Charter — AI-Agent Readiness Scanner

Rule ID: AE-SEC-001 · Severity: Blocker · Category: Secrets · Auto-fixable: No

Charter never auto-fixes secret findings. Removing the literal value from the file is not a complete fix — the credential must be rotated externally first. Assume it was exposed the moment it was committed.

Why this rule

Agent context files are read on every task. A raw credential in AGENTS.md is visible to every model session, every log that captures context windows, and every tool invocation that passes the context forward. Rotation after exposure is the only safe recovery — the secret cannot be “un-seen.”

What triggers it

Charter scans git-tracked agent-visible files for high-confidence credential patterns:

Pattern	Example prefix	Min length
OpenAI API token	`sk-`	20 characters
GitHub personal access token	`ghp_`	30 characters
AWS access key ID	`AKIA`	16 characters
Slack bot token	`xoxb-`	20 characters
PEM private key	`-----BEGIN ... PRIVATE KEY-----`	—

Scanned files: AGENTS.md, CLAUDE.md, .cursor/rules, .windsurfrules, .github/copilot-instructions.md, opencode.md, codex.md, DESIGN.md, SKILL.md. Neutralized (never fire): Environment variable references (${VAR}, $VAR) and the placeholder string your-api-key-here are explicitly excluded. Only literal credential values trigger the finding. Detected values are redacted in Charter output (first 4 characters followed by …). Out of scope by design: Uncommitted local files are never scanned. Only git-tracked files are in scope.

Examples

Failing
Passing

AGENTS.md

# Setup

OPENAI_API_KEY=sk-proj-REPLACE_WITH_REAL_VALUE

# Charter detects: sk-p… (redacted) in AGENTS.md — fires Blocker

AGENTS.md

# Setup

OPENAI_API_KEY=${OPENAI_API_KEY}

AGENTS.md (placeholder also passes)

# Setup

OPENAI_API_KEY=your-api-key-here

How to fix

Rotate the credential externally

Revoke and regenerate the secret in the provider’s dashboard. The commit that introduced the literal value exposed it — assume it is compromised regardless of repo visibility.

Remove the literal value from the file

Delete the raw credential from the context file. Do not just move it to a comment or mask part of it.

Replace with an environment variable reference

Use ${OPENAI_API_KEY} or $OPENAI_API_KEY in place of the literal value. Most agent runtimes and CI systems resolve env refs at execution time.

Commit the fix

Commit the updated file. Charter will re-scan on next run and clear the finding once no literal credential is detected.

If the secret is already in git history

The secret is compromised. Rotate first (step 1), then consider a history rewrite (git filter-repo) — but note that history rewriting is destructive and requires coordination with all collaborators.

Score impact

Secret findings apply a hard cap: the final Charter score is held at ≤ 49 while AE-SEC-001 or AE-SEC-002 is active. This overrides the base formula and all other scoring — the repo cannot reach 50 or above until the finding is resolved.

AE-SEC-002 — same patterns applied to MCP config files
AE-CTX-001 — context file must exist and be within budget

CLI

charter explain AE-SEC-001

​Why this rule

​What triggers it

​Examples

​How to fix

​Score impact

​Related rules

​CLI

Why this rule

What triggers it

Examples

How to fix

Score impact

Related rules

CLI