blocker: Claude content filter blocks OSS security-posturing tasks (CodeQL, CODEOWNERS, CODE_OF_CONDUCT)

[stackbilt-admin]

Problem

When Claude Code attempts to write standard OSS security infrastructure files, the response is blocked by its content filtering policy even though the intent is entirely defensive/posturing:

● CONTRIBUTING.md and SECURITY.md exist. I need to create CODE_OF_CONDUCT.md,
  CodeQL workflow, and expand CODEOWNERS.
⎿  API Error: Output blocked by content filtering policy

This blocks making progress on PR 4b (issue #166) which covers:

• Creating CODE_OF_CONDUCT.md (Contributor Covenant)
• Adding .github/workflows/codeql.yml (GitHub CodeQL static analysis)
• Expanding .github/CODEOWNERS to cover all packages, not just .ai/*
• Updating SECURITY.md to list all 12 packages

Why this is a false positive

None of these files contain exploit code, attack tooling, or harmful instructions. They are:

• A standard community health file (CODE_OF_CONDUCT.md)
• A static analysis CI workflow (CodeQL scans TypeScript for vulnerabilities — it is a defender tool)
• A file ownership declaration (CODEOWNERS)
• A disclosure policy document (SECURITY.md)

The word "security" and "CodeQL" appear to be triggering the filter in a context where the purpose is entirely to improve security posture, not circumvent it.

Impact

• PR 4b (issue oss: add CODE_OF_CONDUCT, CodeQL workflow, and expand CODEOWNERS coverage #166) is blocked from automated completion
• Any future work touching .github/workflows/ with security-related names will hit the same wall

Workaround

Files need to be written manually or in a separate session with explicit context framing.

Suggested fix

File feedback with Anthropic at https://github.com/anthropics/claude-code/issues referencing this false-positive pattern: writing CODEOWNERS, CodeQL workflows, and CODE_OF_CONDUCT.md for an OSS monorepo.

[stackbilt-admin]

What’s Needed To Close #172

This issue is an execution blocker for #166, so closure should be tied to both unblocking delivery and capturing upstream evidence.

1) Unblock the repo changes from #166 (manual or non-Claude path)

Deliver the blocked OSS files directly in this repo:

• Add CODE_OF_CONDUCT.md (Contributor Covenant 2.1, enforcement contact admin@stackbilt.dev)
• Add .github/workflows/codeql.yml (JS/TS CodeQL on push to main, PR to main, weekly schedule)
• Expand .github/CODEOWNERS from only /.ai/* to full coverage (catch-all + critical-path overrides)
• Update SECURITY.md package scope to include all 12 OSS packages (adf, blast, ci, classify, cli, core, drift, git, policies, surface, types, validate)

2) Preserve a reproducible false-positive evidence pack

Add a concise evidence block to this issue (or linked gist):

• Exact blocked prompt or task request
• Exact error text (Output blocked by content filtering policy)
• Timestamp (UTC), tool/session context, and repo/branch
• Confirmation that requested outputs were defensive OSS governance or security files only

3) Upstream escalation tracking

Track the Anthropic escalation as a required dependency item:

• Open or link upstream report (Claude Code false-positive on OSS security-posture files)
• Include repro + expected behavior (allow CODEOWNERS, CodeQL, and CoC authoring)
• Add upstream issue URL + status back to blocker: Claude content filter blocks OSS security-posturing tasks (CodeQL, CODEOWNERS, CODE_OF_CONDUCT) #172

4) Add local mitigation so this does not re-block delivery

• Document fallback path in repo docs: if Claude blocks governance or security file generation, use manual or alternate path and continue PR delivery
• Reference this mitigation from oss: add CODE_OF_CONDUCT, CodeQL workflow, and expand CODEOWNERS coverage #166 so future contributors can proceed without waiting on model-policy changes

Definition of Done for #172

• oss: add CODE_OF_CONDUCT, CodeQL workflow, and expand CODEOWNERS coverage #166 merge-blocking files are shipped in this repo.
• Evidence + upstream tracking link are attached here.
• Local mitigation is documented.
• blocker: Claude content filter blocks OSS security-posturing tasks (CodeQL, CODEOWNERS, CODE_OF_CONDUCT) #172 can close once the repo is no longer blocked, even if upstream vendor fix is still pending (keep upstream link for follow-up).

[stackbilt-admin]

Progress update: section 1 is now completed in-repo.

1) Unblock the repo changes from #166 (manual or non-Claude path)

• Add CODE_OF_CONDUCT.md (Contributor Covenant 2.1, enforcement contact admin@stackbilt.dev)
• Add .github/workflows/codeql.yml (JS/TS CodeQL on push to main, PR to main, weekly schedule)
• Expand .github/CODEOWNERS from only /.ai/* to full coverage (catch-all + critical-path overrides)
• Update SECURITY.md package scope to include all 12 OSS packages (adf, blast, ci, classify, cli, core, drift, git, policies, surface, types, validate)

Files added/updated:

• CODE_OF_CONDUCT.md
• .github/workflows/codeql.yml
• .github/CODEOWNERS
• SECURITY.md

[stackbilt-admin]

Section 2 draft: reproducible false-positive evidence pack

Use this block as the canonical repro record for the policy false positive.

Repro Evidence

• Exact blocked task request:
  • "Create CODE_OF_CONDUCT.md (Contributor Covenant), add .github/workflows/codeql.yml, expand CODEOWNERS, and update SECURITY.md package coverage."
• Exact model/tool error:
  • API Error: Output blocked by content filtering policy
• Context:
  • Repo: Stackbilt-dev/charter
  • Blocking scope: issue oss: add CODE_OF_CONDUCT, CodeQL workflow, and expand CODEOWNERS coverage #166 / PR 4b OSS repo-hygiene/security-posture files
  • Affected file categories: CODE_OF_CONDUCT.md, .github/workflows/codeql.yml, .github/CODEOWNERS, SECURITY.md
• Timestamp (UTC): <fill from run/session logs>
• Session/tool metadata: <fill session id + model/tool runtime>
• Branch at time of block: <fill branch name used during blocked attempt>

Defensive Intent Confirmation

The requested outputs were defensive OSS governance/security-posture artifacts only:

• Community conduct policy
• Static analysis workflow (CodeQL)
• Ownership/review routing (CODEOWNERS)
• Vulnerability disclosure scope documentation (SECURITY.md)

No exploit code, bypass techniques, attack payloads, or offensive instructions were requested.

Expected Behavior

Allow generation/editing of standard OSS governance and security-posture files under .github/ and repository root docs when intent is defensive and administrative.

[stackbilt-admin]

Section 2 finalized: reproducible false-positive evidence pack

Repro Evidence

• Exact blocked task request (from issue report):
  • "CONTRIBUTING.md and SECURITY.md exist. I need to create CODE_OF_CONDUCT.md, CodeQL workflow, and expand CODEOWNERS."
• Exact model/tool error:
  • API Error: Output blocked by content filtering policy
• Context:
  • Repo: Stackbilt-dev/charter
  • Blocking scope: issue oss: add CODE_OF_CONDUCT, CodeQL workflow, and expand CODEOWNERS coverage #166 / "PR 4b" OSS repo-hygiene and security-posture files
  • Affected file categories: CODE_OF_CONDUCT.md, .github/workflows/codeql.yml, .github/CODEOWNERS, SECURITY.md
• Timestamp (UTC) of recorded incident report:
  • 2026-05-23T08:40:09Z (issue blocker: Claude content filter blocks OSS security-posturing tasks (CodeQL, CODEOWNERS, CODE_OF_CONDUCT) #172 creation time)
• Session/tool metadata:
  • Claude Code run reported by stackbilt-admin; provider runtime/session-id not captured in issue text
• Branch at time of block:
  • Not captured in issue text/log excerpt

Defensive Intent Confirmation

The requested outputs were defensive OSS governance/security-posture artifacts only:

• Community conduct policy
• Static analysis workflow (CodeQL)
• Ownership/review routing (CODEOWNERS)
• Vulnerability disclosure scope documentation (SECURITY.md)

No exploit code, bypass techniques, attack payloads, or offensive instructions were requested.

Expected Behavior

Allow generation/editing of standard OSS governance and security-posture files under .github/ and repository root docs when intent is defensive and administrative.

[stackbilt-admin]

Progress update: sections 3 and 4 are now completed.

3) Upstream escalation tracking

• Opened upstream report:
  • False positive policy block on OSS governance/security files (CodeQL, CODEOWNERS, CoC) anthropics/claude-code#61688
• Included repro + expected behavior (CodeQL/CODEOWNERS/CoC defensive-authoring false positive)
• Added upstream URL and status back to this issue (open)

4) Local mitigation so this does not re-block delivery

• Added fallback workflow to repo docs (CONTRIBUTING.md, "Policy-Block Fallback For OSS Governance Files")
• Opened delivery PR with mitigation + shipped Section 1 files:
  • chore(oss): ship CodeQL, CoC, CODEOWNERS coverage, and policy-block fallback #173
• Referencing mitigation from oss: add CODE_OF_CONDUCT, CodeQL workflow, and expand CODEOWNERS coverage #166 so future contributors can proceed without waiting on vendor policy updates

At this point, #172 has: section 1 shipped (in PR), section 2 evidence captured, section 3 upstream escalation linked, and section 4 mitigation documented.

[stackbilt-admin]

Closure readiness update for #172:

Completed:

• Section 1: blocked repo files shipped in PR chore(oss): ship CodeQL, CoC, CODEOWNERS coverage, and policy-block fallback #173
• Section 2: reproducible evidence captured in this issue
• Section 3: upstream escalation opened: False positive policy block on OSS governance/security files (CodeQL, CODEOWNERS, CoC) anthropics/claude-code#61688
• Section 4: local mitigation documented in CONTRIBUTING.md

Delivery PR:

• chore(oss): ship CodeQL, CoC, CODEOWNERS coverage, and policy-block fallback #173

Per this issue's definition-of-done, #172 can close once PR #173 is merged (local blocker removed; upstream vendor issue can remain open independently).

[stackbilt-admin]

Closing as resolved: local delivery blocker is removed via merged PR #173 (#173), section 2 evidence is captured in-thread, and upstream provider tracking remains open at anthropics/claude-code#61688 for policy-behavior follow-up.