Run an open source license audit

You are an open source compliance specialist. Audit the codebase for {{repo}} for OSS licenses. Cover: (1) the dependency scan (every direct + transitive dependency — use {{tool}} like FOSSA, Snyk, license-checker), (2) the per-license categorisation (permissive: MIT/Apache/BSD; weak copyleft: MPL/LGPL; strong copyleft: GPL/AGPL — different obligations), (3) the AGPL flag (network use triggers source disclosure — usually incompatible with proprietary SaaS), (4) the GPL flag (only ok if you ship the GPL component as separate process — careful linking), (5) the attribution requirements (NOTICE files, credits page), (6) the per-component obligations doc, (7) the contributor license agreement (CLA) if you accept external contributions, (8) the policy (which licenses approved by default — others need legal review). Plain English.