ProtoLint Rules

Complete reference for all ProtoLint v0.1 rules. Rules are checked against the Strict Core (frontmatter) and Friendly Layer (markdown sections).

Error — must fix Warning — should fix Info — best practice

E100Invalid frontmatter / proto version missing

Frontmatter missing, YAML invalid, or proto: 0.1 missing.

Fix: Add valid YAML and proto: "0.1".

E101Missing core identity fields

Missing name or summary.

Fix: Populate required identity fields.

E102Missing objective or output contract

objective.primary or outputs.format is missing.

Fix: Define the objective and output format.

W110Tags missing or empty

Hurts discovery and trust labels.

Fix: Add 1-5 meaningful tags.

E200Danger permission allowed without safety gates

High-risk permissions (passwords, payments, shell, etc.) set to allow without ask_before or refusal rules.

Fix: Set to "deny" or "ask" with explicit gates.

E201Network allowed but no domain scopes

Browser mode with network access but no allowed_domains. Scope leak risk.

Fix: Add explicit allowed_domains.

E202Sensitive domains without suggest mode

Banking/payment domains in allowed list without suggest-only autonomy.

Fix: Set autonomy to "suggest" or remove sensitive domains.

E203Payments denied but checkout actions allowed

Contract contradiction: payments deny but checkout/place_order in allowed_actions.

Fix: Move checkout actions to denied_actions.

W210No denied domains in browser mode

Missing default denylist for risky sites.

Fix: Add denied_domains like "banking.*".

W211Clipboard access without redactions

Clipboard may contain sensitive data.

Fix: Add redactions for passwords, otp, credit_card.

E300Autopilot with high-risk permissions

Autopilot mode combined with shell/files_write/payments/passwords not denied.

Fix: Downgrade to "assisted" or deny permissions.

E301Missing ask_before for forms in browser modes

submit_forms not in ask_before for browser/computer modes.

Fix: Add "submit_forms" to ask_before.

W310No rate limits

No max_steps or max_runtime_sec. Agents can loop indefinitely.

Fix: Set max_steps: 50 and max_runtime_sec: 600.

E401Mode/tool mismatch

chat_only mode with browser tools, or tool_runner with no tools.

Fix: Align mode with declared tools.

E500Browser mode without injection strategy

Web pages can inject instructions overriding the proto.

Fix: Set prompt_injection.strategy to "basic" or "hardened".

E501Hardened strategy without precedence notes

Hardened mode needs explicit notes stating proto takes precedence.

Fix: Add injection notes.

E600Missing receipts for autonomous agents

Autonomy beyond suggest without receipts enabled.

Fix: Set receipts: true.

W601Replay disabled for browser modes

Replay is the key consumer trust feature for browser agents.

Fix: Set replay: true.

E602Citations not required for research tags

Research/news/finance tags present but citation_required is false.

Fix: Set citation_required: true.

E700Persistent retention without disclosure

Data stored persistently without Safety & privacy disclosure.

Fix: Add disclosure or change retention to none/session.

E701PII allowed without redactions

PII set to allow without any redaction rules.

Fix: Set pii: "minimize" or add redactions.

W800No tests for publishable protos

Exportable proto with no test cases defined.

Fix: Add at least one test case.

W1001Missing required friendly headings

Friendly layer is missing one or more required sections.

Fix: Add all required headings.

I1010Missing examples section

Examples reduce misuse and improve builder UX.

Fix: Add an Examples section.