sapper-ai 0.5.0 → 0.6.0

package/dist/scan.d.ts

@@ -1,5 +1,6 @@
 export interface ScanOptions {
     targets?: string[];
+    policyPath?: string;
     fix?: boolean;
     deep?: boolean;
     system?: boolean;
@@ -14,10 +15,16 @@ export interface ScanResult {
     scope: string;
     target: string;
     ai: boolean;
+    filters: {
+        configLikeOnly: boolean;
+    };
     summary: {
         totalFiles: number;
+        eligibleFiles: number;
         scannedFiles: number;
         skippedFiles: number;
+        skippedNotEligible: number;
+        skippedEmptyOrUnreadable: number;
         threats: number;
     };
     findings: Array<{
@@ -30,6 +37,12 @@ export interface ScanResult {
         snippet: string;
         detectors: string[];
         aiAnalysis: string | null;
+        ruleMatches: Array<{
+            label: string;
+            severity: 'high' | 'medium';
+            matchText: string;
+            context: string;
+        }>;
     }>;
 }
 export declare function runScan(options?: ScanOptions): Promise<number>;

package/dist/scan.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../src/scan.ts"],"names":[],"mappings":"AAoBA,MAAM,WAAW,WAAW;IAC1B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAA;IAClB,GAAG,CAAC,EAAE,OAAO,CAAA;IACb,IAAI,CAAC,EAAE,OAAO,CAAA;IACd,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,EAAE,CAAC,EAAE,OAAO,CAAA;IACZ,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,MAAM,CAAC,EAAE,OAAO,CAAA;CACjB;AAeD,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,KAAK,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,MAAM,CAAA;IACd,EAAE,EAAE,OAAO,CAAA;IACX,OAAO,EAAE;QACP,UAAU,EAAE,MAAM,CAAA;QAClB,YAAY,EAAE,MAAM,CAAA;QACpB,YAAY,EAAE,MAAM,CAAA;QACpB,OAAO,EAAE,MAAM,CAAA;KAChB,CAAA;IACD,QAAQ,EAAE,KAAK,CAAC;QACd,QAAQ,EAAE,MAAM,CAAA;QAChB,IAAI,EAAE,MAAM,CAAA;QACZ,UAAU,EAAE,MAAM,CAAA;QAClB,MAAM,EAAE,MAAM,CAAA;QACd,QAAQ,EAAE,MAAM,EAAE,CAAA;QAClB,OAAO,EAAE,MAAM,EAAE,CAAA;QACjB,OAAO,EAAE,MAAM,CAAA;QACf,SAAS,EAAE,MAAM,EAAE,CAAA;QACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;KAC1B,CAAC,CAAA;CACH;AAqYD,wBAAsB,OAAO,CAAC,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,MAAM,CAAC,CAyPxE"}
+{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../src/scan.ts"],"names":[],"mappings":"AAqBA,MAAM,WAAW,WAAW;IAC1B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAA;IAClB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,GAAG,CAAC,EAAE,OAAO,CAAA;IACb,IAAI,CAAC,EAAE,OAAO,CAAA;IACd,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,EAAE,CAAC,EAAE,OAAO,CAAA;IACZ,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,MAAM,CAAC,EAAE,OAAO,CAAA;CACjB;AAgBD,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,KAAK,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,MAAM,CAAA;IACd,EAAE,EAAE,OAAO,CAAA;IACX,OAAO,EAAE;QACP,cAAc,EAAE,OAAO,CAAA;KACxB,CAAA;IACD,OAAO,EAAE;QACP,UAAU,EAAE,MAAM,CAAA;QAClB,aAAa,EAAE,MAAM,CAAA;QACrB,YAAY,EAAE,MAAM,CAAA;QACpB,YAAY,EAAE,MAAM,CAAA;QACpB,kBAAkB,EAAE,MAAM,CAAA;QAC1B,wBAAwB,EAAE,MAAM,CAAA;QAChC,OAAO,EAAE,MAAM,CAAA;KAChB,CAAA;IACD,QAAQ,EAAE,KAAK,CAAC;QACd,QAAQ,EAAE,MAAM,CAAA;QAChB,IAAI,EAAE,MAAM,CAAA;QACZ,UAAU,EAAE,MAAM,CAAA;QAClB,MAAM,EAAE,MAAM,CAAA;QACd,QAAQ,EAAE,MAAM,EAAE,CAAA;QAClB,OAAO,EAAE,MAAM,EAAE,CAAA;QACjB,OAAO,EAAE,MAAM,CAAA;QACf,SAAS,EAAE,MAAM,EAAE,CAAA;QACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;QACzB,WAAW,EAAE,KAAK,CAAC;YACjB,KAAK,EAAE,MAAM,CAAA;YACb,QAAQ,EAAE,MAAM,GAAG,QAAQ,CAAA;YAC3B,SAAS,EAAE,MAAM,CAAA;YACjB,OAAO,EAAE,MAAM,CAAA;SAChB,CAAC,CAAA;KACH,CAAC,CAAA;CACH;AAgcD,wBAAsB,OAAO,CAAC,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,MAAM,CAAC,CAkRxE"}

package/dist/scan.js

@@ -34,13 +34,12 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.runScan = runScan;
-const node_fs_1 = require("node:fs");
 const promises_1 = require("node:fs/promises");
 const node_os_1 = require("node:os");
 const node_path_1 = require("node:path");
 const core_1 = require("@sapper-ai/core");
 const presets_1 = require("./presets");
-const CONFIG_FILE_NAMES = ['sapperai.config.yaml', 'sapperai.config.yml'];
+const repoRoot_1 = require("./utils/repoRoot");
 const GREEN = '\x1b[32m';
 const YELLOW = '\x1b[33m';
 const RED = '\x1b[31m';
@@ -55,21 +54,18 @@ const SYSTEM_SCAN_PATHS = (() => {
         (0, node_path_1.join)(home, 'Library', 'Application Support', 'Claude'),
     ];
 })();
-function findConfigFile(cwd) {
-    for (const name of CONFIG_FILE_NAMES) {
-        const fullPath = (0, node_path_1.resolve)(cwd, name);
-        if ((0, node_fs_1.existsSync)(fullPath)) {
-            return fullPath;
-        }
+function resolvePolicy(cwd, options) {
+    const manager = new core_1.PolicyManager();
+    const explicitPath = options.policyPath ?? process.env.SAPPERAI_POLICY_PATH;
+    if (explicitPath) {
+        return manager.loadFromFile(explicitPath);
     }
-    return null;
-}
-function resolvePolicy(cwd) {
-    const configPath = findConfigFile(cwd);
-    if (!configPath) {
+    const repoRoot = (0, repoRoot_1.findRepoRoot)(cwd);
+    const resolved = (0, core_1.resolvePolicyPath)({ repoRoot, homeDir: (0, node_os_1.homedir)() });
+    if (!resolved) {
         return { ...presets_1.presets.standard.policy };
     }
-    return new core_1.PolicyManager().loadFromFile(configPath);
+    return manager.loadFromFile(resolved.path);
 }
 function getThresholds(policy) {
     const extended = policy;
@@ -231,11 +227,11 @@ async function readFileIfPresent(filePath) {
 }
 async function scanFile(filePath, policy, scanner, detectors, fix, quarantineManager) {
     if (!(0, core_1.isConfigLikeFile)(filePath)) {
-        return { scanned: false };
+        return { scanned: false, skipReason: 'not_eligible' };
     }
     const raw = await readFileIfPresent(filePath);
     if (raw === null || raw.trim().length === 0) {
-        return { scanned: false };
+        return { scanned: false, skipReason: 'empty_or_unreadable' };
     }
     const fileSurface = (0, core_1.normalizeSurfaceText)(raw);
     const targetType = (0, core_1.classifyTargetType)(filePath);
@@ -243,6 +239,11 @@ async function scanFile(filePath, policy, scanner, detectors, fix, quarantineMan
         {
             id: `${targetType}:${(0, core_1.buildEntryName)(filePath)}`,
             surface: fileSurface,
+            meta: {
+                scanSource: 'file_surface',
+                sourcePath: filePath,
+                sourceType: targetType,
+            },
         },
     ];
     if (filePath.endsWith('.json')) {
@@ -250,7 +251,15 @@ async function scanFile(filePath, policy, scanner, detectors, fix, quarantineMan
             const parsed = JSON.parse(raw);
             const mcpTargets = (0, core_1.collectMcpTargetsFromJson)(filePath, parsed);
             for (const t of mcpTargets) {
-                targets.push({ id: `${t.type}:${t.name}`, surface: t.surface });
+                targets.push({
+                    id: `${t.type}:${t.name}`,
+                    surface: t.surface,
+                    meta: {
+                        scanSource: 'file_surface',
+                        sourcePath: t.source,
+                        sourceType: t.type,
+                    },
+                });
             }
         }
         catch {
@@ -259,7 +268,7 @@ async function scanFile(filePath, policy, scanner, detectors, fix, quarantineMan
     let bestDecision = null;
     let bestThreat = null;
     for (const target of targets) {
-        const decision = await scanner.scanTool(target.id, target.surface, policy, detectors);
+        const decision = await scanner.scanTool(target.id, target.surface, policy, detectors, target.meta);
         if (!bestDecision || decision.risk > bestDecision.risk) {
             bestDecision = decision;
         }
@@ -299,6 +308,37 @@ function extractPatternsFromReasons(reasons) {
 function toDetectorsList(decision) {
     return uniq(decision.evidence.map((e) => e.detectorId));
 }
+function extractRuleMatches(decision) {
+    const evidence = Array.isArray(decision.evidence) ? decision.evidence : [];
+    const output = evidence.find((e) => e && e.detectorId === 'rules');
+    if (!output || !output.evidence || typeof output.evidence !== 'object') {
+        return [];
+    }
+    const maybeMatches = output.evidence.matches;
+    if (!Array.isArray(maybeMatches)) {
+        return [];
+    }
+    const results = [];
+    for (const m of maybeMatches) {
+        if (!m || typeof m !== 'object')
+            continue;
+        const match = m;
+        const label = typeof match.label === 'string' ? match.label : '';
+        const severity = match.severity === 'high' ? 'high' : 'medium';
+        const matchText = typeof match.matchText === 'string' ? match.matchText : '';
+        const context = typeof match.context === 'string'
+            ? match.context
+            : typeof match.sample === 'string'
+                ? match.sample
+                : '';
+        if (!label || !matchText)
+            continue;
+        results.push({ label, severity, matchText, context });
+        if (results.length >= 24)
+            break;
+    }
+    return results;
+}
 function truncateSnippet(text, maxChars) {
     if (text.length <= maxChars) {
         return text;
@@ -313,6 +353,7 @@ async function buildScanResult(params) {
         const reasons = f.decision.reasons;
         const patterns = extractPatternsFromReasons(reasons);
         const detectors = toDetectorsList(f.decision);
+        const ruleMatches = extractRuleMatches(f.decision);
         return {
             filePath: f.filePath,
             risk: f.decision.risk,
@@ -323,6 +364,7 @@ async function buildScanResult(params) {
             snippet,
             detectors,
             aiAnalysis: f.aiAnalysis ?? null,
+            ruleMatches,
         };
     }));
     return {
@@ -331,10 +373,16 @@ async function buildScanResult(params) {
         scope: params.scope,
         target: params.target,
         ai: params.ai,
+        filters: {
+            configLikeOnly: true,
+        },
         summary: {
             totalFiles: params.totalFiles,
+            eligibleFiles: params.eligibleFiles,
             scannedFiles: params.scannedFiles,
             skippedFiles: params.skippedFiles,
+            skippedNotEligible: params.skippedNotEligible,
+            skippedEmptyOrUnreadable: params.skippedEmptyOrUnreadable,
             threats: params.threats,
         },
         findings,
@@ -342,7 +390,7 @@ async function buildScanResult(params) {
 }
 async function runScan(options = {}) {
     const cwd = process.cwd();
-    const policy = resolvePolicy(cwd);
+    const policy = resolvePolicy(cwd, { policyPath: options.policyPath });
     const fix = options.fix === true;
     const aiEnabled = options.ai === true;
     let llmConfig = null;
@@ -384,6 +432,8 @@ async function runScan(options = {}) {
     }
     const files = Array.from(fileSet).sort();
     console.log(`  Collecting files...  ${files.length} files found`);
+    const eligibleByName = files.filter((f) => (0, core_1.isConfigLikeFile)(f)).length;
+    console.log(`  Filter: config-like only (${eligibleByName} eligible / ${files.length} total)`);
     console.log();
     if (aiEnabled) {
         console.log('  Phase 1/2: Rules scan');
@@ -391,6 +441,9 @@ async function runScan(options = {}) {
     }
     const scannedFindings = [];
     let scannedFiles = 0;
+    let eligibleFiles = 0;
+    let skippedNotEligible = 0;
+    let skippedEmptyOrUnreadable = 0;
     const total = files.length;
     const progressWidth = Math.max(10, Math.min(30, (process.stdout.columns ?? 80) - 30));
     for (let i = 0; i < files.length; i += 1) {
@@ -408,6 +461,15 @@ async function runScan(options = {}) {
             }
         }
         const result = await scanFile(filePath, policy, scanner, detectors, fix, quarantineManager);
+        if (result.skipReason === 'not_eligible') {
+            skippedNotEligible += 1;
+            continue;
+        }
+        eligibleFiles += 1;
+        if (result.skipReason === 'empty_or_unreadable') {
+            skippedEmptyOrUnreadable += 1;
+            continue;
+        }
         if (result.scanned && result.decision) {
             scannedFiles += 1;
             scannedFindings.push({ filePath, decision: result.decision, quarantinedId: result.quarantinedId });
@@ -454,7 +516,11 @@ async function runScan(options = {}) {
                     const surface = (0, core_1.normalizeSurfaceText)(raw);
                     const targetType = (0, core_1.classifyTargetType)(finding.filePath);
                     const id = `${targetType}:${(0, core_1.buildEntryName)(finding.filePath)}`;
-                    const aiDecision = await scanner.scanTool(id, surface, aiPolicy, aiDetectors);
+                    const aiDecision = await scanner.scanTool(id, surface, aiPolicy, aiDetectors, {
+                        scanSource: 'file_surface',
+                        sourcePath: finding.filePath,
+                        sourceType: targetType,
+                    });
                     const mergedReasons = uniq([...finding.decision.reasons, ...aiDecision.reasons]);
                     const existingEvidence = finding.decision.evidence;
                     const mergedEvidence = [...existingEvidence];
@@ -490,15 +556,18 @@ async function runScan(options = {}) {
             }
         }
     }
-    const skippedFiles = total - scannedFiles;
+    const skippedFiles = skippedNotEligible + skippedEmptyOrUnreadable;
     const threats = scannedFindings.filter((f) => isThreat(f.decision, policy));
     const scanResult = await buildScanResult({
         scope: scopeLabel,
         target: targets.join(', '),
         ai: aiEnabled,
         totalFiles: total,
+        eligibleFiles,
         scannedFiles,
         skippedFiles,
+        skippedNotEligible,
+        skippedEmptyOrUnreadable,
         threats: threats.length,
         findings: scannedFindings,
     });
@@ -531,12 +600,12 @@ async function runScan(options = {}) {
         }
     }
     if (threats.length === 0) {
-        const msg = `  ✓ All clear — ${scannedFiles} files scanned, 0 threats detected`;
+        const msg = `  ✓ All clear — ${scannedFiles}/${eligibleFiles} eligible files scanned, 0 threats detected (${total} total files)`;
         console.log(color ? `${GREEN}${msg}${RESET}` : msg);
         console.log();
     }
     else {
-        const warn = `  ⚠ ${scannedFiles} files scanned, ${threats.length} threats detected`;
+        const warn = `  ⚠ ${scannedFiles}/${eligibleFiles} eligible files scanned, ${threats.length} threats detected (${total} total files)`;
         console.log(color ? `${RED}${warn}${RESET}` : warn);
         console.log();
         const tableLines = renderFindingsTable(threats, {

package/dist/utils/env.d.ts

@@ -0,0 +1,3 @@
+export declare function parseBoolean(value: string | undefined, fallback: boolean): boolean;
+export declare function isCiEnv(env?: NodeJS.ProcessEnv): boolean;
+//# sourceMappingURL=env.d.ts.map

package/dist/utils/env.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../src/utils/env.ts"],"names":[],"mappings":"AAAA,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,QAAQ,EAAE,OAAO,GAAG,OAAO,CAQlF;AAED,wBAAgB,OAAO,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,OAAO,CAYrE"}

package/dist/utils/env.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseBoolean = parseBoolean;
+exports.isCiEnv = isCiEnv;
+function parseBoolean(value, fallback) {
+    if (value === undefined)
+        return fallback;
+    const normalized = value.trim().toLowerCase();
+    if (normalized === 'true' || normalized === '1' || normalized === 'yes')
+        return true;
+    if (normalized === 'false' || normalized === '0' || normalized === 'no')
+        return false;
+    return fallback;
+}
+function isCiEnv(env = process.env) {
+    // CI providers generally set CI=true; also treat GitHub Actions as CI even if CI is unset.
+    const ci = env.CI;
+    if (ci && ci.trim().length > 0 && ci !== '0' && ci.toLowerCase() !== 'false') {
+        return true;
+    }
+    if (env.GITHUB_ACTIONS && env.GITHUB_ACTIONS !== 'false') {
+        return true;
+    }
+    return false;
+}

package/dist/utils/fs.d.ts

@@ -0,0 +1,5 @@
+export declare function readFileIfExists(filePath: string): Promise<string | null>;
+export declare function ensureDir(dirPath: string): Promise<void>;
+export declare function backupFile(originalPath: string): Promise<string>;
+export declare function atomicWriteFile(filePath: string, content: string): Promise<void>;
+//# sourceMappingURL=fs.d.ts.map

package/dist/utils/fs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fs.d.ts","sourceRoot":"","sources":["../../src/utils/fs.ts"],"names":[],"mappings":"AAIA,wBAAsB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAM/E;AAED,wBAAsB,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE9D;AAkBD,wBAAsB,UAAU,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAKtE;AAED,wBAAsB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAStF"}

package/dist/utils/fs.js

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.readFileIfExists = readFileIfExists;
+exports.ensureDir = ensureDir;
+exports.backupFile = backupFile;
+exports.atomicWriteFile = atomicWriteFile;
+const node_fs_1 = require("node:fs");
+const promises_1 = require("node:fs/promises");
+const node_path_1 = require("node:path");
+async function readFileIfExists(filePath) {
+    try {
+        return await (0, promises_1.readFile)(filePath, 'utf8');
+    }
+    catch {
+        return null;
+    }
+}
+async function ensureDir(dirPath) {
+    await (0, promises_1.mkdir)(dirPath, { recursive: true });
+}
+function nextBackupPath(originalPath) {
+    const first = `${originalPath}.bak`;
+    if (!(0, node_fs_1.existsSync)(first)) {
+        return first;
+    }
+    for (let i = 1; i < 1000; i += 1) {
+        const candidate = `${originalPath}.bak.${i}`;
+        if (!(0, node_fs_1.existsSync)(candidate)) {
+            return candidate;
+        }
+    }
+    throw new Error(`Unable to find free backup path for ${originalPath}`);
+}
+async function backupFile(originalPath) {
+    const backupPath = nextBackupPath(originalPath);
+    await ensureDir((0, node_path_1.dirname)(backupPath));
+    await (0, promises_1.copyFile)(originalPath, backupPath);
+    return backupPath;
+}
+async function atomicWriteFile(filePath, content) {
+    const dir = (0, node_path_1.dirname)(filePath);
+    await ensureDir(dir);
+    const tmpName = `.${(0, node_path_1.basename)(filePath)}.tmp.${process.pid}.${Date.now()}`;
+    const tmpPath = (0, node_path_1.join)(dir, tmpName);
+    await (0, promises_1.writeFile)(tmpPath, content, 'utf8');
+    await (0, promises_1.rename)(tmpPath, filePath);
+}

package/dist/utils/repoRoot.d.ts

@@ -0,0 +1,2 @@
+export declare function findRepoRoot(startDir: string): string;
+//# sourceMappingURL=repoRoot.d.ts.map

package/dist/utils/repoRoot.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"repoRoot.d.ts","sourceRoot":"","sources":["../../src/utils/repoRoot.ts"],"names":[],"mappings":"AAGA,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAiBrD"}

package/dist/utils/repoRoot.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findRepoRoot = findRepoRoot;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+function findRepoRoot(startDir) {
+    const start = (0, node_path_1.resolve)(startDir);
+    let current = start;
+    while (true) {
+        const gitPath = (0, node_path_1.resolve)(current, '.git');
+        if ((0, node_fs_1.existsSync)(gitPath)) {
+            return current;
+        }
+        const parent = (0, node_path_1.dirname)(current);
+        if (parent === current) {
+            return start;
+        }
+        current = parent;
+    }
+}

package/dist/utils/semver.d.ts

@@ -0,0 +1,2 @@
+export declare function isSemver(version: string): boolean;
+//# sourceMappingURL=semver.d.ts.map

package/dist/utils/semver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"semver.d.ts","sourceRoot":"","sources":["../../src/utils/semver.ts"],"names":[],"mappings":"AAGA,wBAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAEjD"}

package/dist/utils/semver.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isSemver = isSemver;
+const SEMVER_RE = /^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?$/;
+function isSemver(version) {
+    return SEMVER_RE.test(version.trim());
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sapper-ai",
-  "version": "0.5.0",
+  "version": "0.6.0",
   "description": "AI security guardrails - single install, sensible defaults",
   "keywords": [
     "security",
@@ -40,17 +40,14 @@
   },
   "dependencies": {
     "@inquirer/select": "^4.0.0",
-    "@sapper-ai/core": "0.2.1",
+    "@sapper-ai/core": "0.2.2",
+    "@sapper-ai/mcp": "0.3.0",
     "@sapper-ai/types": "0.2.1"
   },
   "peerDependencies": {
-    "@sapper-ai/mcp": "^0.2.1",
-    "@sapper-ai/openai": "^0.2.1"
+    "@sapper-ai/openai": "^0.2.2"
   },
   "peerDependenciesMeta": {
-    "@sapper-ai/mcp": {
-      "optional": true
-    },
     "@sapper-ai/openai": {
       "optional": true
     }