@mseep/open-computer-use 1.0.0

package/.github/ISSUE_TEMPLATE/nfr-proposal.md

@@ -0,0 +1,44 @@
+---
+name: Principle / NFR proposal
+about: Propose a non-negotiable principle or measurable cross-cutting requirement
+title: "Principle proposal: <title>"
+labels: ["architecture", "manifesto", "next/v1"]
+assignees: []
+---
+
+<!--
+Per docs/architecture/PROCESS.md "Adding a NFR / non-negotiable":
+  1. Open this issue.
+  2. Add a single line under MANIFESTO.md §03 OR a sub-section in
+     manifesto/02-nfrs.md.
+  3. Discuss in PR review.
+
+A "non-negotiable" goes in MANIFESTO.md §03 with an anti-example.
+A "measurable cross-cutting requirement" goes in manifesto/02-nfrs.md
+with a specific target (latency, RTO, isolation, retention, etc.).
+-->
+
+## Kind
+
+- [ ] Non-negotiable principle (goes in MANIFESTO §03)
+- [ ] Measurable NFR (goes in manifesto/02-nfrs.md)
+
+## The rule, in one sentence
+
+State the principle or requirement. No marketing tone.
+
+## Rationale (one line)
+
+Why this is non-negotiable — what's the failure mode if we ignore it?
+
+## Anti-example (mandatory)
+
+The concrete thing this rule forbids. If you can't name an anti-example, the rule isn't ready.
+
+## Measurable target (NFRs only)
+
+Latency p99? Retention duration? Isolation strength? Be specific.
+
+## Affected components / ADRs
+
+Where will this principle bind future decisions?

package/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,15 @@
+## Summary
+Brief description of changes.
+
+## Changes
+- ...
+
+## Testing
+- [ ] `./tests/test-no-corporate.sh` passes
+- [ ] `./tests/test-project-structure.sh` passes
+- [ ] `./tests/test-docker-image.sh` passes (if Dockerfile changed)
+- [ ] `docker compose up` works end-to-end
+
+## ADRs reviewed (for `docs/future-architecture/` phase work)
+- [ ] N/A — this PR is not phase-execution work, or
+- [ ] List the ADRs re-read for this phase (e.g. `ADR-0002, ADR-0008, ADR-0010` for Phase 7 / 9 / 10 work).

package/.github/codeql/codeql-config.yml

@@ -0,0 +1,11 @@
+# CodeQL configuration for open-computer-use.
+#
+# py/path-injection alerts are suppressed via two mechanisms:
+# 1. safe_path() / sanitize_chat_id() use os.path.realpath + startswith internally.
+# 2. .github/codeql/extensions/python-sanitizers.model.yml declares barrierModel
+#    entries for their return values — CodeQL traces taint through function boundaries,
+#    so the barrierModel is required to stop propagation at call sites.
+# Extensions are auto-discovered from .github/codeql/extensions/security-models/
+# (subdirectory with qlpack.yml using extensionTargets is required for auto-discovery).
+
+name: "open-computer-use-codeql-config"

package/.github/codeql/extensions/security-models/python-sanitizers.model.yml

@@ -0,0 +1,17 @@
+extensions:
+  # Mark the return values of security.py sanitization functions as path-injection barriers.
+  #
+  # CodeQL traces taint through function return values even when the function internally
+  # validates using os.path.realpath + startswith. The barrierModel extensible explicitly
+  # tells CodeQL that the return value of these functions is safe for path operations.
+  #
+  # Format: [type (module name), path (AccessPath), kind]
+  - addsTo:
+      pack: codeql/python-all
+      extensible: barrierModel
+    data:
+      # safe_path() validates that the path stays within base_dir using
+      # os.path.realpath + startswith (raises HTTPException(403) on traversal).
+      - ["security", "Member[safe_path].ReturnValue", "path-injection"]
+      # sanitize_chat_id() rejects '..', '/', '\\', null-bytes in chat IDs.
+      - ["security", "Member[sanitize_chat_id].ReturnValue", "path-injection"]

package/.github/codeql/extensions/security-models/qlpack.yml

@@ -0,0 +1,7 @@
+name: open-computer-use/security-models
+version: 0.0.1
+library: true
+extensionTargets:
+  codeql/python-all: "*"
+dataExtensions:
+  - python-sanitizers.model.yml

package/.github/dependabot.yml

@@ -0,0 +1,23 @@
+version: 2
+updates:
+  - package-ecosystem: pip
+    directory: /
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 5
+
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 5
+
+  - package-ecosystem: docker
+    directory: /
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly

package/.github/security-exceptions.yml

@@ -0,0 +1,23 @@
+# SPDX-License-Identifier: FSL-1.1-Apache-2.0
+# Copyright (c) 2025 Open Computer Use Contributors
+#
+# Security finding exceptions — only HIGH-severity findings can be
+# excepted, and only for ≤ 14 days from the `since` date. CRITICAL is
+# never excepted; CI fails regardless of what this file says.
+#
+# Schema:
+#   exceptions:
+#     - id: <CVE-id-or-tool-finding-id>
+#       severity: HIGH
+#       tool: trivy | semgrep | checkov | trufflehog | gitleaks
+#       since: YYYY-MM-DD
+#       expires: YYYY-MM-DD  # must be ≤ since + 14 days
+#       owner: "@github-handle"
+#       reason: one-line justification
+#       remediation: one-line plan
+#
+# CI does NOT yet enforce this file format programmatically — that's a
+# follow-up task once we have actual exceptions to track. For now the file
+# is documentation + a future-CI input.
+
+exceptions: []

package/.github/workflows/build.yml

@@ -0,0 +1,420 @@
+name: Build and Push Docker Images
+
+on:
+  push:
+    branches: [main]
+    tags: ['v*']
+  pull_request:
+    branches: [main]
+
+env:
+  REGISTRY: ghcr.io
+  SANDBOX_IMAGE: ghcr.io/${{ github.repository }}
+  SERVER_IMAGE: ghcr.io/${{ github.repository }}-server
+
+jobs:
+  build-sandbox:
+    name: Build Sandbox Image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Free disk space for 8GB+ image + local load
+        run: |
+          # Sandbox image is ~8GB; `load: true` stores an extra copy in the
+          # docker daemon. Ubuntu runners start with ~14GB free; prune unused
+          # preinstalled toolchains to avoid running out during smoke tests.
+          sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc \
+                      /opt/hostedtoolcache/CodeQL || true
+          df -h /
+
+      - uses: docker/setup-buildx-action@v4
+
+      - uses: docker/login-action@v3
+        if: github.event_name != 'pull_request'
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/metadata-action@v6
+        id: meta
+        with:
+          images: ${{ env.SANDBOX_IMAGE }}
+          tags: |
+            type=ref,event=branch
+            # Extract the tag name verbatim — docker/metadata-action's SemVer
+            # parser rejects our 4-segment scheme (0.9.2.5-rc.1) and falls back
+            # to sha-only tags. The match pattern is permissive — it works for
+            # both 3-segment SemVer and 4-segment tags, with or without a
+            # pre-release suffix.
+            type=match,pattern=v(.*),group=1
+            type=sha
+
+      - uses: docker/build-push-action@v7
+        id: build
+        with:
+          context: .
+          platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          load: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Pick image tag for smoke tests
+        id: img
+        run: |
+          # docker/metadata-action emits newline-separated tags; grab the first
+          # non-blank line. Fail loudly if nothing came through so downstream
+          # `docker run` doesn't hit an empty image name with a cryptic error.
+          tag=$(printf '%s\n' "${{ steps.meta.outputs.tags }}" | sed '/^[[:space:]]*$/d' | head -n1)
+          if [ -z "$tag" ]; then
+            echo "No image tag produced by docker/metadata-action" >&2
+            exit 1
+          fi
+          echo "tag=$tag" >> "$GITHUB_OUTPUT"
+
+      - name: Smoke test — image packages and CLI tools
+        run: |
+          chmod +x tests/test-docker-image.sh
+          ./tests/test-docker-image.sh "${{ steps.img.outputs.tag }}"
+
+      - name: Smoke test — Chromium launches in container
+        run: |
+          # Use page.set_content with a local HTML string instead of going
+          # over the network: this test should only validate that chromium
+          # binary + wire protocol work, not internet reachability.
+          docker run --rm --platform linux/amd64 \
+            --entrypoint=python3 "${{ steps.img.outputs.tag }}" \
+            -c "
+          from playwright.sync_api import sync_playwright
+          with sync_playwright() as p:
+              browser = p.chromium.launch(headless=True)
+              page = browser.new_page()
+              page.set_content('<html><head><title>Example Domain</title></head><body></body></html>')
+              title = page.title()
+              browser.close()
+              assert title == 'Example Domain', f'unexpected title: {title}'
+              print(f'OK: title={title}')
+          "
+
+  build-server:
+    name: Build Server Image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: docker/setup-buildx-action@v4
+
+      - uses: docker/login-action@v3
+        if: github.event_name != 'pull_request'
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/metadata-action@v6
+        id: meta
+        with:
+          images: ${{ env.SERVER_IMAGE }}
+          tags: |
+            type=ref,event=branch
+            # Extract the tag name verbatim — docker/metadata-action's SemVer
+            # parser rejects our 4-segment scheme (0.9.2.5-rc.1) and falls back
+            # to sha-only tags. The match pattern is permissive — it works for
+            # both 3-segment SemVer and 4-segment tags, with or without a
+            # pre-release suffix.
+            type=match,pattern=v(.*),group=1
+            type=sha
+
+      - uses: docker/build-push-action@v7
+        with:
+          context: ./computer-use-server
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  build-cleanup:
+    name: Build Cleanup Image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: docker/setup-buildx-action@v4
+
+      - uses: docker/login-action@v3
+        if: github.event_name != 'pull_request'
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/metadata-action@v6
+        id: meta
+        with:
+          images: ghcr.io/${{ github.repository }}-cleanup
+          tags: |
+            type=ref,event=branch
+            # Extract the tag name verbatim — docker/metadata-action's SemVer
+            # parser rejects our 4-segment scheme (0.9.2.5-rc.1) and falls back
+            # to sha-only tags. The match pattern is permissive — it works for
+            # both 3-segment SemVer and 4-segment tags, with or without a
+            # pre-release suffix.
+            type=match,pattern=v(.*),group=1
+            type=sha
+
+      - uses: docker/build-push-action@v7
+        with:
+          context: ./cron
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  build-webui:
+    name: Build Patched Open WebUI Image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: docker/setup-buildx-action@v4
+
+      - uses: docker/login-action@v3
+        if: github.event_name != 'pull_request'
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/metadata-action@v6
+        id: meta
+        with:
+          images: ghcr.io/${{ github.repository }}-webui
+          tags: |
+            type=ref,event=branch
+            # Extract the tag name verbatim — docker/metadata-action's SemVer
+            # parser rejects our 4-segment scheme (0.9.2.5-rc.1) and falls back
+            # to sha-only tags. The match pattern is permissive — it works for
+            # both 3-segment SemVer and 4-segment tags, with or without a
+            # pre-release suffix.
+            type=match,pattern=v(.*),group=1
+            type=sha
+
+      - uses: docker/build-push-action@v7
+        with:
+          context: ./openwebui
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Run structure and English-only tests
+        run: |
+          chmod +x tests/test-project-structure.sh tests/test-no-cyrillic.sh
+          ./tests/test-project-structure.sh
+          ./tests/test-no-cyrillic.sh
+
+  pytest-orchestrator:
+    name: Pytest — orchestrator
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+
+      - name: Install server deps
+        run: |
+          pip install -r computer-use-server/requirements.txt
+          pip install pytest pytest-asyncio
+
+      - name: Run orchestrator pytest
+        run: pytest tests/orchestrator/ -v
+
+  smoke-mcp-endpoint:
+    name: Smoke — POST /mcp returns 200
+    runs-on: ubuntu-latest
+    # Catches the failure mode where /health is up but /mcp returns 500
+    # because the lifespan never entered session_manager.run() (e.g. a
+    # missing module COPY in the Dockerfile silently makes the import fail).
+    # This is the test that, had it existed earlier, would have caught the
+    # 2026-04-19 regression in one CI run.
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: docker/setup-buildx-action@v4
+
+      - name: Build computer-use-server image locally
+        uses: docker/build-push-action@v7
+        with:
+          context: ./computer-use-server
+          load: true
+          tags: cu-server:smoke
+          cache-from: type=gha,scope=server-smoke
+          cache-to: type=gha,mode=max,scope=server-smoke
+
+      - name: Start computer-use-server
+        run: |
+          # No real Docker socket needed for this smoke — the orchestrator
+          # only needs to boot, register MCP, and respond to /health + /mcp.
+          # We don't exercise sandbox container creation here.
+          docker run -d --name cu-server -p 8081:8081 \
+            -e PUBLIC_BASE_URL=http://localhost:8081 \
+            -e BASE_DATA_DIR=/tmp/data \
+            cu-server:smoke
+
+      - name: Wait for /health
+        run: |
+          for i in $(seq 1 30); do
+            if curl -fsS http://localhost:8081/health >/dev/null 2>&1; then
+              echo ""; echo "healthy after ${i}s"; exit 0
+            fi
+            printf '.'
+            sleep 1
+          done
+          echo ""; echo "TIMEOUT — server never became healthy"
+          docker logs cu-server || true
+          exit 1
+
+      - name: Smoke /mcp endpoint
+        run: |
+          chmod +x tests/test-mcp-endpoint-live.sh
+          ./tests/test-mcp-endpoint-live.sh http://localhost:8081
+
+      - name: Dump server logs on failure
+        if: failure()
+        run: docker logs cu-server || true
+
+  integration:
+    name: Integration — real MCP + Docker
+    runs-on: ubuntu-latest
+    # Catches what unit tests don't: auth wiring, tools/call dispatch, real
+    # container spawn, and label/mount plumbing. Production parity: we use
+    # the runner's host /var/run/docker.sock — identical to compose & helm.
+    needs: [build-sandbox, build-server]
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
+    # The job depends on locally-tagged workspace + server images (the
+    # docker-compose.test.yml hard-codes :test tags). Building both inline
+    # keeps the job hermetic — it doesn't pull from ghcr and doesn't race
+    # the publish step.
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Free disk space for the workspace image
+        run: |
+          sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc \
+                      /opt/hostedtoolcache/CodeQL || true
+          df -h /
+
+      - uses: docker/setup-buildx-action@v4
+
+      - name: Build workspace image (linux/amd64, local tag)
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          platforms: linux/amd64
+          push: false
+          load: true
+          tags: open-computer-use:test
+          cache-from: type=gha,scope=sandbox
+          cache-to: type=gha,mode=max,scope=sandbox-integration
+
+      - name: Build server image (local tag)
+        uses: docker/build-push-action@v7
+        with:
+          context: ./computer-use-server
+          push: false
+          load: true
+          tags: open-computer-use-server:test
+          cache-from: type=gha,scope=server-smoke
+          cache-to: type=gha,mode=max,scope=server-integration
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+
+      - name: Install test deps
+        run: pip install httpx pytest pytest-timeout
+
+      - name: Bring up the integration stack
+        run: |
+          mkdir -p tests/integration/_tmp/user-data
+          docker compose -f docker-compose.test.yml up -d
+          # pytest's session fixture also waits for /health, but doing it
+          # here too means a startup crash surfaces in this step's log
+          # instead of being attributed to the first test.
+          for i in $(seq 1 60); do
+            if curl -fsS http://localhost:18081/health >/dev/null 2>&1; then
+              echo "healthy after ${i}s"; exit 0
+            fi
+            sleep 1
+          done
+          echo "Orchestrator never became healthy"
+          docker compose -f docker-compose.test.yml logs
+          exit 1
+
+      - name: Run integration suite
+        env:
+          OCU_TEST_BASE_URL: http://localhost:18081
+          OCU_TEST_MCP_API_KEY: test-token-do-not-use-in-prod
+        run: pytest tests/integration/ -v
+
+      - name: Orchestrator logs on failure
+        if: failure()
+        run: docker compose -f docker-compose.test.yml logs
+
+      - name: Spawned workspace logs on failure (best-effort)
+        if: failure()
+        run: |
+          # Only the test-side workspaces (owui-chat-itest-*) — never touch
+          # other managed-by-orchestrator containers a developer may have.
+          for c in $(docker ps -aq --filter 'name=owui-chat-itest-' \
+                                   --filter 'label=managed-by=mcp-computer-use-orchestrator'); do
+            echo "::group::workspace $c"
+            docker logs "$c" 2>&1 | tail -100 || true
+            echo "::endgroup::"
+          done
+
+      - name: Always tear down — stack + test workspaces
+        if: always()
+        run: |
+          # Reap any orphan test workspaces from a crashed test before compose
+          # down, in case the pytest session fixture didn't get to clean up.
+          # Scoped to the test container-name prefix so we never nuke prod.
+          docker ps -aq --filter 'name=owui-chat-itest-' \
+                        --filter 'label=managed-by=mcp-computer-use-orchestrator' \
+            | xargs -r docker rm -f || true
+          docker compose -f docker-compose.test.yml down -v --remove-orphans || true

package/.github/workflows/codeql.yml

@@ -0,0 +1,33 @@
+name: CodeQL Security Analysis
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '0 3 * * 1'
+
+permissions:
+  security-events: write
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        language: [python, javascript]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          config-file: ./.github/codeql/codeql-config.yml
+
+      - uses: github/codeql-action/autobuild@v3
+
+      - uses: github/codeql-action/analyze@v3

package/.github/workflows/contracts-lint.yml

@@ -0,0 +1,90 @@
+# SPDX-License-Identifier: FSL-1.1-Apache-2.0
+# Copyright (c) 2025 Open Computer Use Contributors
+#
+# Schema-lint for Layer-8 contract artifacts under `contracts/`.
+#
+# Enforces:
+#   - every *.schema.json is valid JSON and a valid JSON Schema 2020-12 document
+#     (ajv compile against the draft 2020-12 meta-schema).
+#   - every *.asyncapi.yaml is a valid AsyncAPI document (asyncapi validate).
+#   - no denied naming terms leak into a contract file.
+
+name: contracts-lint
+
+on:
+  pull_request:
+    paths:
+      - "contracts/**"
+      - ".github/workflows/contracts-lint.yml"
+  push:
+    branches:
+      - next/v1
+
+permissions:
+  contents: read
+
+jobs:
+  json-schema:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+      - name: Validate JSON Schema 2020-12 documents
+        run: |
+          set -euo pipefail
+          shopt -s globstar nullglob
+          files=(contracts/**/*.schema.json)
+          if [ ${#files[@]} -eq 0 ]; then echo "no schema files"; exit 0; fi
+          # --spec=draft2020 loads the 2020-12 meta-schema (ajv-cli@5 defaults to
+          # draft-07 and errors "no schema 2020-12" without it). --strict=false
+          # validates against that meta-schema without policing spec-legal vendor
+          # keywords (x-ocu-*) or the $comment-* convention. Unknown string
+          # "format" values are warned-and-ignored, not errors; the schemas pin
+          # the same constraints with explicit `pattern` regexes.
+          for f in "${files[@]}"; do
+            echo "::group::$f"
+            npx --yes ajv-cli@5.0.0 compile --spec=draft2020 --strict=false -s "$f"
+            echo "::endgroup::"
+          done
+
+  asyncapi:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+      - name: Validate AsyncAPI documents
+        run: |
+          set -euo pipefail
+          shopt -s globstar nullglob
+          files=(contracts/**/*.asyncapi.yaml)
+          if [ ${#files[@]} -eq 0 ]; then echo "no asyncapi files"; exit 0; fi
+          for f in "${files[@]}"; do
+            echo "::group::$f"
+            npx --yes @asyncapi/cli@6.0.0 validate "$f"
+            echo "::endgroup::"
+          done
+
+  lexicon:
+    runs-on: ubuntu-latest
+    env:
+      LEXICON_DENYLIST: ${{ secrets.LEXICON_DENYLIST }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: naming denylist (contracts)
+        run: |
+          set -euo pipefail
+          if [ -z "${LEXICON_DENYLIST:-}" ]; then
+            echo "::notice::LEXICON_DENYLIST secret absent — naming-denylist check skipped"
+            exit 0
+          fi
+          # Redact to file:line only; never echo the matched text.
+          if grep -rniE "$LEXICON_DENYLIST" contracts/ | cut -d: -f1,2 | sort -u | grep -q .; then
+            grep -rniE "$LEXICON_DENYLIST" contracts/ | cut -d: -f1,2 | sort -u
+            echo "::error::denied term found in a contract file"
+            exit 1
+          fi
+          echo "contracts/ is clean"