ai-saas-guard 0.42.0 → 0.43.0

package/README.md

@@ -235,13 +235,13 @@ The CLI is published on npm as `ai-saas-guard`, and the GitHub Action is availab
 | Area | Status |
 | --- | --- |
 | Public GitHub repository | Available |
-| npm CLI | `ai-saas-guard@0.42.0` |
-| GitHub Action | `zr9959/ai-saas-guard@v0` or fixed tag `v0.42.0` |
+| npm CLI | `ai-saas-guard@0.43.0` |
+| GitHub Action | `zr9959/ai-saas-guard@v0` or fixed tag `v0.43.0` |
 | Outputs | Launch decision queue, short summary, terminal, JSON, SARIF, and PR-focused markdown |
 | Project config | `.ai-saas-guard.json` rule toggles, severity overrides, suppressions, and fail thresholds |
 | Privacy model | Local-first, read-only scan commands, no LLM calls, no code upload |
-| Versioned Action tags | `v0.42.0`, `v0` |
-| Current release | `0.42.0` adds a single Phase 3 source-checkout trial gate that combines plan, stage evidence, scan proof, live smoke, rollback, monitoring, and incident-owner checks before hosted beta |
+| Versioned Action tags | `v0.43.0`, `v0` |
+| Current release | `0.43.0` adds pre-commercial hosted gates for Phase 4 beta readiness and Phase 5 team launch readiness while keeping billing disabled |
 | npm publishing | Trusted Publisher/OIDC, no long-lived publish token |
 | Repository trust hardening | Strict branch protection, Dependabot, CodeQL, fast-check fuzzing, signed release provenance assets, private vulnerability reporting, secret scanning, and push protection |
 | Cloudflare hosted ingress | Deployed at `https://ai-saas-guard-hosted.zr9959.workers.dev`; public install/privacy notes are in [docs/hosted-install-privacy.md](docs/hosted-install-privacy.md); signed GitHub App webhook delivery and compact Check Run smoke now pass in staging |
@@ -369,6 +369,8 @@ The first live hosted ingress is deployed on Cloudflare Workers at `https://ai-s
 
 The next hosted source-checkout step is intentionally narrow: deploy the existing read-only checkout worker behind the same selected-repository identity, keep the fixed `pr-risk --json` command, write only compact findings to the Check Run, and require deployed cleanup/log-boundary/rollback evidence before broader trial use. The hosted worker export includes `createHostedSourceCheckoutTrialPlan`, `createHostedSourceCheckoutEvidence`, and `evaluateHostedSourceCheckoutTrialGate` so Phase 3 has one machine-checkable gate for checkout start/end, token removal, CLI start/end, compact report write, Check Run write, cleanup status, live smoke, rollback, monitoring, and incident-owner proof before Phase 4 beta.
 
+The `ai-saas-guard/hosted/beta` export adds `evaluateHostedBetaReadinessGate` and `evaluateTeamLaunchGateReadiness`. These pre-commercial gates block hosted beta unless selected-repository install limits, abuse controls, safe telemetry, uninstall deletion proof, rollback, support ownership, beta smoke, and no-audit-claim wording are ready; they also block team use unless org policy config, required status-check docs, suppression audit, reviewer checklist, release evidence export, retention docs, and billing-disabled proof are in place.
+
 Hosted install and privacy details are summarized in [docs/hosted-install-privacy.md](docs/hosted-install-privacy.md): selected-repository permissions, supported events, Check Run data boundaries, uninstall cleanup, and why the local CLI remains the private/offline path.
 
 The hosted operational release gate is documented in [docs/hosted-operational-release-gate.md](docs/hosted-operational-release-gate.md). It defines the hosted-specific CI, replay, queue, worker cleanup, privacy, monitoring, rollback, and incident-response evidence required before any hosted environment is exposed to users. The pure gate evaluator exported from `ai-saas-guard/hosted/contracts` blocks hosted exposure unless every P0 evidence item is fresh, a container digest is recorded, and release notes avoid pentest, certification, and full-audit claims.
@@ -423,7 +425,7 @@ Use `suppressions` for narrower false-positive handling when one rule is noisy o
 
 ## GitHub Action
 
-The repo includes a composite Action. Use `v0` for the latest compatible pre-1.0 Action, a specific release tag such as `v0.42.0` for controlled upgrades, or pin a reviewed commit SHA for stricter supply-chain control:
+The repo includes a composite Action. Use `v0` for the latest compatible pre-1.0 Action, a specific release tag such as `v0.43.0` for controlled upgrades, or pin a reviewed commit SHA for stricter supply-chain control:
 
 ```yaml
 name: ai-saas-guard

package/dist/hosted/beta.d.ts

@@ -0,0 +1,97 @@
+export interface HostedBetaReadinessGateInput {
+    requestedAt: string;
+    phase3GatePassed: boolean;
+    selectedRepositoryInstallOnly: boolean;
+    publicInstallDocsReady: boolean;
+    rateLimitEnabled: boolean;
+    abuseKillSwitchReady: boolean;
+    telemetrySafe: boolean;
+    uninstallDeletionTested: boolean;
+    rollbackTested: boolean;
+    incidentOwnerRecorded: boolean;
+    supportPathReady: boolean;
+    betaSmokePassed: boolean;
+    avoidsAuditClaims: boolean;
+    noRawSourceStorage: boolean;
+    noRawDiffStorage: boolean;
+    noPrTextStorage: boolean;
+    maxReposPerInstallation: number;
+    maxConcurrentScans: number;
+    rawSource?: string;
+    rawDiff?: string;
+    prText?: string;
+    installationToken?: string;
+}
+export interface HostedBetaReadinessGate {
+    phase: "phase_4_hosted_beta_readiness";
+    readyForPublicBeta: boolean;
+    blockedReasons: string[];
+    requestedAt: string;
+    installBoundary: {
+        selectedRepositoryOnly: true;
+        maxReposPerInstallation: number;
+        maxConcurrentScans: number;
+    };
+    operations: {
+        rateLimitEnabled: boolean;
+        abuseKillSwitchReady: boolean;
+        telemetrySafe: boolean;
+        uninstallDeletionTested: boolean;
+        rollbackTested: boolean;
+        incidentOwnerRecorded: boolean;
+        supportPathReady: boolean;
+        betaSmokePassed: boolean;
+    };
+    nextAction: string;
+    privacy: {
+        includesRawSource: false;
+        includesRawDiffs: false;
+        includesUntrustedPrText: false;
+        includesInstallationToken: false;
+        claimsPentest: false;
+        claimsFullAudit: false;
+        claimsCertification: false;
+    };
+}
+export interface TeamLaunchGateReadinessInput {
+    requestedAt: string;
+    hostedBetaGatePassed: boolean;
+    orgPolicyConfigReady: boolean;
+    requiredStatusCheckDocumented: boolean;
+    suppressionAuditReady: boolean;
+    reviewerChecklistReady: boolean;
+    releaseEvidenceExportReady: boolean;
+    teamDocsReady: boolean;
+    adminBypassDocumented: boolean;
+    retentionPolicyDocumented: boolean;
+    noCommercialBillingEnabled: boolean;
+    rawSource?: string;
+    customerPayload?: unknown;
+}
+export interface TeamLaunchGateReadiness {
+    phase: "phase_5_team_launch_gate";
+    readyForTeamUse: boolean;
+    blockedReasons: string[];
+    requestedAt: string;
+    teamControls: {
+        orgPolicyConfigReady: boolean;
+        requiredStatusCheckDocumented: boolean;
+        suppressionAuditReady: boolean;
+        reviewerChecklistReady: boolean;
+        releaseEvidenceExportReady: boolean;
+        teamDocsReady: boolean;
+        adminBypassDocumented: boolean;
+        retentionPolicyDocumented: boolean;
+    };
+    commercialization: {
+        enabled: false;
+        reason: "pre_commercial_feedback_stage";
+    };
+    nextAction: string;
+    privacy: {
+        includesRawSource: false;
+        includesCustomerPayloads: false;
+    };
+}
+export declare function evaluateHostedBetaReadinessGate(input: HostedBetaReadinessGateInput): HostedBetaReadinessGate;
+export declare function evaluateTeamLaunchGateReadiness(input: TeamLaunchGateReadinessInput): TeamLaunchGateReadiness;

package/dist/hosted/beta.js

@@ -0,0 +1,132 @@
+const MAX_BETA_REPOS_PER_INSTALLATION = 10;
+const MAX_BETA_CONCURRENT_SCANS = 5;
+export function evaluateHostedBetaReadinessGate(input) {
+    const blockedReasons = hostedBetaBlockedReasons(input);
+    return {
+        phase: "phase_4_hosted_beta_readiness",
+        readyForPublicBeta: blockedReasons.length === 0,
+        blockedReasons,
+        requestedAt: input.requestedAt,
+        installBoundary: {
+            selectedRepositoryOnly: true,
+            maxReposPerInstallation: Math.max(0, Math.floor(input.maxReposPerInstallation)),
+            maxConcurrentScans: Math.max(0, Math.floor(input.maxConcurrentScans))
+        },
+        operations: {
+            rateLimitEnabled: input.rateLimitEnabled,
+            abuseKillSwitchReady: input.abuseKillSwitchReady,
+            telemetrySafe: input.telemetrySafe,
+            uninstallDeletionTested: input.uninstallDeletionTested,
+            rollbackTested: input.rollbackTested,
+            incidentOwnerRecorded: input.incidentOwnerRecorded,
+            supportPathReady: input.supportPathReady,
+            betaSmokePassed: input.betaSmokePassed
+        },
+        nextAction: blockedReasons.length === 0
+            ? "Open a limited public beta only for selected repositories and keep collecting operational evidence before commercialization."
+            : "Do not open hosted beta. Resolve the blocked reasons and rerun the beta readiness gate.",
+        privacy: {
+            includesRawSource: false,
+            includesRawDiffs: false,
+            includesUntrustedPrText: false,
+            includesInstallationToken: false,
+            claimsPentest: false,
+            claimsFullAudit: false,
+            claimsCertification: false
+        }
+    };
+}
+export function evaluateTeamLaunchGateReadiness(input) {
+    const blockedReasons = teamLaunchBlockedReasons(input);
+    return {
+        phase: "phase_5_team_launch_gate",
+        readyForTeamUse: blockedReasons.length === 0,
+        blockedReasons,
+        requestedAt: input.requestedAt,
+        teamControls: {
+            orgPolicyConfigReady: input.orgPolicyConfigReady,
+            requiredStatusCheckDocumented: input.requiredStatusCheckDocumented,
+            suppressionAuditReady: input.suppressionAuditReady,
+            reviewerChecklistReady: input.reviewerChecklistReady,
+            releaseEvidenceExportReady: input.releaseEvidenceExportReady,
+            teamDocsReady: input.teamDocsReady,
+            adminBypassDocumented: input.adminBypassDocumented,
+            retentionPolicyDocumented: input.retentionPolicyDocumented
+        },
+        commercialization: {
+            enabled: false,
+            reason: "pre_commercial_feedback_stage"
+        },
+        nextAction: blockedReasons.length === 0
+            ? "Use the team launch gate with design partners, collect user feedback, and delay commercialization until usage evidence exists."
+            : "Do not sell or commercialize. Resolve the team launch gate blockers before inviting teams beyond beta.",
+        privacy: {
+            includesRawSource: false,
+            includesCustomerPayloads: false
+        }
+    };
+}
+function hostedBetaBlockedReasons(input) {
+    const reasons = [];
+    if (!input.phase3GatePassed)
+        reasons.push("phase3_gate_missing");
+    if (!input.selectedRepositoryInstallOnly)
+        reasons.push("selected_repository_install_required");
+    if (!input.publicInstallDocsReady)
+        reasons.push("public_install_docs_missing");
+    if (!input.rateLimitEnabled)
+        reasons.push("rate_limit_missing");
+    if (!input.abuseKillSwitchReady)
+        reasons.push("abuse_kill_switch_missing");
+    if (!input.telemetrySafe)
+        reasons.push("safe_telemetry_missing");
+    if (!input.uninstallDeletionTested)
+        reasons.push("uninstall_deletion_proof_missing");
+    if (!input.rollbackTested)
+        reasons.push("rollback_test_missing");
+    if (!input.incidentOwnerRecorded)
+        reasons.push("incident_owner_missing");
+    if (!input.supportPathReady)
+        reasons.push("support_path_missing");
+    if (!input.betaSmokePassed)
+        reasons.push("beta_smoke_missing");
+    if (!input.avoidsAuditClaims)
+        reasons.push("audit_claims_not_blocked");
+    if (!input.noRawSourceStorage)
+        reasons.push("raw_source_storage_blocked");
+    if (!input.noRawDiffStorage)
+        reasons.push("raw_diff_storage_blocked");
+    if (!input.noPrTextStorage)
+        reasons.push("pr_text_storage_blocked");
+    if (!Number.isFinite(input.maxReposPerInstallation) || input.maxReposPerInstallation > MAX_BETA_REPOS_PER_INSTALLATION) {
+        reasons.push("repo_limit_too_high");
+    }
+    if (!Number.isFinite(input.maxConcurrentScans) || input.maxConcurrentScans > MAX_BETA_CONCURRENT_SCANS) {
+        reasons.push("concurrency_limit_too_high");
+    }
+    return reasons;
+}
+function teamLaunchBlockedReasons(input) {
+    const reasons = [];
+    if (!input.hostedBetaGatePassed)
+        reasons.push("hosted_beta_gate_missing");
+    if (!input.orgPolicyConfigReady)
+        reasons.push("org_policy_config_missing");
+    if (!input.requiredStatusCheckDocumented)
+        reasons.push("required_status_check_docs_missing");
+    if (!input.suppressionAuditReady)
+        reasons.push("suppression_audit_missing");
+    if (!input.reviewerChecklistReady)
+        reasons.push("reviewer_checklist_missing");
+    if (!input.releaseEvidenceExportReady)
+        reasons.push("release_evidence_export_missing");
+    if (!input.teamDocsReady)
+        reasons.push("team_docs_missing");
+    if (!input.adminBypassDocumented)
+        reasons.push("admin_bypass_docs_missing");
+    if (!input.retentionPolicyDocumented)
+        reasons.push("retention_policy_docs_missing");
+    if (!input.noCommercialBillingEnabled)
+        reasons.push("commercial_billing_enabled_too_early");
+    return reasons;
+}

package/docs/README.zh-CN.md

@@ -213,18 +213,18 @@ node dist/cli.js scan --root /path/to/your-saas
 
 这个仓库是公开 GitHub 仓库。
 
-CLI 已发布到 npm：`ai-saas-guard@0.42.0`。GitHub Action 支持 `v0` 浮动标签，也支持固定版本标签，例如 `v0.42.0`。
+CLI 已发布到 npm：`ai-saas-guard@0.43.0`。GitHub Action 支持 `v0` 浮动标签，也支持固定版本标签，例如 `v0.43.0`。
 
 | 模块 | 状态 |
 | --- | --- |
 | 公开 GitHub 仓库 | 已可用 |
-| npm CLI | `ai-saas-guard@0.42.0` |
-| GitHub Action | `zr9959/ai-saas-guard@v0` 或固定标签 `v0.42.0` |
+| npm CLI | `ai-saas-guard@0.43.0` |
+| GitHub Action | `zr9959/ai-saas-guard@v0` 或固定标签 `v0.43.0` |
 | 输出格式 | 上线决策队列、短 summary、Terminal、JSON、SARIF 和 PR markdown |
 | 项目配置 | `.ai-saas-guard.json` 支持规则开关、severity 覆盖、suppressions 和 fail threshold |
 | 隐私模型 | 本地优先、只读扫描、不调用 LLM、不上传代码 |
-| 当前版本 | `0.42.0` 增加统一的 Phase 3 source-checkout trial gate，把 plan、stage evidence、scan proof、live smoke、rollback、monitoring 和 incident owner proof 合并成进入 hosted beta 前的机器可判定门槛 |
-| Action 标签 | `v0.42.0`、`v0` |
+| 当前版本 | `0.43.0` 增加商业化前的 Phase 4 hosted beta readiness gate 和 Phase 5 team launch gate，同时继续保持 billing disabled |
+| Action 标签 | `v0.43.0`、`v0` |
 | npm 发布 | GitHub Actions Trusted Publisher/OIDC，无需长期 npm token |
 | 仓库可信度加固 | 严格 branch protection、Dependabot、CodeQL、fast-check fuzzing、signed release provenance assets、private vulnerability reporting、secret scanning 和 push protection |
 | Cloudflare hosted ingress | 已部署到 `https://ai-saas-guard-hosted.zr9959.workers.dev`；安装和隐私说明见 [hosted-install-privacy.md](hosted-install-privacy.md)；提供 `/github/app/install-info`，签名 GitHub App webhook delivery、compact Check Run 和 installation cleanup staging smoke 已通过 |
@@ -385,6 +385,8 @@ GitHub Marketplace wrapper 决策见 [docs/github-marketplace-wrapper-decision.m
 
 下一步 hosted source checkout 仍然要保持窄边界：把现有 read-only checkout worker 放到同一个 selected-repository identity 后面，继续固定 `pr-risk --json` 命令，只把 compact findings 写入 Check Run，并在扩大 trial 前要求 deployed cleanup、log-boundary 和 rollback evidence。hosted worker export 现在包含 `createHostedSourceCheckoutTrialPlan`、`createHostedSourceCheckoutEvidence` 和 `evaluateHostedSourceCheckoutTrialGate`，用于在进入 Phase 4 beta 前统一检查 checkout start/end、token removal、CLI start/end、compact report write、Check Run write、cleanup status、live smoke、rollback、monitoring 和 incident owner proof。
 
+`ai-saas-guard/hosted/beta` export 新增 `evaluateHostedBetaReadinessGate` 和 `evaluateTeamLaunchGateReadiness`。这两个商业化前 gate 会阻止 hosted beta 在 selected-repository install limit、abuse control、安全 telemetry、uninstall deletion proof、rollback、support owner、beta smoke 和 no-audit-claim wording 不完整时开放；也会阻止 team use 在 org policy config、required status-check docs、suppression audit、reviewer checklist、release evidence export、retention docs 和 billing-disabled proof 不完整时推进。
+
 Hosted 安装、权限和隐私边界见 [hosted-install-privacy.md](hosted-install-privacy.md)：selected-repository 权限、支持的 GitHub 事件、Check Run 数据边界、卸载清理，以及为什么本地 CLI 仍然是私有/离线路径。
 
 相关文档：

package/docs/hosted-node-container-app.md

@@ -24,6 +24,11 @@ The package exports `ai-saas-guard/hosted/app` with:
 - `createHostedNodeCheckoutAppPlatform`
 - `planHostedNodeContainerDeployment`
 
+The package also exports `ai-saas-guard/hosted/beta` with:
+
+- `evaluateHostedBetaReadinessGate`
+- `evaluateTeamLaunchGateReadiness`
+
 The staging deployment planner in [hosted-staging-deployment.md](hosted-staging-deployment.md) composes this Node/container deployment plan with real provider references, hosted operational release-gate evidence, and GitHub App promotion gates.
 
 ## HTTP Ingress
@@ -134,6 +139,6 @@ It does not return:
 
 ## Current Status
 
-The repository can now instantiate a Node/container hosted app skeleton, route signed webhooks into the hosted service runtime, process one worker tick through adapters, compose the real read-only checkout scan runner behind a token-provider boundary, expose clamped worker safety budgets, validate provider adapter references before deployment, and evaluate one Phase 3 source-checkout trial gate through `evaluateHostedSourceCheckoutTrialGate`.
+The repository can now instantiate a Node/container hosted app skeleton, route signed webhooks into the hosted service runtime, process one worker tick through adapters, compose the real read-only checkout scan runner behind a token-provider boundary, expose clamped worker safety budgets, validate provider adapter references before deployment, evaluate one Phase 3 source-checkout trial gate through `evaluateHostedSourceCheckoutTrialGate`, and evaluate pre-commercial Phase 4/5 gates through `evaluateHostedBetaReadinessGate` and `evaluateTeamLaunchGateReadiness`.
 
-A public hosted environment still requires actual platform infrastructure, a public HTTPS webhook URL, platform secrets, durable queue/storage, worker sandboxing, GitHub Checks API credentials at runtime, monitoring, rollback, incident-response evidence, and a passing Phase 3 gate. Use [hosted-staging-deployment.md](hosted-staging-deployment.md) to plan and block staging exposure until those provider references and evidence exist.
+A public hosted environment still requires actual platform infrastructure, a public HTTPS webhook URL, platform secrets, durable queue/storage, worker sandboxing, GitHub Checks API credentials at runtime, monitoring, rollback, incident-response evidence, a passing Phase 3 gate, and a passing Phase 4 beta readiness gate. Team workflow rollout additionally requires the Phase 5 team launch gate. Use [hosted-staging-deployment.md](hosted-staging-deployment.md) to plan and block staging exposure until those provider references and evidence exist.

package/docs/hosted-operational-release-gate.md

@@ -192,6 +192,28 @@ The gate combines:
 
 It returns `readyForPhase4Beta: true` only when all four layers pass. Otherwise it returns safe blocked reasons and the next action: do not open hosted beta until the missing proof is rerun. The response must remain compact and privacy-safe: no raw source, raw diffs, checkout paths, installation tokens, public hosted scanner claim, private URLs, or PR-authored commands.
 
+### Phase 4 Hosted Beta Readiness Gate
+
+The v0.43 `ai-saas-guard/hosted/beta` export adds `evaluateHostedBetaReadinessGate`. This gate is pre-commercial. It does not enable billing, pricing, usage metering, or a marketplace listing.
+
+It returns `readyForPublicBeta: true` only when:
+
+- Phase 3 source-checkout trial gate already passed
+- installs remain selected-repository only
+- public install and privacy docs are ready
+- rate limits and an abuse kill switch are enabled
+- telemetry records only safe operational metadata
+- uninstall deletion, rollback, incident owner, support path, and beta smoke evidence exist
+- public wording avoids pentest, full-audit, and certification claims
+- raw source, raw diffs, PR-authored text, and installation tokens are not stored
+- repository and concurrency limits stay within the beta caps
+
+### Phase 5 Team Launch Gate
+
+The same export adds `evaluateTeamLaunchGateReadiness`. This gate is also pre-commercial. It exists so design partners can use the hosted launch gate in a team workflow before paid packaging exists.
+
+It returns `readyForTeamUse: true` only when the hosted beta gate passed and the team workflow has org policy config, required status-check documentation, suppression audit, reviewer checklist, release evidence export, team docs, admin-bypass documentation, retention documentation, and proof that commercial billing remains disabled.
+
 ### Log Boundary Evidence
 
 Before exposure, sample ingress, queue, worker, report, and Check Run logs for the release candidate. The sample may contain scan key, installation ID, repository ID, PR number, head SHA, scanner version, duration, summary counts, error class, and cleanup status.

package/docs/hosted-operations-evidence.md

@@ -10,6 +10,10 @@ Recorded on 2026-05-25 from the deployed Cloudflare Worker plus temporary GitHub
 
 | Check | Evidence | Result |
 | --- | --- | --- |
+| Cloudflare Worker health, v0.43.0 | `GET https://ai-saas-guard-hosted.zr9959.workers.dev/healthz` returned `ok: true`, routes including `/github/app/install-info`, `checkRunPublisher: "configured"`, `scannerVersion: "0.43.0"`, and all privacy flags set to false for raw payloads, PR text, source, diffs, secrets, customer payloads, checkout paths, and installation tokens | Passed |
+| Public install guidance, v0.43.0 | `GET https://ai-saas-guard-hosted.zr9959.workers.dev/github/app/install-info` returned the `ai-saas-guard-hosted` install URL, selected-repository boundary wording, first-slice permissions `checks: write`, `contents: read`, `metadata: read`, `pull_requests: read`, subscribed events `pull_request`, `installation`, and `installation_repositories`, uninstall cleanup wording, `scannerVersion: "0.43.0"`, and no private keys, webhook secrets, installation tokens, source, diffs, or customer payloads | Passed |
+| Deployed Worker version, v0.43.0 | `wrangler deploy` uploaded 38.57 KiB / gzip 9.86 KiB and deployed version `8744d3db-0114-4653-85e2-f1554ff1b26b` at `2026-05-25T14:00:03Z` verification time | Passed |
+| Real hosted PR smoke, v0.43.0 | `node scripts/hosted-pr-smoke.mjs --evidence-file /tmp/ai-saas-guard-hosted-smoke-v0.43.json` opened temporary PR `#91`, waited for Check Run `77724168740` on head SHA `6d62e52b243d657dd949b48c3333224905caa830`, received conclusion `success`, closed the PR, restored the original branch, deleted the local branch, and deleted 9 staging KV records with `remainingSmokeKeys: 0`; `gh pr view 91` returned `state: "CLOSED"`, `git ls-remote --heads origin codex/hosted-smoke-20260525140128` returned no remote branch, and `wrangler kv key list --namespace-id fa5344fbd7944de6a776bf8731d58460 --remote` returned `[]` after cleanup | Passed |
 | Cloudflare Worker health, v0.42.0 | `GET https://ai-saas-guard-hosted.zr9959.workers.dev/healthz` returned `ok: true`, routes including `/github/app/install-info`, `checkRunPublisher: "configured"`, `scannerVersion: "0.42.0"`, and all privacy flags set to false for raw payloads, PR text, source, diffs, secrets, customer payloads, checkout paths, and installation tokens | Passed |
 | Public install guidance, v0.42.0 | `GET https://ai-saas-guard-hosted.zr9959.workers.dev/github/app/install-info` returned the `ai-saas-guard-hosted` install URL, selected-repository boundary wording, first-slice permissions `checks: write`, `contents: read`, `metadata: read`, `pull_requests: read`, subscribed events `pull_request`, `installation`, and `installation_repositories`, uninstall cleanup wording, `scannerVersion: "0.42.0"`, and no private keys, webhook secrets, installation tokens, source, diffs, or customer payloads | Passed |
 | Deployed Worker version, v0.42.0 | `wrangler deploy` uploaded 38.57 KiB / gzip 9.86 KiB and deployed version `6de0811e-11bf-46a6-9b7b-cbecda409695` at `2026-05-25T13:40:11Z` verification time | Passed |

package/docs/npm-publishing.md

@@ -5,11 +5,11 @@
 ## Current State
 
 - Package name: `ai-saas-guard`
-- Current published version: `0.42.0`
+- Current published version: `0.43.0`
 - Next source candidate: none
 - npm registry state: published at <https://www.npmjs.com/package/ai-saas-guard>
 - First npm-published version: `0.1.1`
-- GitHub Release: `v0.42.0`
+- GitHub Release: `v0.43.0`
 - Publish workflow: `.github/workflows/npm-publish.yml`
 - Trusted Publisher: GitHub Actions, `zr9959/ai-saas-guard`, workflow `npm-publish.yml`, allowed action `npm publish`
 - Long-lived npm publish token: not required
@@ -18,7 +18,7 @@
 
 Use GitHub Actions with npm Trusted Publisher/OIDC:
 
-1. Create and review a release tag such as `v0.42.0`.
+1. Create and review a release tag such as `v0.43.0`.
 2. Publish from the GitHub Release or run the `Publish npm` workflow manually with `ref` set to that tag.
 3. Keep `permissions.id-token: write` in the workflow so npm can exchange the GitHub Actions OIDC identity for a short-lived publish credential.
 4. Run `npm publish --access public` from the workflow. Trusted publishing automatically generates provenance for this public package from this public repository.

package/hosted/cloudflare-worker/README.md

@@ -23,7 +23,7 @@ This Worker is a real hosted ingress with first-slice Check Run publishing code,
 - `HOSTED_EVENTS`: Cloudflare KV namespace for compact delivery and queued scan records.
 - `WEBHOOK_SECRET`: Worker secret matching the GitHub App webhook secret.
 - `GITHUB_APP_PRIVATE_KEY`: Worker secret for the staging GitHub App private key, used only in memory to sign short-lived GitHub App JWTs.
-- `SCANNER_VERSION`: public version string, currently `0.42.0`.
+- `SCANNER_VERSION`: public version string, currently `0.43.0`.
 - `GITHUB_APP_ID`, `GITHUB_APP_SLUG`, `GITHUB_APP_INSTALLATION_ID`: public staging identifiers for the private GitHub App installation.
 
 ## Deployment

package/hosted/cloudflare-worker/wrangler.jsonc

@@ -7,7 +7,7 @@
     "enabled": true
   },
   "vars": {
-    "SCANNER_VERSION": "0.42.0",
+    "SCANNER_VERSION": "0.43.0",
     "GITHUB_APP_ID": "3834787",
     "GITHUB_APP_SLUG": "ai-saas-guard-hosted",
     "GITHUB_APP_INSTALLATION_ID": "135085075"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-saas-guard",
-  "version": "0.42.0",
+  "version": "0.43.0",
   "description": "Local-first CLI that catches launch blockers in AI-built Next.js/Supabase/Stripe SaaS apps.",
   "readmeFilename": "README.md",
   "type": "module",
@@ -74,6 +74,10 @@
       "types": "./dist/hosted/deployed-staging.d.ts",
       "default": "./dist/hosted/deployed-staging.js"
     },
+    "./hosted/beta": {
+      "types": "./dist/hosted/beta.d.ts",
+      "default": "./dist/hosted/beta.js"
+    },
     "./hosted/worker": {
       "types": "./dist/hosted/worker.d.ts",
       "default": "./dist/hosted/worker.js"