
Not a git history scanner
Charter scans the current working tree only. It does not inspect git history for secrets or configuration drift over time.
How it works
charter doctor scans the repo statically — no network calls, no LLM calls, no data sent anywhere. It produces a score from 0–100, emits structured findings with rule IDs and remediation guidance, and exits non-zero when the score falls below a threshold you control.
charter fix applies safe diff-first repairs for findings Charter knows how to fix. Every repair shows a unified diff before writing. Secrets and dangerous commands are never auto-fixed.
The score, the formula, and the rule set are all public and stable within a major version. Teams can use the score as a local signal, a pre-commit gate, and a CI requirement — and the number means the same thing in all three contexts.
Start here
Quickstart
Get a real Charter score on your repo in under 5 minutes.
How Charter Works
The three readiness axes, the scoring formula, and the fix engine.
Rules Reference
All 18 rules — what each checks and how to remediate it.
GitHub Action
Run Charter in CI and gate pull requests on agent-readiness.