From superpowers-plus
Audits code for proprietary IP leakage including internal URLs, ticket IDs, company names, and confidential content before pushing to public repositories on any platform. Blocks commits if matches found.
npx claudepluginhub bordenet/superpowers-plus --plugin superpowers-plusThis skill uses the workspace's default tool permissions.
- Before pushing code to any public repository
Mandates invoking relevant skills via tools before any response in coding sessions. Covers access, priorities, and adaptations for Claude Code, Copilot CLI, Gemini CLI.
Share bugs, ideas, or general feedback.
grep -rE "$PATTERNS" . across all tracked files.git diff --staged | grep -E "$PATTERNS".git log -p origin/main..HEAD | grep -E "$PATTERNS".Run tools/public-repo-ip-check.sh --history to scan full git history. This is diagnostic — it may flag old commits that predate pattern adoption. Rewriting published history is destructive for forks/clones and is NOT required. Use it to identify what was historically exposed, not as a push gate.
Define org-specific patterns. Categories to cover:
PATTERNS="TICKET-[0-9]+|YourCompany|ProductName"
PATTERNS+="|wiki\.internal\.yourco\.net|username@yourcompany\.com"
# Internal git hosting (GitHub Enterprise, GitLab, Azure DevOps, Gitea, etc.)
PATTERNS+="|dev\.azure\.com/YourOrg|gitlab\.yourcompany\.com"
# Issue trackers (Jira, YouTrack, Shortcut, Asana, etc.)
PATTERNS+="|tracker\.yourcompany\.com|yourcompany\.atlassian\.net"
# CI/CD (Jenkins, CircleCI, TeamCity, Buildkite, etc.)
PATTERNS+="|jenkins\.yourcompany\.com|circleci\.com/gh/YourOrg"
DO NOT commit/push if: pattern match in working tree, staged changes, or unpushed commits. Also block on: design docs in public repo, internal URLs, internal emails, ticket references, private git hosting URLs, CI/CD URLs. Full history hits are advisory — document and triage, do not block.
2026-03-06: Design doc created in public repo; sanitization only checked subdirectory; history not audited. Resolution: full git history rewrite (orphan branch).
Gate order: pre-commit-gate → enforce-style-guide → progressive-code-review-gate → professional-language-audit → this skill.
Preferred:
use-skill unified-commit-gateloads all 5 gates in one load. Use this skill directly only for deep-dive when the IP gate fails.
Wrong skill? Scanning code for secrets/CVEs →
repo-security-scan. Wiki content secrets →wiki-secret-audit. Dependency upgrades →security-upgrade.
Confirm the target repo is public. Check git remote -v and verify against the hosting platform's API.
Create org-specific patterns (see IP Pattern Registry above). Customize for your organization's:
git ls-files -z | xargs -0 grep -lnE "$PATTERNS"git diff --staged | grep -nE "$PATTERNS"git log -p origin/main..HEAD | grep -nE "$PATTERNS"| Match Type | Action |
|---|---|
| Internal URL | HARD BLOCK — remove before push |
| Employee email | HARD BLOCK — replace with generic |
| Ticket key (PROJ-123) | BLOCK — remove or genericize |
| Company name in code comment | WARN — review context, may be acceptable in attribution |
After fixing, re-run ALL gates. Zero matches required before push.
| Failure | Fix |
|---|---|
| Audit skipped because "it's just a README" | ALL files in public repos get audited, no exceptions |
| Internal URL patterns not in deny list | Update deny list with new internal domains immediately |
| Agent rationalizes "it's not really sensitive" | Hard block — any match requires explicit user override |
| Pattern registry is stale — new internal tools not covered | Review and update patterns quarterly; add new tools on adoption |