Skip to content

Glossary

All terms used in the wiki, CLI output, and portal, explained briefly.

Terms that appear in the wiki, CLI output, or portal, briefly explained.

API key

A long, secret string you generate in the portal under API Keys and store as a secret in your CI. It authenticates CLI and CI requests against the portal, for example CLI downloads and license retrieval. More under Managing API Keys.

Baseline

A snapshot of existing findings, written with --write-baseline. When passed back via --baseline, the recorded findings are suppressed so only new findings are reported and gate the build. Useful when introducing CodeCharter into an existing codebase.

Bundle

A signed ZIP archive (.cgbundle) containing a profile's rules. Bundles are downloaded from the portal by codecharter restore, or referenced offline in .codecharter/config.yml via a path: entry.

Ccr file

The file extension for CodeCharter rules. A .ccr file contains metadata (@name, @severity, ...) and a LINQ query against the schema. See File structure.

Channel

Release channel for CodeCharter distributions. All current releases are published on the Stable channel.

CLI

The standalone command-line variant of CodeCharter. Available as a self-contained binary for Windows, Linux, and macOS; runs without an installed .NET runtime.

CodeCharter DSL

The small LINQ-like language in which custom rules are written. See DSL reference.

Determinism

A CodeCharter property: the same source code and the same rule set produce exactly the same findings every time, regardless of machine, time of day, or system load. See Determinism and caching.

Diff mode

Restricts analysis to changed lines. Pass a unified diff via --diff or a Git range via --git-ref (for example main..HEAD); in the GitHub Action, set the diff input. Findings and the --fail-on gate then apply only to changed lines.

Finding

A concrete violation of a rule at a specific location in the code. Has a severity (info, warn, error), a file path, a line number, and the rule's description and recommendation.

GitHub Action

The official CI integration bochmann-software/codeguard@v1. Wraps the CLI, fetches it from the portal using your API key, runs the analysis, and publishes findings as PR annotations.

License file

The codecharter.license file the CLI checks before every command. It is searched next to the CLI binary, in the working directory, and in the user configuration directory; the path can be overridden with --license or the CODECHARTER_LICENSE environment variable. When CODECHARTER_API_KEY is set, the CLI renews the license automatically from the portal.

Lockfile

The .codecharter/codecharter.lock.json file in your repository's .codecharter/ directory. It pins the resolved profile versions and bundle hashes: codecharter restore downloads exactly these bundles, codecharter verify checks the local cache against it, and codecharter update rewrites it.

MCP server

The integration for AI assistants, started with codecharter mcp. Exposes CodeCharter analysis and rule authoring as MCP tools; codecharter mcp install registers the server in supported AI tools.

Profile

A versioned, composed set of rules, referenced in .codecharter/config.yml as slug@version (for example codecharter/[email protected]). CodeCharter provides curated platform profiles under the codecharter/ prefix; customers can publish their own profiles through the portal.

Rule pack

A group of related rules, shipped as a directory of .ccr files. CodeCharter ships with built-in packs (general C# rules, ASP.NET Core, contracts, discouraged suffixes). You can add your own packs freely.

SARIF

Static Analysis Results Interchange Format: a JSON-based standard for code analysis tools. CodeCharter can output SARIF v2.1, which is natively consumed by GitHub Code Scanning and GitLab SAST.

Selector

The first part of a rule query that determines which code elements are checked: from t in Types, from m in Methods, and so on.

Severity

The severity level of a finding. CodeCharter has three levels:

  • info: informational note
  • warn: warning
  • error: error

Whether a finding fails the build is controlled by the --fail-on threshold: without it, the CLI exits with code 1 on any finding, including info. The GitHub Action defaults to fail-on: error.

Spec test

Hit and miss test cases for a rule, stored in a .spec.md file next to the rule and run with codecharter test, which returns a CI-friendly exit code.

Statement-level facts

The typed properties exposed on every method, constructor, and property accessor body (Catches, Invocations, MemberAccesses, Literals, BinaryExpressions, LocalDeclarations), reachable via the flattened AllBodies collection. A rule reads these directly instead of hand-rolling a m.Syntax traversal for a common pattern.

Subscription

The commercial license you hold for CodeCharter. Controls whether you can pull downloads from the portal. Trial, Starter, Team, Business, or Enterprise. See Plan overview.

Suppression

A deliberate exception to a rule at a specific location, placed inline via a comment (// codecharter-disable, // codecharter-disable-next-line). To disable a rule entirely or exclude whole files, use a rule override or an ignore entry in .codecharter/config.yml instead. More under Suppressions.

TimeProvider

The .NET 8 abstraction over the system clock. CodeCharter includes a built-in rule that flags direct DateTime.Now calls and recommends injecting TimeProvider via constructor instead.

Trial

The 7-day free full-access period every new account receives upon registration. See Registration and trial.

VSIX

The VS Code extension file. Offered as a download through the portal and installs the CodeCharter extension in the editor.