ai-saas-guard 0.30.0 → 0.30.2

package/README.md

@@ -49,13 +49,13 @@ These are the failures that hurt after real users arrive:
 See the public demo output without cloning a repo:
 
 ```bash
-npx ai-saas-guard@latest demo
+npx ai-saas-guard@latest demo --summary
 ```
 
 Run it against your app without installing anything globally:
 
 ```bash
-npx ai-saas-guard@latest scan --root /path/to/your-saas
+npx ai-saas-guard@latest scan --root /path/to/your-saas --summary
 ```
 
 For an AI-heavy pull request:
@@ -64,39 +64,36 @@ For an AI-heavy pull request:
 npx ai-saas-guard@latest pr-risk --root /path/to/your-saas --base origin/main --markdown
 ```
 
-You get rule IDs, severity, file evidence, why it matters, how to verify it manually, and a concrete fix direction. The scanner is deterministic, read-only, and does not call an LLM.
+The summary starts with the launch gate, top risks, manual proof steps, and next actions. Rerun without `--summary` for every finding with rule IDs, severity, file evidence, why it matters, manual verification, and fix direction. The scanner is deterministic, read-only, and does not call an LLM.
 
 ## Try The Demo Fixtures
 
 Want to see the report before scanning your own repo?
 
 ```bash
-npx ai-saas-guard@latest demo
+npx ai-saas-guard@latest demo --summary
 ```
 
-The demo command uses packaged public fixtures: `examples/demo-risky-saas` currently returns 19 intentional findings across Stripe, Supabase, silent-success paths, Next/Vercel deploy hints, and GitHub Actions; `examples/demo-safe-saas` returns 0 findings for the same broad surfaces with safer static patterns. See [docs/demo-quickstart.md](docs/demo-quickstart.md) if you want to inspect the fixture files locally.
+The demo command uses packaged public fixtures: `examples/demo-risky-saas` currently returns 19 intentional findings across Stripe, Supabase, silent-success paths, Next/Vercel deploy hints, and GitHub Actions; `examples/demo-safe-saas` returns 0 findings for the same broad surfaces with safer static patterns. Rerun `demo` without `--summary` for the full human-readable report, or see [docs/demo-quickstart.md](docs/demo-quickstart.md) if you want to inspect the fixture files locally.
 
 ## See The Output
 
 The report is designed to be read before launch or before merging an AI-heavy PR. A longer copy-paste example is in [docs/sample-launch-report.md](docs/sample-launch-report.md).
 
 ```text
-Launch Gate: review before launch
-19 findings: 2 critical, 6 high, 7 medium, 3 low, 1 info
+ai-saas-guard scan summary
+Findings: 19 findings: 2 critical, 6 high, 7 medium, 3 low, 1 info
+Launch gate: blocked: critical launch-readiness findings need review before inviting users
 
-CRITICAL stripe.webhook.missing-signature
-File: app/api/stripe/webhook/route.ts
-Why: billing access can be granted from a webhook path that does not verify Stripe signatures.
-Verify: replay a webhook with an invalid signature and confirm the route rejects it.
-Fix: read the raw body, call stripe.webhooks.constructEvent, and make event handling idempotent.
+Top risks:
+- CRITICAL stripe.webhook.missing-signature at app/api/stripe/webhook/route.ts:1 - Stripe webhook does not verify the Stripe signature
+- CRITICAL supabase.rls.broad-policy at supabase/migrations/001_accounts.sql:10 - Broad Supabase RLS policy on public.accounts
+- HIGH silent-success.swallowed-error at app/api/billing/checkout/route.ts:4 - Catch block may turn upstream failure into success
 
-HIGH silent-success.swallowed-error
-File: app/api/billing/checkout/route.ts
-Verify: force the upstream billing call to fail and confirm the route returns an error, not fake success.
-
-MEDIUM deploy.next.missing-security-headers
-File: app/api/billing/checkout/route.ts
-Verify: inspect production response headers for auth, billing, and API pages.
+Manual proof to run next:
+- Send a request without a valid Stripe signature and confirm the handler rejects it before changing entitlement state.
+- Run the generated two-account IDOR test and confirm User B cannot read, update, or delete User A resources.
+- Force the upstream billing call to fail and confirm the route returns an error, not fake success.
 
 Next steps
 - Fix critical and high trust-boundary findings first.
@@ -113,7 +110,7 @@ One command returns a launch-readiness report with:
 - why the finding matters for an AI-built SaaS launch
 - manual verification steps you can actually run
 - practical fix direction, not generic advice
-- terminal, JSON, SARIF, and PR markdown output for local review or CI
+- short `--summary`, terminal, JSON, SARIF, and PR markdown output for local review or CI
 
 ## Problems It Helps You Catch
 
@@ -127,13 +124,15 @@ One command returns a launch-readiness report with:
 | Are tools and CI overpowered? | MCP side-effect classes, local policy/receipt templates, GitHub Actions permissions, concurrency, checkout depth, action pinning |
 | Can reviewers trust the PR? | `pr-risk` ranking for auth, billing, RLS, deploy, API, storage, tests, silent-success paths, missing spec context, and large AI diffs |
 
+For a concise comparison with Semgrep, zizmor, OpenSSF Scorecard, Snyk, and GitHub code scanning, see [docs/launch-gate-positioning.md](docs/launch-gate-positioning.md).
+
 ## Quick Start
 
 Run the published CLI without installing it globally:
 
 ```bash
-npx ai-saas-guard@latest demo
-npx ai-saas-guard@latest scan --root /path/to/your-saas
+npx ai-saas-guard@latest demo --summary
+npx ai-saas-guard@latest scan --root /path/to/your-saas --summary
 ```
 
 Run focused checks:
@@ -148,9 +147,10 @@ npx ai-saas-guard@latest check-mcp --root /path/to/your-saas --policy-template
 npx ai-saas-guard@latest check-actions --root /path/to/your-saas
 ```
 
-Machine-readable output:
+Short or machine-readable output:
 
 ```bash
+npx ai-saas-guard@latest scan --root /path/to/your-saas --summary
 npx ai-saas-guard@latest scan --root /path/to/your-saas --json
 npx ai-saas-guard@latest scan --root /path/to/your-saas --sarif > ai-saas-guard.sarif
 npx ai-saas-guard@latest pr-risk --root /path/to/your-saas --base origin/main --markdown > ai-saas-guard-pr.md
@@ -187,13 +187,13 @@ The CLI is published on npm as `ai-saas-guard`, and the GitHub Action is availab
 | Area | Status |
 | --- | --- |
 | Public GitHub repository | Available |
-| npm CLI | `ai-saas-guard@0.30.0` |
-| GitHub Action | `zr9959/ai-saas-guard@v0` or fixed tag `v0.30.0` |
-| Outputs | Terminal, JSON, SARIF, and PR-focused markdown |
+| npm CLI | `ai-saas-guard@0.30.2` |
+| GitHub Action | `zr9959/ai-saas-guard@v0` or fixed tag `v0.30.2` |
+| Outputs | Short summary, terminal, JSON, SARIF, and PR-focused markdown |
 | Project config | `.ai-saas-guard.json` rule toggles, severity overrides, suppressions, and fail thresholds |
 | Privacy model | Local-first, read-only scan commands, no LLM calls, no code upload |
-| Versioned Action tags | `v0.30.0`, `v0` |
-| Current release | `0.30.0` adds `ai-saas-guard demo`, Next steps in human-readable reports, a more targeted quickstart feedback template, and refreshed first-run docs |
+| Versioned Action tags | `v0.30.2`, `v0` |
+| Current release | `0.30.2` adds post-release quality tuning: lower-noise Vercel/Actions checks, focused launch-gate positioning docs, and hosted worker evidence boundaries |
 | npm publishing | Trusted Publisher/OIDC, no long-lived publish token |
 | Repository trust hardening | Strict branch protection, Dependabot, CodeQL, fast-check fuzzing, signed release provenance assets, private vulnerability reporting, secret scanning, and push protection |
 | Cloudflare hosted ingress | Deployed at `https://ai-saas-guard-hosted.zr9959.workers.dev`; signed GitHub App webhook delivery and compact Check Run smoke now pass in staging |
@@ -360,7 +360,7 @@ Use `suppressions` for narrower false-positive handling when one rule is noisy o
 
 ## GitHub Action
 
-The repo includes a composite Action. Use `v0` for the latest compatible pre-1.0 Action, a specific release tag such as `v0.30.0` for controlled upgrades, or pin a reviewed commit SHA for stricter supply-chain control:
+The repo includes a composite Action. Use `v0` for the latest compatible pre-1.0 Action, a specific release tag such as `v0.30.2` for controlled upgrades, or pin a reviewed commit SHA for stricter supply-chain control:
 
 ```yaml
 name: ai-saas-guard

package/dist/cli.js

@@ -5,6 +5,7 @@ import { checkActions, checkMcp, checkStripe, checkSupabase, classifyPrRisk, run
 import { formatJsonReport } from "./report/json.js";
 import { formatMarkdownReport } from "./report/markdown.js";
 import { formatSarifReport } from "./report/sarif.js";
+import { formatSummaryReport } from "./report/summary.js";
 import { formatTerminalReport } from "./report/terminal.js";
 async function main(argv) {
     const args = parseArgs(argv);
@@ -74,10 +75,14 @@ function parseArgs(argv) {
             result.format = "markdown";
             continue;
         }
+        if (arg === "--summary") {
+            result.format = "summary";
+            continue;
+        }
         if (arg === "--format") {
             const value = argv[index + 1];
-            if (value !== "terminal" && value !== "json" && value !== "sarif" && value !== "markdown") {
-                throw new Error("--format requires terminal, json, sarif, or markdown");
+            if (value !== "terminal" && value !== "json" && value !== "sarif" && value !== "markdown" && value !== "summary") {
+                throw new Error("--format requires terminal, json, sarif, markdown, or summary");
             }
             result.format = value;
             index += 1;
@@ -143,6 +148,8 @@ function formatReport(report, format) {
         return formatSarifReport(report);
     if (format === "markdown")
         return formatMarkdownReport(report);
+    if (format === "summary")
+        return `${formatSummaryReport(report)}\n`;
     return `${formatTerminalReport(report)}\n`;
 }
 function shouldFail(report, failOn) {
@@ -169,13 +176,13 @@ function helpText() {
 Repo-local launch-readiness scanner for AI-built SaaS apps.
 
 Usage:
-  ai-saas-guard scan [--root <repo>] [--config <file>] [--json|--sarif] [--fail-on <severity>]
-  ai-saas-guard demo [--json|--markdown]
-  ai-saas-guard check-supabase [--root <repo>] [--config <file>] [--doctor] [--json|--sarif] [--fail-on <severity>]
-  ai-saas-guard check-stripe [--root <repo>] [--config <file>] [--json|--sarif] [--fail-on <severity>]
-  ai-saas-guard check-mcp [--root <repo>] [--config <file>] [--policy-template] [--json|--sarif] [--fail-on <severity>]
-  ai-saas-guard check-actions [--root <repo>] [--config <file>] [--json|--sarif] [--fail-on <severity>]
-  ai-saas-guard pr-risk [--root <repo>] [--config <file>] [--base <branch>] [--json|--sarif|--markdown] [--fail-on <severity>]
+  ai-saas-guard scan [--root <repo>] [--config <file>] [--json|--sarif|--summary] [--fail-on <severity>]
+  ai-saas-guard demo [--json|--markdown|--summary]
+  ai-saas-guard check-supabase [--root <repo>] [--config <file>] [--doctor] [--json|--sarif|--summary] [--fail-on <severity>]
+  ai-saas-guard check-stripe [--root <repo>] [--config <file>] [--json|--sarif|--summary] [--fail-on <severity>]
+  ai-saas-guard check-mcp [--root <repo>] [--config <file>] [--policy-template] [--json|--sarif|--summary] [--fail-on <severity>]
+  ai-saas-guard check-actions [--root <repo>] [--config <file>] [--json|--sarif|--summary] [--fail-on <severity>]
+  ai-saas-guard pr-risk [--root <repo>] [--config <file>] [--base <branch>] [--json|--sarif|--markdown|--summary] [--fail-on <severity>]
 
 Defaults:
   - read-only
@@ -185,6 +192,7 @@ Defaults:
   - terminal output by default, JSON with --json
   - SARIF output for GitHub code scanning with --sarif
   - PR-focused markdown summary with --markdown
+  - first-run launch summary with --summary
   - project config auto-loaded from .ai-saas-guard.json when present
 `;
 }

package/dist/index.d.ts

@@ -8,6 +8,7 @@ export { classifyPrRisk } from "./commands/prRisk.js";
 export { applyGuardConfig, defaultConfigFileName, loadGuardConfig } from "./config.js";
 export { createScanContext } from "./context.js";
 export { getRuleMetadata, RULE_CATALOG } from "./rules/catalog.js";
+export { formatSummaryReport } from "./report/summary.js";
 export type { BaseReport, CommandName, Evidence, Finding, ActionsReport, McpOptions, McpPolicyTemplate, McpReport, McpServerInventory, McpSideEffect, PrRiskFile, PrRiskReport, ScanOptions, ShowcaseReport, StripeReport, SupabaseOptions, SupabaseDoctorReport, SupabaseReport } from "./types.js";
 export type { ScanContext, ScanInput } from "./context.js";
 export type { FindingSuppression, GuardConfig, RuleConfigValue } from "./config.js";

package/dist/index.js

@@ -8,3 +8,4 @@ export { classifyPrRisk } from "./commands/prRisk.js";
 export { applyGuardConfig, defaultConfigFileName, loadGuardConfig } from "./config.js";
 export { createScanContext } from "./context.js";
 export { getRuleMetadata, RULE_CATALOG } from "./rules/catalog.js";
+export { formatSummaryReport } from "./report/summary.js";

package/dist/report/summary.d.ts

@@ -0,0 +1,2 @@
+import type { BaseReport } from "../types.js";
+export declare function formatSummaryReport(report: BaseReport): string;

package/dist/report/summary.js

@@ -0,0 +1,67 @@
+import { launchGateVerdict, manualProofSteps, nextSteps, reviewFirst } from "./launchGate.js";
+export function formatSummaryReport(report) {
+    if (report.command === "demo")
+        return formatShowcaseSummary(report);
+    const lines = [];
+    lines.push(`ai-saas-guard ${report.command} summary`);
+    lines.push(`Root: ${report.rootDir}`);
+    lines.push(`Findings: ${summaryText(report)}`);
+    lines.push(`Launch gate: ${launchGateVerdict(report)}`);
+    if (report.findings.length === 0) {
+        lines.push("");
+        lines.push("No heuristic launch-readiness risks found by this command.");
+        lines.push("");
+        lines.push("Next steps:");
+        appendList(lines, nextSteps(report.findings));
+        lines.push("");
+        lines.push("Full report:");
+        lines.push("  Rerun without --summary, or use --json, --sarif, or --markdown where supported.");
+        return lines.join("\n");
+    }
+    lines.push("");
+    lines.push("Top risks:");
+    appendList(lines, reviewFirst(report.findings, 3));
+    lines.push("");
+    lines.push("Manual proof to run next:");
+    appendList(lines, manualProofSteps(report.findings, 3));
+    lines.push("");
+    lines.push("Next steps:");
+    appendList(lines, nextSteps(report.findings));
+    lines.push("");
+    lines.push("Full report:");
+    lines.push("  Rerun without --summary, or use --json, --sarif, or --markdown where supported.");
+    return lines.join("\n");
+}
+function formatShowcaseSummary(report) {
+    const lines = [];
+    lines.push("ai-saas-guard demo summary");
+    lines.push("Synthetic public demo for the local-first launch gate.");
+    lines.push("This is not a pentest, full audit, or certification.");
+    lines.push("");
+    lines.push(`Risky demo: ${summaryText(report.demos.risky)}`);
+    lines.push(`Safe demo: ${summaryText(report.demos.safe)}`);
+    lines.push(`Launch gate: ${launchGateVerdict(report.demos.risky)}`);
+    lines.push("");
+    lines.push("Top risks:");
+    appendList(lines, reviewFirst(report.demos.risky.findings, 3));
+    lines.push("");
+    lines.push("Manual proof to run next:");
+    appendList(lines, manualProofSteps(report.demos.risky.findings, 3));
+    lines.push("");
+    lines.push("Next steps:");
+    appendList(lines, report.nextSteps);
+    lines.push("");
+    lines.push("Full report:");
+    lines.push("  Rerun `ai-saas-guard demo` without --summary or use --json/--markdown.");
+    return lines.join("\n");
+}
+function appendList(lines, items) {
+    for (const item of items) {
+        lines.push(`- ${item}`);
+    }
+}
+function summaryText(report) {
+    if (report.summary.total === 0)
+        return "0 findings";
+    return `${report.summary.total} findings: ${report.summary.critical} critical, ${report.summary.high} high, ${report.summary.medium} medium, ${report.summary.low} low, ${report.summary.info} info`;
+}

package/dist/scanners/actions.js

@@ -101,7 +101,17 @@ function runsOnPullRequestOrPush(content) {
     return /^\s*(pull_request(?:_target)?|push):/im.test(content);
 }
 function hasCancelInProgressConcurrency(content) {
-    return /^\s*concurrency:/im.test(content) && /^\s*cancel-in-progress:\s*true\b/im.test(content);
+    if (!/^\s*concurrency:/im.test(content))
+        return false;
+    const match = /^\s*cancel-in-progress:\s*(.+?)\s*$/im.exec(content);
+    if (!match)
+        return false;
+    const value = match[1]?.trim() ?? "";
+    if (/^true\b/i.test(value))
+        return true;
+    if (/^\$\{\{[\s\S]*\}\}$/.test(value) && !/\bfalse\b/i.test(value))
+        return true;
+    return false;
 }
 function hasPathFilters(content) {
     return /^\s*(paths|paths-ignore):\s*$/im.test(content) || /^\s*(paths|paths-ignore):\s*\[/im.test(content);

package/dist/scanners/deploy.js

@@ -120,7 +120,7 @@ export async function scanDeployConfig(input) {
             evidence: [{ file: evidenceFile.path, line, snippet: lineAt(evidenceFile.content, line) }],
             why: "Auth, payment, and API routes should launch with explicit browser security headers rather than relying on platform defaults.",
             suggestedVerification: "Run a production build or deploy preview and inspect response headers for auth, billing, and API pages.",
-            suggestedFix: "Add `headers()` in `next.config` or middleware for headers such as `X-Frame-Options`, `X-Content-Type-Options`, `Referrer-Policy`, and an appropriate CSP."
+            suggestedFix: "Add `headers()` in `next.config` or middleware for `Content-Security-Policy`, `X-Frame-Options`, `X-Content-Type-Options`, and `Referrer-Policy` on auth, billing, and API surfaces."
         }));
     }
     if (envExample) {
@@ -180,11 +180,18 @@ function isImportantServerEnv(name) {
     return /(STRIPE|SUPABASE|DATABASE|NEXTAUTH|AUTH|WEBHOOK|SECRET|TOKEN|OPENAI|ANTHROPIC|PAYMENT)/.test(name);
 }
 function hasSecurityHeaders(files) {
-    const combined = files
+    const nextOrMiddleware = files
         .filter((file) => /(^|\/)(next\.config\.[cm]?[jt]s|middleware\.[cm]?[jt]s)$/i.test(file.path))
         .map((file) => file.content)
         .join("\n");
-    return /\bheaders\s*\(/i.test(combined) && /(X-Frame-Options|Content-Security-Policy|X-Content-Type-Options|Referrer-Policy)/i.test(combined);
+    if (/\bheaders\s*\(/i.test(nextOrMiddleware) && hasBrowserSecurityHeaderNames(nextOrMiddleware))
+        return true;
+    return files.some((file) => {
+        return /(^|\/)vercel\.json$/i.test(file.path) && /"headers"\s*:/i.test(file.content) && hasBrowserSecurityHeaderNames(file.content);
+    });
+}
+function hasBrowserSecurityHeaderNames(content) {
+    return /(X-Frame-Options|Content-Security-Policy|X-Content-Type-Options|Referrer-Policy)/i.test(content);
 }
 function usesUnboundedNextImage(path, content, nextConfigContent) {
     if (/next\.config\.(ts|js|mjs|cjs)$/.test(path) && /remotePatterns[\s\S]{0,240}hostname\s*:\s*["'](?:\*\*|\*)["']/i.test(content))

package/dist/scanners/silentSuccess.js

@@ -40,7 +40,7 @@ function scanSwallowedErrors(filePath, content) {
                 evidence: [{ file: filePath, line: block.line, snippet: lineAt(content, block.line) }],
                 why: "AI-generated SaaS code often hides integration failures by returning empty, null, or success-shaped data after an exception.",
                 suggestedVerification: "Force the upstream API, auth provider, billing provider, or database call to fail and confirm the route returns an error or disclosed degraded mode, not a fake success.",
-                suggestedFix: "Log the failure, return an explicit error status or degraded response, and avoid granting access or mutating state after the failed dependency."
+                suggestedFix: "Log the failure with a request id, return a 4xx/5xx error or explicit degraded-mode response, and do not grant entitlement, change ownership, or mutate tenant data after the failed dependency."
             }));
         }
     }
@@ -53,7 +53,7 @@ function scanSwallowedErrors(filePath, content) {
             evidence: [{ file: filePath, line, snippet: lineAt(content, line) }],
             why: "A `.catch()` fallback that returns default success data can make failed integrations look healthy before launch.",
             suggestedVerification: "Make the promise reject in a local test and confirm callers receive an error or disclosed degraded mode.",
-            suggestedFix: "Propagate the error or return an explicit failure response with logging and no entitlement or ownership side effect."
+            suggestedFix: "Propagate the error or return an explicit failure response with request-id logging, and keep entitlement, ownership, and tenant mutations behind the successful dependency path."
         }));
     }
     return findings;
@@ -102,7 +102,7 @@ function scanHardcodedFallbacks(filePath, content) {
             evidence: [{ file: filePath, line, snippet: lineAt(content, line) }],
             why: "Hardcoded fallback responses in auth, Stripe, Supabase, OpenAI, payment, or entitlement paths can grant access or hide broken integrations.",
             suggestedVerification: "Disable the real upstream provider and confirm the route does not return hardcoded active subscriptions, successful auth, or generated sample data.",
-            suggestedFix: "Replace hardcoded success fallbacks with explicit error/degraded responses and a launch checklist item for real provider verification."
+            suggestedFix: "Replace hardcoded success fallbacks with explicit error/degraded responses, request-id logging, and a staging check that proves real provider failure cannot grant access."
         }));
     }
     return findings;

package/dist/scanners/stripe.js

@@ -76,7 +76,7 @@ export async function checkStripe(input) {
                 ],
                 why: "Without `stripe.webhooks.constructEvent` and the `stripe-signature` header, attackers can forge billing events that grant or revoke access.",
                 suggestedVerification: "Send a request without a valid Stripe signature and confirm the handler rejects it before changing entitlement state.",
-                suggestedFix: "Read the raw request body, call `stripe.webhooks.constructEvent(body, signature, STRIPE_WEBHOOK_SECRET)`, and reject invalid signatures."
+                suggestedFix: "In Next.js route handlers, read the payload with `await req.text()`, read the `stripe-signature` header, call `stripe.webhooks.constructEvent(body, signature, STRIPE_WEBHOOK_SECRET)`, and return 400 before any entitlement mutation when verification fails."
             }));
         }
         if (hasConstructEvent && usesJsonBody && !usesRawBody) {
@@ -87,7 +87,7 @@ export async function checkStripe(input) {
                 evidence: [{ file: file.path, line: firstLineMatching(file.content, /req\.json\s*\(/), snippet: firstSnippetMatching(file.content, /req\.json\s*\(/) }],
                 why: "Stripe signature checks require the exact raw payload bytes; parsed JSON can make verification fail or be bypassed in rewrites.",
                 suggestedVerification: "Replay a signed test webhook through the deployed route and confirm signature verification succeeds only with the raw body.",
-                suggestedFix: "Use `await req.text()` in Next.js route handlers or equivalent raw-body middleware before calling `constructEvent`."
+                suggestedFix: "Use `await req.text()` in Next.js route handlers or equivalent raw-body middleware, pass that exact body into `constructEvent`, and reject bad signatures before any billing state change."
             }));
         }
         if (/NEXT_PUBLIC_STRIPE_WEBHOOK_SECRET|NEXT_PUBLIC_STRIPE_SECRET_KEY/.test(file.content)) {

package/dist/scanners/supabase.js

@@ -56,7 +56,7 @@ export async function checkSupabase(input, options = {}) {
                     evidence: [{ file: file.path, line, snippet: lineAt(file.content, line) }],
                     why: "A broad RLS predicate can make user data readable or writable across accounts even when login exists.",
                     suggestedVerification: "Run the generated two-account IDOR test and confirm User B cannot read, update, or delete User A resources.",
-                    suggestedFix: "Replace broad predicates with ownership checks such as `auth.uid() = user_id` or a tenant membership join."
+                    suggestedFix: "Replace broad predicates with ownership checks such as `auth.uid() = user_id`; for writes, mirror the same scope in `WITH CHECK`, and rerun the two-account cross-tenant verification."
                 }));
             }
             const combinedPredicate = predicates.join(" ");
@@ -75,7 +75,7 @@ export async function checkSupabase(input, options = {}) {
                     evidence: [{ file: file.path, line, snippet: lineAt(file.content, line) }],
                     why: "Founders often confuse authentication with authorization; table policies need resource-level ownership checks.",
                     suggestedVerification: "Create the same resource as User A and attempt to read, update, and delete it with User B's session.",
-                    suggestedFix: "Reference `auth.uid()` and a stable ownership or membership column in every sensitive table policy."
+                    suggestedFix: "Reference `auth.uid()` and a stable owner column, or join through a tenant/workspace membership table, in every sensitive table policy."
                 }));
             }
             if (sensitiveTablePattern.test(tableName) && hasWeakWithCheck(policy)) {
@@ -93,7 +93,7 @@ export async function checkSupabase(input, options = {}) {
                     evidence: [{ file: file.path, line, snippet: lineAt(file.content, line) }],
                     why: "A write policy can read the right tenant rows but still allow inserted or updated rows to move into another owner or tenant unless `WITH CHECK` is scoped.",
                     suggestedVerification: "As User A, try inserting or updating a row with User B's owner, organization, workspace, or tenant ID and confirm the database rejects it.",
-                    suggestedFix: "Add a `WITH CHECK` predicate tied to `auth.uid()` and the same owner, tenant, or membership relationship used by the read policy."
+                    suggestedFix: "Use `auth.uid()` in a `WITH CHECK` predicate tied to the same owner, tenant, or membership relationship used by the read policy."
                 }));
             }
         }
@@ -174,7 +174,7 @@ function buildDoctorFindings(files, tables, rlsEnabledTables, policies) {
                 evidence: [{ file: policy.file, line: policy.line, snippet: lineAt(files.find((file) => file.path === policy.file)?.content ?? "", policy.line) }],
                 why: "A common RLS launch failure is reads working while inserts, updates, or deletes silently fail because write policies are missing.",
                 suggestedVerification: "As User A, try INSERT, UPDATE, and DELETE on an owned row; then repeat as User B and confirm only the intended operations pass.",
-                suggestedFix: "Add scoped INSERT/UPDATE/DELETE policies with `WITH CHECK` predicates where the product supports writes."
+                suggestedFix: "Add scoped INSERT/UPDATE/DELETE policies with `WITH CHECK` predicates tied to `auth.uid()` or tenant membership where the product supports writes."
             }));
         }
         if (isTenantLikeTable(table) && tablePolicies.length > 0 && !tablePolicies.some((policy) => hasTenantPredicate(policy, table))) {
@@ -186,7 +186,7 @@ function buildDoctorFindings(files, tables, rlsEnabledTables, policies) {
                 evidence: [{ file: policy.file, line: policy.line, snippet: lineAt(files.find((file) => file.path === policy.file)?.content ?? "", policy.line) }],
                 why: "Multi-tenant tables need tenant, workspace, organization, project, client, owner, or membership predicates, not just generic login checks.",
                 suggestedVerification: "Create rows in two tenants and confirm User A cannot SELECT, INSERT, UPDATE, or DELETE User B's tenant rows.",
-                suggestedFix: "Tie every policy to tenant/workspace/organization membership or owner columns and mirror the same scope in `WITH CHECK`."
+                suggestedFix: "Tie every policy to tenant/workspace/organization membership or owner columns, and mirror the same tenant scope in `WITH CHECK` for INSERT and UPDATE."
             }));
         }
     }
@@ -201,7 +201,7 @@ function buildDoctorFindings(files, tables, rlsEnabledTables, policies) {
                 evidence: [{ file: policy.file, line: policy.line, snippet: lineAt(fileContent, policy.line) }],
                 why: "Public write policies can allow anonymous or unintended clients to insert or mutate data when predicates are incomplete or misunderstood.",
                 suggestedVerification: "Try the INSERT/UPDATE/DELETE path with an anonymous client and with User B's session; expected result is denial unless explicitly intended.",
-                suggestedFix: "Grant write policies to authenticated roles only and require owner or tenant `WITH CHECK` predicates."
+                suggestedFix: "Grant write policies to authenticated roles only and require owner or tenant `WITH CHECK` predicates tied to `auth.uid()` or membership."
             }));
         }
         const mismatch = findAuthUidColumnMismatch(predicate, tables.find((table) => table.name === policy.tableName));

package/docs/README.zh-CN.md

@@ -48,13 +48,13 @@ AI 能很快把一个 SaaS 做到“看起来能用”：能登录、能打开 c
 不用 clone 仓库，先看公开 demo 输出：
 
 ```bash
-npx ai-saas-guard@latest demo
+npx ai-saas-guard@latest demo --summary
 ```
 
 无需全局安装，直接扫你的应用：
 
 ```bash
-npx ai-saas-guard@latest scan --root /path/to/your-saas
+npx ai-saas-guard@latest scan --root /path/to/your-saas --summary
 ```
 
 如果是 AI 生成的大 PR：
@@ -63,39 +63,36 @@ npx ai-saas-guard@latest scan --root /path/to/your-saas
 npx ai-saas-guard@latest pr-risk --root /path/to/your-saas --base origin/main --markdown
 ```
 
-你会得到 rule ID、severity、文件证据、为什么重要、如何人工验证，以及具体修复方向。扫描是 deterministic、只读的，不调用 LLM。
+`--summary` 会先给上线判断、前三个风险、人工验证和下一步。去掉 `--summary` 后会看到每个 finding 的 rule ID、severity、文件证据、为什么重要、如何人工验证，以及具体修复方向。扫描是 deterministic、只读的，不调用 LLM。
 
 ## 先试公开 demo
 
 如果你还不想先扫自己的私有仓库，可以先跑公开 fixture：
 
 ```bash
-npx ai-saas-guard@latest demo
+npx ai-saas-guard@latest demo --summary
 ```
 
-demo 命令使用包内公开 fixture：`examples/demo-risky-saas` 当前会故意触发 19 个 finding，覆盖 Stripe、Supabase、silent-success、Next/Vercel deploy 提示和 GitHub Actions；`examples/demo-safe-saas` 在同类风险面上使用更安全的静态写法，当前返回 0 个 finding。想本地查看 fixture 文件时再看 [demo-quickstart.md](demo-quickstart.md)。
+demo 命令使用包内公开 fixture：`examples/demo-risky-saas` 当前会故意触发 19 个 finding，覆盖 Stripe、Supabase、silent-success、Next/Vercel deploy 提示和 GitHub Actions；`examples/demo-safe-saas` 在同类风险面上使用更安全的静态写法，当前返回 0 个 finding。去掉 `--summary` 可看完整报告；想本地查看 fixture 文件时再看 [demo-quickstart.md](demo-quickstart.md)。
 
 ## 输出长什么样
 
 报告是给上线前或合并 AI 大 PR 前快速阅读的。更完整的可复制样例见 [docs/sample-launch-report.md](sample-launch-report.md)。
 
 ```text
-Launch Gate: review before launch
-19 findings: 2 critical, 6 high, 7 medium, 3 low, 1 info
+ai-saas-guard scan summary
+Findings: 19 findings: 2 critical, 6 high, 7 medium, 3 low, 1 info
+Launch gate: blocked: critical launch-readiness findings need review before inviting users
 
-CRITICAL stripe.webhook.missing-signature
-File: app/api/stripe/webhook/route.ts
-Why: billing access can be granted from a webhook path that does not verify Stripe signatures.
-Verify: replay a webhook with an invalid signature and confirm the route rejects it.
-Fix: read the raw body, call stripe.webhooks.constructEvent, and make event handling idempotent.
+Top risks:
+- CRITICAL stripe.webhook.missing-signature at app/api/stripe/webhook/route.ts:1 - Stripe webhook does not verify the Stripe signature
+- CRITICAL supabase.rls.broad-policy at supabase/migrations/001_accounts.sql:10 - Broad Supabase RLS policy on public.accounts
+- HIGH silent-success.swallowed-error at app/api/billing/checkout/route.ts:4 - Catch block may turn upstream failure into success
 
-HIGH silent-success.swallowed-error
-File: app/api/billing/checkout/route.ts
-Verify: force the upstream billing call to fail and confirm the route returns an error, not fake success.
-
-MEDIUM deploy.next.missing-security-headers
-File: app/api/billing/checkout/route.ts
-Verify: inspect production response headers for auth, billing, and API pages.
+Manual proof to run next:
+- Send a request without a valid Stripe signature and confirm the handler rejects it before changing entitlement state.
+- Run the generated two-account IDOR test and confirm User B cannot read, update, or delete User A resources.
+- Force the upstream billing call to fail and confirm the route returns an error, not fake success.
 
 Next steps
 - 先修 critical/high 的信任边界 finding。
@@ -112,7 +109,7 @@ Next steps
 - 说明它为什么会影响 AI 构建的 SaaS 上线
 - 给出可以人工复现的验证步骤
 - 给出实际修复方向，不只是一句泛泛建议
-- 支持 terminal、JSON、SARIF 和 PR markdown，方便本地或 CI 使用
+- 支持短 `--summary`、terminal、JSON、SARIF 和 PR markdown，方便本地或 CI 使用
 
 ## 它能帮你抓住哪些问题
 
@@ -126,13 +123,15 @@ Next steps
 | 工具和 CI 权限是不是过大？ | MCP side-effect 分类、本地 policy/receipt 模板、GitHub Actions 权限、concurrency、checkout depth、Action pinning |
 | reviewer 能不能看懂 AI PR？ | `pr-risk` 对 auth、billing、RLS、deploy、API、storage、测试、silent-success、缺 spec context 和大型 diff 排序 |
 
+如果想看它和 Semgrep、zizmor、OpenSSF Scorecard、Snyk、GitHub code scanning 的边界区别，见 [launch-gate-positioning.md](launch-gate-positioning.md)。
+
 ## 快速开始
 
 无需全局安装，直接运行：
 
 ```bash
-npx ai-saas-guard@latest demo
-npx ai-saas-guard@latest scan --root /path/to/your-saas
+npx ai-saas-guard@latest demo --summary
+npx ai-saas-guard@latest scan --root /path/to/your-saas --summary
 ```
 
 运行专项检查：
@@ -147,9 +146,10 @@ npx ai-saas-guard@latest check-mcp --root /path/to/your-saas --policy-template
 npx ai-saas-guard@latest check-actions --root /path/to/your-saas
 ```
 
-机器可读输出：
+短输出和机器可读输出：
 
 ```bash
+npx ai-saas-guard@latest scan --root /path/to/your-saas --summary
 npx ai-saas-guard@latest scan --root /path/to/your-saas --json
 npx ai-saas-guard@latest scan --root /path/to/your-saas --sarif > ai-saas-guard.sarif
 npx ai-saas-guard@latest pr-risk --root /path/to/your-saas --base origin/main --markdown > ai-saas-guard-pr.md
@@ -169,18 +169,18 @@ node dist/cli.js scan --root /path/to/your-saas
 
 这个仓库是公开 GitHub 仓库。
 
-CLI 已发布到 npm：`ai-saas-guard@0.30.0`。GitHub Action 支持 `v0` 浮动标签，也支持固定版本标签，例如 `v0.30.0`。
+CLI 已发布到 npm：`ai-saas-guard@0.30.2`。GitHub Action 支持 `v0` 浮动标签，也支持固定版本标签，例如 `v0.30.2`。
 
 | 模块 | 状态 |
 | --- | --- |
 | 公开 GitHub 仓库 | 已可用 |
-| npm CLI | `ai-saas-guard@0.30.0` |
-| GitHub Action | `zr9959/ai-saas-guard@v0` 或固定标签 `v0.30.0` |
-| 输出格式 | Terminal、JSON、SARIF 和 PR markdown |
+| npm CLI | `ai-saas-guard@0.30.2` |
+| GitHub Action | `zr9959/ai-saas-guard@v0` 或固定标签 `v0.30.2` |
+| 输出格式 | 短 summary、Terminal、JSON、SARIF 和 PR markdown |
 | 项目配置 | `.ai-saas-guard.json` 支持规则开关、severity 覆盖、suppressions 和 fail threshold |
 | 隐私模型 | 本地优先、只读扫描、不调用 LLM、不上传代码 |
-| 当前版本 | `0.30.0` 增加 `ai-saas-guard demo`、human-readable 报告里的 Next steps、更有针对性的 quickstart 反馈模板，并刷新首次试用文档 |
-| Action 标签 | `v0.30.0`、`v0` |
+| 当前版本 | `0.30.2` 做发布后质量优化：降低 Vercel/Actions 误报、增加 launch-gate 定位文档，并补 hosted worker 证据边界 |
+| Action 标签 | `v0.30.2`、`v0` |
 | npm 发布 | GitHub Actions Trusted Publisher/OIDC，无需长期 npm token |
 | 仓库可信度加固 | 严格 branch protection、Dependabot、CodeQL、fast-check fuzzing、signed release provenance assets、private vulnerability reporting、secret scanning 和 push protection |
 | Cloudflare hosted ingress | 已部署到 `https://ai-saas-guard-hosted.zr9959.workers.dev`；签名 GitHub App webhook delivery 和 compact Check Run staging smoke 已通过 |

package/docs/demo-quickstart.md

@@ -7,10 +7,10 @@ Use these public fixtures when you want to understand `ai-saas-guard` before poi
 Run the packaged demo without cloning this repository:
 
 ```bash
-npx ai-saas-guard@latest demo
+npx ai-saas-guard@latest demo --summary
 ```
 
-This prints the risky and safe demo summaries, the first risky files to review, manual verification steps, and launch-focused next steps. It uses only public fixture code shipped in the npm package.
+This prints the risky and safe demo summaries, the top risky files to review, manual verification steps, and launch-focused next steps. It uses only public fixture code shipped in the npm package. Rerun `npx ai-saas-guard@latest demo` without `--summary` for the full human-readable report.
 
 ## Risky Demo
 
@@ -20,6 +20,7 @@ Clone the repository only if you want to inspect or edit the fixture files:
 git clone https://github.com/zr9959/ai-saas-guard.git
 cd ai-saas-guard
 npx ai-saas-guard@latest scan --root examples/demo-risky-saas
+npx ai-saas-guard@latest scan --root examples/demo-risky-saas --summary
 ```
 
 The risky demo intentionally includes unsigned Stripe webhook handling, a silent-success billing fallback, broad Supabase RLS, and overpowered GitHub Actions permissions.
@@ -49,6 +50,7 @@ node dist/cli.js scan --root examples/demo-risky-saas
 
 ```bash
 npx ai-saas-guard@latest scan --root examples/demo-safe-saas
+npx ai-saas-guard@latest scan --root examples/demo-safe-saas --summary
 ```
 
 The safe demo keeps the same broad surfaces but uses safer static patterns: Stripe signature verification and idempotency hints, scoped RLS, security headers, documented env variables, request IDs, and bounded GitHub Actions permissions.

package/docs/hosted-operational-release-gate.md

@@ -137,6 +137,27 @@ Required evidence:
 
 The worker must not persist repository files across jobs.
 
+### Read-Only Checkout Worker Evidence
+
+For the first source checkout worker, the release blocks unless the deployed artifact records fresh evidence for both success and failure cleanup.
+
+Required proof:
+
+- checkout identity comes only from signed GitHub event fields and selected-repository installation scope.
+- repository token permissions are limited to `contents: read` for checkout.
+- runtime credentials reach git through temporary askpass material only.
+- the CLI phase runs after credential material is removed from the environment.
+- the worker command is fixed to the deterministic read-only `pr-risk --json` shape.
+- success deletes the worker checkout, askpass material, generated JSON/SARIF scratch files, and local package tarballs.
+- failure cleanup covers clone failure, timeout, CLI failure, malformed JSON output, Check Run write failure, cancellation, and process interruption.
+- cleanup failures create an operator-review event without returning raw source, raw diffs, installation tokens, checkout paths, private URLs, or low-level filesystem errors to users.
+
+### Log Boundary Evidence
+
+Before exposure, sample ingress, queue, worker, report, and Check Run logs for the release candidate. The sample may contain scan key, installation ID, repository ID, PR number, head SHA, scanner version, duration, summary counts, error class, and cleanup status.
+
+The sample must show no raw source, no raw diffs, no secrets, no installation tokens, no customer payloads, no private URLs, no checkout paths, and no untrusted PR prose.
+
 ## Dependency And Container Scanning
 
 Hosted releases must include dependency and container scanning for the deployed artifact.

package/docs/hosted-operations-evidence.md

@@ -29,6 +29,22 @@ The hosted release gate still requires fresh deployed evidence for:
 - dependency and container artifact scanning for the deployed worker image
 - retention and uninstall cleanup against the deployed provider stores
 
+## Read-Only Checkout Worker Evidence Checklist
+
+Before any hosted source checkout worker is exposed beyond staging, attach fresh evidence for each row below. The current Cloudflare ingress evidence above does not satisfy these rows because it publishes compact PR-risk signals without running a full source checkout scan worker.
+
+| Evidence area | Required proof | Status before hosted exposure |
+| --- | --- | --- |
+| Trusted checkout identity | Worker input is derived from signed GitHub event identity, selected-repository installation scope, and repository `contents: read`; PR title, body, branch names, README, and code cannot choose the repository, token scope, checkout path, or command | Required |
+| Runtime credential boundary | Installation credentials are passed to git only through temporary askpass material, are removed before the CLI scan phase, and are never returned in worker output, compact reports, Check Runs, or logs | Required |
+| Fixed scanner command | Worker runs the fixed read-only command shape `ai-saas-guard pr-risk --root <worker-checkout> --base <trusted-base-sha> --json` without shell parsing or PR-authored arguments | Required |
+| Success cleanup | A successful worker run deletes the checkout directory, askpass material, generated JSON/SARIF scratch files, and any local package tarballs | Required |
+| Failure cleanup | A failed clone, timeout, CLI non-zero exit, malformed JSON output, Check Run write failure, cancellation, or process interruption still attempts checkout deletion and records only a safe cleanup status | Required |
+| Log boundary | Logs may include scan key, installation ID, repository ID, PR number, head SHA, scanner version, duration, summary counts, error class, and cleanup status; logs must include no raw source, no raw diffs, no secrets, no installation tokens, no customer payloads, no private URLs, and no checkout paths | Required |
+| Retention boundary | Compact report retention and uninstall cleanup delete repository-scoped records and worker checkout references without exposing low-level cleanup errors | Required |
+
+Use the checklist above together with [hosted-operational-release-gate.md](hosted-operational-release-gate.md). The release remains blocked until deployed worker evidence covers success, failure cleanup, log boundary sampling, monitoring, rollback, and incident response.
+
 ## Smoke Procedure
 
 Use this sequence after each hosted Worker deployment:

package/docs/launch-gate-positioning.md

@@ -0,0 +1,33 @@
+# Launch Gate Positioning
+
+`ai-saas-guard` is a local-first launch gate for AI-built SaaS apps. It is focused on the code paths that decide whether a product is ready to invite users: auth, billing, tenant data, provider failure handling, deploy config, MCP tool power, GitHub Actions hygiene, and AI-heavy PR review.
+
+The narrow bet is simple: a founder or reviewer should know which launch-risk files to inspect first, what manual proof to run, and what fix direction to try before traffic reaches real users.
+
+## Where It Fits
+
+| Tool category | Typical strength | How ai-saas-guard fits beside it |
+| --- | --- | --- |
+| Semgrep | Broad customizable static rules across many languages and frameworks | Adds SaaS launch-specific heuristics and review wording for Stripe, Supabase, silent-success, Next/Vercel, MCP, Actions, and AI PR trust boundaries |
+| zizmor | Deep GitHub Actions security analysis | Adds a smaller launch-readiness hygiene check for workflow permissions, PR concurrency, docs-only CI cost, shallow checkout risk, and first-run guidance |
+| OpenSSF Scorecard | Repository supply-chain posture signals | Adds app-level launch triage inside the repo, while Scorecard remains useful for public project maintenance controls |
+| Snyk and dependency scanners | Dependency, container, license, and known-vulnerability workflows | Adds local source review for SaaS trust-boundary mistakes that may not be dependency vulnerabilities |
+| GitHub code scanning | SARIF ingestion and code-security workflow inside GitHub | Emits SARIF, but keeps the primary workflow local-first and focused on launch review queues |
+
+## What It Optimizes For
+
+- local-first: source stays on the machine or in the caller's CI job
+- deterministic: no LLM calls and no code upload
+- founder-readable output: severity, rule ID, file evidence, why, manual proof, and fix direction
+- AI-built SaaS launch risk: not every static-analysis finding, only the paths likely to break auth, billing, data access, deploy, or review trust
+- PR triage: ranking trust-boundary files before cosmetic or unrelated AI-generated changes
+
+## What It Does Not Try To Be
+
+- not a general vulnerability management platform
+- not a dependency advisory database
+- not a cloud posture dashboard
+- not a runtime WAF or MCP proxy
+- not a guarantee that an app is safe to launch
+
+Use it as a short, evidence-first launch review queue alongside dependency scanning, repository hardening, code scanning, manual two-account authorization tests, Stripe webhook replay, deploy-preview checks, and human review.

package/docs/npm-publishing.md

@@ -5,11 +5,11 @@
 ## Current State
 
 - Package name: `ai-saas-guard`
-- Current published version: `0.30.0`
+- Current published version: `0.30.2`
 - Next source candidate: none
 - npm registry state: published at <https://www.npmjs.com/package/ai-saas-guard>
 - First npm-published version: `0.1.1`
-- GitHub Release: `v0.30.0`
+- GitHub Release: `v0.30.2`
 - Publish workflow: `.github/workflows/npm-publish.yml`
 - Trusted Publisher: GitHub Actions, `zr9959/ai-saas-guard`, workflow `npm-publish.yml`, allowed action `npm publish`
 - Long-lived npm publish token: not required
@@ -18,7 +18,7 @@
 
 Use GitHub Actions with npm Trusted Publisher/OIDC:
 
-1. Create and review a release tag such as `v0.30.0`.
+1. Create and review a release tag such as `v0.30.2`.
 2. Publish from the GitHub Release or run the `Publish npm` workflow manually with `ref` set to that tag.
 3. Keep `permissions.id-token: write` in the workflow so npm can exchange the GitHub Actions OIDC identity for a short-lived publish credential.
 4. Run `npm publish --access public` from the workflow. Trusted publishing automatically generates provenance for this public package from this public repository.

package/docs/sample-launch-report.md

@@ -3,7 +3,31 @@
 This is a synthetic, public-safe example of the kind of review queue `ai-saas-guard` produces. Paths, snippets, and checks are intentionally small so a founder or reviewer can understand the output before running the tool.
 
 ```text
-Launch Gate: review before launch
+ai-saas-guard scan summary
+Findings: 6 findings: 0 critical, 3 high, 3 medium, 0 low, 0 info
+Launch gate: review required: high-risk launch paths need manual verification before launch
+
+Top risks:
+- HIGH stripe.webhook.missing-signature at app/api/stripe/webhook/route.ts:12 - Stripe webhook does not verify the Stripe signature
+- HIGH auth.clerk.unsafe-metadata at app/api/auth/profile/route.ts:8 - Clerk unsafe metadata is used as authorization input
+- HIGH data.prisma.tenant-scope-missing at app/api/projects/[projectId]/route.ts:9 - Prisma query lacks an obvious tenant or owner predicate
+
+Manual proof to run next:
+- Replay a webhook with an invalid signature and confirm the route rejects it.
+- Try changing the same metadata as a normal signed-in user and confirm it cannot grant admin, paid plan, tenant, workspace, or entitlement access.
+- Create this resource as Tenant/User A, then attempt the same update with Tenant/User B.
+
+Next steps
+- Fix critical and high trust-boundary findings first: auth/session, billing/webhook, tenant data, and silent-success paths.
+- Run the manual proof steps above in staging and confirm each risky path fails closed.
+
+Full report:
+  Rerun without --summary, or use --json, --sarif, or --markdown where supported.
+```
+
+The full terminal report expands each finding:
+
+```text
 6 findings: 3 high, 3 medium
 
 HIGH stripe.webhook.missing-signature
@@ -11,7 +35,7 @@ Rule: stripe.webhook.missing-signature
 File: app/api/stripe/webhook/route.ts:12
 Why: Billing access can be granted from a webhook path that does not verify Stripe signatures.
 Verify: Replay a webhook with an invalid signature and confirm the route rejects it.
-Fix direction: Read the raw body, call stripe.webhooks.constructEvent, and keep entitlement changes idempotent.
+Fix direction: In Next.js route handlers, read the payload with `await req.text()`, read the `stripe-signature` header, call `stripe.webhooks.constructEvent(body, signature, STRIPE_WEBHOOK_SECRET)`, and return 400 before any entitlement mutation when verification fails.
 
 HIGH auth.clerk.unsafe-metadata
 Rule: auth.clerk.unsafe-metadata
@@ -32,7 +56,7 @@ Rule: supabase.rls.tenant-predicate-missing
 File: supabase/migrations/20260524_projects.sql:22
 Why: Multi-tenant tables need tenant, workspace, organization, owner, or membership predicates.
 Verify: Sign in as user A and user B; confirm neither can SELECT, INSERT, UPDATE, or DELETE the other's rows.
-Fix direction: Add tenant or membership predicates and rerun a two-account staging check.
+Fix direction: Tie every policy to tenant/workspace/organization membership or owner columns, and mirror the same tenant scope in `WITH CHECK` for INSERT and UPDATE.
 
 MEDIUM deploy.vercel.cron-missing-guard
 Rule: deploy.vercel.cron-missing-guard
@@ -46,7 +70,7 @@ Rule: silent-success.swallowed-error
 File: app/api/billing/checkout/route.ts:31
 Why: Swallowed provider, auth, billing, or data errors can make a launch path look successful when it failed.
 Verify: Force the upstream provider call to fail and confirm the route returns an error or disclosed degraded mode.
-Fix direction: Log the failure, return an explicit error status, and avoid granting access after the failed dependency.
+Fix direction: Log the failure with a request id, return a 4xx/5xx error or explicit degraded-mode response, and do not grant entitlement, change ownership, or mutate tenant data after the failed dependency.
 
 Next steps
 - Fix critical and high trust-boundary findings first: auth/session, billing/webhook, tenant data, and silent-success paths.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-saas-guard",
-  "version": "0.30.0",
+  "version": "0.30.2",
   "description": "Local-first CLI that catches launch blockers in AI-built Next.js/Supabase/Stripe SaaS apps.",
   "readmeFilename": "README.md",
   "type": "module",