False positive policy block on OSS governance/security files (CodeQL, CODEOWNERS, CoC)

Resolved 💬 2 comments Opened May 23, 2026 by stackbilt-admin Closed Jun 23, 2026

Summary

Claude Code returned a policy block while asked to create standard OSS governance/security-posture files for a public monorepo. The task intent was defensive and administrative only.

Exact blocked context

Task request:

  • Create CODE_OF_CONDUCT.md (Contributor Covenant)
  • Add .github/workflows/codeql.yml
  • Expand .github/CODEOWNERS
  • Update SECURITY.md package coverage

Observed error:

API Error: Output blocked by content filtering policy

Why this appears to be a false positive

The requested outputs were standard OSS repository health/security posture artifacts:

  • Community conduct policy file
  • Static analysis workflow (CodeQL)
  • Ownership/review routing file
  • Vulnerability disclosure scope documentation

No exploit instructions, bypass techniques, payloads, malware, or offensive security content were requested.

Impact

  • Blocked completion of repo hygiene/security posture work in a live issue flow.
  • Forces manual fallback for routine .github/ security/governance maintenance tasks.

Expected behavior

Permit generation and editing of standard OSS governance/security-posture files in defensive contexts, especially:

  • CODE_OF_CONDUCT.md
  • .github/CODEOWNERS
  • .github/workflows/codeql.yml
  • SECURITY.md

Reference

Local tracking issue with reproducible evidence:
https://github.com/Stackbilt-dev/charter/issues/172

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗