Back to Details

opensource-pipeline

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Open-Source Pipeline Skill

开源流水线Skill

Safely open-source any project through a 3-stage pipeline: Fork (strip secrets) → Sanitize (verify clean) → Package (CLAUDE.md + setup.sh + README).
通过3阶段流水线安全地将任何项目开源:复刻(Fork)(移除敏感信息)→ 清理(Sanitize)(验证无风险)→ 打包(Package)(生成CLAUDE.md + setup.sh + README)。

When to Activate

激活时机

  • User says "open source this project" or "make this public"
  • User wants to prepare a private repo for public release
  • User needs to strip secrets before pushing to GitHub
  • User invokes 
    /opensource fork
    , 
    /opensource verify
    , or 
    /opensource package
  • 用户说出"open source this project"或者"make this public"
  • 用户需要将私有代码库准备好用于公开发布
  • 用户需要在推送到GitHub前移除敏感信息
  • 用户调用
    /opensource fork
    /opensource verify
    /opensource package
    命令

Commands

命令

CommandAction
/opensource fork PROJECT
Full pipeline: fork + sanitize + package
/opensource verify PROJECT
Run sanitizer on existing repo
/opensource package PROJECT
Generate CLAUDE.md + setup.sh + README
/opensource list
Show all staged projects
/opensource status PROJECT
Show reports for a staged project
CommandAction
/opensource fork PROJECT
完整流水线:复刻 + 清理 + 打包
/opensource verify PROJECT
对现有代码库运行清理检查
/opensource package PROJECT
生成CLAUDE.md + setup.sh + README
/opensource list
展示所有暂存中的项目
/opensource status PROJECT
展示某个暂存项目的报告

Protocol

执行协议

/opensource fork PROJECT

/opensource fork PROJECT

Full pipeline — the main workflow.
完整流水线——核心工作流

Step 1: Gather Parameters

步骤1:收集参数

Resolve the project path. If PROJECT contains 
/
, treat as a path (absolute or relative). Otherwise check: current working directory, 
$HOME/PROJECT
, then ask the user.
SOURCE_PATH="<resolved absolute path>"
STAGING_PATH="$HOME/opensource-staging/${PROJECT_NAME}"
Ask the user:
  1. "Which project?" (if not found)
  2. "License? (MIT / Apache-2.0 / GPL-3.0 / BSD-3-Clause)"
  3. "GitHub org or username?" (default: detect via 
    gh api user -q .login
    )
  4. "GitHub repo name?" (default: project name)
  5. "Description for README?" (analyze project for suggestion)
解析项目路径。如果PROJECT包含
/
,则视为(绝对或相对)路径。否则依次检查:当前工作目录、
$HOME/PROJECT
,仍未找到则询问用户。
SOURCE_PATH="<resolved absolute path>"
STAGING_PATH="$HOME/opensource-staging/${PROJECT_NAME}"
询问用户以下信息:
  1. "目标项目是哪个?"(如果未找到对应项目)
  2. "开源许可证?(MIT / Apache-2.0 / GPL-3.0 / BSD-3-Clause)"
  3. "GitHub组织名或用户名?"(默认值:通过
    gh api user -q .login
    自动检测)
  4. "GitHub仓库名?"(默认值:项目名称)
  5. "README的项目描述?"(会先分析项目给出建议)

Step 2: Create Staging Directory

步骤2:创建暂存目录

bash
mkdir -p $HOME/opensource-staging/
bash
mkdir -p $HOME/opensource-staging/

Step 3: Run Forker Agent

步骤3:运行复刻器Agent

Spawn the 
opensource-forker
agent:
Agent(
  description="Fork {PROJECT} for open-source",
  subagent_type="opensource-forker",
  prompt="""
Fork project for open-source release.

Source: {SOURCE_PATH}
Target: {STAGING_PATH}
License: {chosen_license}

Follow the full forking protocol:
1. Copy files (exclude .git, node_modules, __pycache__, .venv)
2. Strip all secrets and credentials
3. Replace internal references with placeholders
4. Generate .env.example
5. Clean git history
6. Generate FORK_REPORT.md in {STAGING_PATH}/FORK_REPORT.md
"""
)
Wait for completion. Read 
{STAGING_PATH}/FORK_REPORT.md
.
启动
opensource-forker
agent:
Agent(
  description="Fork {PROJECT} for open-source",
  subagent_type="opensource-forker",
  prompt="""
Fork project for open-source release.

Source: {SOURCE_PATH}
Target: {STAGING_PATH}
License: {chosen_license}

Follow the full forking protocol:
1. Copy files (exclude .git, node_modules, __pycache__, .venv)
2. Strip all secrets and credentials
3. Replace internal references with placeholders
4. Generate .env.example
5. Clean git history
6. Generate FORK_REPORT.md in {STAGING_PATH}/FORK_REPORT.md
"""
)
等待执行完成,读取
{STAGING_PATH}/FORK_REPORT.md

Step 4: Run Sanitizer Agent

步骤4:运行清理器Agent

Spawn the 
opensource-sanitizer
agent:
Agent(
  description="Verify {PROJECT} sanitization",
  subagent_type="opensource-sanitizer",
  prompt="""
Verify sanitization of open-source fork.

Project: {STAGING_PATH}
Source (for reference): {SOURCE_PATH}

Run ALL scan categories:
1. Secrets scan (CRITICAL)
2. PII scan (CRITICAL)
3. Internal references scan (CRITICAL)
4. Dangerous files check (CRITICAL)
5. Configuration completeness (WARNING)
6. Git history audit

Generate SANITIZATION_REPORT.md inside {STAGING_PATH}/ with PASS/FAIL verdict.
"""
)
Wait for completion. Read 
{STAGING_PATH}/SANITIZATION_REPORT.md
.
If FAIL: Show findings to user. Ask: "Fix these and re-scan, or abort?"
  • If fix: Apply fixes, re-run sanitizer (maximum 3 retry attempts — after 3 FAILs, present all findings and ask user to fix manually)
  • If abort: Clean up staging directory
If PASS or PASS WITH WARNINGS: Continue to Step 5.
启动
opensource-sanitizer
agent:
Agent(
  description="Verify {PROJECT} sanitization",
  subagent_type="opensource-sanitizer",
  prompt="""
Verify sanitization of open-source fork.

Project: {STAGING_PATH}
Source (for reference): {SOURCE_PATH}

Run ALL scan categories:
1. Secrets scan (CRITICAL)
2. PII scan (CRITICAL)
3. Internal references scan (CRITICAL)
4. Dangerous files check (CRITICAL)
5. Configuration completeness (WARNING)
6. Git history audit

Generate SANITIZATION_REPORT.md inside {STAGING_PATH}/ with PASS/FAIL verdict.
"""
)
等待执行完成,读取
{STAGING_PATH}/SANITIZATION_REPORT.md
如果结果为FAIL: 向用户展示发现的问题,询问:"修复后重新扫描,还是终止流程?"
  • 选择修复:应用修复后重新运行清理器(最多重试3次——3次都失败后,展示所有问题让用户手动修复)
  • 选择终止:清理暂存目录
如果结果为PASS或PASS WITH WARNINGS: 继续执行步骤5。

Step 5: Run Packager Agent

步骤5:运行打包器Agent

Spawn the 
opensource-packager
agent:
Agent(
  description="Package {PROJECT} for open-source",
  subagent_type="opensource-packager",
  prompt="""
Generate open-source packaging for project.

Project: {STAGING_PATH}
License: {chosen_license}
Project name: {PROJECT_NAME}
Description: {description}
GitHub repo: {github_repo}

Generate:
1. CLAUDE.md (commands, architecture, key files)
2. setup.sh (one-command bootstrap, make executable)
3. README.md (or enhance existing)
4. LICENSE
5. CONTRIBUTING.md
6. .github/ISSUE_TEMPLATE/ (bug_report.md, feature_request.md)
"""
)
启动
opensource-packager
agent:
Agent(
  description="Package {PROJECT} for open-source",
  subagent_type="opensource-packager",
  prompt="""
Generate open-source packaging for project.

Project: {STAGING_PATH}
License: {chosen_license}
Project name: {PROJECT_NAME}
Description: {description}
GitHub repo: {github_repo}

Generate:
1. CLAUDE.md (commands, architecture, key files)
2. setup.sh (one-command bootstrap, make executable)
3. README.md (or enhance existing)
4. LICENSE
5. CONTRIBUTING.md
6. .github/ISSUE_TEMPLATE/ (bug_report.md, feature_request.md)
"""
)

Step 6: Final Review

步骤6:最终审核

Present to user:
Open-Source Fork Ready: {PROJECT_NAME}

Location: {STAGING_PATH}
License: {license}
Files generated:
  - CLAUDE.md
  - setup.sh (executable)
  - README.md
  - LICENSE
  - CONTRIBUTING.md
  - .env.example ({N} variables)

Sanitization: {sanitization_verdict}

Next steps:
  1. Review: cd {STAGING_PATH}
  2. Create repo: gh repo create {github_org}/{github_repo} --public
  3. Push: git remote add origin ... && git push -u origin main

Proceed with GitHub creation? (yes/no/review first)
向用户展示以下信息:
Open-Source Fork Ready: {PROJECT_NAME}

Location: {STAGING_PATH}
License: {license}
Files generated:
  - CLAUDE.md
  - setup.sh (executable)
  - README.md
  - LICENSE
  - CONTRIBUTING.md
  - .env.example ({N} variables)

Sanitization: {sanitization_verdict}

Next steps:
  1. Review: cd {STAGING_PATH}
  2. Create repo: gh repo create {github_org}/{github_repo} --public
  3. Push: git remote add origin ... && git push -u origin main

Proceed with GitHub creation? (yes/no/review first)

Step 7: GitHub Publish (on user approval)

步骤7:发布到GitHub(用户批准后执行)

bash
cd "{STAGING_PATH}"
gh repo create "{github_org}/{github_repo}" --public --source=. --push --description "{description}"
bash
cd "{STAGING_PATH}"
gh repo create "{github_org}/{github_repo}" --public --source=. --push --description "{description}"

/opensource verify PROJECT

/opensource verify PROJECT

Run sanitizer independently. Resolve path: if PROJECT contains 
/
, treat as a path. Otherwise check 
$HOME/opensource-staging/PROJECT
, then 
$HOME/PROJECT
, then current directory.
Agent(
  subagent_type="opensource-sanitizer",
  prompt="Verify sanitization of: {resolved_path}. Run all 6 scan categories and generate SANITIZATION_REPORT.md."
)
独立运行清理器。路径解析规则:如果PROJECT包含
/
,则视为路径。否则依次检查
$HOME/opensource-staging/PROJECT
$HOME/PROJECT
、当前目录。
Agent(
  subagent_type="opensource-sanitizer",
  prompt="Verify sanitization of: {resolved_path}. Run all 6 scan categories and generate SANITIZATION_REPORT.md."
)

/opensource package PROJECT

/opensource package PROJECT

Run packager independently. Ask for "License?" and "Description?", then:
Agent(
  subagent_type="opensource-packager",
  prompt="Package: {resolved_path} ..."
)
独立运行打包器。先询问用户"开源许可证?"和"项目描述?",然后执行:
Agent(
  subagent_type="opensource-packager",
  prompt="Package: {resolved_path} ..."
)

/opensource list

/opensource list

bash
ls -d $HOME/opensource-staging/*/
Show each project with pipeline progress (FORK_REPORT.md, SANITIZATION_REPORT.md, CLAUDE.md presence).
bash
ls -d $HOME/opensource-staging/*/
展示每个项目的流水线进度(检查FORK_REPORT.md、SANITIZATION_REPORT.md、CLAUDE.md是否存在)。

/opensource status PROJECT

/opensource status PROJECT

bash
cat $HOME/opensource-staging/${PROJECT}/SANITIZATION_REPORT.md
cat $HOME/opensource-staging/${PROJECT}/FORK_REPORT.md
bash
cat $HOME/opensource-staging/${PROJECT}/SANITIZATION_REPORT.md
cat $HOME/opensource-staging/${PROJECT}/FORK_REPORT.md

Staging Layout

暂存目录结构

$HOME/opensource-staging/
  my-project/
    FORK_REPORT.md           # From forker agent
    SANITIZATION_REPORT.md   # From sanitizer agent
    CLAUDE.md                # From packager agent
    setup.sh                 # From packager agent
    README.md                # From packager agent
    .env.example             # From forker agent
    ...                      # Sanitized project files
$HOME/opensource-staging/
  my-project/
    FORK_REPORT.md           # 来自复刻器Agent
    SANITIZATION_REPORT.md   # 来自清理器Agent
    CLAUDE.md                # 来自打包器Agent
    setup.sh                 # 来自打包器Agent
    README.md                # 来自打包器Agent
    .env.example             # 来自复刻器Agent
    ...                      # 清理后的项目文件

Anti-Patterns

反模式

  • Never push to GitHub without user approval
  • Never skip the sanitizer — it is the safety gate
  • Never proceed after a sanitizer FAIL without fixing all critical findings
  • Never leave 
    .env
    , 
    *.pem
    , or 
    credentials.json
    in the staging directory
  • 绝对不要在未经用户批准的情况下推送到GitHub
  • 绝对不要跳过清理步骤——它是安全闸门
  • 绝对不要在清理步骤失败后,未修复所有严重问题就继续操作
  • 绝对不要在暂存目录中留下
    .env
    *.pem
    credentials.json
    文件

Best Practices

最佳实践

  • Always run the full pipeline (fork → sanitize → package) for new releases
  • The staging directory persists until explicitly cleaned up — use it for review
  • Re-run the sanitizer after any manual fixes before publishing
  • Parameterize secrets rather than deleting them — preserve project functionality
  • 新发布时始终运行完整流水线(复刻→清理→打包)
  • 暂存目录会一直保留直到主动清理——可用于内容审核
  • 手动修复任何问题后,发布前重新运行清理检查
  • 对敏感信息做参数化处理而非直接删除——保证项目功能可用

Related Skills

相关Skill

See 
security-review
for secret detection patterns used by the sanitizer.
查看
security-review
了解清理器使用的敏感信息检测规则。