Terms that appear in the wiki, CLI output, or portal, briefly explained.
API key
A long, secret string you generate in the portal under API Keys and store as a secret in your CI. It authenticates CLI and CI requests against the portal, for example CLI downloads and license retrieval. More under Managing API Keys.
Baseline
A snapshot of existing findings, written with --write-baseline. When
passed back via --baseline, the recorded findings are suppressed so
only new findings are reported and gate the build. Useful when
introducing CodeCharter into an existing codebase.
Bundle
A signed ZIP archive (.cgbundle) containing a profile's rules.
Bundles are downloaded from the portal by codecharter restore, or
referenced offline in .codecharter/config.yml via a path: entry.
Ccr file
The file extension for CodeCharter rules. A .ccr file contains
metadata (@name, @severity, ...) and a LINQ query against
the schema. See File structure.
Channel
Release channel for CodeCharter distributions. All current releases are published on the Stable channel.
CLI
The standalone command-line variant of CodeCharter. Available as a self-contained binary for Windows, Linux, and macOS; runs without an installed .NET runtime.
CodeCharter DSL
The small LINQ-like language in which custom rules are written. See DSL reference.
Determinism
A CodeCharter property: the same source code and the same rule set produce exactly the same findings every time, regardless of machine, time of day, or system load. See Determinism and caching.
Diff mode
Restricts analysis to changed lines. Pass a unified diff via --diff
or a Git range via --git-ref (for example main..HEAD); in the
GitHub Action, set the diff input. Findings and the --fail-on gate
then apply only to changed lines.
Finding
A concrete violation of a rule at a specific location in
the code. Has a severity (info, warn, error), a file path, a
line number, and the rule's description and recommendation.
GitHub Action
The official CI integration bochmann-software/codeguard@v1. Wraps
the CLI, fetches it from the portal using your API key, runs the analysis,
and publishes findings as PR annotations.
License file
The codecharter.license file the CLI checks before every command.
It is searched next to the CLI binary, in the working directory, and
in the user configuration directory; the path can be overridden with
--license or the CODECHARTER_LICENSE environment variable. When
CODECHARTER_API_KEY is set, the CLI renews the license automatically
from the portal.
Lockfile
The .codecharter/codecharter.lock.json file in your repository's .codecharter/
directory. It pins the
resolved profile versions and bundle hashes: codecharter restore
downloads exactly these bundles, codecharter verify checks the local
cache against it, and codecharter update rewrites it.
MCP server
The integration for AI assistants, started with codecharter mcp.
Exposes CodeCharter analysis and rule authoring as MCP tools;
codecharter mcp install registers the server in supported AI tools.
Profile
A versioned, composed set of rules, referenced in .codecharter/config.yml as
slug@version (for example codecharter/[email protected]). CodeCharter
provides curated platform profiles under the codecharter/ prefix;
customers can publish their own profiles through the portal.
Rule pack
A group of related rules, shipped as a directory of
.ccr files. CodeCharter ships with built-in packs (general C# rules,
ASP.NET Core, contracts, discouraged suffixes). You can add your own
packs freely.
SARIF
Static Analysis Results Interchange Format: a JSON-based standard for code analysis tools. CodeCharter can output SARIF v2.1, which is natively consumed by GitHub Code Scanning and GitLab SAST.
Selector
The first part of a rule query that determines which code elements
are checked: from t in Types, from m in Methods, and so on.
Severity
The severity level of a finding. CodeCharter has three levels:
info: informational notewarn: warningerror: error
Whether a finding fails the build is controlled by the --fail-on
threshold: without it, the CLI exits with code 1 on any finding,
including info. The GitHub Action defaults to fail-on: error.
Spec test
Hit and miss test cases for a rule, stored in a .spec.md file next
to the rule and run with codecharter test, which returns a CI-friendly
exit code.
Statement-level facts
The typed properties exposed on every method, constructor, and property
accessor body (Catches, Invocations, MemberAccesses, Literals,
BinaryExpressions, LocalDeclarations), reachable via the flattened
AllBodies collection. A rule reads these directly instead of
hand-rolling a m.Syntax traversal for a common pattern.
Subscription
The commercial license you hold for CodeCharter. Controls whether you can pull downloads from the portal. Trial, Starter, Team, Business, or Enterprise. See Plan overview.
Suppression
A deliberate exception to a rule at a specific location, placed inline
via a comment (// codecharter-disable, // codecharter-disable-next-line).
To disable a rule entirely or exclude whole files, use a rule override
or an ignore entry in .codecharter/config.yml instead. More under
Suppressions.
TimeProvider
The .NET 8 abstraction over the system clock. CodeCharter includes a
built-in rule that flags direct DateTime.Now calls and recommends
injecting TimeProvider via constructor instead.
Trial
The 7-day free full-access period every new account receives upon registration. See Registration and trial.
VSIX
The VS Code extension file. Offered as a download through the portal and installs the CodeCharter extension in the editor.