ai-saas-guard 0.30.0 → 0.30.1

package/README.md

@@ -49,13 +49,13 @@ These are the failures that hurt after real users arrive:
 See the public demo output without cloning a repo:
 
 ```bash
-npx ai-saas-guard@latest demo
+npx ai-saas-guard@latest demo --summary
 ```
 
 Run it against your app without installing anything globally:
 
 ```bash
-npx ai-saas-guard@latest scan --root /path/to/your-saas
+npx ai-saas-guard@latest scan --root /path/to/your-saas --summary
 ```
 
 For an AI-heavy pull request:
@@ -64,39 +64,36 @@ For an AI-heavy pull request:
 npx ai-saas-guard@latest pr-risk --root /path/to/your-saas --base origin/main --markdown
 ```
 
-You get rule IDs, severity, file evidence, why it matters, how to verify it manually, and a concrete fix direction. The scanner is deterministic, read-only, and does not call an LLM.
+The summary starts with the launch gate, top risks, manual proof steps, and next actions. Rerun without `--summary` for every finding with rule IDs, severity, file evidence, why it matters, manual verification, and fix direction. The scanner is deterministic, read-only, and does not call an LLM.
 
 ## Try The Demo Fixtures
 
 Want to see the report before scanning your own repo?
 
 ```bash
-npx ai-saas-guard@latest demo
+npx ai-saas-guard@latest demo --summary
 ```
 
-The demo command uses packaged public fixtures: `examples/demo-risky-saas` currently returns 19 intentional findings across Stripe, Supabase, silent-success paths, Next/Vercel deploy hints, and GitHub Actions; `examples/demo-safe-saas` returns 0 findings for the same broad surfaces with safer static patterns. See [docs/demo-quickstart.md](docs/demo-quickstart.md) if you want to inspect the fixture files locally.
+The demo command uses packaged public fixtures: `examples/demo-risky-saas` currently returns 19 intentional findings across Stripe, Supabase, silent-success paths, Next/Vercel deploy hints, and GitHub Actions; `examples/demo-safe-saas` returns 0 findings for the same broad surfaces with safer static patterns. Rerun `demo` without `--summary` for the full human-readable report, or see [docs/demo-quickstart.md](docs/demo-quickstart.md) if you want to inspect the fixture files locally.
 
 ## See The Output
 
 The report is designed to be read before launch or before merging an AI-heavy PR. A longer copy-paste example is in [docs/sample-launch-report.md](docs/sample-launch-report.md).
 
 ```text
-Launch Gate: review before launch
-19 findings: 2 critical, 6 high, 7 medium, 3 low, 1 info
+ai-saas-guard scan summary
+Findings: 19 findings: 2 critical, 6 high, 7 medium, 3 low, 1 info
+Launch gate: blocked: critical launch-readiness findings need review before inviting users
 
-CRITICAL stripe.webhook.missing-signature
-File: app/api/stripe/webhook/route.ts
-Why: billing access can be granted from a webhook path that does not verify Stripe signatures.
-Verify: replay a webhook with an invalid signature and confirm the route rejects it.
-Fix: read the raw body, call stripe.webhooks.constructEvent, and make event handling idempotent.
+Top risks:
+- CRITICAL stripe.webhook.missing-signature at app/api/stripe/webhook/route.ts:1 - Stripe webhook does not verify the Stripe signature
+- CRITICAL supabase.rls.broad-policy at supabase/migrations/001_accounts.sql:10 - Broad Supabase RLS policy on public.accounts
+- HIGH silent-success.swallowed-error at app/api/billing/checkout/route.ts:4 - Catch block may turn upstream failure into success
 
-HIGH silent-success.swallowed-error
-File: app/api/billing/checkout/route.ts
-Verify: force the upstream billing call to fail and confirm the route returns an error, not fake success.
-
-MEDIUM deploy.next.missing-security-headers
-File: app/api/billing/checkout/route.ts
-Verify: inspect production response headers for auth, billing, and API pages.
+Manual proof to run next:
+- Send a request without a valid Stripe signature and confirm the handler rejects it before changing entitlement state.
+- Run the generated two-account IDOR test and confirm User B cannot read, update, or delete User A resources.
+- Force the upstream billing call to fail and confirm the route returns an error, not fake success.
 
 Next steps
 - Fix critical and high trust-boundary findings first.
@@ -113,7 +110,7 @@ One command returns a launch-readiness report with:
 - why the finding matters for an AI-built SaaS launch
 - manual verification steps you can actually run
 - practical fix direction, not generic advice
-- terminal, JSON, SARIF, and PR markdown output for local review or CI
+- short `--summary`, terminal, JSON, SARIF, and PR markdown output for local review or CI
 
 ## Problems It Helps You Catch
 
@@ -132,8 +129,8 @@ One command returns a launch-readiness report with:
 Run the published CLI without installing it globally:
 
 ```bash
-npx ai-saas-guard@latest demo
-npx ai-saas-guard@latest scan --root /path/to/your-saas
+npx ai-saas-guard@latest demo --summary
+npx ai-saas-guard@latest scan --root /path/to/your-saas --summary
 ```
 
 Run focused checks:
@@ -148,9 +145,10 @@ npx ai-saas-guard@latest check-mcp --root /path/to/your-saas --policy-template
 npx ai-saas-guard@latest check-actions --root /path/to/your-saas
 ```
 
-Machine-readable output:
+Short or machine-readable output:
 
 ```bash
+npx ai-saas-guard@latest scan --root /path/to/your-saas --summary
 npx ai-saas-guard@latest scan --root /path/to/your-saas --json
 npx ai-saas-guard@latest scan --root /path/to/your-saas --sarif > ai-saas-guard.sarif
 npx ai-saas-guard@latest pr-risk --root /path/to/your-saas --base origin/main --markdown > ai-saas-guard-pr.md
@@ -187,13 +185,13 @@ The CLI is published on npm as `ai-saas-guard`, and the GitHub Action is availab
 | Area | Status |
 | --- | --- |
 | Public GitHub repository | Available |
-| npm CLI | `ai-saas-guard@0.30.0` |
-| GitHub Action | `zr9959/ai-saas-guard@v0` or fixed tag `v0.30.0` |
-| Outputs | Terminal, JSON, SARIF, and PR-focused markdown |
+| npm CLI | `ai-saas-guard@0.30.1` |
+| GitHub Action | `zr9959/ai-saas-guard@v0` or fixed tag `v0.30.1` |
+| Outputs | Short summary, terminal, JSON, SARIF, and PR-focused markdown |
 | Project config | `.ai-saas-guard.json` rule toggles, severity overrides, suppressions, and fail thresholds |
 | Privacy model | Local-first, read-only scan commands, no LLM calls, no code upload |
-| Versioned Action tags | `v0.30.0`, `v0` |
-| Current release | `0.30.0` adds `ai-saas-guard demo`, Next steps in human-readable reports, a more targeted quickstart feedback template, and refreshed first-run docs |
+| Versioned Action tags | `v0.30.1`, `v0` |
+| Current release | `0.30.1` adds `--summary` for first-run launch triage and sharper fix directions for Stripe, Supabase, silent-success, and Next/Vercel findings |
 | npm publishing | Trusted Publisher/OIDC, no long-lived publish token |
 | Repository trust hardening | Strict branch protection, Dependabot, CodeQL, fast-check fuzzing, signed release provenance assets, private vulnerability reporting, secret scanning, and push protection |
 | Cloudflare hosted ingress | Deployed at `https://ai-saas-guard-hosted.zr9959.workers.dev`; signed GitHub App webhook delivery and compact Check Run smoke now pass in staging |
@@ -360,7 +358,7 @@ Use `suppressions` for narrower false-positive handling when one rule is noisy o
 
 ## GitHub Action
 
-The repo includes a composite Action. Use `v0` for the latest compatible pre-1.0 Action, a specific release tag such as `v0.30.0` for controlled upgrades, or pin a reviewed commit SHA for stricter supply-chain control:
+The repo includes a composite Action. Use `v0` for the latest compatible pre-1.0 Action, a specific release tag such as `v0.30.1` for controlled upgrades, or pin a reviewed commit SHA for stricter supply-chain control:
 
 ```yaml
 name: ai-saas-guard

package/dist/cli.js

@@ -5,6 +5,7 @@ import { checkActions, checkMcp, checkStripe, checkSupabase, classifyPrRisk, run
 import { formatJsonReport } from "./report/json.js";
 import { formatMarkdownReport } from "./report/markdown.js";
 import { formatSarifReport } from "./report/sarif.js";
+import { formatSummaryReport } from "./report/summary.js";
 import { formatTerminalReport } from "./report/terminal.js";
 async function main(argv) {
     const args = parseArgs(argv);
@@ -74,10 +75,14 @@ function parseArgs(argv) {
             result.format = "markdown";
             continue;
         }
+        if (arg === "--summary") {
+            result.format = "summary";
+            continue;
+        }
         if (arg === "--format") {
             const value = argv[index + 1];
-            if (value !== "terminal" && value !== "json" && value !== "sarif" && value !== "markdown") {
-                throw new Error("--format requires terminal, json, sarif, or markdown");
+            if (value !== "terminal" && value !== "json" && value !== "sarif" && value !== "markdown" && value !== "summary") {
+                throw new Error("--format requires terminal, json, sarif, markdown, or summary");
             }
             result.format = value;
             index += 1;
@@ -143,6 +148,8 @@ function formatReport(report, format) {
         return formatSarifReport(report);
     if (format === "markdown")
         return formatMarkdownReport(report);
+    if (format === "summary")
+        return `${formatSummaryReport(report)}\n`;
     return `${formatTerminalReport(report)}\n`;
 }
 function shouldFail(report, failOn) {
@@ -169,13 +176,13 @@ function helpText() {
 Repo-local launch-readiness scanner for AI-built SaaS apps.
 
 Usage:
-  ai-saas-guard scan [--root <repo>] [--config <file>] [--json|--sarif] [--fail-on <severity>]
-  ai-saas-guard demo [--json|--markdown]
-  ai-saas-guard check-supabase [--root <repo>] [--config <file>] [--doctor] [--json|--sarif] [--fail-on <severity>]
-  ai-saas-guard check-stripe [--root <repo>] [--config <file>] [--json|--sarif] [--fail-on <severity>]
-  ai-saas-guard check-mcp [--root <repo>] [--config <file>] [--policy-template] [--json|--sarif] [--fail-on <severity>]
-  ai-saas-guard check-actions [--root <repo>] [--config <file>] [--json|--sarif] [--fail-on <severity>]
-  ai-saas-guard pr-risk [--root <repo>] [--config <file>] [--base <branch>] [--json|--sarif|--markdown] [--fail-on <severity>]
+  ai-saas-guard scan [--root <repo>] [--config <file>] [--json|--sarif|--summary] [--fail-on <severity>]
+  ai-saas-guard demo [--json|--markdown|--summary]
+  ai-saas-guard check-supabase [--root <repo>] [--config <file>] [--doctor] [--json|--sarif|--summary] [--fail-on <severity>]
+  ai-saas-guard check-stripe [--root <repo>] [--config <file>] [--json|--sarif|--summary] [--fail-on <severity>]
+  ai-saas-guard check-mcp [--root <repo>] [--config <file>] [--policy-template] [--json|--sarif|--summary] [--fail-on <severity>]
+  ai-saas-guard check-actions [--root <repo>] [--config <file>] [--json|--sarif|--summary] [--fail-on <severity>]
+  ai-saas-guard pr-risk [--root <repo>] [--config <file>] [--base <branch>] [--json|--sarif|--markdown|--summary] [--fail-on <severity>]
 
 Defaults:
   - read-only
@@ -185,6 +192,7 @@ Defaults:
   - terminal output by default, JSON with --json
   - SARIF output for GitHub code scanning with --sarif
   - PR-focused markdown summary with --markdown
+  - first-run launch summary with --summary
   - project config auto-loaded from .ai-saas-guard.json when present
 `;
 }

package/dist/index.d.ts

@@ -8,6 +8,7 @@ export { classifyPrRisk } from "./commands/prRisk.js";
 export { applyGuardConfig, defaultConfigFileName, loadGuardConfig } from "./config.js";
 export { createScanContext } from "./context.js";
 export { getRuleMetadata, RULE_CATALOG } from "./rules/catalog.js";
+export { formatSummaryReport } from "./report/summary.js";
 export type { BaseReport, CommandName, Evidence, Finding, ActionsReport, McpOptions, McpPolicyTemplate, McpReport, McpServerInventory, McpSideEffect, PrRiskFile, PrRiskReport, ScanOptions, ShowcaseReport, StripeReport, SupabaseOptions, SupabaseDoctorReport, SupabaseReport } from "./types.js";
 export type { ScanContext, ScanInput } from "./context.js";
 export type { FindingSuppression, GuardConfig, RuleConfigValue } from "./config.js";

package/dist/index.js

@@ -8,3 +8,4 @@ export { classifyPrRisk } from "./commands/prRisk.js";
 export { applyGuardConfig, defaultConfigFileName, loadGuardConfig } from "./config.js";
 export { createScanContext } from "./context.js";
 export { getRuleMetadata, RULE_CATALOG } from "./rules/catalog.js";
+export { formatSummaryReport } from "./report/summary.js";

package/dist/report/summary.d.ts

@@ -0,0 +1,2 @@
+import type { BaseReport } from "../types.js";
+export declare function formatSummaryReport(report: BaseReport): string;

package/dist/report/summary.js

@@ -0,0 +1,67 @@
+import { launchGateVerdict, manualProofSteps, nextSteps, reviewFirst } from "./launchGate.js";
+export function formatSummaryReport(report) {
+    if (report.command === "demo")
+        return formatShowcaseSummary(report);
+    const lines = [];
+    lines.push(`ai-saas-guard ${report.command} summary`);
+    lines.push(`Root: ${report.rootDir}`);
+    lines.push(`Findings: ${summaryText(report)}`);
+    lines.push(`Launch gate: ${launchGateVerdict(report)}`);
+    if (report.findings.length === 0) {
+        lines.push("");
+        lines.push("No heuristic launch-readiness risks found by this command.");
+        lines.push("");
+        lines.push("Next steps:");
+        appendList(lines, nextSteps(report.findings));
+        lines.push("");
+        lines.push("Full report:");
+        lines.push("  Rerun without --summary, or use --json, --sarif, or --markdown where supported.");
+        return lines.join("\n");
+    }
+    lines.push("");
+    lines.push("Top risks:");
+    appendList(lines, reviewFirst(report.findings, 3));
+    lines.push("");
+    lines.push("Manual proof to run next:");
+    appendList(lines, manualProofSteps(report.findings, 3));
+    lines.push("");
+    lines.push("Next steps:");
+    appendList(lines, nextSteps(report.findings));
+    lines.push("");
+    lines.push("Full report:");
+    lines.push("  Rerun without --summary, or use --json, --sarif, or --markdown where supported.");
+    return lines.join("\n");
+}
+function formatShowcaseSummary(report) {
+    const lines = [];
+    lines.push("ai-saas-guard demo summary");
+    lines.push("Synthetic public demo for the local-first launch gate.");
+    lines.push("This is not a pentest, full audit, or certification.");
+    lines.push("");
+    lines.push(`Risky demo: ${summaryText(report.demos.risky)}`);
+    lines.push(`Safe demo: ${summaryText(report.demos.safe)}`);
+    lines.push(`Launch gate: ${launchGateVerdict(report.demos.risky)}`);
+    lines.push("");
+    lines.push("Top risks:");
+    appendList(lines, reviewFirst(report.demos.risky.findings, 3));
+    lines.push("");
+    lines.push("Manual proof to run next:");
+    appendList(lines, manualProofSteps(report.demos.risky.findings, 3));
+    lines.push("");
+    lines.push("Next steps:");
+    appendList(lines, report.nextSteps);
+    lines.push("");
+    lines.push("Full report:");
+    lines.push("  Rerun `ai-saas-guard demo` without --summary or use --json/--markdown.");
+    return lines.join("\n");
+}
+function appendList(lines, items) {
+    for (const item of items) {
+        lines.push(`- ${item}`);
+    }
+}
+function summaryText(report) {
+    if (report.summary.total === 0)
+        return "0 findings";
+    return `${report.summary.total} findings: ${report.summary.critical} critical, ${report.summary.high} high, ${report.summary.medium} medium, ${report.summary.low} low, ${report.summary.info} info`;
+}

package/dist/scanners/deploy.js

@@ -120,7 +120,7 @@ export async function scanDeployConfig(input) {
             evidence: [{ file: evidenceFile.path, line, snippet: lineAt(evidenceFile.content, line) }],
             why: "Auth, payment, and API routes should launch with explicit browser security headers rather than relying on platform defaults.",
             suggestedVerification: "Run a production build or deploy preview and inspect response headers for auth, billing, and API pages.",
-            suggestedFix: "Add `headers()` in `next.config` or middleware for headers such as `X-Frame-Options`, `X-Content-Type-Options`, `Referrer-Policy`, and an appropriate CSP."
+            suggestedFix: "Add `headers()` in `next.config` or middleware for `Content-Security-Policy`, `X-Frame-Options`, `X-Content-Type-Options`, and `Referrer-Policy` on auth, billing, and API surfaces."
         }));
     }
     if (envExample) {

package/dist/scanners/silentSuccess.js

@@ -40,7 +40,7 @@ function scanSwallowedErrors(filePath, content) {
                 evidence: [{ file: filePath, line: block.line, snippet: lineAt(content, block.line) }],
                 why: "AI-generated SaaS code often hides integration failures by returning empty, null, or success-shaped data after an exception.",
                 suggestedVerification: "Force the upstream API, auth provider, billing provider, or database call to fail and confirm the route returns an error or disclosed degraded mode, not a fake success.",
-                suggestedFix: "Log the failure, return an explicit error status or degraded response, and avoid granting access or mutating state after the failed dependency."
+                suggestedFix: "Log the failure with a request id, return a 4xx/5xx error or explicit degraded-mode response, and do not grant entitlement, change ownership, or mutate tenant data after the failed dependency."
             }));
         }
     }
@@ -53,7 +53,7 @@ function scanSwallowedErrors(filePath, content) {
             evidence: [{ file: filePath, line, snippet: lineAt(content, line) }],
             why: "A `.catch()` fallback that returns default success data can make failed integrations look healthy before launch.",
             suggestedVerification: "Make the promise reject in a local test and confirm callers receive an error or disclosed degraded mode.",
-            suggestedFix: "Propagate the error or return an explicit failure response with logging and no entitlement or ownership side effect."
+            suggestedFix: "Propagate the error or return an explicit failure response with request-id logging, and keep entitlement, ownership, and tenant mutations behind the successful dependency path."
         }));
     }
     return findings;
@@ -102,7 +102,7 @@ function scanHardcodedFallbacks(filePath, content) {
             evidence: [{ file: filePath, line, snippet: lineAt(content, line) }],
             why: "Hardcoded fallback responses in auth, Stripe, Supabase, OpenAI, payment, or entitlement paths can grant access or hide broken integrations.",
             suggestedVerification: "Disable the real upstream provider and confirm the route does not return hardcoded active subscriptions, successful auth, or generated sample data.",
-            suggestedFix: "Replace hardcoded success fallbacks with explicit error/degraded responses and a launch checklist item for real provider verification."
+            suggestedFix: "Replace hardcoded success fallbacks with explicit error/degraded responses, request-id logging, and a staging check that proves real provider failure cannot grant access."
         }));
     }
     return findings;

package/dist/scanners/stripe.js

@@ -76,7 +76,7 @@ export async function checkStripe(input) {
                 ],
                 why: "Without `stripe.webhooks.constructEvent` and the `stripe-signature` header, attackers can forge billing events that grant or revoke access.",
                 suggestedVerification: "Send a request without a valid Stripe signature and confirm the handler rejects it before changing entitlement state.",
-                suggestedFix: "Read the raw request body, call `stripe.webhooks.constructEvent(body, signature, STRIPE_WEBHOOK_SECRET)`, and reject invalid signatures."
+                suggestedFix: "In Next.js route handlers, read the payload with `await req.text()`, read the `stripe-signature` header, call `stripe.webhooks.constructEvent(body, signature, STRIPE_WEBHOOK_SECRET)`, and return 400 before any entitlement mutation when verification fails."
             }));
         }
         if (hasConstructEvent && usesJsonBody && !usesRawBody) {
@@ -87,7 +87,7 @@ export async function checkStripe(input) {
                 evidence: [{ file: file.path, line: firstLineMatching(file.content, /req\.json\s*\(/), snippet: firstSnippetMatching(file.content, /req\.json\s*\(/) }],
                 why: "Stripe signature checks require the exact raw payload bytes; parsed JSON can make verification fail or be bypassed in rewrites.",
                 suggestedVerification: "Replay a signed test webhook through the deployed route and confirm signature verification succeeds only with the raw body.",
-                suggestedFix: "Use `await req.text()` in Next.js route handlers or equivalent raw-body middleware before calling `constructEvent`."
+                suggestedFix: "Use `await req.text()` in Next.js route handlers or equivalent raw-body middleware, pass that exact body into `constructEvent`, and reject bad signatures before any billing state change."
             }));
         }
         if (/NEXT_PUBLIC_STRIPE_WEBHOOK_SECRET|NEXT_PUBLIC_STRIPE_SECRET_KEY/.test(file.content)) {

package/dist/scanners/supabase.js

@@ -56,7 +56,7 @@ export async function checkSupabase(input, options = {}) {
                     evidence: [{ file: file.path, line, snippet: lineAt(file.content, line) }],
                     why: "A broad RLS predicate can make user data readable or writable across accounts even when login exists.",
                     suggestedVerification: "Run the generated two-account IDOR test and confirm User B cannot read, update, or delete User A resources.",
-                    suggestedFix: "Replace broad predicates with ownership checks such as `auth.uid() = user_id` or a tenant membership join."
+                    suggestedFix: "Replace broad predicates with ownership checks such as `auth.uid() = user_id`; for writes, mirror the same scope in `WITH CHECK`, and rerun the two-account cross-tenant verification."
                 }));
             }
             const combinedPredicate = predicates.join(" ");
@@ -75,7 +75,7 @@ export async function checkSupabase(input, options = {}) {
                     evidence: [{ file: file.path, line, snippet: lineAt(file.content, line) }],
                     why: "Founders often confuse authentication with authorization; table policies need resource-level ownership checks.",
                     suggestedVerification: "Create the same resource as User A and attempt to read, update, and delete it with User B's session.",
-                    suggestedFix: "Reference `auth.uid()` and a stable ownership or membership column in every sensitive table policy."
+                    suggestedFix: "Reference `auth.uid()` and a stable owner column, or join through a tenant/workspace membership table, in every sensitive table policy."
                 }));
             }
             if (sensitiveTablePattern.test(tableName) && hasWeakWithCheck(policy)) {
@@ -93,7 +93,7 @@ export async function checkSupabase(input, options = {}) {
                     evidence: [{ file: file.path, line, snippet: lineAt(file.content, line) }],
                     why: "A write policy can read the right tenant rows but still allow inserted or updated rows to move into another owner or tenant unless `WITH CHECK` is scoped.",
                     suggestedVerification: "As User A, try inserting or updating a row with User B's owner, organization, workspace, or tenant ID and confirm the database rejects it.",
-                    suggestedFix: "Add a `WITH CHECK` predicate tied to `auth.uid()` and the same owner, tenant, or membership relationship used by the read policy."
+                    suggestedFix: "Use `auth.uid()` in a `WITH CHECK` predicate tied to the same owner, tenant, or membership relationship used by the read policy."
                 }));
             }
         }
@@ -174,7 +174,7 @@ function buildDoctorFindings(files, tables, rlsEnabledTables, policies) {
                 evidence: [{ file: policy.file, line: policy.line, snippet: lineAt(files.find((file) => file.path === policy.file)?.content ?? "", policy.line) }],
                 why: "A common RLS launch failure is reads working while inserts, updates, or deletes silently fail because write policies are missing.",
                 suggestedVerification: "As User A, try INSERT, UPDATE, and DELETE on an owned row; then repeat as User B and confirm only the intended operations pass.",
-                suggestedFix: "Add scoped INSERT/UPDATE/DELETE policies with `WITH CHECK` predicates where the product supports writes."
+                suggestedFix: "Add scoped INSERT/UPDATE/DELETE policies with `WITH CHECK` predicates tied to `auth.uid()` or tenant membership where the product supports writes."
             }));
         }
         if (isTenantLikeTable(table) && tablePolicies.length > 0 && !tablePolicies.some((policy) => hasTenantPredicate(policy, table))) {
@@ -186,7 +186,7 @@ function buildDoctorFindings(files, tables, rlsEnabledTables, policies) {
                 evidence: [{ file: policy.file, line: policy.line, snippet: lineAt(files.find((file) => file.path === policy.file)?.content ?? "", policy.line) }],
                 why: "Multi-tenant tables need tenant, workspace, organization, project, client, owner, or membership predicates, not just generic login checks.",
                 suggestedVerification: "Create rows in two tenants and confirm User A cannot SELECT, INSERT, UPDATE, or DELETE User B's tenant rows.",
-                suggestedFix: "Tie every policy to tenant/workspace/organization membership or owner columns and mirror the same scope in `WITH CHECK`."
+                suggestedFix: "Tie every policy to tenant/workspace/organization membership or owner columns, and mirror the same tenant scope in `WITH CHECK` for INSERT and UPDATE."
             }));
         }
     }
@@ -201,7 +201,7 @@ function buildDoctorFindings(files, tables, rlsEnabledTables, policies) {
                 evidence: [{ file: policy.file, line: policy.line, snippet: lineAt(fileContent, policy.line) }],
                 why: "Public write policies can allow anonymous or unintended clients to insert or mutate data when predicates are incomplete or misunderstood.",
                 suggestedVerification: "Try the INSERT/UPDATE/DELETE path with an anonymous client and with User B's session; expected result is denial unless explicitly intended.",
-                suggestedFix: "Grant write policies to authenticated roles only and require owner or tenant `WITH CHECK` predicates."
+                suggestedFix: "Grant write policies to authenticated roles only and require owner or tenant `WITH CHECK` predicates tied to `auth.uid()` or membership."
             }));
         }
         const mismatch = findAuthUidColumnMismatch(predicate, tables.find((table) => table.name === policy.tableName));

package/docs/README.zh-CN.md

@@ -48,13 +48,13 @@ AI 能很快把一个 SaaS 做到“看起来能用”：能登录、能打开 c
 不用 clone 仓库，先看公开 demo 输出：
 
 ```bash
-npx ai-saas-guard@latest demo
+npx ai-saas-guard@latest demo --summary
 ```
 
 无需全局安装，直接扫你的应用：
 
 ```bash
-npx ai-saas-guard@latest scan --root /path/to/your-saas
+npx ai-saas-guard@latest scan --root /path/to/your-saas --summary
 ```
 
 如果是 AI 生成的大 PR：
@@ -63,39 +63,36 @@ npx ai-saas-guard@latest scan --root /path/to/your-saas
 npx ai-saas-guard@latest pr-risk --root /path/to/your-saas --base origin/main --markdown
 ```
 
-你会得到 rule ID、severity、文件证据、为什么重要、如何人工验证，以及具体修复方向。扫描是 deterministic、只读的，不调用 LLM。
+`--summary` 会先给上线判断、前三个风险、人工验证和下一步。去掉 `--summary` 后会看到每个 finding 的 rule ID、severity、文件证据、为什么重要、如何人工验证，以及具体修复方向。扫描是 deterministic、只读的，不调用 LLM。
 
 ## 先试公开 demo
 
 如果你还不想先扫自己的私有仓库，可以先跑公开 fixture：
 
 ```bash
-npx ai-saas-guard@latest demo
+npx ai-saas-guard@latest demo --summary
 ```
 
-demo 命令使用包内公开 fixture：`examples/demo-risky-saas` 当前会故意触发 19 个 finding，覆盖 Stripe、Supabase、silent-success、Next/Vercel deploy 提示和 GitHub Actions；`examples/demo-safe-saas` 在同类风险面上使用更安全的静态写法，当前返回 0 个 finding。想本地查看 fixture 文件时再看 [demo-quickstart.md](demo-quickstart.md)。
+demo 命令使用包内公开 fixture：`examples/demo-risky-saas` 当前会故意触发 19 个 finding，覆盖 Stripe、Supabase、silent-success、Next/Vercel deploy 提示和 GitHub Actions；`examples/demo-safe-saas` 在同类风险面上使用更安全的静态写法，当前返回 0 个 finding。去掉 `--summary` 可看完整报告；想本地查看 fixture 文件时再看 [demo-quickstart.md](demo-quickstart.md)。
 
 ## 输出长什么样
 
 报告是给上线前或合并 AI 大 PR 前快速阅读的。更完整的可复制样例见 [docs/sample-launch-report.md](sample-launch-report.md)。
 
 ```text
-Launch Gate: review before launch
-19 findings: 2 critical, 6 high, 7 medium, 3 low, 1 info
+ai-saas-guard scan summary
+Findings: 19 findings: 2 critical, 6 high, 7 medium, 3 low, 1 info
+Launch gate: blocked: critical launch-readiness findings need review before inviting users
 
-CRITICAL stripe.webhook.missing-signature
-File: app/api/stripe/webhook/route.ts
-Why: billing access can be granted from a webhook path that does not verify Stripe signatures.
-Verify: replay a webhook with an invalid signature and confirm the route rejects it.
-Fix: read the raw body, call stripe.webhooks.constructEvent, and make event handling idempotent.
+Top risks:
+- CRITICAL stripe.webhook.missing-signature at app/api/stripe/webhook/route.ts:1 - Stripe webhook does not verify the Stripe signature
+- CRITICAL supabase.rls.broad-policy at supabase/migrations/001_accounts.sql:10 - Broad Supabase RLS policy on public.accounts
+- HIGH silent-success.swallowed-error at app/api/billing/checkout/route.ts:4 - Catch block may turn upstream failure into success
 
-HIGH silent-success.swallowed-error
-File: app/api/billing/checkout/route.ts
-Verify: force the upstream billing call to fail and confirm the route returns an error, not fake success.
-
-MEDIUM deploy.next.missing-security-headers
-File: app/api/billing/checkout/route.ts
-Verify: inspect production response headers for auth, billing, and API pages.
+Manual proof to run next:
+- Send a request without a valid Stripe signature and confirm the handler rejects it before changing entitlement state.
+- Run the generated two-account IDOR test and confirm User B cannot read, update, or delete User A resources.
+- Force the upstream billing call to fail and confirm the route returns an error, not fake success.
 
 Next steps
 - 先修 critical/high 的信任边界 finding。
@@ -112,7 +109,7 @@ Next steps
 - 说明它为什么会影响 AI 构建的 SaaS 上线
 - 给出可以人工复现的验证步骤
 - 给出实际修复方向，不只是一句泛泛建议
-- 支持 terminal、JSON、SARIF 和 PR markdown，方便本地或 CI 使用
+- 支持短 `--summary`、terminal、JSON、SARIF 和 PR markdown，方便本地或 CI 使用
 
 ## 它能帮你抓住哪些问题
 
@@ -131,8 +128,8 @@ Next steps
 无需全局安装，直接运行：
 
 ```bash
-npx ai-saas-guard@latest demo
-npx ai-saas-guard@latest scan --root /path/to/your-saas
+npx ai-saas-guard@latest demo --summary
+npx ai-saas-guard@latest scan --root /path/to/your-saas --summary
 ```
 
 运行专项检查：
@@ -147,9 +144,10 @@ npx ai-saas-guard@latest check-mcp --root /path/to/your-saas --policy-template
 npx ai-saas-guard@latest check-actions --root /path/to/your-saas
 ```
 
-机器可读输出：
+短输出和机器可读输出：
 
 ```bash
+npx ai-saas-guard@latest scan --root /path/to/your-saas --summary
 npx ai-saas-guard@latest scan --root /path/to/your-saas --json
 npx ai-saas-guard@latest scan --root /path/to/your-saas --sarif > ai-saas-guard.sarif
 npx ai-saas-guard@latest pr-risk --root /path/to/your-saas --base origin/main --markdown > ai-saas-guard-pr.md
@@ -169,18 +167,18 @@ node dist/cli.js scan --root /path/to/your-saas
 
 这个仓库是公开 GitHub 仓库。
 
-CLI 已发布到 npm：`ai-saas-guard@0.30.0`。GitHub Action 支持 `v0` 浮动标签，也支持固定版本标签，例如 `v0.30.0`。
+CLI 已发布到 npm：`ai-saas-guard@0.30.1`。GitHub Action 支持 `v0` 浮动标签，也支持固定版本标签，例如 `v0.30.1`。
 
 | 模块 | 状态 |
 | --- | --- |
 | 公开 GitHub 仓库 | 已可用 |
-| npm CLI | `ai-saas-guard@0.30.0` |
-| GitHub Action | `zr9959/ai-saas-guard@v0` 或固定标签 `v0.30.0` |
-| 输出格式 | Terminal、JSON、SARIF 和 PR markdown |
+| npm CLI | `ai-saas-guard@0.30.1` |
+| GitHub Action | `zr9959/ai-saas-guard@v0` 或固定标签 `v0.30.1` |
+| 输出格式 | 短 summary、Terminal、JSON、SARIF 和 PR markdown |
 | 项目配置 | `.ai-saas-guard.json` 支持规则开关、severity 覆盖、suppressions 和 fail threshold |
 | 隐私模型 | 本地优先、只读扫描、不调用 LLM、不上传代码 |
-| 当前版本 | `0.30.0` 增加 `ai-saas-guard demo`、human-readable 报告里的 Next steps、更有针对性的 quickstart 反馈模板，并刷新首次试用文档 |
-| Action 标签 | `v0.30.0`、`v0` |
+| 当前版本 | `0.30.1` 增加首次使用的 `--summary` 输出，并强化 Stripe、Supabase、silent-success、Next/Vercel finding 的具体修复方向 |
+| Action 标签 | `v0.30.1`、`v0` |
 | npm 发布 | GitHub Actions Trusted Publisher/OIDC，无需长期 npm token |
 | 仓库可信度加固 | 严格 branch protection、Dependabot、CodeQL、fast-check fuzzing、signed release provenance assets、private vulnerability reporting、secret scanning 和 push protection |
 | Cloudflare hosted ingress | 已部署到 `https://ai-saas-guard-hosted.zr9959.workers.dev`；签名 GitHub App webhook delivery 和 compact Check Run staging smoke 已通过 |

package/docs/demo-quickstart.md

@@ -7,10 +7,10 @@ Use these public fixtures when you want to understand `ai-saas-guard` before poi
 Run the packaged demo without cloning this repository:
 
 ```bash
-npx ai-saas-guard@latest demo
+npx ai-saas-guard@latest demo --summary
 ```
 
-This prints the risky and safe demo summaries, the first risky files to review, manual verification steps, and launch-focused next steps. It uses only public fixture code shipped in the npm package.
+This prints the risky and safe demo summaries, the top risky files to review, manual verification steps, and launch-focused next steps. It uses only public fixture code shipped in the npm package. Rerun `npx ai-saas-guard@latest demo` without `--summary` for the full human-readable report.
 
 ## Risky Demo
 
@@ -20,6 +20,7 @@ Clone the repository only if you want to inspect or edit the fixture files:
 git clone https://github.com/zr9959/ai-saas-guard.git
 cd ai-saas-guard
 npx ai-saas-guard@latest scan --root examples/demo-risky-saas
+npx ai-saas-guard@latest scan --root examples/demo-risky-saas --summary
 ```
 
 The risky demo intentionally includes unsigned Stripe webhook handling, a silent-success billing fallback, broad Supabase RLS, and overpowered GitHub Actions permissions.
@@ -49,6 +50,7 @@ node dist/cli.js scan --root examples/demo-risky-saas
 
 ```bash
 npx ai-saas-guard@latest scan --root examples/demo-safe-saas
+npx ai-saas-guard@latest scan --root examples/demo-safe-saas --summary
 ```
 
 The safe demo keeps the same broad surfaces but uses safer static patterns: Stripe signature verification and idempotency hints, scoped RLS, security headers, documented env variables, request IDs, and bounded GitHub Actions permissions.

package/docs/npm-publishing.md

@@ -5,11 +5,11 @@
 ## Current State
 
 - Package name: `ai-saas-guard`
-- Current published version: `0.30.0`
+- Current published version: `0.30.1`
 - Next source candidate: none
 - npm registry state: published at <https://www.npmjs.com/package/ai-saas-guard>
 - First npm-published version: `0.1.1`
-- GitHub Release: `v0.30.0`
+- GitHub Release: `v0.30.1`
 - Publish workflow: `.github/workflows/npm-publish.yml`
 - Trusted Publisher: GitHub Actions, `zr9959/ai-saas-guard`, workflow `npm-publish.yml`, allowed action `npm publish`
 - Long-lived npm publish token: not required
@@ -18,7 +18,7 @@
 
 Use GitHub Actions with npm Trusted Publisher/OIDC:
 
-1. Create and review a release tag such as `v0.30.0`.
+1. Create and review a release tag such as `v0.30.1`.
 2. Publish from the GitHub Release or run the `Publish npm` workflow manually with `ref` set to that tag.
 3. Keep `permissions.id-token: write` in the workflow so npm can exchange the GitHub Actions OIDC identity for a short-lived publish credential.
 4. Run `npm publish --access public` from the workflow. Trusted publishing automatically generates provenance for this public package from this public repository.

package/docs/sample-launch-report.md

@@ -3,7 +3,31 @@
 This is a synthetic, public-safe example of the kind of review queue `ai-saas-guard` produces. Paths, snippets, and checks are intentionally small so a founder or reviewer can understand the output before running the tool.
 
 ```text
-Launch Gate: review before launch
+ai-saas-guard scan summary
+Findings: 6 findings: 0 critical, 3 high, 3 medium, 0 low, 0 info
+Launch gate: review required: high-risk launch paths need manual verification before launch
+
+Top risks:
+- HIGH stripe.webhook.missing-signature at app/api/stripe/webhook/route.ts:12 - Stripe webhook does not verify the Stripe signature
+- HIGH auth.clerk.unsafe-metadata at app/api/auth/profile/route.ts:8 - Clerk unsafe metadata is used as authorization input
+- HIGH data.prisma.tenant-scope-missing at app/api/projects/[projectId]/route.ts:9 - Prisma query lacks an obvious tenant or owner predicate
+
+Manual proof to run next:
+- Replay a webhook with an invalid signature and confirm the route rejects it.
+- Try changing the same metadata as a normal signed-in user and confirm it cannot grant admin, paid plan, tenant, workspace, or entitlement access.
+- Create this resource as Tenant/User A, then attempt the same update with Tenant/User B.
+
+Next steps
+- Fix critical and high trust-boundary findings first: auth/session, billing/webhook, tenant data, and silent-success paths.
+- Run the manual proof steps above in staging and confirm each risky path fails closed.
+
+Full report:
+  Rerun without --summary, or use --json, --sarif, or --markdown where supported.
+```
+
+The full terminal report expands each finding:
+
+```text
 6 findings: 3 high, 3 medium
 
 HIGH stripe.webhook.missing-signature
@@ -11,7 +35,7 @@ Rule: stripe.webhook.missing-signature
 File: app/api/stripe/webhook/route.ts:12
 Why: Billing access can be granted from a webhook path that does not verify Stripe signatures.
 Verify: Replay a webhook with an invalid signature and confirm the route rejects it.
-Fix direction: Read the raw body, call stripe.webhooks.constructEvent, and keep entitlement changes idempotent.
+Fix direction: In Next.js route handlers, read the payload with `await req.text()`, read the `stripe-signature` header, call `stripe.webhooks.constructEvent(body, signature, STRIPE_WEBHOOK_SECRET)`, and return 400 before any entitlement mutation when verification fails.
 
 HIGH auth.clerk.unsafe-metadata
 Rule: auth.clerk.unsafe-metadata
@@ -32,7 +56,7 @@ Rule: supabase.rls.tenant-predicate-missing
 File: supabase/migrations/20260524_projects.sql:22
 Why: Multi-tenant tables need tenant, workspace, organization, owner, or membership predicates.
 Verify: Sign in as user A and user B; confirm neither can SELECT, INSERT, UPDATE, or DELETE the other's rows.
-Fix direction: Add tenant or membership predicates and rerun a two-account staging check.
+Fix direction: Tie every policy to tenant/workspace/organization membership or owner columns, and mirror the same tenant scope in `WITH CHECK` for INSERT and UPDATE.
 
 MEDIUM deploy.vercel.cron-missing-guard
 Rule: deploy.vercel.cron-missing-guard
@@ -46,7 +70,7 @@ Rule: silent-success.swallowed-error
 File: app/api/billing/checkout/route.ts:31
 Why: Swallowed provider, auth, billing, or data errors can make a launch path look successful when it failed.
 Verify: Force the upstream provider call to fail and confirm the route returns an error or disclosed degraded mode.
-Fix direction: Log the failure, return an explicit error status, and avoid granting access after the failed dependency.
+Fix direction: Log the failure with a request id, return a 4xx/5xx error or explicit degraded-mode response, and do not grant entitlement, change ownership, or mutate tenant data after the failed dependency.
 
 Next steps
 - Fix critical and high trust-boundary findings first: auth/session, billing/webhook, tenant data, and silent-success paths.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-saas-guard",
-  "version": "0.30.0",
+  "version": "0.30.1",
   "description": "Local-first CLI that catches launch blockers in AI-built Next.js/Supabase/Stripe SaaS apps.",
   "readmeFilename": "README.md",
   "type": "module",