From bb56302b10e4f272041f1443b86ac141a028ca61 Mon Sep 17 00:00:00 2001
From: Kurt Overmier <admin@stackbilt.dev>
Date: Tue, 7 Apr 2026 07:30:53 -0500
Subject: [PATCH] docs: add OSS policy reference to CLAUDE.md

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitignore |  5 +++++
 CLAUDE.md  | 13 +++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/.gitignore b/.gitignore
index f632525..10185b5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -47,3 +47,8 @@ credentials.json
 # AI/LLM artifacts
 CLAUDE.md
 .ai/
+# cc-taskrunner worktree protection
+C:*
+node_modules/
+.pnpm-store/
+__pycache__/
diff --git a/CLAUDE.md b/CLAUDE.md
index 87d777a..759ca26 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -116,3 +116,16 @@ When PII is detected during redaction:
 - Sentiment text truncation: 500 characters (model token limit)
 - Sentiment batch concurrency: 10 requests (configurable in `analyzer.analyzeBatch()`)
 - Event ID prefix: `ss-` (Social Sentinel)
+
+## OSS Policy
+
+This is a **public infrastructure package** governed by the Stackbilt OSS Infrastructure Package Update Policy.
+
+Rules:
+1. **Additive only** — never remove or rename public API without a major version bump
+2. **No product logic** — framework patterns and generic utilities only. If a competitor could reconstruct Stackbilt product architecture from this code, it doesn't belong here.
+3. **Strict semver** — patch for fixes, minor for new features, major for breaking changes
+4. **Tests travel with code** — every public export must have test coverage
+5. **Validate at boundaries** — all external API responses validated before returning to consumers
+
+Full policy: `stackbilt_llc/policies/oss-infrastructure-update-policy.md`