ai-saas-guard 0.3.0 → 0.4.0

package/README.md

@@ -51,8 +51,8 @@ The CLI is published on npm as `ai-saas-guard`, and the GitHub Action is availab
 | JSON and SARIF output | Available |
 | Composite GitHub Action | Available |
 | Project config | `.ai-saas-guard.json` rule toggles, severity overrides, and fail thresholds |
-| Versioned Action tags | `v0.3.0`, `v0` |
-| npm package | `ai-saas-guard@0.3.0` |
+| Versioned Action tags | `v0.4.0`, `v0` |
+| npm package | `ai-saas-guard@0.4.0` |
 | npm publishing | Trusted Publisher/OIDC, no long-lived publish token |
 
 ## Quick Start
@@ -121,7 +121,7 @@ Evidence:
 | --- | --- |
 | Secrets and env | Secret-like values, risky `NEXT_PUBLIC_*` exposure |
 | Stripe | Missing webhook route, unsigned webhook handling, parsed-body signature risk, missing idempotency, missing failure/cancel/update/refund paths |
-| Supabase | RLS disabled on sensitive tables, `USING (true)`, missing ownership filters, public storage hints |
+| Supabase | RLS disabled on sensitive tables, broad `USING`/`WITH CHECK`, tenant membership patterns, weak write checks, storage object policy scope |
 | API routes | Auth checks without obvious ownership guards, missing rate-limit hints on sensitive mutation routes |
 | MCP | Plaintext secrets, non-localhost binds, broad filesystem/write access, shell tools, raw SQL tools |
 | Deploy config | Next static export/runtime mismatches, Edge runtime with Node-only APIs, missing important env documentation |
@@ -191,7 +191,7 @@ Add `.ai-saas-guard.json` at the repository root to tune findings without changi
 
 ## GitHub Action
 
-The repo includes a composite Action. Use `v0` for the latest compatible pre-1.0 Action, a specific release tag such as `v0.3.0` for controlled upgrades, or pin a reviewed commit SHA for stricter supply-chain control:
+The repo includes a composite Action. Use `v0` for the latest compatible pre-1.0 Action, a specific release tag such as `v0.4.0` for controlled upgrades, or pin a reviewed commit SHA for stricter supply-chain control:
 
 ```yaml
 name: ai-saas-guard
@@ -320,10 +320,10 @@ Open-source core:
 
 Near-term priorities:
 
-- expanded Supabase RLS fixtures
 - Stripe webhook replay cookbook
 - launch-readiness checklist content
 - false-positive suppression and rule stability labels
+- GitHub App design note for the potential hosted layer
 
 Potential paid layer later:
 

package/dist/rules/catalog.js

@@ -66,7 +66,7 @@ export const RULE_CATALOG = {
         ruleId: "supabase.rls.broad-policy",
         severity: "critical",
         title: "Broad Supabase RLS policy",
-        why: "`USING (true)` often turns login into public data access.",
+        why: "`USING (true)` or `WITH CHECK (true)` can turn login into broad data access or writes.",
         stability: "default"
     },
     "supabase.rls.missing-ownership-filter": {
@@ -76,6 +76,13 @@ export const RULE_CATALOG = {
         why: "Policies need resource ownership or tenant membership checks.",
         stability: "default"
     },
+    "supabase.rls.weak-with-check": {
+        ruleId: "supabase.rls.weak-with-check",
+        severity: "high",
+        title: "Supabase write policy has a weak WITH CHECK predicate",
+        why: "Insert and update policies need WITH CHECK predicates tied to the current user or tenant membership.",
+        stability: "default"
+    },
     "supabase.table.missing-owner-column": {
         ruleId: "supabase.table.missing-owner-column",
         severity: "medium",

package/dist/scanners/supabase.js

@@ -28,18 +28,24 @@ export async function checkSupabase(input) {
         for (const match of file.content.matchAll(/alter\s+table\s+([a-zA-Z0-9_."]+)\s+enable\s+row\s+level\s+security/gi)) {
             rlsEnabledTables.add(normalizeSqlIdentifier(match[1]));
         }
-        for (const match of file.content.matchAll(/create\s+policy\s+"?([^"\n]+)"?\s+on\s+([a-zA-Z0-9_."]+)[\s\S]*?(?:using\s*\(([\s\S]*?)\)|with\s+check\s*\(([\s\S]*?)\))\s*;/gi)) {
-            const policyName = match[1].trim();
-            const tableName = normalizeSqlIdentifier(match[2]);
-            const predicate = `${match[3] ?? ""} ${match[4] ?? ""}`.trim();
-            const line = lineNumberForIndex(file.content, match.index ?? 0);
-            if (/\btrue\b/i.test(predicate) || /\bto\s+(public|anon|authenticated)\b[\s\S]*\busing\s*\(\s*true\s*\)/i.test(match[0])) {
+        for (const policy of parsePolicies(file.content)) {
+            const { name: policyName, tableName, line } = policy;
+            const predicates = [policy.usingPredicate, policy.withCheckPredicate].filter((value) => Boolean(value));
+            if (isStorageObjectsTable(tableName)) {
+                const riskyStoragePredicate = predicates.find((predicate) => isUnscopedStoragePredicate(predicate));
+                if (riskyStoragePredicate) {
+                    findings.push(storageFinding(file.path, file.content, line, "Supabase storage.objects policy lacks owner or tenant scope"));
+                }
+                continue;
+            }
+            const broadPredicate = predicates.find((predicate) => isBroadPredicate(predicate));
+            if (broadPredicate || /\bto\s+(public|anon|authenticated)\b[\s\S]*\busing\s*\(\s*true\s*\)/i.test(policy.statement)) {
                 riskyPolicies.push({
                     file: file.path,
                     line,
                     policyName,
                     tableName,
-                    reason: "Policy predicate is broad (`USING (true)` or equivalent)."
+                    reason: "Policy predicate is broad (`USING (true)`, `WITH CHECK (true)`, or equivalent)."
                 });
                 findings.push(finding({
                     ruleId: "supabase.rls.broad-policy",
@@ -51,7 +57,8 @@ export async function checkSupabase(input) {
                     suggestedFix: "Replace broad predicates with ownership checks such as `auth.uid() = user_id` or a tenant membership join."
                 }));
             }
-            if (!/\bauth\.uid\s*\(/i.test(predicate) && !ownershipColumnPattern.test(predicate) && sensitiveTablePattern.test(tableName)) {
+            const combinedPredicate = predicates.join(" ");
+            if (!/\bauth\.uid\s*\(/i.test(combinedPredicate) && !ownershipColumnPattern.test(combinedPredicate) && sensitiveTablePattern.test(tableName)) {
                 riskyPolicies.push({
                     file: file.path,
                     line,
@@ -69,18 +76,28 @@ export async function checkSupabase(input) {
                     suggestedFix: "Reference `auth.uid()` and a stable ownership or membership column in every sensitive table policy."
                 }));
             }
+            if (sensitiveTablePattern.test(tableName) && hasWeakWithCheck(policy)) {
+                riskyPolicies.push({
+                    file: file.path,
+                    line,
+                    policyName,
+                    tableName,
+                    reason: "Write policy has a weak or missing `WITH CHECK` predicate."
+                });
+                findings.push(finding({
+                    ruleId: "supabase.rls.weak-with-check",
+                    title: `Supabase write policy "${policyName}" has a weak WITH CHECK predicate`,
+                    severity: "high",
+                    evidence: [{ file: file.path, line, snippet: lineAt(file.content, line) }],
+                    why: "A write policy can read the right tenant rows but still allow inserted or updated rows to move into another owner or tenant unless `WITH CHECK` is scoped.",
+                    suggestedVerification: "As User A, try inserting or updating a row with User B's owner, organization, workspace, or tenant ID and confirm the database rejects it.",
+                    suggestedFix: "Add a `WITH CHECK` predicate tied to `auth.uid()` and the same owner, tenant, or membership relationship used by the read policy."
+                }));
+            }
         }
-        for (const match of file.content.matchAll(/storage\.buckets[\s\S]{0,200}\bpublic\b\s*[,=]\s*true|create\s+policy[\s\S]{0,200}\bstorage\.objects[\s\S]{0,200}using\s*\(\s*true\s*\)/gi)) {
+        for (const match of file.content.matchAll(/storage\.buckets[\s\S]{0,200}\bpublic\b\s*[,=]\s*true/gi)) {
             const line = lineNumberForIndex(file.content, match.index ?? 0);
-            findings.push(finding({
-                ruleId: "supabase.storage.public-bucket",
-                title: "Supabase storage policy or bucket appears public",
-                severity: "high",
-                evidence: [{ file: file.path, line, snippet: lineAt(file.content, line) }],
-                why: "Public buckets can expose uploads, invoices, profile documents, or tenant files even when database rows are protected.",
-                suggestedVerification: "Upload a private file as User A and confirm unauthenticated users and User B cannot fetch it by URL.",
-                suggestedFix: "Make buckets private by default and add storage object policies scoped by owner or tenant."
-            }));
+            findings.push(storageFinding(file.path, file.content, line, "Supabase storage bucket appears public"));
         }
     }
     for (const table of tables) {
@@ -124,3 +141,100 @@ export async function checkSupabase(input) {
 function normalizeSqlIdentifier(value) {
     return value.replace(/"/g, "").trim().toLowerCase();
 }
+function parsePolicies(content) {
+    const policies = [];
+    const policyPattern = /create\s+policy\s+(?:"([^"]+)"|([^\s\n]+))\s+on\s+([a-zA-Z0-9_."]+)[\s\S]*?;/gi;
+    for (const match of content.matchAll(policyPattern)) {
+        const statement = match[0];
+        policies.push({
+            name: (match[1] ?? match[2] ?? "").trim(),
+            tableName: normalizeSqlIdentifier(match[3]),
+            operation: parsePolicyOperation(statement),
+            usingPredicate: extractPredicate(statement, "using"),
+            withCheckPredicate: extractPredicate(statement, "with check"),
+            statement,
+            line: lineNumberForIndex(content, match.index ?? 0)
+        });
+    }
+    return policies;
+}
+function parsePolicyOperation(statement) {
+    const match = /\bfor\s+(select|insert|update|delete|all)\b/i.exec(statement);
+    const operation = match?.[1]?.toLowerCase();
+    if (operation === "select" ||
+        operation === "insert" ||
+        operation === "update" ||
+        operation === "delete" ||
+        operation === "all") {
+        return operation;
+    }
+    return "unknown";
+}
+function extractPredicate(statement, clause) {
+    const clausePattern = clause === "using" ? /\busing\s*\(/i : /\bwith\s+check\s*\(/i;
+    const match = clausePattern.exec(statement);
+    if (!match)
+        return undefined;
+    const openParen = match.index + match[0].lastIndexOf("(");
+    return extractBalancedParentheses(statement, openParen);
+}
+function extractBalancedParentheses(value, openParen) {
+    let depth = 0;
+    let inSingleQuote = false;
+    for (let index = openParen; index < value.length; index += 1) {
+        const char = value[index];
+        const next = value[index + 1];
+        if (char === "'" && next === "'") {
+            index += 1;
+            continue;
+        }
+        if (char === "'") {
+            inSingleQuote = !inSingleQuote;
+            continue;
+        }
+        if (inSingleQuote)
+            continue;
+        if (char === "(")
+            depth += 1;
+        if (char === ")") {
+            depth -= 1;
+            if (depth === 0)
+                return value.slice(openParen + 1, index).trim();
+        }
+    }
+    return undefined;
+}
+function isBroadPredicate(predicate) {
+    return predicate.trim().toLowerCase() === "true";
+}
+function hasWeakWithCheck(policy) {
+    if (policy.operation !== "insert" && policy.operation !== "update" && policy.operation !== "all")
+        return false;
+    if (!policy.withCheckPredicate)
+        return policy.operation === "insert";
+    if (isBroadPredicate(policy.withCheckPredicate))
+        return true;
+    return !isScopedOwnershipPredicate(policy.withCheckPredicate);
+}
+function isScopedOwnershipPredicate(predicate) {
+    return /\bauth\.uid\s*\(/i.test(predicate) && ownershipColumnPattern.test(predicate);
+}
+function isStorageObjectsTable(tableName) {
+    return tableName === "storage.objects";
+}
+function isUnscopedStoragePredicate(predicate) {
+    if (isBroadPredicate(predicate))
+        return true;
+    return !/\bauth\.uid\s*\(|\bowner\b|\bowner_id\b|\buser_id\b|\btenant_id\b|\borganization_id\b|\bworkspace_id\b/i.test(predicate);
+}
+function storageFinding(filePath, content, line, title) {
+    return finding({
+        ruleId: "supabase.storage.public-bucket",
+        title,
+        severity: "high",
+        evidence: [{ file: filePath, line, snippet: lineAt(content, line) }],
+        why: "Storage object policies or public buckets can expose tenant files even when database rows are protected.",
+        suggestedVerification: "Upload a private file as User A and confirm unauthenticated users and User B cannot fetch it by URL or object path.",
+        suggestedFix: "Keep buckets private and scope storage object policies by `owner`, `auth.uid()`, tenant, workspace, or a membership relationship."
+    });
+}

package/docs/github-action.md

@@ -2,7 +2,7 @@
 
 `ai-saas-guard` ships as a composite GitHub Action for pull request and code scanning workflows.
 
-Use `zr9959/ai-saas-guard@v0` for the latest compatible pre-1.0 Action. Use a specific tag such as `v0.3.0` or a reviewed commit SHA when reproducibility is more important than automatic minor updates.
+Use `zr9959/ai-saas-guard@v0` for the latest compatible pre-1.0 Action. Use a specific tag such as `v0.4.0` or a reviewed commit SHA when reproducibility is more important than automatic minor updates.
 
 ## PR Summary
 

package/docs/npm-publishing.md

@@ -5,10 +5,10 @@
 ## Current State
 
 - Package name: `ai-saas-guard`
-- Current version: `0.3.0`
+- Current version: `0.4.0`
 - npm registry state: published at <https://www.npmjs.com/package/ai-saas-guard>
 - First npm-published version: `0.1.1`
-- GitHub Release: `v0.3.0`
+- GitHub Release: `v0.4.0`
 - Publish workflow: `.github/workflows/npm-publish.yml`
 - Trusted Publisher: GitHub Actions, `zr9959/ai-saas-guard`, workflow `npm-publish.yml`, allowed action `npm publish`
 - Long-lived npm publish token: not required
@@ -17,7 +17,7 @@
 
 Use GitHub Actions with npm Trusted Publisher/OIDC:
 
-1. Create and review a release tag such as `v0.3.0`.
+1. Create and review a release tag such as `v0.4.0`.
 2. Publish from the GitHub Release or run the `Publish npm` workflow manually with `ref` set to that tag.
 3. Keep `permissions.id-token: write` in the workflow so npm can exchange the GitHub Actions OIDC identity for a short-lived publish credential.
 4. Run `npm publish --access public` from the workflow. Trusted publishing automatically generates provenance for this public package from this public repository.

package/docs/project-handoff.md

@@ -40,7 +40,7 @@ Implemented surfaces:
 
 - secret-like values and risky public env exposure
 - Stripe webhook signature, raw body, idempotency, and lifecycle handler heuristics
-- Supabase RLS, broad policy, ownership filter, and public storage heuristics
+- Supabase RLS, tenant membership, ownership filter, weak `WITH CHECK`, and storage object policy heuristics
 - sensitive API route heuristics
 - MCP config side-effect and secret-bearing risk inventory
 - Next/Vercel deploy and runtime footguns
@@ -101,7 +101,6 @@ Current issue set:
 
 - #1 Add launch-readiness checklist content
 - #5 Write Stripe webhook replay cookbook
-- #7 Expand Supabase RLS fixtures and ownership patterns
 
 CI:
 
@@ -113,7 +112,7 @@ CI:
 Publishing:
 
 - npm package: `ai-saas-guard`
-- Current release line: `v0.3.0`
+- Current release line: `v0.4.0`
 - Publish workflow: `.github/workflows/npm-publish.yml`
 - Trusted Publisher: GitHub Actions for `zr9959/ai-saas-guard`, workflow `npm-publish.yml`
 - Long-lived npm publish tokens should not be required.
@@ -140,11 +139,10 @@ Not allowed:
 
 Recommended order:
 
-1. Expand Supabase RLS fixtures and ownership patterns.
-2. Write Stripe webhook replay cookbook.
-3. Add launch-readiness checklist content.
-4. Improve false-positive suppression and rule stability labels.
-5. Add a GitHub App design note for the potential hosted layer.
+1. Write Stripe webhook replay cookbook.
+2. Add launch-readiness checklist content.
+3. Improve false-positive suppression and rule stability labels.
+4. Add a GitHub App design note for the potential hosted layer.
 
 For every feature, keep the scanner evidence-first:
 

package/docs/rules.md

@@ -27,11 +27,12 @@ Rule metadata is centralized in `src/rules/catalog.ts` and covered by tests so S
 
 | Rule ID | Severity | Why it exists |
 | --- | --- | --- |
-| `supabase.rls.broad-policy` | critical | `USING (true)` often turns login into public data access. |
+| `supabase.rls.broad-policy` | critical | `USING (true)` or `WITH CHECK (true)` can turn login into broad data access or writes. |
 | `supabase.rls.missing-ownership-filter` | high | Policies need resource ownership or tenant membership checks. |
+| `supabase.rls.weak-with-check` | high | Write policies need `WITH CHECK` predicates tied to the current user or tenant membership. |
 | `supabase.table.missing-owner-column` | medium | Sensitive tables are hard to protect without owner/tenant keys. |
 | `supabase.rls.not-enabled` | critical | User-data tables should enable row level security. |
-| `supabase.storage.public-bucket` | high | Storage buckets can leak files even when database rows are protected. |
+| `supabase.storage.public-bucket` | high | Storage buckets or unscoped storage object policies can leak files even when database rows are protected. |
 
 ## API Routes And Deploy
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-saas-guard",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "Repo-local launch-readiness scanner for AI-built SaaS apps.",
   "type": "module",
   "homepage": "https://github.com/zr9959/ai-saas-guard#readme",