mirror of
https://github.com/affaan-m/everything-claude-code.git
synced 2026-04-02 07:03:28 +08:00
477d23a34f
* feat(agents,skills): add opensource-pipeline — 3-agent open-source release workflow Adds a complete pipeline for safely preparing private projects for public release: secret stripping (20+ patterns), independent sanitization audit, and professional doc generation (CLAUDE.md, setup.sh, README, LICENSE). Agents added: - agents/opensource-forker.md — copies project, strips secrets, generates .env.example - agents/opensource-sanitizer.md — independent PASS/FAIL audit, read-only, 20+ patterns - agents/opensource-packager.md — generates CLAUDE.md, setup.sh, README, LICENSE, CONTRIBUTING Skill added: - skills/opensource-pipeline/SKILL.md — orchestrator: routes /opensource commands, chains agents Source: https://github.com/herakles-dev/opensource-pipeline (MIT) * fix: address P1/P2 review findings from Cubic, CodeRabbit, and Greptile - Collect GitHub org/username in Step 1, use quoted vars in publish command - Add 3-attempt retry cap on sanitizer FAIL loop - Use dynamic sanitization verdict in final review output - Broaden rsync exclusions: .env*, .claude/, .secrets/, secrets/ - Fix JWT regex to match full 3-segment tokens (header.payload.signature) - Broaden GitHub token regex to cover gho_, ghu_ prefixes - Fix AWS regex to be case-insensitive, match env var formats - Tighten generic env regex: increase min length to 16, add non-secret lookaheads - Separate heuristic WARNING patterns from CRITICAL patterns in sanitizer - Broaden internal path detection: macOS /Users/, Windows C:\Users\ - Clarify sanitizer is source-read-only (report writing is allowed) * fix: flag *.map files as dangerous instead of skipping them Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>