Opensource Pipeline

1---2name: opensource-pipeline3description: "Open-source pipeline: fork, sanitize, and package private projects for safe public release. Chains 3 agents (forker, sanitizer, packager). Triggers: '/opensource', 'open source this', 'make this public', 'prepare for open source'."4origin: ECC5---6 7# Open-Source Pipeline Skill8 9Safely open-source any project through a 3-stage pipeline: **Fork** (strip secrets) → **Sanitize** (verify clean) → **Package** (CLAUDE.md + setup.sh + README).10 11## When to Activate12 13- User says "open source this project" or "make this public"14- User wants to prepare a private repo for public release15- User needs to strip secrets before pushing to GitHub16- User invokes `/opensource fork`, `/opensource verify`, or `/opensource package`17 18## Commands19 20| Command | Action |21|---------|--------|22| `/opensource fork PROJECT` | Full pipeline: fork + sanitize + package |23| `/opensource verify PROJECT` | Run sanitizer on existing repo |24| `/opensource package PROJECT` | Generate CLAUDE.md + setup.sh + README |25| `/opensource list` | Show all staged projects |26| `/opensource status PROJECT` | Show reports for a staged project |27 28## Protocol29 30### /opensource fork PROJECT31 32**Full pipeline — the main workflow.**33 34#### Step 1: Gather Parameters35 36Resolve the project path. If PROJECT contains `/`, treat as a path (absolute or relative). Otherwise check: current working directory, `$HOME/PROJECT`, then ask the user.37 38```39SOURCE_PATH="<resolved absolute path>"40STAGING_PATH="$HOME/opensource-staging/${PROJECT_NAME}"41```42 43Ask the user:441. "Which project?" (if not found)452. "License? (MIT / Apache-2.0 / GPL-3.0 / BSD-3-Clause)"463. "GitHub org or username?" (default: detect via `gh api user -q .login`)474. "GitHub repo name?" (default: project name)485. "Description for README?" (analyze project for suggestion)49 50#### Step 2: Create Staging Directory51 52```bash53mkdir -p $HOME/opensource-staging/54```55 56#### Step 3: Run Forker Agent57 58Spawn the `opensource-forker` agent:59 60```61Agent(62  description="Fork {PROJECT} for open-source",63  subagent_type="opensource-forker",64  prompt="""65Fork project for open-source release.66 67Source: {SOURCE_PATH}68Target: {STAGING_PATH}69License: {chosen_license}70 71Follow the full forking protocol:721. Copy files (exclude .git, node_modules, __pycache__, .venv)732. Strip all secrets and credentials743. Replace internal references with placeholders754. Generate .env.example765. Clean git history776. Generate FORK_REPORT.md in {STAGING_PATH}/FORK_REPORT.md78"""79)80```81 82Wait for completion. Read `{STAGING_PATH}/FORK_REPORT.md`.83 84#### Step 4: Run Sanitizer Agent85 86Spawn the `opensource-sanitizer` agent:87 88```89Agent(90  description="Verify {PROJECT} sanitization",91  subagent_type="opensource-sanitizer",92  prompt="""93Verify sanitization of open-source fork.94 95Project: {STAGING_PATH}96Source (for reference): {SOURCE_PATH}97 98Run ALL scan categories:991. Secrets scan (CRITICAL)1002. PII scan (CRITICAL)1013. Internal references scan (CRITICAL)1024. Dangerous files check (CRITICAL)1035. Configuration completeness (WARNING)1046. Git history audit105 106Generate SANITIZATION_REPORT.md inside {STAGING_PATH}/ with PASS/FAIL verdict.107"""108)109```110 111Wait for completion. Read `{STAGING_PATH}/SANITIZATION_REPORT.md`.112 113**If FAIL:** Show findings to user. Ask: "Fix these and re-scan, or abort?"114- If fix: Apply fixes, re-run sanitizer (maximum 3 retry attempts — after 3 FAILs, present all findings and ask user to fix manually)115- If abort: Clean up staging directory116 117**If PASS or PASS WITH WARNINGS:** Continue to Step 5.118 119#### Step 5: Run Packager Agent120 121Spawn the `opensource-packager` agent:122 123```124Agent(125  description="Package {PROJECT} for open-source",126  subagent_type="opensource-packager",127  prompt="""128Generate open-source packaging for project.129 130Project: {STAGING_PATH}131License: {chosen_license}132Project name: {PROJECT_NAME}133Description: {description}134GitHub repo: {github_repo}135 136Generate:1371. CLAUDE.md (commands, architecture, key files)1382. setup.sh (one-command bootstrap, make executable)1393. README.md (or enhance existing)1404. LICENSE1415. CONTRIBUTING.md1426. .github/ISSUE_TEMPLATE/ (bug_report.md, feature_request.md)143"""144)145```146 147#### Step 6: Final Review148 149Present to user:150```151Open-Source Fork Ready: {PROJECT_NAME}152 153Location: {STAGING_PATH}154License: {license}155Files generated:156  - CLAUDE.md157  - setup.sh (executable)158  - README.md159  - LICENSE160  - CONTRIBUTING.md161  - .env.example ({N} variables)162 163Sanitization: {sanitization_verdict}164 165Next steps:166  1. Review: cd {STAGING_PATH}167  2. Create repo: gh repo create {github_org}/{github_repo} --public168  3. Push: git remote add origin ... && git push -u origin main169 170Proceed with GitHub creation? (yes/no/review first)171```172 173#### Step 7: GitHub Publish (on user approval)174 175```bash176cd "{STAGING_PATH}"177gh repo create "{github_org}/{github_repo}" --public --source=. --push --description "{description}"178```179 180---181 182### /opensource verify PROJECT183 184Run sanitizer independently. Resolve path: if PROJECT contains `/`, treat as a path. Otherwise check `$HOME/opensource-staging/PROJECT`, then `$HOME/PROJECT`, then current directory.185 186```187Agent(188  subagent_type="opensource-sanitizer",189  prompt="Verify sanitization of: {resolved_path}. Run all 6 scan categories and generate SANITIZATION_REPORT.md."190)191```192 193---194 195### /opensource package PROJECT196 197Run packager independently. Ask for "License?" and "Description?", then:198 199```200Agent(201  subagent_type="opensource-packager",202  prompt="Package: {resolved_path} ..."203)204```205 206---207 208### /opensource list209 210```bash211ls -d $HOME/opensource-staging/*/212```213 214Show each project with pipeline progress (FORK_REPORT.md, SANITIZATION_REPORT.md, CLAUDE.md presence).215 216---217 218### /opensource status PROJECT219 220```bash221cat $HOME/opensource-staging/${PROJECT}/SANITIZATION_REPORT.md222cat $HOME/opensource-staging/${PROJECT}/FORK_REPORT.md223```224 225## Staging Layout226 227```228$HOME/opensource-staging/229  my-project/230    FORK_REPORT.md           # From forker agent231    SANITIZATION_REPORT.md   # From sanitizer agent232    CLAUDE.md                # From packager agent233    setup.sh                 # From packager agent234    README.md                # From packager agent235    .env.example             # From forker agent236    ...                      # Sanitized project files237```238 239## Anti-Patterns240 241- **Never** push to GitHub without user approval242- **Never** skip the sanitizer — it is the safety gate243- **Never** proceed after a sanitizer FAIL without fixing all critical findings244- **Never** leave `.env`, `*.pem`, or `credentials.json` in the staging directory245 246## Best Practices247 248- Always run the full pipeline (fork → sanitize → package) for new releases249- The staging directory persists until explicitly cleaned up — use it for review250- Re-run the sanitizer after any manual fixes before publishing251- Parameterize secrets rather than deleting them — preserve project functionality252 253## Related Skills254 255See `security-review` for secret detection patterns used by the sanitizer.