Rule Categories
Context
4 rules — agent instructions exist, stay current, and avoid noise. Agents that start with no orientation guess at the stack and edit files they shouldn’t.
Secrets
2 rules — raw credentials never reach agent-visible locations. Exposure at commit time means rotation is already required.
MCP Safety
3 rules — MCP servers are pinned to exact versions, sourced from trusted origins, and protected by declared auth.
Agent Config
2 rules — hook configurations are safe, and the agent edit scope is explicit so agents know what they can and cannot touch.
Environment & CI
2 rules — a reproducible toolchain and Charter running in CI so every pull request gets scored automatically.
Testing
1 rule — every active language in the repo has automated tests the agent can run to verify its own changes.
Autonomy
1 rule — a discoverable verification command lets agents confirm their work without needing human guidance.
Governance
3 rules — suppressions are reasoned, bounded, and carry an approver so the score stays meaningful over time.
Score Formula
Score formula:
score = max(0, 100 − B×20 − H×10 − M×4 − L×1) where B = Blocker findings, H = High, M = Medium, L = Low.Hard caps: Any active Blocker holds the final score at ≤ 59. Any active secret finding (AE-SEC-001 or AE-SEC-002) holds the final score at ≤ 49. Caps apply after the base formula.All 18 Rules
| Rule | Name | Category | Severity | Auto-fixable |
|---|---|---|---|---|
| AE-CTX-001 | AgentContextFilePresent | Context | Blocker | ✅ Yes |
| AE-CTX-002 | AgentContextConsistency | Context | Medium | ❌ No |
| AE-CTX-004 | AgentArtifactsGitignored | Context | Medium | ✅ Yes |
| AE-CTX-006 | ContextOverEmphasis | Context | Informational | ❌ No |
| AE-SEC-001 | NoSecretsInAgentContext | Secrets | Blocker | ❌ No |
| AE-SEC-002 | NoSecretsInMCPConfig | Secrets | Blocker | ❌ No |
| AE-MCP-001 | MCPServerPinned | MCP Safety | High | ✅ Yes (partial) |
| AE-MCP-002 | MCPRemoteTrusted | MCP Safety | High | ❌ No |
| AE-MCP-003 | MCPAuthDeclared | MCP Safety | High | ❌ No |
| AE-CC-001 | NoDangerousHookCommands | Agent Config | Blocker | ❌ No |
| AE-CC-002 | AgentEditScopeDeclared | Agent Config | High | ❌ No |
| AE-ENV-001 | ReproducibleToolchain | Environment | Medium | ❌ No |
| AE-CI-002 | CharterInCI | CI | Low | ✅ Yes |
| AE-TEST-001 | TestsPresent | Testing | High | ❌ No |
| AE-AUTO-001 | AutomationCommandDiscoverable | Autonomy | Medium | ❌ No |
| AE-SUPPRESS-001 | SuppressionHasReason | Governance | Medium | ❌ No |
| AE-SUPPRESS-002 | PermanentSuppressionHasApprover | Governance | High | ❌ No |
| AE-SUPPRESS-003 | HighSuppressionRate | Governance | Informational | ❌ No |
Severity Reference
Blocker — −20 per finding, score capped at ≤59
Blocker — −20 per finding, score capped at ≤59
The most severe class. A Blocker means the repo is not safe or understandable enough for autonomous agent work. Active Blockers hold the final score below 60 regardless of other findings. Rules: AE-CTX-001, AE-SEC-001, AE-SEC-002, AE-CC-001.
High — −10 per finding
High — −10 per finding
Significant gaps that materially impair agent safety or reliability. No hard cap, but multiple High findings rapidly pull the score below useful thresholds. Rules: AE-MCP-001, AE-MCP-002, AE-MCP-003, AE-CC-002, AE-TEST-001, AE-SUPPRESS-002.
Medium — −4 per finding
Medium — −4 per finding
Friction that degrades agent quality without being immediately dangerous. Rules: AE-CTX-002, AE-CTX-004, AE-ENV-001, AE-AUTO-001, AE-SUPPRESS-001.
Low — −1 per finding
Low — −1 per finding
Minor issues and hygiene gaps. Rules: AE-CI-002.
Informational — 0 points deducted
Informational — 0 points deducted
Surfaces signal worth reviewing but does not affect the score. Rules: AE-CTX-006, AE-SUPPRESS-003.