Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.charlielabs.ai/llms.txt

Use this file to discover all available pages before exploring further.

Charlie works on public repositories, but open-source usage has stricter safety controls than private repo usage.

Maintainer-only invocation model

In maintainer repositories, Charlie only accepts invocations that are safely attributable to maintainers. That means:
  • maintainers can invoke Charlie in maintainer repo context,
  • outside collaborators cannot invoke Charlie with maintainer privileges,
  • untrusted or ambiguous trigger paths are intentionally conservative.

Scope and leakage risk

Public + private context mixing can leak information across surfaces if scope is too broad. Recommended defaults:
  • limit the GitHub App to only the repositories where Charlie is needed,
  • avoid broad org-wide installs unless required,
  • keep sensitive private repositories out of the same install scope when possible.

External collaborator behavior

External contributors cannot invoke Charlie in maintainer repo context. If they want Charlie support, they should use their own fork or organization install where they control permissions and scope.

Fork behavior

  • Maintainer-initiated workflows from the main repo context are supported.
  • Machine-initiated automations are conservative when maintainer linkage is missing or unsafe.
This conservative model is intentional to reduce abuse and cross-context data risk in open-source environments.