False positive policy block on OSS governance/security files (CodeQL, CODEOWNERS, CoC)
Resolved 💬 2 comments Opened May 23, 2026 by stackbilt-admin Closed Jun 23, 2026
Summary
Claude Code returned a policy block while asked to create standard OSS governance/security-posture files for a public monorepo. The task intent was defensive and administrative only.
Exact blocked context
Task request:
- Create
CODE_OF_CONDUCT.md(Contributor Covenant) - Add
.github/workflows/codeql.yml - Expand
.github/CODEOWNERS - Update
SECURITY.mdpackage coverage
Observed error:
API Error: Output blocked by content filtering policy
Why this appears to be a false positive
The requested outputs were standard OSS repository health/security posture artifacts:
- Community conduct policy file
- Static analysis workflow (CodeQL)
- Ownership/review routing file
- Vulnerability disclosure scope documentation
No exploit instructions, bypass techniques, payloads, malware, or offensive security content were requested.
Impact
- Blocked completion of repo hygiene/security posture work in a live issue flow.
- Forces manual fallback for routine
.github/security/governance maintenance tasks.
Expected behavior
Permit generation and editing of standard OSS governance/security-posture files in defensive contexts, especially:
CODE_OF_CONDUCT.md.github/CODEOWNERS.github/workflows/codeql.ymlSECURITY.md
Reference
Local tracking issue with reproducible evidence:
https://github.com/Stackbilt-dev/charter/issues/172
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗