feat: community export workflow — strip script, leak-check hardening, CLA docs

- scripts/strip-commercial.sh: removes agor-pro/, commercial files, SPDX headers - leak-check.yml: added LICENSE-COMMERCIAL, SPDX header, and feature flag checks - CONTRIBUTING.md: external contributor guide, commercial content table, sync docs
2026-03-22 04:39:07 +01:00 · 2026-03-22 04:39:07 +01:00 · 5836fb7d80
commit 5836fb7d80
parent 18364826dc
3 changed files with 218 additions and 6 deletions
--- a/.github/workflows/leak-check.yml
+++ b/.github/workflows/leak-check.yml
@ -50,11 +50,32 @@ jobs:
          fi
          echo "No commercial directories with content found."

+      - name: Check for commercial license file
+        run: |
+          if [ -f "LICENSE-COMMERCIAL" ]; then
+            echo "::error::LICENSE-COMMERCIAL found in community repo"
+            exit 1
+          fi
+          echo "No commercial license file found."
+
+      - name: Check for LicenseRef-Commercial SPDX headers
+        run: |
+          files=$(grep -rl "LicenseRef-Commercial" \
+            --include="*.ts" --include="*.svelte" --include="*.rs" \
+            --include="*.toml" --include="*.css" \
+            src/ src-tauri/src/ agor-core/ 2>/dev/null || true)
+          if [ -n "$files" ]; then
+            echo "::error::Files with LicenseRef-Commercial SPDX headers found:"
+            echo "$files"
+            exit 1
+          fi
+          echo "No LicenseRef-Commercial headers found."
+
      - name: Grep for commercial references in source
        run: |
          failed=0

-          for pattern in "LicenseRef-Commercial" "agor-pro" "agor_pro"; do
+          for pattern in "agor-pro" "agor_pro"; do
            if grep -r --include="*.ts" --include="*.svelte" --include="*.rs" --include="*.toml" \
                "$pattern" src/ src-tauri/src/ 2>/dev/null; then
              echo "::error::Found '$pattern' reference in source code"
@ -67,3 +88,21 @@ jobs:
            exit 1
          fi
          echo "No commercial references found in source."
+
+      - name: Check for commercial feature flags in package.json
+        run: |
+          failed=0
+          if grep -q '"commercial\|:pro"' package.json 2>/dev/null; then
+            echo "::error::Commercial feature flags found in package.json"
+            grep '"commercial\|:pro"' package.json
+            failed=1
+          fi
+          if grep -q 'agor-pro' package.json 2>/dev/null; then
+            echo "::error::agor-pro dependency found in package.json"
+            grep 'agor-pro' package.json
+            failed=1
+          fi
+          if [ "$failed" -eq 1 ]; then
+            exit 1
+          fi
+          echo "No commercial feature flags in package.json."