Skip to content

[auto] Retroactive OSS policy audit — cc-taskrunner#18

Open
stackbilt-admin wants to merge 1 commit intomainfrom
auto/5cc3b74a
Open

[auto] Retroactive OSS policy audit — cc-taskrunner#18
stackbilt-admin wants to merge 1 commit intomainfrom
auto/5cc3b74a

Conversation

@stackbilt-admin
Copy link
Copy Markdown
Member

@stackbilt-admin stackbilt-admin commented Apr 7, 2026

Autonomous Task

Task ID: 5cc3b74a-3aa1-4a09-baf2-6d6846d303cb
Authority: auto_safe
Exit code: 0

Task Prompt

Audit this public OSS repo for violations of the Stackbilt OSS Infrastructure Package Update Policy.

Scan ALL source files for:

  1. Product-specific logic — any code that reveals how Stackbilt products work internally (AEGIS-specific task routing, product URLs, proprietary orchestration logic)
  2. Proprietary references — internal service names, deployment URLs, API keys, Stackbilt-specific business logic that doesn't belong in a generic task runner
  3. Test fixtures with product data — test files containing realistic Stackbilt product data instead of generic examples
  4. Untested public exports — exported function/class/type lacking test coverage

For each finding report: file path, line number, violation type, severity (HIGH/MEDIUM/LOW), recommended fix.

If no violations found, report "CLEAN — no policy violations detected."

Do NOT modify any files. Read-only audit.

TASK_COMPLETE

Result Summary

I've now read every source file in the repository. Here is my audit report.

OSS Policy Audit Report — cc-taskrunner

Auditor: Claude (autonomous)
Date: 2026-04-07
Scope: All source files in the repository
Status: FINDINGS — 6 violations detected

Finding 1 — Proprietary product name in example config

Field Value
File repo-aliases.example.conf:6
Line # smart_revenue_recovery=smart_revenue_recovery_adf
Type Proprietary references
Severity MEDIUM
Details Reveals an actual Stackbilt product name (smart_revenue_recovery) and its internal directory naming convention (_adf suffix).
Fix Replace with generic example: # my-app=my-app-v2

Finding 2 — Personal/product site name in example config

Field Value
File repo-aliases.example.conf:7
Line # kurtovermier.com=kurtosite092025
Type Proprietary references
Severity LOW
Details Reveals a personal/product site name and internal directory naming convention.
Fix Replace with generic example: # example.com=my-website

Finding 3 — Proprietary product name in inline code comments

Field Value
File taskrunner.sh:39
Line # Alias file: one "alias=directory" per line (e.g. smart_revenue_recovery=smart_revenue_recovery_adf)
Also plugin/taskrunner.sh:33 (identical)
Type Proprietary references
Severity MEDIUM
Details Same product name smart_revenue_recovery appears as an inline example in the two copies of the taskrunner script.
Fix Replace example with: (e.g. my-app=my-app-v2)

Finding 4 — Internal deploy pipeline tier classification

Field Value
File scripts/deploy.sh:4
Line `# Stackbilt standard deploy pipeline (Tier 1), adapted

Generated by AEGIS task runner. Review before merging.

@stackbilt-admin
auto: uncommitted changes from task 5cc3b74a
b28a563 
Task: Retroactive OSS policy audit — cc-taskrunner
@stackbilt-admin stackbilt-admin added the auto-generated Created by AEGIS task runner label Apr 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

auto-generated Created by AEGIS task runner

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stackbilt-admin