ai-saas-guard 0.43.0 → 0.43.2

package/README.md

@@ -174,6 +174,19 @@ For a concise comparison with Semgrep, zizmor, OpenSSF Scorecard, Snyk, and GitH
 
 Choose the path by trust boundary: use the **Local CLI** when code must stay on your machine, the **GitHub Action** when you want repeatable CI evidence, and the **Hosted GitHub App** when reviewers need an automatic Check Run that groups auth, billing, tenant-data, deploy, and test-risk areas before merge.
 
+## Pre-Commercial Feedback
+
+`ai-saas-guard` is looking for privacy-safe design-partner feedback before any public hosted beta decision. The safest path is local:
+
+```bash
+npx --yes ai-saas-guard@latest demo --summary
+npx --yes ai-saas-guard@latest scan --root /path/to/your-low-risk-demo-repo --summary
+```
+
+Public-safe feedback belongs in [issue #93](https://github.com/zr9959/ai-saas-guard/issues/93): package version, path used, stack category, severity counts, rule IDs, what felt confusing/noisy/missing, and whether the report would change a launch or merge decision. Do not share source, raw diffs, PR text, logs, secrets, customer data, private URLs, checkout paths, or credentials.
+
+Downloads, stars, page views, anonymous comments, simulated scans, and internal assumptions do not count as design-partner evidence.
+
 ## Quick Start
 
 Run the published CLI without installing it globally:
@@ -235,20 +248,32 @@ The CLI is published on npm as `ai-saas-guard`, and the GitHub Action is availab
 | Area | Status |
 | --- | --- |
 | Public GitHub repository | Available |
-| npm CLI | `ai-saas-guard@0.43.0` |
-| GitHub Action | `zr9959/ai-saas-guard@v0` or fixed tag `v0.43.0` |
+| npm CLI | `ai-saas-guard@0.43.2` |
+| GitHub Action | `zr9959/ai-saas-guard@v0` or fixed tag `v0.43.2` |
 | Outputs | Launch decision queue, short summary, terminal, JSON, SARIF, and PR-focused markdown |
 | Project config | `.ai-saas-guard.json` rule toggles, severity overrides, suppressions, and fail thresholds |
 | Privacy model | Local-first, read-only scan commands, no LLM calls, no code upload |
-| Versioned Action tags | `v0.43.0`, `v0` |
-| Current release | `0.43.0` adds pre-commercial hosted gates for Phase 4 beta readiness and Phase 5 team launch readiness while keeping billing disabled |
+| Versioned Action tags | `v0.43.2`, `v0` |
+| Current release | `0.43.2` fixes hosted cleanup observability, scoped smoke KV cleanup, shallow-history PR diff fallback, Check Run Markdown escaping, and local scan coverage diagnostics while keeping billing disabled |
 | npm publishing | Trusted Publisher/OIDC, no long-lived publish token |
 | Repository trust hardening | Strict branch protection, Dependabot, CodeQL, fast-check fuzzing, signed release provenance assets, private vulnerability reporting, secret scanning, and push protection |
 | Cloudflare hosted ingress | Deployed at `https://ai-saas-guard-hosted.zr9959.workers.dev`; public install/privacy notes are in [docs/hosted-install-privacy.md](docs/hosted-install-privacy.md); signed GitHub App webhook delivery and compact Check Run smoke now pass in staging |
 | Hosted GitHub App staging | Private App `ai-saas-guard-hosted` (`3834787`) installed on `zr9959/ai-saas-guard`; hosted operations evidence is in [docs/hosted-operations-evidence.md](docs/hosted-operations-evidence.md) |
+| Public beta readiness | Blocked on real design-partner feedback, deployed source-checkout proof, full GitHub App deletion proof, and provider monitoring evidence for the source-checkout path |
 | OpenSSF Best Practices | Passing badge, project `12955`; `.bestpractices.json` remains the conservative evidence record |
 | Previous roadmap | v0.36.0 plan is tracked in [docs/v0.36-roadmap.md](docs/v0.36-roadmap.md) |
 
+## Related TIYBAI Tools
+
+Built by [TIYBAI](https://www.tiybai.com/), `ai-saas-guard` stays focused on launch-risk review for AI-built SaaS apps. These adjacent TIYBAI pages are useful for developer workflows without turning this project into a broad cross-promotion surface:
+
+- [TIYBAI Toolbox](https://www.tiybai.com/en/tools) for browser-based utilities that do not require installing a separate desktop app.
+- [JSON Formatter](https://www.tiybai.com/en/tools/developer/json-formatter) for checking structured API responses and config snippets.
+- [JWT Decoder](https://www.tiybai.com/en/tools/developer/jwt-decoder) for inspecting token claims during auth review.
+- [URL Encoder / Decoder](https://www.tiybai.com/en/tools/developer/url-encoder) for checking callback URLs, webhook URLs, and encoded query strings.
+- [AI Metadata Generator](https://www.tiybai.com/en/tools/ai/metadata-generator) for preparing public page metadata before launch.
+- [PageStow](https://plugin.tiybai.com/) for saving browser context, sessions, notes, and tasks locally in Chrome.
+
 ## Example Finding
 
 Terminal output is designed to be useful to a reviewer, not just a scanner dashboard.
@@ -425,7 +450,7 @@ Use `suppressions` for narrower false-positive handling when one rule is noisy o
 
 ## GitHub Action
 
-The repo includes a composite Action. Use `v0` for the latest compatible pre-1.0 Action, a specific release tag such as `v0.43.0` for controlled upgrades, or pin a reviewed commit SHA for stricter supply-chain control:
+The repo includes a composite Action. Use `v0` for the latest compatible pre-1.0 Action, a specific release tag such as `v0.43.2` for controlled upgrades, or pin a reviewed commit SHA for stricter supply-chain control:
 
 ```yaml
 name: ai-saas-guard

package/action.yml

@@ -12,7 +12,7 @@ inputs:
     required: false
     default: ${{ github.workspace }}
   format:
-    description: "Output format: terminal, json, sarif, or markdown. Use markdown for PR summaries and sarif for code scanning."
+    description: "Output format: terminal, json, sarif, markdown, or summary. Use summary for first-run CLI output, markdown for PR summaries, and sarif for code scanning."
     required: false
     default: terminal
   fail-on:
@@ -67,7 +67,7 @@ runs:
         esac
 
         case "${INPUT_FORMAT}" in
-          terminal|json|sarif|markdown) ;;
+          terminal|json|sarif|markdown|summary) ;;
           *)
             echo "Invalid format input: ${INPUT_FORMAT}" >&2
             exit 2
@@ -100,6 +100,8 @@ runs:
           args+=("--sarif")
         elif [ "${INPUT_FORMAT}" = "markdown" ]; then
           args+=("--markdown")
+        elif [ "${INPUT_FORMAT}" = "summary" ]; then
+          args+=("--summary")
         fi
 
         if [ "${INPUT_FAIL_ON}" != "none" ]; then

package/dist/commands/scan.js

@@ -8,13 +8,15 @@ import { scanNextPublicEnv, scanSecrets } from "../scanners/secrets.js";
 import { scanSilentSuccess } from "../scanners/silentSuccess.js";
 import { checkStripe } from "../scanners/stripe.js";
 import { checkSupabase } from "../scanners/supabase.js";
+import { detectStackInventory } from "../stackInventory.js";
 export async function scanRepository(options) {
     const context = await createScanContext(options.rootDir);
+    const stackInventory = await detectStackInventory(context);
     const [secretFindings, nextPublicFindings, stripeReport, supabaseReport, mcpReport, apiFindings, deployFindings, silentSuccessFindings, actionsReport] = await Promise.all([
         scanSecrets(context),
         scanNextPublicEnv(context),
         checkStripe(context),
-        checkSupabase(context),
+        stackInventory.databases.includes("supabase") ? checkSupabase(context) : createSkippedSupabaseReport(context.rootDir),
         checkMcp(context),
         scanApiRoutes(context),
         scanDeployConfig(context),
@@ -31,5 +33,17 @@ export async function scanRepository(options) {
         ...deployFindings,
         ...silentSuccessFindings,
         ...actionsReport.findings
-    ]), {});
+    ]), { stackInventory, fileCollection: context.fileCollection });
+}
+function createSkippedSupabaseReport(rootDir) {
+    return createReport("check-supabase", rootDir, [], {
+        riskyTables: [],
+        riskyPolicies: [],
+        manualAuthorizationTest: [],
+        doctor: {
+            staticChecks: [],
+            twoAccountVerificationSteps: [],
+            sqlCookbook: []
+        }
+    });
 }

package/dist/context.d.ts

@@ -1,8 +1,9 @@
-import { type TextFile } from "./utils/files.js";
+import { type FileCollectionDiagnostics, type TextFile } from "./utils/files.js";
 export interface ScanContext {
     rootDir: string;
     files: readonly TextFile[];
     filesByPath: ReadonlyMap<string, TextFile>;
+    fileCollection: FileCollectionDiagnostics;
     getFiles: (predicate?: (file: TextFile) => boolean) => TextFile[];
 }
 export type ScanInput = string | ScanContext;

package/dist/context.js

@@ -1,11 +1,13 @@
-import { collectTextFiles } from "./utils/files.js";
+import { collectTextFilesWithDiagnostics } from "./utils/files.js";
 export async function createScanContext(rootDir) {
-    const files = await collectTextFiles(rootDir);
+    const collection = await collectTextFilesWithDiagnostics(rootDir);
+    const { files } = collection;
     const filesByPath = new Map(files.map((file) => [file.path, file]));
     return {
         rootDir,
         files,
         filesByPath,
+        fileCollection: collection.diagnostics,
         getFiles(predicate) {
             return predicate ? files.filter(predicate) : [...files];
         }

package/dist/hosted/contracts.js

@@ -477,7 +477,7 @@ export function createCompactHostedReport(input) {
 export function createHostedCheckRunSummary(input) {
     const { report } = input;
     const totalFindings = getHostedReportFindingTotal(report);
-    const localCliCommand = `npx ai-saas-guard@${report.scannerVersion} pr-risk --root .`;
+    const localCliCommand = `npx ai-saas-guard@${report.scannerVersion} pr-risk --root . --base ${report.baseSha} --json`;
     const conclusion = resolveCheckRunConclusion(report, input.failOnSeverity);
     const launchGate = hostedLaunchGateVerdict(report);
     return {

package/dist/hosted/production-adapters.js

@@ -6,6 +6,7 @@ export const HOSTED_GITHUB_APP_JWT_CLOCK_SKEW_SECONDS = 60;
 export const HOSTED_WORKER_MAX_TIMEOUT_MS = 600_000;
 export const HOSTED_WORKER_DEFAULT_TIMEOUT_MS = 300_000;
 export const HOSTED_WORKER_MAX_OUTPUT_BYTES = 1_048_576;
+const HOSTED_GITHUB_API_BASE_URL = "https://api.github.com";
 export function createHostedGitHubAppJwt(input) {
     const nowSeconds = normalizeUnixSeconds(input.nowSeconds, Math.floor(Date.now() / 1000));
     const ttlSeconds = clampPositiveInteger(input.ttlSeconds, HOSTED_GITHUB_APP_JWT_MAX_TTL_SECONDS, HOSTED_GITHUB_APP_JWT_MAX_TTL_SECONDS);
@@ -180,17 +181,71 @@ function safeApiUrlBlockedReasons(apiBaseUrl) {
     if (!apiBaseUrl) {
         return [];
     }
+    return safeGitHubApiBaseUrl(apiBaseUrl) ? [] : ["invalid_github_api_url"];
+}
+function normalizeApiBaseUrl(apiBaseUrl) {
+    return safeGitHubApiBaseUrl(apiBaseUrl) ?? HOSTED_GITHUB_API_BASE_URL;
+}
+function safeGitHubApiBaseUrl(apiBaseUrl) {
+    if (!apiBaseUrl) {
+        return undefined;
+    }
+    const trimmed = trimTrailingSlashes(apiBaseUrl.trim());
     try {
-        const url = new URL(apiBaseUrl);
-        return url.protocol === "https:" ? [] : ["invalid_github_api_url"];
+        const url = new URL(trimmed);
+        if (url.protocol !== "https:" ||
+            url.username ||
+            url.password ||
+            url.search ||
+            url.hash ||
+            !isRootPath(url.pathname) ||
+            isUnsafeHostedHostname(url.hostname)) {
+            return undefined;
+        }
+        return trimmed;
     }
     catch {
-        return ["invalid_github_api_url"];
+        return undefined;
     }
 }
-function normalizeApiBaseUrl(apiBaseUrl) {
-    const value = apiBaseUrl?.trim() || "https://api.github.com";
-    return trimTrailingSlashes(value);
+function isRootPath(pathname) {
+    return pathname === "" || pathname === "/";
+}
+function isUnsafeHostedHostname(hostname) {
+    const normalized = normalizeHostname(hostname);
+    return (normalized === "localhost" ||
+        normalized.endsWith(".localhost") ||
+        isUnsafeIpv4Hostname(normalized) ||
+        isUnsafeIpv6Hostname(normalized));
+}
+function normalizeHostname(hostname) {
+    const lower = hostname.toLowerCase().replace(/\.$/, "");
+    return lower.startsWith("[") && lower.endsWith("]") ? lower.slice(1, -1) : lower;
+}
+function isUnsafeIpv4Hostname(hostname) {
+    const parts = hostname.split(".");
+    if (parts.length !== 4 || !parts.every((part) => /^\d+$/.test(part)))
+        return false;
+    const octets = parts.map((part) => Number(part));
+    if (octets.some((octet) => !Number.isInteger(octet) || octet < 0 || octet > 255)) {
+        return false;
+    }
+    const [first, second] = octets;
+    return (first === 0 ||
+        first === 10 ||
+        first === 127 ||
+        (first === 169 && second === 254) ||
+        (first === 172 && second >= 16 && second <= 31) ||
+        (first === 192 && second === 168) ||
+        (first === 100 && second >= 64 && second <= 127) ||
+        first >= 224);
+}
+function isUnsafeIpv6Hostname(hostname) {
+    return (hostname === "::" ||
+        hostname === "::1" ||
+        hostname.startsWith("fc") ||
+        hostname.startsWith("fd") ||
+        hostname.startsWith("fe80:"));
 }
 function trimTrailingSlashes(value) {
     let end = value.length;

package/dist/hosted/staging-harness.js

@@ -24,7 +24,6 @@ export function createFileBackedHostedStagingHarness(options) {
             const scanResult = typeof options.scanResult === "function"
                 ? await options.scanResult(input)
                 : options.scanResult;
-            await writeFile(join(sandboxPath, "source.ts"), scanResult.rawSource ?? "", "utf8");
             return scanResult;
         },
         now: options.now

package/dist/hosted/worker.d.ts

@@ -15,6 +15,7 @@ export interface HostedReadOnlyCheckoutCommandResult {
     stdout: string;
 }
 export type HostedReadOnlyCheckoutCommandRunner = (command: HostedReadOnlyCheckoutCommand) => Promise<HostedReadOnlyCheckoutCommandResult> | HostedReadOnlyCheckoutCommandResult;
+export type HostedCheckoutCleanup = (checkoutDir: string) => Promise<void> | void;
 export type HostedInstallationTokenProvider = (input: HostedServiceScanRunnerInput) => Promise<string> | string;
 export interface HostedReadOnlyCheckoutScanRunnerOptions {
     checkoutRoot?: string;
@@ -26,6 +27,7 @@ export interface HostedReadOnlyCheckoutScanRunnerOptions {
     maxOutputBytes?: number;
     installationTokenProvider: HostedInstallationTokenProvider;
     commandRunner?: HostedReadOnlyCheckoutCommandRunner;
+    cleanupCheckout?: HostedCheckoutCleanup;
 }
 export interface HostedSourceCheckoutTrialPlanInput {
     requestedAt: string;

package/dist/hosted/worker.js

@@ -258,13 +258,13 @@ export async function runHostedReadOnlyCheckoutScan(input, options) {
     const maxOutputBytes = clampPositiveInteger(options.maxOutputBytes, HOSTED_WORKER_MAX_OUTPUT_BYTES, HOSTED_WORKER_MAX_OUTPUT_BYTES);
     const fetchDepth = clampPositiveInteger(options.fetchDepth, DEFAULT_FETCH_DEPTH, MAX_FETCH_DEPTH);
     const checkoutRoot = options.checkoutRoot ?? join(tmpdir(), "ai-saas-guard-hosted-checkouts");
+    const cleanupCheckout = options.cleanupCheckout ?? defaultCleanupCheckout;
     const token = await options.installationTokenProvider(input);
     if (typeof token !== "string" || token.trim().length === 0) {
         throw new HostedReadOnlyCheckoutScanError("missing_installation_token");
     }
     await mkdir(checkoutRoot, { recursive: true, mode: 0o700 });
     const checkoutDir = await mkdtemp(join(checkoutRoot, "job-"));
-    let terminalError;
     try {
         await chmod(checkoutDir, 0o700);
         const askpassPath = join(checkoutDir, ".git-askpass.sh");
@@ -297,23 +297,23 @@ export async function runHostedReadOnlyCheckoutScan(input, options) {
         return compactScanRunnerResult(cliResult.stdout);
     }
     catch (error) {
-        terminalError =
-            error instanceof HostedReadOnlyCheckoutScanError
-                ? error
-                : new HostedReadOnlyCheckoutScanError("cli_scan_failed");
+        const terminalError = error instanceof HostedReadOnlyCheckoutScanError
+            ? error
+            : new HostedReadOnlyCheckoutScanError("cli_scan_failed");
         throw terminalError;
     }
     finally {
         try {
-            await rm(checkoutDir, { recursive: true, force: true });
+            await cleanupCheckout(checkoutDir);
         }
         catch {
-            if (!terminalError) {
-                throw new HostedReadOnlyCheckoutScanError("cleanup_failed");
-            }
+            throw new HostedReadOnlyCheckoutScanError("cleanup_failed");
         }
     }
 }
+async function defaultCleanupCheckout(checkoutDir) {
+    await rm(checkoutDir, { recursive: true, force: true });
+}
 function commandSpec(stage, command, args, cwd, env, timeoutMs, maxOutputBytes) {
     return {
         stage,

package/dist/index.d.ts

@@ -7,11 +7,14 @@ export { checkActions } from "./commands/checkActions.js";
 export { classifyPrRisk } from "./commands/prRisk.js";
 export { applyGuardConfig, defaultConfigFileName, loadGuardConfig } from "./config.js";
 export { createScanContext } from "./context.js";
+export { detectStackInventory } from "./stackInventory.js";
 export { getRuleMetadata, RULE_CATALOG } from "./rules/catalog.js";
 export { formatSummaryReport } from "./report/summary.js";
 export { createLocalScanResourceBudget } from "./performance.js";
 export type { BaseReport, CommandName, Evidence, Finding, ActionsReport, McpOptions, McpPolicyTemplate, McpReport, McpServerInventory, McpSideEffect, PrRiskFile, PrRiskReport, ScanOptions, ShowcaseReport, StripeReport, SupabaseOptions, SupabaseDoctorReport, SupabaseReport } from "./types.js";
 export type { ScanContext, ScanInput } from "./context.js";
+export type { StackCategory, StackEvidence, StackInventory, StackInventoryInput, StackInventoryWarning } from "./stackInventory.js";
+export type { FileCollectionDiagnostics, TextFile, TextFileCollection } from "./utils/files.js";
 export type { FindingSuppression, GuardConfig, RuleConfigValue } from "./config.js";
 export type { RuleMetadata, RuleStability } from "./rules/catalog.js";
 export type { LocalScanResourceBudget, LocalScanResourceBudgetInput } from "./performance.js";

package/dist/index.js

@@ -7,6 +7,7 @@ export { checkActions } from "./commands/checkActions.js";
 export { classifyPrRisk } from "./commands/prRisk.js";
 export { applyGuardConfig, defaultConfigFileName, loadGuardConfig } from "./config.js";
 export { createScanContext } from "./context.js";
+export { detectStackInventory } from "./stackInventory.js";
 export { getRuleMetadata, RULE_CATALOG } from "./rules/catalog.js";
 export { formatSummaryReport } from "./report/summary.js";
 export { createLocalScanResourceBudget } from "./performance.js";

package/dist/report/summary.js

@@ -8,6 +8,9 @@ export function formatSummaryReport(report) {
     lines.push(`Findings: ${summaryText(report)}`);
     lines.push(`Launch gate: ${launchGateVerdict(report)}`);
     lines.push(`Decision queue: ${launchDecisionQuestions(report.findings)[0]}`);
+    const scanCoverage = scanCoverageText(report);
+    if (scanCoverage)
+        lines.push(`Scan coverage: ${scanCoverage}`);
     if (report.findings.length > 0) {
         lines.push("Review trust-boundary findings before deploy/cost hygiene.");
     }
@@ -73,3 +76,43 @@ function summaryText(report) {
         return "0 findings";
     return `${report.summary.total} findings: ${report.summary.critical} critical, ${report.summary.high} high, ${report.summary.medium} medium, ${report.summary.low} low, ${report.summary.info} info`;
 }
+function scanCoverageText(report) {
+    const parts = [];
+    const collection = report.fileCollection;
+    if (collection) {
+        const unreadableFileCount = collection.unreadableFiles.length;
+        const unreadableDirectoryCount = collection.unreadableDirectories.length;
+        const skippedLargeCount = collection.skippedLargeFiles.length;
+        const skippedBudgetCount = collection.skippedBudgetFiles.length;
+        const hasCollectionWarning = unreadableFileCount > 0 ||
+            unreadableDirectoryCount > 0 ||
+            skippedLargeCount > 0 ||
+            skippedBudgetCount > 0 ||
+            collection.maxFilesReached ||
+            collection.maxTotalBytesReached;
+        if (hasCollectionWarning) {
+            parts.push(`${collection.filesScanned} ${plural(collection.filesScanned, "file")} scanned`);
+            if (unreadableFileCount > 0)
+                parts.push(`${unreadableFileCount} unreadable ${plural(unreadableFileCount, "file")}`);
+            if (unreadableDirectoryCount > 0) {
+                parts.push(`${unreadableDirectoryCount} unreadable ${plural(unreadableDirectoryCount, "directory", "directories")}`);
+            }
+            if (skippedLargeCount > 0)
+                parts.push(`${skippedLargeCount} large ${plural(skippedLargeCount, "file")} skipped`);
+            if (skippedBudgetCount > 0)
+                parts.push(`${skippedBudgetCount} budget-skipped ${plural(skippedBudgetCount, "file")}`);
+            if (collection.maxFilesReached)
+                parts.push("file count budget reached");
+            if (collection.maxTotalBytesReached)
+                parts.push("total byte budget reached");
+        }
+    }
+    const malformedPackageCount = report.stackInventory?.warnings.filter((warning) => warning.reason === "invalid_package_json").length ?? 0;
+    if (malformedPackageCount > 0) {
+        parts.push(`${malformedPackageCount} malformed package ${plural(malformedPackageCount, "manifest")}`);
+    }
+    return parts.length > 0 ? parts.join("; ") : undefined;
+}
+function plural(count, singular, pluralValue = `${singular}s`) {
+    return count === 1 ? singular : pluralValue;
+}

package/dist/rules/catalog.js

@@ -188,6 +188,13 @@ export const RULE_CATALOG = {
         why: "Login, checkout, upload, AI, and webhook routes are common abuse targets.",
         stability: "experimental"
     },
+    "api.route.provider-debug-exposed": {
+        ruleId: "api.route.provider-debug-exposed",
+        severity: "high",
+        title: "Provider debug endpoint exposes server-side credential probe",
+        why: "Public provider probe endpoints can spend quota, reveal integration state, or exercise server credentials without returning the token.",
+        stability: "default"
+    },
     "api.route.auth-without-ownership": {
         ruleId: "api.route.auth-without-ownership",
         severity: "high",

package/dist/scanners/apiRoutes.js

@@ -4,7 +4,9 @@ import { lineAt, lineNumberForIndex } from "../utils/files.js";
 const sensitiveRoutePattern = /(login|register|auth|checkout|stripe|webhook|upload|ai|generate|admin|password|reset|token)/i;
 const rateLimitPattern = /(rateLimit|ratelimit|rate-limit|throttle|limiter|upstash|slowDown)/i;
 const authPattern = /(auth|session|currentUser|getUser|jwt|cookies|authorization)/i;
-const ownershipPattern = /(user_id|owner_id|tenant_id|organization_id|workspace_id|resource\.user|resource\.owner|where\s*:\s*{[\s\S]{0,100}(user|owner|tenant))/i;
+const ownershipPattern = /(user_id|userId|owner_id|ownerId|tenant_id|tenantId|organization_id|organizationId|workspace_id|workspaceId|resource\.user|resource\.owner|req\.user(?:Id|\.id)|where\s*:\s*{[\s\S]{0,140}(user|owner|tenant|organization|workspace))/i;
+const providerDebugPathPattern = /(paypal|stripe|github|oauth|openai|anthropic|resend|sendgrid).*(token|config|status|test|probe|debug)|(token|config|status|test|probe|debug).*(paypal|stripe|github|oauth|openai|anthropic|resend|sendgrid)/i;
+const providerCredentialProbePattern = /(client_credentials|oauth2\/token|access_token|PAYPAL_SECRET|PAYPAL_CLIENT_SECRET|STRIPE_SECRET|GITHUB_APP_PRIVATE_KEY|OPENAI_API_KEY|ANTHROPIC_API_KEY|SENDGRID_API_KEY|RESEND_API_KEY)/i;
 export async function scanApiRoutes(input) {
     const files = (await resolveScanContext(input)).getFiles((file) => isApiRoute(file.path));
     const findings = [];
@@ -13,6 +15,7 @@ export async function scanApiRoutes(input) {
         const isSensitive = sensitiveRoutePattern.test(file.path) || sensitiveRoutePattern.test(file.content);
         findings.push(...scanClerkUnsafeMetadata(file.path, file.content));
         findings.push(...scanPrismaTenantScope(file.path, file.content));
+        findings.push(...scanProviderDebugEndpoint(file.path, file.content));
         if (isSensitive && hasPostOrMutation && !rateLimitPattern.test(file.content)) {
             findings.push(finding({
                 ruleId: "api.route.missing-rate-limit",
@@ -24,7 +27,11 @@ export async function scanApiRoutes(input) {
                 suggestedFix: "Add IP/user keyed rate limiting close to the route entry point, with stricter limits for auth, checkout, upload, AI, and webhook paths."
             }));
         }
-        if (authPattern.test(file.content) && /params\.|searchParams|get\(|findUnique|findFirst|update|delete/i.test(file.content) && !ownershipPattern.test(file.content)) {
+        if (authPattern.test(file.content) &&
+            /params\.|searchParams|get\(|findUnique|findFirst|update|delete/i.test(file.content) &&
+            !ownershipPattern.test(file.content) &&
+            !hasExplicitAdminGuard(file.content) &&
+            !hasBenignRouteClassification(file.path, file.content)) {
             findings.push(finding({
                 ruleId: "api.route.auth-without-ownership",
                 title: `API route checks auth but lacks an obvious ownership guard: ${file.path}`,
@@ -38,6 +45,48 @@ export async function scanApiRoutes(input) {
     }
     return uniqueFindings(findings);
 }
+function scanProviderDebugEndpoint(filePath, content) {
+    if (!/\bGET\b|export\s+async\s+function\s+GET/i.test(content))
+        return [];
+    if (!providerDebugPathPattern.test(filePath) && !providerDebugPathPattern.test(content))
+        return [];
+    if (!providerCredentialProbePattern.test(content))
+        return [];
+    if (hasExplicitAdminGuard(content))
+        return [];
+    return [
+        finding({
+            ruleId: "api.route.provider-debug-exposed",
+            title: `Public provider token or configuration probe endpoint: ${filePath}`,
+            severity: "high",
+            evidence: [{ file: filePath, line: firstLine(content, providerCredentialProbePattern), snippet: firstSnippet(content, providerCredentialProbePattern) }],
+            why: "A public debug endpoint can spend provider quota, reveal integration mode or configuration state, and exercise server-side credentials even when it does not return the token.",
+            suggestedVerification: "Call the route without a session in staging and confirm it cannot trigger provider authentication or reveal provider configuration state.",
+            suggestedFix: "Remove the endpoint before launch, or require admin authentication, add a dedicated rate limit, emit an audit log, and disable it in production."
+        })
+    ];
+}
+function hasExplicitAdminGuard(content) {
+    return /\b(requireAdmin|adminMiddleware|isAdmin|requireRole\s*\(\s*["']admin|role\s*[:=]\s*["']admin|router\.use\s*\([\s\S]{0,160}requireAdmin)/i.test(content);
+}
+function hasBenignRouteClassification(filePath, content) {
+    return isPublicReadOnlyContentRoute(filePath, content) || isInternalProxyRoute(filePath, content) || isScopedTokenRoute(content);
+}
+function isPublicReadOnlyContentRoute(filePath, content) {
+    if (/\b(POST|PUT|PATCH|DELETE)\b|export\s+async\s+function\s+(POST|PUT|PATCH|DELETE)/.test(content))
+        return false;
+    const publicContentSurface = /(\/|^)(content|seo|blog|article|articles|sitemap|robots|public)(\/|\.|-|$)/i.test(filePath);
+    const publicPredicate = /\b(published|public|isPublished|visibility)\s*:\s*(true|["']public["'])/i.test(content);
+    return publicContentSurface && publicPredicate;
+}
+function isInternalProxyRoute(filePath, content) {
+    const internalPath = /(\/|^)(internal|proxy|bff)(\/|\.|-|$)/i.test(filePath);
+    const hasServiceTokenGuard = /\b(INTERNAL_[A-Z0-9_]*TOKEN|SERVICE_[A-Z0-9_]*TOKEN|PROXY_[A-Z0-9_]*TOKEN|authorization\s*!==\s*`?Bearer)/i.test(content);
+    return internalPath && hasServiceTokenGuard;
+}
+function isScopedTokenRoute(content) {
+    return /\b(scopeToken|scopedToken|verifyAgentScopeToken|agentScope|scopes\s*:\s*\[|content-agent:[a-z-]+)/i.test(content);
+}
 function scanClerkUnsafeMetadata(filePath, content) {
     if (!/\b(@clerk\/|clerkClient|currentUser|auth\s*\()/i.test(content))
         return [];

package/dist/scanners/gitDiff.js

@@ -84,14 +84,28 @@ export async function classifyPrRisk(options) {
 }
 async function readGitDiff(rootDir, base) {
     if (base) {
+        const tripleDotArgs = ["diff", `${base}...HEAD`];
         try {
-            const { stdout } = await execFileAsync("git", ["diff", `${base}...HEAD`], { cwd: rootDir, maxBuffer: 20 * 1024 * 1024 });
+            const { stdout } = await execFileAsync("git", tripleDotArgs, { cwd: rootDir, maxBuffer: 20 * 1024 * 1024 });
             return { diffText: stdout, diagnostics: [] };
         }
         catch (error) {
+            if (isMergeBaseUnavailableError(error)) {
+                const directDiffArgs = ["diff", `${base}..HEAD`];
+                try {
+                    const { stdout } = await execFileAsync("git", directDiffArgs, { cwd: rootDir, maxBuffer: 20 * 1024 * 1024 });
+                    return { diffText: stdout, diagnostics: [] };
+                }
+                catch (fallbackError) {
+                    return {
+                        diffText: "",
+                        diagnostics: [buildGitDiffFailureFinding(rootDir, ["git", ...directDiffArgs], fallbackError, base)]
+                    };
+                }
+            }
             return {
                 diffText: "",
-                diagnostics: [buildGitDiffFailureFinding(rootDir, ["git", "diff", `${base}...HEAD`], error, base)]
+                diagnostics: [buildGitDiffFailureFinding(rootDir, ["git", ...tripleDotArgs], error, base)]
             };
         }
     }
@@ -146,6 +160,10 @@ function buildGitDiffFailureFinding(rootDir, command, error, base) {
         suggestedFix
     });
 }
+function isMergeBaseUnavailableError(error) {
+    const lowerError = getGitErrorText(error).toLowerCase();
+    return lowerError.includes("no merge base") || lowerError.includes("shallow");
+}
 function buildFetchCommand(base) {
     const remoteRef = /^([^/\s]+)\/(.+)$/.exec(base);
     if (remoteRef)

package/dist/scanners/mcp.js

@@ -248,7 +248,7 @@ function buildPolicyTemplate(servers) {
             "    decision: allow",
             "    reason: repo-local read scope",
             "  - match: { sideEffectClass: shell }",
-            "decision: deny",
+            "    decision: deny",
             "    reason: shell tools require explicit human approval before launch work"
         ],
         receiptFormat: [

package/dist/scanners/secrets.js

@@ -65,6 +65,8 @@ export async function scanSecrets(input) {
             secretPattern.pattern.lastIndex = 0;
             for (const match of file.content.matchAll(secretPattern.pattern)) {
                 const matchedText = match[0] ?? "";
+                if (isObviousPlaceholderSecret(file.path, matchedText))
+                    continue;
                 const line = lineNumberForIndex(file.content, match.index ?? 0);
                 findings.push(finding({
                     ruleId: "secrets.detected",
@@ -87,6 +89,15 @@ export async function scanSecrets(input) {
     }
     return findings;
 }
+function isObviousPlaceholderSecret(filePath, matchedText) {
+    const lowerPath = filePath.toLowerCase();
+    const lower = matchedText.toLowerCase();
+    const isExampleFile = /(^|\/)(\.env\.example|\.env\.sample|example\.env|sample\.env)$/.test(lowerPath) || lowerPath.includes("/examples/");
+    const hasPlaceholderValue = /\b(your|replace[-_]?me|placeholder|example|sample|dummy|fake|test[-_]?token|do[-_]?not[-_]?use|changeme)\b/i.test(lower) ||
+        /<[^>\n]*(key|secret|token|password|client)[^>\n]*>/i.test(matchedText) ||
+        /\b(?:1x|2x)0{10,}[A-Za-z0-9_-]*\b/.test(matchedText);
+    return hasPlaceholderValue && (isExampleFile || !/sk_(?:live|test)_|gh[pousr]_|-----BEGIN|SUPABASE_SERVICE_ROLE_KEY\s*=\s*eyJ/i.test(matchedText));
+}
 export async function scanNextPublicEnv(input) {
     const files = (await resolveScanContext(input)).files;
     const findings = [];

package/dist/scanners/supabase.js

@@ -5,6 +5,15 @@ const sensitiveTablePattern = /\b(user|account|profile|team|tenant|project|order
 const ownershipColumnPattern = /\b(user_id|owner_id|tenant_id|account_id|organization_id|workspace_id|created_by)\b/i;
 export async function checkSupabase(input, options = {}) {
     const context = await resolveScanContext(input);
+    const doctor = buildDoctorReport(options.doctor ?? true);
+    if (!hasSupabaseContext(context.files)) {
+        return createReport("check-supabase", context.rootDir, [], {
+            riskyTables: [],
+            riskyPolicies: [],
+            manualAuthorizationTest: [],
+            doctor
+        });
+    }
     const files = context.getFiles((file) => {
         const path = file.path.toLowerCase();
         return path.includes("supabase") || path.includes("migration") || path.endsWith(".sql") || path.endsWith(".prisma");
@@ -129,7 +138,6 @@ export async function checkSupabase(input, options = {}) {
         }
     }
     findings.push(...buildDoctorFindings(files, tables, rlsEnabledTables, policies));
-    const doctor = buildDoctorReport(options.doctor ?? true);
     return createReport("check-supabase", context.rootDir, uniqueFindings(findings), {
         riskyTables: [...new Set(tables.filter((table) => table.sensitive && !rlsEnabledTables.has(table.name)).map((table) => table.name))],
         riskyPolicies,
@@ -143,6 +151,16 @@ export async function checkSupabase(input, options = {}) {
         doctor
     });
 }
+function hasSupabaseContext(files) {
+    return files.some((file) => {
+        const path = file.path.toLowerCase();
+        if (path.includes("supabase"))
+            return true;
+        if (path === "package.json" && /@supabase\/supabase-js|supabase/i.test(file.content))
+            return true;
+        return /\bfrom\s+["']@supabase\/|create\s+policy\b|enable\s+row\s+level\s+security|auth\.uid\s*\(|storage\.objects/i.test(file.content);
+    });
+}
 function buildDoctorFindings(files, tables, rlsEnabledTables, policies) {
     const findings = [];
     const policiesByTable = new Map();