ai-saas-guard 0.41.0 → 0.43.0

package/README.md

@@ -235,13 +235,13 @@ The CLI is published on npm as `ai-saas-guard`, and the GitHub Action is availab
 | Area | Status |
 | --- | --- |
 | Public GitHub repository | Available |
-| npm CLI | `ai-saas-guard@0.41.0` |
-| GitHub Action | `zr9959/ai-saas-guard@v0` or fixed tag `v0.41.0` |
+| npm CLI | `ai-saas-guard@0.43.0` |
+| GitHub Action | `zr9959/ai-saas-guard@v0` or fixed tag `v0.43.0` |
 | Outputs | Launch decision queue, short summary, terminal, JSON, SARIF, and PR-focused markdown |
 | Project config | `.ai-saas-guard.json` rule toggles, severity overrides, suppressions, and fail thresholds |
 | Privacy model | Local-first, read-only scan commands, no LLM calls, no code upload |
-| Versioned Action tags | `v0.41.0`, `v0` |
-| Current release | `0.41.0` adds source-checkout trial planning/evidence contracts, compresses hosted Check Run reviewer output, and documents the next hosted source-checkout gate |
+| Versioned Action tags | `v0.43.0`, `v0` |
+| Current release | `0.43.0` adds pre-commercial hosted gates for Phase 4 beta readiness and Phase 5 team launch readiness while keeping billing disabled |
 | npm publishing | Trusted Publisher/OIDC, no long-lived publish token |
 | Repository trust hardening | Strict branch protection, Dependabot, CodeQL, fast-check fuzzing, signed release provenance assets, private vulnerability reporting, secret scanning, and push protection |
 | Cloudflare hosted ingress | Deployed at `https://ai-saas-guard-hosted.zr9959.workers.dev`; public install/privacy notes are in [docs/hosted-install-privacy.md](docs/hosted-install-privacy.md); signed GitHub App webhook delivery and compact Check Run smoke now pass in staging |
@@ -367,7 +367,9 @@ Deployed worker staging evidence is documented in [docs/hosted-deployed-worker-s
 
 The first live hosted ingress is deployed on Cloudflare Workers at `https://ai-saas-guard-hosted.zr9959.workers.dev` and documented in [hosted/cloudflare-worker/README.md](hosted/cloudflare-worker/README.md). It exposes `/healthz`, `/github/app/install-info`, `/github/app/manifest-callback`, and signed `/github/webhook` intake backed by Cloudflare KV. A private staging GitHub App, `ai-saas-guard-hosted`, is installed on `zr9959/ai-saas-guard` with selected-repository access and the first-slice permission contract. The Worker verifies signatures, stores compact pull request identity records, exchanges a scoped installation token, fetches PR file metadata from GitHub, classifies PR-risk hotspots, and publishes a bounded selected-repository hosted check with a review queue and manual proof prompt. Signed installation deletion and repository removal events delete matching compact records. Current deployed evidence is tracked in [docs/hosted-operations-evidence.md](docs/hosted-operations-evidence.md): health, signed webhook delivery, compact KV records, cleanup, and Check Run publication pass in staging. The Cloudflare Worker still does not run a full source checkout scan worker or store raw webhook payloads, PR title/body text, raw diffs, source, secrets, checkout paths, or installation tokens.
 
-The next hosted source-checkout step is intentionally narrow: deploy the existing read-only checkout worker behind the same selected-repository identity, keep the fixed `pr-risk --json` command, write only compact findings to the Check Run, and require deployed cleanup/log-boundary/rollback evidence before broader trial use. The v0.41 contract layer adds `createHostedSourceCheckoutTrialPlan` and `createHostedSourceCheckoutEvidence` so checkout start/end, token removal, CLI start/end, compact report write, Check Run write, and cleanup status can be reviewed before public exposure.
+The next hosted source-checkout step is intentionally narrow: deploy the existing read-only checkout worker behind the same selected-repository identity, keep the fixed `pr-risk --json` command, write only compact findings to the Check Run, and require deployed cleanup/log-boundary/rollback evidence before broader trial use. The hosted worker export includes `createHostedSourceCheckoutTrialPlan`, `createHostedSourceCheckoutEvidence`, and `evaluateHostedSourceCheckoutTrialGate` so Phase 3 has one machine-checkable gate for checkout start/end, token removal, CLI start/end, compact report write, Check Run write, cleanup status, live smoke, rollback, monitoring, and incident-owner proof before Phase 4 beta.
+
+The `ai-saas-guard/hosted/beta` export adds `evaluateHostedBetaReadinessGate` and `evaluateTeamLaunchGateReadiness`. These pre-commercial gates block hosted beta unless selected-repository install limits, abuse controls, safe telemetry, uninstall deletion proof, rollback, support ownership, beta smoke, and no-audit-claim wording are ready; they also block team use unless org policy config, required status-check docs, suppression audit, reviewer checklist, release evidence export, retention docs, and billing-disabled proof are in place.
 
 Hosted install and privacy details are summarized in [docs/hosted-install-privacy.md](docs/hosted-install-privacy.md): selected-repository permissions, supported events, Check Run data boundaries, uninstall cleanup, and why the local CLI remains the private/offline path.
 
@@ -423,7 +425,7 @@ Use `suppressions` for narrower false-positive handling when one rule is noisy o
 
 ## GitHub Action
 
-The repo includes a composite Action. Use `v0` for the latest compatible pre-1.0 Action, a specific release tag such as `v0.41.0` for controlled upgrades, or pin a reviewed commit SHA for stricter supply-chain control:
+The repo includes a composite Action. Use `v0` for the latest compatible pre-1.0 Action, a specific release tag such as `v0.43.0` for controlled upgrades, or pin a reviewed commit SHA for stricter supply-chain control:
 
 ```yaml
 name: ai-saas-guard

package/dist/hosted/beta.d.ts

@@ -0,0 +1,97 @@
+export interface HostedBetaReadinessGateInput {
+    requestedAt: string;
+    phase3GatePassed: boolean;
+    selectedRepositoryInstallOnly: boolean;
+    publicInstallDocsReady: boolean;
+    rateLimitEnabled: boolean;
+    abuseKillSwitchReady: boolean;
+    telemetrySafe: boolean;
+    uninstallDeletionTested: boolean;
+    rollbackTested: boolean;
+    incidentOwnerRecorded: boolean;
+    supportPathReady: boolean;
+    betaSmokePassed: boolean;
+    avoidsAuditClaims: boolean;
+    noRawSourceStorage: boolean;
+    noRawDiffStorage: boolean;
+    noPrTextStorage: boolean;
+    maxReposPerInstallation: number;
+    maxConcurrentScans: number;
+    rawSource?: string;
+    rawDiff?: string;
+    prText?: string;
+    installationToken?: string;
+}
+export interface HostedBetaReadinessGate {
+    phase: "phase_4_hosted_beta_readiness";
+    readyForPublicBeta: boolean;
+    blockedReasons: string[];
+    requestedAt: string;
+    installBoundary: {
+        selectedRepositoryOnly: true;
+        maxReposPerInstallation: number;
+        maxConcurrentScans: number;
+    };
+    operations: {
+        rateLimitEnabled: boolean;
+        abuseKillSwitchReady: boolean;
+        telemetrySafe: boolean;
+        uninstallDeletionTested: boolean;
+        rollbackTested: boolean;
+        incidentOwnerRecorded: boolean;
+        supportPathReady: boolean;
+        betaSmokePassed: boolean;
+    };
+    nextAction: string;
+    privacy: {
+        includesRawSource: false;
+        includesRawDiffs: false;
+        includesUntrustedPrText: false;
+        includesInstallationToken: false;
+        claimsPentest: false;
+        claimsFullAudit: false;
+        claimsCertification: false;
+    };
+}
+export interface TeamLaunchGateReadinessInput {
+    requestedAt: string;
+    hostedBetaGatePassed: boolean;
+    orgPolicyConfigReady: boolean;
+    requiredStatusCheckDocumented: boolean;
+    suppressionAuditReady: boolean;
+    reviewerChecklistReady: boolean;
+    releaseEvidenceExportReady: boolean;
+    teamDocsReady: boolean;
+    adminBypassDocumented: boolean;
+    retentionPolicyDocumented: boolean;
+    noCommercialBillingEnabled: boolean;
+    rawSource?: string;
+    customerPayload?: unknown;
+}
+export interface TeamLaunchGateReadiness {
+    phase: "phase_5_team_launch_gate";
+    readyForTeamUse: boolean;
+    blockedReasons: string[];
+    requestedAt: string;
+    teamControls: {
+        orgPolicyConfigReady: boolean;
+        requiredStatusCheckDocumented: boolean;
+        suppressionAuditReady: boolean;
+        reviewerChecklistReady: boolean;
+        releaseEvidenceExportReady: boolean;
+        teamDocsReady: boolean;
+        adminBypassDocumented: boolean;
+        retentionPolicyDocumented: boolean;
+    };
+    commercialization: {
+        enabled: false;
+        reason: "pre_commercial_feedback_stage";
+    };
+    nextAction: string;
+    privacy: {
+        includesRawSource: false;
+        includesCustomerPayloads: false;
+    };
+}
+export declare function evaluateHostedBetaReadinessGate(input: HostedBetaReadinessGateInput): HostedBetaReadinessGate;
+export declare function evaluateTeamLaunchGateReadiness(input: TeamLaunchGateReadinessInput): TeamLaunchGateReadiness;

package/dist/hosted/beta.js

@@ -0,0 +1,132 @@
+const MAX_BETA_REPOS_PER_INSTALLATION = 10;
+const MAX_BETA_CONCURRENT_SCANS = 5;
+export function evaluateHostedBetaReadinessGate(input) {
+    const blockedReasons = hostedBetaBlockedReasons(input);
+    return {
+        phase: "phase_4_hosted_beta_readiness",
+        readyForPublicBeta: blockedReasons.length === 0,
+        blockedReasons,
+        requestedAt: input.requestedAt,
+        installBoundary: {
+            selectedRepositoryOnly: true,
+            maxReposPerInstallation: Math.max(0, Math.floor(input.maxReposPerInstallation)),
+            maxConcurrentScans: Math.max(0, Math.floor(input.maxConcurrentScans))
+        },
+        operations: {
+            rateLimitEnabled: input.rateLimitEnabled,
+            abuseKillSwitchReady: input.abuseKillSwitchReady,
+            telemetrySafe: input.telemetrySafe,
+            uninstallDeletionTested: input.uninstallDeletionTested,
+            rollbackTested: input.rollbackTested,
+            incidentOwnerRecorded: input.incidentOwnerRecorded,
+            supportPathReady: input.supportPathReady,
+            betaSmokePassed: input.betaSmokePassed
+        },
+        nextAction: blockedReasons.length === 0
+            ? "Open a limited public beta only for selected repositories and keep collecting operational evidence before commercialization."
+            : "Do not open hosted beta. Resolve the blocked reasons and rerun the beta readiness gate.",
+        privacy: {
+            includesRawSource: false,
+            includesRawDiffs: false,
+            includesUntrustedPrText: false,
+            includesInstallationToken: false,
+            claimsPentest: false,
+            claimsFullAudit: false,
+            claimsCertification: false
+        }
+    };
+}
+export function evaluateTeamLaunchGateReadiness(input) {
+    const blockedReasons = teamLaunchBlockedReasons(input);
+    return {
+        phase: "phase_5_team_launch_gate",
+        readyForTeamUse: blockedReasons.length === 0,
+        blockedReasons,
+        requestedAt: input.requestedAt,
+        teamControls: {
+            orgPolicyConfigReady: input.orgPolicyConfigReady,
+            requiredStatusCheckDocumented: input.requiredStatusCheckDocumented,
+            suppressionAuditReady: input.suppressionAuditReady,
+            reviewerChecklistReady: input.reviewerChecklistReady,
+            releaseEvidenceExportReady: input.releaseEvidenceExportReady,
+            teamDocsReady: input.teamDocsReady,
+            adminBypassDocumented: input.adminBypassDocumented,
+            retentionPolicyDocumented: input.retentionPolicyDocumented
+        },
+        commercialization: {
+            enabled: false,
+            reason: "pre_commercial_feedback_stage"
+        },
+        nextAction: blockedReasons.length === 0
+            ? "Use the team launch gate with design partners, collect user feedback, and delay commercialization until usage evidence exists."
+            : "Do not sell or commercialize. Resolve the team launch gate blockers before inviting teams beyond beta.",
+        privacy: {
+            includesRawSource: false,
+            includesCustomerPayloads: false
+        }
+    };
+}
+function hostedBetaBlockedReasons(input) {
+    const reasons = [];
+    if (!input.phase3GatePassed)
+        reasons.push("phase3_gate_missing");
+    if (!input.selectedRepositoryInstallOnly)
+        reasons.push("selected_repository_install_required");
+    if (!input.publicInstallDocsReady)
+        reasons.push("public_install_docs_missing");
+    if (!input.rateLimitEnabled)
+        reasons.push("rate_limit_missing");
+    if (!input.abuseKillSwitchReady)
+        reasons.push("abuse_kill_switch_missing");
+    if (!input.telemetrySafe)
+        reasons.push("safe_telemetry_missing");
+    if (!input.uninstallDeletionTested)
+        reasons.push("uninstall_deletion_proof_missing");
+    if (!input.rollbackTested)
+        reasons.push("rollback_test_missing");
+    if (!input.incidentOwnerRecorded)
+        reasons.push("incident_owner_missing");
+    if (!input.supportPathReady)
+        reasons.push("support_path_missing");
+    if (!input.betaSmokePassed)
+        reasons.push("beta_smoke_missing");
+    if (!input.avoidsAuditClaims)
+        reasons.push("audit_claims_not_blocked");
+    if (!input.noRawSourceStorage)
+        reasons.push("raw_source_storage_blocked");
+    if (!input.noRawDiffStorage)
+        reasons.push("raw_diff_storage_blocked");
+    if (!input.noPrTextStorage)
+        reasons.push("pr_text_storage_blocked");
+    if (!Number.isFinite(input.maxReposPerInstallation) || input.maxReposPerInstallation > MAX_BETA_REPOS_PER_INSTALLATION) {
+        reasons.push("repo_limit_too_high");
+    }
+    if (!Number.isFinite(input.maxConcurrentScans) || input.maxConcurrentScans > MAX_BETA_CONCURRENT_SCANS) {
+        reasons.push("concurrency_limit_too_high");
+    }
+    return reasons;
+}
+function teamLaunchBlockedReasons(input) {
+    const reasons = [];
+    if (!input.hostedBetaGatePassed)
+        reasons.push("hosted_beta_gate_missing");
+    if (!input.orgPolicyConfigReady)
+        reasons.push("org_policy_config_missing");
+    if (!input.requiredStatusCheckDocumented)
+        reasons.push("required_status_check_docs_missing");
+    if (!input.suppressionAuditReady)
+        reasons.push("suppression_audit_missing");
+    if (!input.reviewerChecklistReady)
+        reasons.push("reviewer_checklist_missing");
+    if (!input.releaseEvidenceExportReady)
+        reasons.push("release_evidence_export_missing");
+    if (!input.teamDocsReady)
+        reasons.push("team_docs_missing");
+    if (!input.adminBypassDocumented)
+        reasons.push("admin_bypass_docs_missing");
+    if (!input.retentionPolicyDocumented)
+        reasons.push("retention_policy_docs_missing");
+    if (!input.noCommercialBillingEnabled)
+        reasons.push("commercial_billing_enabled_too_early");
+    return reasons;
+}

package/dist/hosted/worker.d.ts

@@ -127,6 +127,41 @@ export interface HostedReadOnlyCheckoutScanGate {
         claimsCompleteHostedSaas: false;
     };
 }
+export interface HostedSourceCheckoutTrialGateInput extends HostedSourceCheckoutTrialPlanInput, Omit<HostedSourceCheckoutEvidenceInput, "requestedAt" | "rawSource" | "rawDiff" | "checkoutPath" | "installationToken">, Omit<HostedReadOnlyCheckoutScanGateInput, "requestedAt" | "jobKey" | "summaryCounts" | "compactFindingCount" | "rawSource" | "rawDiff" | "checkoutPath" | "installationToken"> {
+    liveSmokePassed: boolean;
+    rollbackTested: boolean;
+    monitoringEvidence: boolean;
+    incidentOwnerRecorded: boolean;
+    rawSource?: string;
+    rawDiff?: string;
+    checkoutPath?: string;
+    installationToken?: string;
+}
+export interface HostedSourceCheckoutTrialGate {
+    phase: "phase_3_hosted_source_checkout_trial";
+    readyForPhase4Beta: boolean;
+    blockedReasons: string[];
+    requestedAt: string;
+    repositoryFullName: string;
+    jobKey: string;
+    plan: HostedSourceCheckoutTrialPlan;
+    evidence: HostedSourceCheckoutEvidence;
+    scanGate: HostedReadOnlyCheckoutScanGate;
+    operatorProof: {
+        liveSmokePassed: boolean;
+        rollbackTested: boolean;
+        monitoringEvidence: boolean;
+        incidentOwnerRecorded: boolean;
+    };
+    nextAction: string;
+    privacy: {
+        includesRawSource: false;
+        includesRawDiffs: false;
+        includesPrivateCheckoutPath: false;
+        includesInstallationToken: false;
+        claimsPublicHostedScanner: false;
+    };
+}
 export type HostedReadOnlyCheckoutScanSafeReason = "invalid_worker_plan" | "invalid_repository_full_name" | "invalid_clone_base_url" | "missing_installation_token" | "git_init_failed" | "git_remote_add_failed" | "git_fetch_head_failed" | "git_fetch_base_failed" | "git_checkout_failed" | "cli_scan_failed" | "invalid_cli_output" | "cleanup_failed";
 export declare class HostedReadOnlyCheckoutScanError extends Error {
     readonly safeReason: HostedReadOnlyCheckoutScanSafeReason;
@@ -144,4 +179,5 @@ export declare function createHostedReadOnlyCheckoutScanRunner(options: HostedRe
 export declare function createHostedSourceCheckoutTrialPlan(input: HostedSourceCheckoutTrialPlanInput): HostedSourceCheckoutTrialPlan;
 export declare function createHostedSourceCheckoutEvidence(input: HostedSourceCheckoutEvidenceInput): HostedSourceCheckoutEvidence;
 export declare function evaluateHostedReadOnlyCheckoutScanGate(input: HostedReadOnlyCheckoutScanGateInput): HostedReadOnlyCheckoutScanGate;
+export declare function evaluateHostedSourceCheckoutTrialGate(input: HostedSourceCheckoutTrialGateInput): HostedSourceCheckoutTrialGate;
 export declare function runHostedReadOnlyCheckoutScan(input: HostedServiceScanRunnerInput, options: HostedReadOnlyCheckoutScanRunnerOptions): Promise<HostedServiceScanRunnerResult>;

package/dist/hosted/worker.js

@@ -173,6 +173,72 @@ export function evaluateHostedReadOnlyCheckoutScanGate(input) {
         }
     };
 }
+export function evaluateHostedSourceCheckoutTrialGate(input) {
+    const plan = createHostedSourceCheckoutTrialPlan(input);
+    const evidence = createHostedSourceCheckoutEvidence({
+        requestedAt: input.requestedAt,
+        jobKey: input.jobKey,
+        stages: input.stages,
+        summaryCounts: input.summaryCounts,
+        compactFindingCount: input.compactFindingCount,
+        cleanupStatus: input.cleanupStatus,
+        rawSource: input.rawSource,
+        rawDiff: input.rawDiff,
+        checkoutPath: input.checkoutPath,
+        installationToken: input.installationToken
+    });
+    const scanGate = evaluateHostedReadOnlyCheckoutScanGate({
+        requestedAt: input.requestedAt,
+        jobKey: input.jobKey,
+        commandStages: input.commandStages,
+        summaryCounts: input.summaryCounts,
+        compactFindingCount: input.compactFindingCount,
+        compactReportStored: input.compactReportStored,
+        checkRunPublished: input.checkRunPublished,
+        checkoutDeleted: input.checkoutDeleted,
+        tokenRemovedBeforeCli: input.tokenRemovedBeforeCli,
+        maxOutputBytes: input.maxOutputBytes,
+        timeoutMs: input.timeoutMs,
+        rawSource: input.rawSource,
+        rawDiff: input.rawDiff,
+        checkoutPath: input.checkoutPath,
+        installationToken: input.installationToken
+    });
+    const operatorBlockedReasons = operatorProofBlockedReasons(input);
+    const blockedReasons = [
+        ...plan.blockedReasons,
+        ...evidence.blockedReasons,
+        ...scanGate.blockedReasons,
+        ...operatorBlockedReasons
+    ];
+    return {
+        phase: "phase_3_hosted_source_checkout_trial",
+        readyForPhase4Beta: blockedReasons.length === 0,
+        blockedReasons,
+        requestedAt: input.requestedAt,
+        repositoryFullName: input.repositoryFullName,
+        jobKey: input.jobKey,
+        plan,
+        evidence,
+        scanGate,
+        operatorProof: {
+            liveSmokePassed: input.liveSmokePassed,
+            rollbackTested: input.rollbackTested,
+            monitoringEvidence: input.monitoringEvidence,
+            incidentOwnerRecorded: input.incidentOwnerRecorded
+        },
+        nextAction: blockedReasons.length === 0
+            ? "Phase 3 is closed for the selected-repository trial. Continue to Phase 4 beta only with the same privacy boundary."
+            : "Do not open hosted beta. Resolve the blocked reasons and rerun the selected-repository source-checkout trial gate.",
+        privacy: {
+            includesRawSource: false,
+            includesRawDiffs: false,
+            includesPrivateCheckoutPath: false,
+            includesInstallationToken: false,
+            claimsPublicHostedScanner: false
+        }
+    };
+}
 export async function runHostedReadOnlyCheckoutScan(input, options) {
     const { plan } = input;
     const { checkout, cli } = plan;
@@ -339,6 +405,18 @@ function isTrustedFixedReadOnlyPlan(input) {
 function arraysEqual(left, right) {
     return left.length === right.length && left.every((value, index) => value === right[index]);
 }
+function operatorProofBlockedReasons(input) {
+    const reasons = [];
+    if (!input.liveSmokePassed)
+        reasons.push("live_smoke_missing");
+    if (!input.rollbackTested)
+        reasons.push("rollback_test_missing");
+    if (!input.monitoringEvidence)
+        reasons.push("monitoring_evidence_missing");
+    if (!input.incidentOwnerRecorded)
+        reasons.push("incident_owner_missing");
+    return reasons;
+}
 function compactFinding(value) {
     if (!isRecord(value))
         return [];

package/docs/README.zh-CN.md

@@ -213,18 +213,18 @@ node dist/cli.js scan --root /path/to/your-saas
 
 这个仓库是公开 GitHub 仓库。
 
-CLI 已发布到 npm：`ai-saas-guard@0.41.0`。GitHub Action 支持 `v0` 浮动标签，也支持固定版本标签，例如 `v0.41.0`。
+CLI 已发布到 npm：`ai-saas-guard@0.43.0`。GitHub Action 支持 `v0` 浮动标签，也支持固定版本标签，例如 `v0.43.0`。
 
 | 模块 | 状态 |
 | --- | --- |
 | 公开 GitHub 仓库 | 已可用 |
-| npm CLI | `ai-saas-guard@0.41.0` |
-| GitHub Action | `zr9959/ai-saas-guard@v0` 或固定标签 `v0.41.0` |
+| npm CLI | `ai-saas-guard@0.43.0` |
+| GitHub Action | `zr9959/ai-saas-guard@v0` 或固定标签 `v0.43.0` |
 | 输出格式 | 上线决策队列、短 summary、Terminal、JSON、SARIF 和 PR markdown |
 | 项目配置 | `.ai-saas-guard.json` 支持规则开关、severity 覆盖、suppressions 和 fail threshold |
 | 隐私模型 | 本地优先、只读扫描、不调用 LLM、不上传代码 |
-| 当前版本 | `0.41.0` 增加 source-checkout trial plan/evidence 契约，压缩 hosted Check Run reviewer 输出，并记录下一阶段 hosted source-checkout gate |
-| Action 标签 | `v0.41.0`、`v0` |
+| 当前版本 | `0.43.0` 增加商业化前的 Phase 4 hosted beta readiness gate 和 Phase 5 team launch gate，同时继续保持 billing disabled |
+| Action 标签 | `v0.43.0`、`v0` |
 | npm 发布 | GitHub Actions Trusted Publisher/OIDC，无需长期 npm token |
 | 仓库可信度加固 | 严格 branch protection、Dependabot、CodeQL、fast-check fuzzing、signed release provenance assets、private vulnerability reporting、secret scanning 和 push protection |
 | Cloudflare hosted ingress | 已部署到 `https://ai-saas-guard-hosted.zr9959.workers.dev`；安装和隐私说明见 [hosted-install-privacy.md](hosted-install-privacy.md)；提供 `/github/app/install-info`，签名 GitHub App webhook delivery、compact Check Run 和 installation cleanup staging smoke 已通过 |
@@ -383,7 +383,9 @@ GitHub Marketplace wrapper 决策见 [docs/github-marketplace-wrapper-decision.m
 
 当前仓库已经包含未来 Hosted GitHub App 的设计文档、纯契约测试、第一个真实 Cloudflare hosted ingress，以及 Node/container read-only checkout scan runner。私有 staging GitHub App `ai-saas-guard-hosted` 已安装到 `zr9959/ai-saas-guard`，Cloudflare 已配置所需的云端凭据绑定。Worker 代码已经能接收签名 webhook、写入 KV 队列、换取 scoped installation token、读取 GitHub PR file metadata、做 compact PR-risk classification，并发布有长度上限的 selected-repository Check Run summary；`/github/app/install-info` 会返回公开安全的安装说明、权限、事件、隐私边界和卸载说明。签名 installation deletion 和 repository removal 事件会删除匹配的 compact records。当前端到端 GitHub App webhook delivery smoke 已通过，证据记录在 [docs/hosted-operations-evidence.md](hosted-operations-evidence.md)。Cloudflare ingress 本身仍不是完整 source checkout scan worker。
 
-下一步 hosted source checkout 仍然要保持窄边界：把现有 read-only checkout worker 放到同一个 selected-repository identity 后面，继续固定 `pr-risk --json` 命令，只把 compact findings 写入 Check Run，并在扩大 trial 前要求 deployed cleanup、log-boundary 和 rollback evidence。v0.41 契约层新增 `createHostedSourceCheckoutTrialPlan` 和 `createHostedSourceCheckoutEvidence`，用于在公开暴露前检查 checkout start/end、token removal、CLI start/end、compact report write、Check Run write 和 cleanup status。
+下一步 hosted source checkout 仍然要保持窄边界：把现有 read-only checkout worker 放到同一个 selected-repository identity 后面，继续固定 `pr-risk --json` 命令，只把 compact findings 写入 Check Run，并在扩大 trial 前要求 deployed cleanup、log-boundary 和 rollback evidence。hosted worker export 现在包含 `createHostedSourceCheckoutTrialPlan`、`createHostedSourceCheckoutEvidence` 和 `evaluateHostedSourceCheckoutTrialGate`，用于在进入 Phase 4 beta 前统一检查 checkout start/end、token removal、CLI start/end、compact report write、Check Run write、cleanup status、live smoke、rollback、monitoring 和 incident owner proof。
+
+`ai-saas-guard/hosted/beta` export 新增 `evaluateHostedBetaReadinessGate` 和 `evaluateTeamLaunchGateReadiness`。这两个商业化前 gate 会阻止 hosted beta 在 selected-repository install limit、abuse control、安全 telemetry、uninstall deletion proof、rollback、support owner、beta smoke 和 no-audit-claim wording 不完整时开放；也会阻止 team use 在 org policy config、required status-check docs、suppression audit、reviewer checklist、release evidence export、retention docs 和 billing-disabled proof 不完整时推进。
 
 Hosted 安装、权限和隐私边界见 [hosted-install-privacy.md](hosted-install-privacy.md)：selected-repository 权限、支持的 GitHub 事件、Check Run 数据边界、卸载清理，以及为什么本地 CLI 仍然是私有/离线路径。
 

package/docs/hosted-node-container-app.md

@@ -24,6 +24,11 @@ The package exports `ai-saas-guard/hosted/app` with:
 - `createHostedNodeCheckoutAppPlatform`
 - `planHostedNodeContainerDeployment`
 
+The package also exports `ai-saas-guard/hosted/beta` with:
+
+- `evaluateHostedBetaReadinessGate`
+- `evaluateTeamLaunchGateReadiness`
+
 The staging deployment planner in [hosted-staging-deployment.md](hosted-staging-deployment.md) composes this Node/container deployment plan with real provider references, hosted operational release-gate evidence, and GitHub App promotion gates.
 
 ## HTTP Ingress
@@ -134,6 +139,6 @@ It does not return:
 
 ## Current Status
 
-The repository can now instantiate a Node/container hosted app skeleton, route signed webhooks into the hosted service runtime, process one worker tick through adapters, compose the real read-only checkout scan runner behind a token-provider boundary, expose clamped worker safety budgets, and validate provider adapter references before deployment.
+The repository can now instantiate a Node/container hosted app skeleton, route signed webhooks into the hosted service runtime, process one worker tick through adapters, compose the real read-only checkout scan runner behind a token-provider boundary, expose clamped worker safety budgets, validate provider adapter references before deployment, evaluate one Phase 3 source-checkout trial gate through `evaluateHostedSourceCheckoutTrialGate`, and evaluate pre-commercial Phase 4/5 gates through `evaluateHostedBetaReadinessGate` and `evaluateTeamLaunchGateReadiness`.
 
-A public hosted environment still requires actual platform infrastructure, a public HTTPS webhook URL, platform secrets, durable queue/storage, worker sandboxing, GitHub Checks API credentials at runtime, monitoring, rollback, incident-response evidence, and the hosted operational release gate. Use [hosted-staging-deployment.md](hosted-staging-deployment.md) to plan and block staging exposure until those provider references and evidence exist.
+A public hosted environment still requires actual platform infrastructure, a public HTTPS webhook URL, platform secrets, durable queue/storage, worker sandboxing, GitHub Checks API credentials at runtime, monitoring, rollback, incident-response evidence, a passing Phase 3 gate, and a passing Phase 4 beta readiness gate. Team workflow rollout additionally requires the Phase 5 team launch gate. Use [hosted-staging-deployment.md](hosted-staging-deployment.md) to plan and block staging exposure until those provider references and evidence exist.

package/docs/hosted-operational-release-gate.md

@@ -179,6 +179,41 @@ The v0.41 source-checkout trial boundary is executable as a pure contract before
 
 The evidence object must stay compact and privacy-safe. It may contain job key, stage IDs, timestamps, summary counts, compact finding count, cleanup status, and safe blocked reasons. It must not include source, diffs, checkout paths, installation tokens, PR-authored commands, private URLs, or low-level filesystem errors.
 
+### Phase 3 Source Checkout Trial Gate
+
+The v0.42 hosted worker export adds `evaluateHostedSourceCheckoutTrialGate`. This is the single gate for closing Phase 3 and deciding whether the project may move toward Phase 4 hosted beta.
+
+The gate combines:
+
+- source-checkout trial plan checks from `createHostedSourceCheckoutTrialPlan`
+- stage evidence checks from `createHostedSourceCheckoutEvidence`
+- read-only checkout scan checks from `evaluateHostedReadOnlyCheckoutScanGate`
+- operator proof for live smoke, rollback, monitoring evidence, and incident owner recording
+
+It returns `readyForPhase4Beta: true` only when all four layers pass. Otherwise it returns safe blocked reasons and the next action: do not open hosted beta until the missing proof is rerun. The response must remain compact and privacy-safe: no raw source, raw diffs, checkout paths, installation tokens, public hosted scanner claim, private URLs, or PR-authored commands.
+
+### Phase 4 Hosted Beta Readiness Gate
+
+The v0.43 `ai-saas-guard/hosted/beta` export adds `evaluateHostedBetaReadinessGate`. This gate is pre-commercial. It does not enable billing, pricing, usage metering, or a marketplace listing.
+
+It returns `readyForPublicBeta: true` only when:
+
+- Phase 3 source-checkout trial gate already passed
+- installs remain selected-repository only
+- public install and privacy docs are ready
+- rate limits and an abuse kill switch are enabled
+- telemetry records only safe operational metadata
+- uninstall deletion, rollback, incident owner, support path, and beta smoke evidence exist
+- public wording avoids pentest, full-audit, and certification claims
+- raw source, raw diffs, PR-authored text, and installation tokens are not stored
+- repository and concurrency limits stay within the beta caps
+
+### Phase 5 Team Launch Gate
+
+The same export adds `evaluateTeamLaunchGateReadiness`. This gate is also pre-commercial. It exists so design partners can use the hosted launch gate in a team workflow before paid packaging exists.
+
+It returns `readyForTeamUse: true` only when the hosted beta gate passed and the team workflow has org policy config, required status-check documentation, suppression audit, reviewer checklist, release evidence export, team docs, admin-bypass documentation, retention documentation, and proof that commercial billing remains disabled.
+
 ### Log Boundary Evidence
 
 Before exposure, sample ingress, queue, worker, report, and Check Run logs for the release candidate. The sample may contain scan key, installation ID, repository ID, PR number, head SHA, scanner version, duration, summary counts, error class, and cleanup status.

package/docs/hosted-operations-evidence.md

@@ -10,6 +10,14 @@ Recorded on 2026-05-25 from the deployed Cloudflare Worker plus temporary GitHub
 
 | Check | Evidence | Result |
 | --- | --- | --- |
+| Cloudflare Worker health, v0.43.0 | `GET https://ai-saas-guard-hosted.zr9959.workers.dev/healthz` returned `ok: true`, routes including `/github/app/install-info`, `checkRunPublisher: "configured"`, `scannerVersion: "0.43.0"`, and all privacy flags set to false for raw payloads, PR text, source, diffs, secrets, customer payloads, checkout paths, and installation tokens | Passed |
+| Public install guidance, v0.43.0 | `GET https://ai-saas-guard-hosted.zr9959.workers.dev/github/app/install-info` returned the `ai-saas-guard-hosted` install URL, selected-repository boundary wording, first-slice permissions `checks: write`, `contents: read`, `metadata: read`, `pull_requests: read`, subscribed events `pull_request`, `installation`, and `installation_repositories`, uninstall cleanup wording, `scannerVersion: "0.43.0"`, and no private keys, webhook secrets, installation tokens, source, diffs, or customer payloads | Passed |
+| Deployed Worker version, v0.43.0 | `wrangler deploy` uploaded 38.57 KiB / gzip 9.86 KiB and deployed version `8744d3db-0114-4653-85e2-f1554ff1b26b` at `2026-05-25T14:00:03Z` verification time | Passed |
+| Real hosted PR smoke, v0.43.0 | `node scripts/hosted-pr-smoke.mjs --evidence-file /tmp/ai-saas-guard-hosted-smoke-v0.43.json` opened temporary PR `#91`, waited for Check Run `77724168740` on head SHA `6d62e52b243d657dd949b48c3333224905caa830`, received conclusion `success`, closed the PR, restored the original branch, deleted the local branch, and deleted 9 staging KV records with `remainingSmokeKeys: 0`; `gh pr view 91` returned `state: "CLOSED"`, `git ls-remote --heads origin codex/hosted-smoke-20260525140128` returned no remote branch, and `wrangler kv key list --namespace-id fa5344fbd7944de6a776bf8731d58460 --remote` returned `[]` after cleanup | Passed |
+| Cloudflare Worker health, v0.42.0 | `GET https://ai-saas-guard-hosted.zr9959.workers.dev/healthz` returned `ok: true`, routes including `/github/app/install-info`, `checkRunPublisher: "configured"`, `scannerVersion: "0.42.0"`, and all privacy flags set to false for raw payloads, PR text, source, diffs, secrets, customer payloads, checkout paths, and installation tokens | Passed |
+| Public install guidance, v0.42.0 | `GET https://ai-saas-guard-hosted.zr9959.workers.dev/github/app/install-info` returned the `ai-saas-guard-hosted` install URL, selected-repository boundary wording, first-slice permissions `checks: write`, `contents: read`, `metadata: read`, `pull_requests: read`, subscribed events `pull_request`, `installation`, and `installation_repositories`, uninstall cleanup wording, `scannerVersion: "0.42.0"`, and no private keys, webhook secrets, installation tokens, source, diffs, or customer payloads | Passed |
+| Deployed Worker version, v0.42.0 | `wrangler deploy` uploaded 38.57 KiB / gzip 9.86 KiB and deployed version `6de0811e-11bf-46a6-9b7b-cbecda409695` at `2026-05-25T13:40:11Z` verification time | Passed |
+| Real hosted PR smoke, v0.42.0 | `node scripts/hosted-pr-smoke.mjs --evidence-file /tmp/ai-saas-guard-hosted-smoke-v0.42.json` opened temporary PR `#89`, waited for Check Run `77721238202` on head SHA `66dfffde2ffa1a563ebc45fe7b22468d2f060e22`, received conclusion `success`, closed the PR, restored the original branch, deleted the local branch, and deleted 9 staging KV records with `remainingSmokeKeys: 0`; `gh pr view 89` returned `state: "CLOSED"`, `git ls-remote --heads origin codex/hosted-smoke-20260525134106` returned no remote branch, and `wrangler kv key list --namespace-id fa5344fbd7944de6a776bf8731d58460 --remote` returned `[]` after cleanup | Passed |
 | Cloudflare Worker health, v0.41.0 | `GET https://ai-saas-guard-hosted.zr9959.workers.dev/healthz` returned `ok: true`, routes including `/github/app/install-info`, `checkRunPublisher: "configured"`, `scannerVersion: "0.41.0"`, and all privacy flags set to false for raw payloads, PR text, source, diffs, secrets, customer payloads, checkout paths, and installation tokens | Passed |
 | Public install guidance, v0.41.0 | `GET https://ai-saas-guard-hosted.zr9959.workers.dev/github/app/install-info` returned the `ai-saas-guard-hosted` install URL, selected-repository boundary wording, first-slice permissions `checks: write`, `contents: read`, `metadata: read`, `pull_requests: read`, subscribed events `pull_request`, `installation`, and `installation_repositories`, uninstall cleanup wording, `scannerVersion: "0.41.0"`, and no private keys, webhook secrets, installation tokens, source, diffs, or customer payloads | Passed |
 | Deployed Worker version, v0.41.0 | `wrangler deploy` uploaded 38.57 KiB / gzip 9.86 KiB and deployed version `fb0b4726-ac75-4577-942b-fdeed7752979` at `2026-05-25T13:22:28Z` verification time | Passed |

package/docs/npm-publishing.md

@@ -5,11 +5,11 @@
 ## Current State
 
 - Package name: `ai-saas-guard`
-- Current published version: `0.41.0`
+- Current published version: `0.43.0`
 - Next source candidate: none
 - npm registry state: published at <https://www.npmjs.com/package/ai-saas-guard>
 - First npm-published version: `0.1.1`
-- GitHub Release: `v0.41.0`
+- GitHub Release: `v0.43.0`
 - Publish workflow: `.github/workflows/npm-publish.yml`
 - Trusted Publisher: GitHub Actions, `zr9959/ai-saas-guard`, workflow `npm-publish.yml`, allowed action `npm publish`
 - Long-lived npm publish token: not required
@@ -18,7 +18,7 @@
 
 Use GitHub Actions with npm Trusted Publisher/OIDC:
 
-1. Create and review a release tag such as `v0.41.0`.
+1. Create and review a release tag such as `v0.43.0`.
 2. Publish from the GitHub Release or run the `Publish npm` workflow manually with `ref` set to that tag.
 3. Keep `permissions.id-token: write` in the workflow so npm can exchange the GitHub Actions OIDC identity for a short-lived publish credential.
 4. Run `npm publish --access public` from the workflow. Trusted publishing automatically generates provenance for this public package from this public repository.

package/hosted/cloudflare-worker/README.md

@@ -23,7 +23,7 @@ This Worker is a real hosted ingress with first-slice Check Run publishing code,
 - `HOSTED_EVENTS`: Cloudflare KV namespace for compact delivery and queued scan records.
 - `WEBHOOK_SECRET`: Worker secret matching the GitHub App webhook secret.
 - `GITHUB_APP_PRIVATE_KEY`: Worker secret for the staging GitHub App private key, used only in memory to sign short-lived GitHub App JWTs.
-- `SCANNER_VERSION`: public version string, currently `0.41.0`.
+- `SCANNER_VERSION`: public version string, currently `0.43.0`.
 - `GITHUB_APP_ID`, `GITHUB_APP_SLUG`, `GITHUB_APP_INSTALLATION_ID`: public staging identifiers for the private GitHub App installation.
 
 ## Deployment

package/hosted/cloudflare-worker/wrangler.jsonc

@@ -7,7 +7,7 @@
     "enabled": true
   },
   "vars": {
-    "SCANNER_VERSION": "0.41.0",
+    "SCANNER_VERSION": "0.43.0",
     "GITHUB_APP_ID": "3834787",
     "GITHUB_APP_SLUG": "ai-saas-guard-hosted",
     "GITHUB_APP_INSTALLATION_ID": "135085075"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-saas-guard",
-  "version": "0.41.0",
+  "version": "0.43.0",
   "description": "Local-first CLI that catches launch blockers in AI-built Next.js/Supabase/Stripe SaaS apps.",
   "readmeFilename": "README.md",
   "type": "module",
@@ -74,6 +74,10 @@
       "types": "./dist/hosted/deployed-staging.d.ts",
       "default": "./dist/hosted/deployed-staging.js"
     },
+    "./hosted/beta": {
+      "types": "./dist/hosted/beta.d.ts",
+      "default": "./dist/hosted/beta.js"
+    },
     "./hosted/worker": {
       "types": "./dist/hosted/worker.d.ts",
       "default": "./dist/hosted/worker.js"