Stats
Actions
Tags
From superpowers-plus
Scans working tree, staged changes, and unpushed commits for proprietary IP patterns before committing to public repositories.
How this skill is triggered — by the user, by Claude, or both
Slash command
/superpowers-plus:public-repo-ip-auditThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- Before pushing code to any public repository
grep -rE "$PATTERNS" . across all tracked files.git diff --staged | grep -E "$PATTERNS".git log -p origin/main..HEAD | grep -E "$PATTERNS".Run tools/public-repo-ip-check.sh --history to scan full git history. This is diagnostic — it may flag old commits that predate pattern adoption. Rewriting published history is destructive for forks/clones and is NOT required. Use it to identify what was historically exposed, not as a push gate.
Define org-specific patterns. Categories to cover:
PATTERNS="TICKET-[0-9]+|YourCompany|ProductName"
PATTERNS+="|wiki\.internal\.yourco\.net|username@yourcompany\.com"
# Internal git hosting (GitHub Enterprise, GitLab, Azure DevOps, Gitea, etc.)
PATTERNS+="|dev\.azure\.com/YourOrg|gitlab\.yourcompany\.com"
# Issue trackers (Jira, YouTrack, Shortcut, Asana, etc.)
PATTERNS+="|tracker\.yourcompany\.com|yourcompany\.atlassian\.net"
# CI/CD (Jenkins, CircleCI, TeamCity, Buildkite, etc.)
PATTERNS+="|jenkins\.yourcompany\.com|circleci\.com/gh/YourOrg"
DO NOT commit/push if: pattern match in working tree, staged changes, or unpushed commits. Also block on: design docs in public repo, internal URLs, internal emails, ticket references, private git hosting URLs, CI/CD URLs. Full history hits are advisory — document and triage, do not block.
2026-03-06: Design doc created in public repo; sanitization only checked subdirectory; history not audited. Resolution: full git history rewrite (orphan branch).
Gate order: pre-commit-gate → enforce-style-guide → progressive-code-review-gate → professional-language-audit → this skill.
Preferred:
use-skill unified-commit-gateloads all 5 gates in one load. Use this skill directly only for deep-dive when the IP gate fails.
Wrong skill? Scanning code for secrets/CVEs →
repo-security-scan. Wiki content secrets →wiki-secret-audit. Dependency upgrades →security-upgrade.
Confirm the target repo is public. Check git remote -v and verify against the hosting platform's API.
Create org-specific patterns (see IP Pattern Registry above). Customize for your organization's:
git ls-files -z | xargs -0 grep -lnE "$PATTERNS"git diff --staged | grep -nE "$PATTERNS"git log -p origin/main..HEAD | grep -nE "$PATTERNS"| Match Type | Action |
|---|---|
| Internal URL | HARD BLOCK — remove before push |
| Employee email | HARD BLOCK — replace with generic |
| Ticket key (PROJ-123) | BLOCK — remove or genericize |
| Company name in code comment | WARN — review context, may be acceptable in attribution |
After fixing, re-run ALL gates. Zero matches required before push.
| Failure | Fix |
|---|---|
| Audit skipped because "it's just a README" | ALL files in public repos get audited, no exceptions |
| Internal URL patterns not in deny list | Update deny list with new internal domains immediately |
| Agent rationalizes "it's not really sensitive" | Hard block — any match requires explicit user override |
| Pattern registry is stale — new internal tools not covered | Review and update patterns quarterly; add new tools on adoption |
npx claudepluginhub bordenet/superpowers-plus --plugin superpowers-plusGuides creation, editing, and verification of skills for AI coding agents using test-driven development with subagent scenarios. Use when authoring or debugging skills.