Skip to content

Added 2026/06/2026-06-09-intellebox.md #20773

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dmca-sync-bot merged 1 commit into from
Jun 9, 2026
+119 −0
Merged

Added 2026/06/2026-06-09-intellebox.md #20773

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
119 changes: 119 additions & 0 deletions 2026/06/2026-06-09-intellebox.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
While GitHub did not find sufficient information to determine a valid anti-circumvention claim, we determined that this takedown notice contains other valid copyright claim(s).

---

Comment on lines +1 to +4
Are you the copyright holder or authorized to act on the copyright owner's behalf?

Yes, I am authorized to act on the copyright owner's behalf (Intellebox).

Are you submitting a revised DMCA notice after GitHub Trust & Safety requested changes?

Yes. This revised notice clarifies that the reported intellebox-andrea account is the personal account of a former contractor who republished our code without authorization — it is not our original account. Our original work resides in Intellebox's private GitHub organization and is not publicly accessible.

Does your claim involve content on GitHub or npm.js?

GitHub

Please describe the nature of your copyright ownership or authorization to act on the owner's behalf.

I am [private] of Intellebox and am authorized to act on the company's behalf in this matter. Intellebox is the exclusive owner of the copyrighted work. The work was created by contractors engaged under written agreements containing intellectual-property assignment provisions, under which all copyright and other IP rights were assigned to and are owned exclusively by Intellebox.

Please provide a detailed description of the original copyrighted work that has allegedly been infringed.

The original copyrighted work consists of multiple proprietary private source code repositories owned by Intellebox, hosted in our private GitHub organization. The work comprises: application source code for our SaaS platform and AI/ML platform, including backend services, frontend applications, and API implementations; proprietary libraries and SDKs developed internally for use across our products; and infrastructure-as-code and configuration files, including deployment configurations, CI/CD pipelines, and operational tooling.

The work was created over a period of 1–3 years by contractors engaged by Intellebox under written agreements containing intellectual property assignment provisions, under which all copyright and other intellectual property rights in the work were assigned to and are owned exclusively by Intellebox. The repositories have at all times been maintained as private, confidential, and proprietary, accessible only to authorized personnel under confidentiality obligations. The work is original to Intellebox and includes substantial creative expression in its source code structure, organization, architecture, naming conventions, comments, documentation, and the selection and arrangement of files across more than five distinct repositories. While the work is not registered with the U.S. Copyright Office, copyright protection subsists in the work from the moment of its creation under 17 U.S.C. § 102.

The infringing party is a former contractor who had authorized access to the private repositories during their engagement with Intellebox and was bound by written confidentiality and IP assignment obligations. They have, without authorization or license, copied and republished substantial portions of this proprietary code in public repositories under the personal GitHub account intellebox-andrea.

If the original work referenced above is available online, please provide a URL.

The original work is not publicly available. It is maintained exclusively in private repositories within Intellebox's private [private] organization and is accessible only to authorized personnel. It is therefore not viewable at any public URL.

Please clearly state that the entire repository is infringing, OR provide the specific files.

The entire contents of each repository listed below are infringing.

Identify the full repository URL(s) that is infringing:

https://github.com/intellebox-andrea/intellebox-console
[invalid]
https://github.com/intellebox-andrea/tf-cloud
https://github.com/intellebox-andrea/terraform-gke-bootstrap
https://github.com/intellebox-andrea/terraform-gcp-bootstrap
https://github.com/intellebox-andrea/proto-contracts
https://github.com/intellebox-andrea/intellebox-protos
https://github.com/intellebox-andrea/intellebox-agent-lyra
https://github.com/intellebox-andrea/infrastructure
https://github.com/intellebox-andrea/gitops-production
https://github.com/intellebox-andrea/gitops-preview
https://github.com/intellebox-andrea/gitops-development
https://github.com/intellebox-andrea/ai
https://github.com/intellebox-andrea/intellebox
Do you claim to have technological measures in place to control access to your copyrighted content?

Yes

What technological measures do you have in place and how do they effectively control access to your copyrighted material?

The copyrighted source code at issue is stored exclusively in private repositories hosted on [private]. These repositories are not publicly accessible and are protected by multiple, layered access-control measures that effectively control who can view, clone, or copy the material:

Private repository configuration. The repositories are set to "private." They are invisible to and inaccessible by the public, search engines, and any unauthenticated user. No content can be viewed without first authenticating and being explicitly granted access.
Mandatory authentication. Access requires valid account credentials. The repositories cannot be reached anonymously.
Two-factor authentication (2FA). Our organization requires two-factor authentication for all members, adding a second credential beyond the password.
Role-based, need-to-know permissions. Access is provisioned individually through [private]'s organization and team permission system (read / write / admin tiers). Each user is granted only the minimum access required for their role. There is no general or default access to the repositories.
SSH key-based authentication. Repository cloning is controlled through registered SSH keys, so that only provisioned devices and identities can connect.
Encryption in transit. All connections to the repositories occur over encrypted TLS/HTTPS and SSH channels.
Contractual access conditions. Access was granted only to personnel bound by written confidentiality, non-disclosure, and intellectual-property assignment agreements, and was conditioned on continued authorization.
Access revocation and audit logging. Access is logged, and credentials and permissions are revoked upon termination of the relationship. The individual responsible for the infringing publication no longer has any authorization to access, retain, copy, or distribute this material.
Together, these measures effectively control access to the copyrighted work and limit it to specifically authorized individuals. The infringing party obtained the material only by virtue of access previously granted under these controls, and their copying and publication of the material exceeded and violated that authorization.

How is the accused project designed to circumvent your technological protection measures?

The accused repositories consist of our copyrighted source code, in substantial part, taken directly from the private, access-controlled repositories described above and republished in public repositories where it is freely accessible to anyone, with no authentication, permission tier, or credential required. The accused project circumvents our technological protection measures in the following ways:

It defeats the access controls by relocating the protected material outside them. Our protection measures restrict the code to authenticated, individually authorized users within our private repositories. By copying the code and publishing it in a publicly accessible location, the accused project strips away every one of those controls — the private-repository setting, mandatory authentication, 2FA, role-based permissions, and SSH restrictions — and exposes the protected work to the public at large. The result is precisely what our measures were designed to prevent: unrestricted public access to the work.
It relies on access obtained under, and in violation of, our controls. The only way the accused party could have obtained this material was through credentials and permissions previously granted to them under our access-control system while they were authorized. They retained and exfiltrated the material and are now using it in a manner that exceeds and violates the authorization under which our measures granted them access.
It reproduces the work in a form that no longer requires authorization to access. The published repositories allow any third party to view, clone, and copy our copyrighted code without ever passing through our authentication or permission systems — effectively nullifying the protective effect of those measures for everyone who encounters the project.
In short, the accused project takes material that our technological measures confined to a closed, credentialed environment and re-publishes it in an open one, defeating the access controls and making the protected work publicly available without authorization.

Forks

Not applicable — no forks identified at this time

Is the work licensed under an open source license?

No

What would be the best solution for the alleged infringement?

Reported content must be removed.

Do you have the alleged infringer's contact information?

The infringing content is published under the GitHub account intellebox-andrea. Based on the account name and the nature of the material, I believe the account belongs to a former Intellebox contractor, but I do not have confirmed independent contact information for this individual beyond the GitHub account itself.

I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law.

Yes

I have taken fair use into consideration.

Yes

I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed.

Yes

I have read and understand GitHub's Guide to Submitting a DMCA Takedown Notice.

Yes

Telephone number or physical address:

[private]

Full name / signature:

[private]