‹ Agent Governance Index

Is Aider-AI/aider production-ready?

Mechanical governance score from agent-contracts scan against a clean clone. No vibes, no testimonials — reproducible from the exact commit below.

84/100 B no change since the previous scan
Weakest dimension: secret_safety (7/15). This measures secrets git-ignored, no obvious hardcoded keys. A low score here means an agent built on aider can fail in this dimension without the repo signalling it.

Dimension breakdown (100 points)

tests_and_ci — a test suite plus CI that runs it20/20
tool_governance — permission / allowlist / approval / human-in-loop gating on tool calls20/20
secret_safety — secrets git-ignored, no obvious hardcoded keys7/15
eval_harness — an eval / benchmark / labeled-corpus surface15/15
dependency_pinning — a lockfile or pinned dependency manifest7/10
observability — logging / audit / tracing5/10
resilience — retry / backoff / fallback / escalation10/10

Reproduce this score

pip install "agent-contracts @ git+https://github.com/impartshadow/agent-contracts.git"
git clone --depth 1 https://github.com/Aider-AI/aider.git
git -C aider checkout 5dc9490bb3
agent-contracts scan --root aider --json

Scored commit: 5dc9490bb35f9729ef2c95d00a19ccd30c26339c. The score is the output of a deterministic scanner, not a judgment call — a clean clone reproduces it.

What this score can and can't tell you

This index measures observable governance surface — the guardrails a reliable agent needs. It does not certify that agents built on aider behave correctly at runtime. The most expensive agent failure — confidently claiming a task is "done" with nothing to back it — has no surface to grep, so no static score (including this one) can see it. Here's the proof, on the #1-ranked framework.

Every framework is re-scanned on a schedule. The weekly delta — what moved, on which commit, and what it means for teams building on it — goes out at echofromshadow.substack.com.