@rigour-labs/cli 3.0.5 → 4.0.0

package/dist/cli.js

@@ -12,6 +12,7 @@ import { studioCommand } from './commands/studio.js';
 import { exportAuditCommand } from './commands/export-audit.js';
 import { demoCommand } from './commands/demo.js';
 import { hooksInitCommand } from './commands/hooks.js';
+import { settingsShowCommand, settingsSetKeyCommand, settingsRemoveKeyCommand, settingsSetCommand, settingsGetCommand, settingsResetCommand, settingsPathCommand } from './commands/settings.js';
 import { checkForUpdates } from './utils/version.js';
 import chalk from 'chalk';
 const CLI_VERSION = '2.0.0';
@@ -59,13 +60,24 @@ program
     .option('--json', 'Output report in JSON format')
     .option('-i, --interactive', 'Run in interactive mode with rich output')
     .option('-c, --config <path>', 'Path to custom rigour.yml configuration')
+    .option('--deep', 'Enable deep LLM-powered analysis (local, 350MB one-time download)')
+    .option('--pro', 'Use larger model for deep analysis (900MB, higher quality)')
+    .option('-k, --api-key <key>', 'Use cloud API key instead of local model (BYOK)')
+    .option('--provider <name>', 'Cloud provider: claude, openai, gemini, groq, mistral, together, deepseek, ollama, or any OpenAI-compatible')
+    .option('--api-base-url <url>', 'Custom API base URL (for self-hosted or proxy endpoints)')
+    .option('--model-name <name>', 'Override cloud model name')
+    .option('--agents <count>', 'Number of parallel agents for deep scan (cloud-only, default: 1)', '1')
     .addHelpText('after', `
 Examples:
-  $ rigour check                       # Run standard check
-  $ rigour check ./src                 # Check only the src directory
-  $ rigour check ./src/app.ts          # Check only app.ts
-  $ rigour check --interactive         # Run with rich, interactive output
-  $ rigour check --ci                  # Run in CI environment
+  $ rigour check                                          # AST only. Instant. Free.
+  $ rigour check --deep                                   # AST + local LLM (350MB one-time)
+  $ rigour check --deep --pro                             # AST + larger local LLM (900MB)
+  $ rigour check --deep -k sk-ant-xxx                     # AST + Claude API (BYOK)
+  $ rigour check --deep -k gsk_xxx --provider groq        # Use Groq
+  $ rigour check --deep -k xxx --provider ollama          # Use local Ollama
+  $ rigour check --deep -k xxx --provider custom --api-base-url http://my-server/v1  # Any endpoint
+  $ rigour check ./src --deep                             # Deep on specific directory
+  $ rigour check --ci                                     # CI environment
     `)
     .action(async (files, options) => {
     await checkCommand(process.cwd(), files, options);
@@ -184,6 +196,44 @@ Examples:
     .action(async (options) => {
     await hooksInitCommand(process.cwd(), options);
 });
+// Settings management (like Claude Code's settings.json)
+const settingsCmd = program
+    .command('settings')
+    .description('Manage global settings (~/.rigour/settings.json) — API keys, providers, defaults');
+settingsCmd
+    .command('show', { isDefault: true })
+    .description('Show current settings')
+    .action(async () => { await settingsShowCommand(); });
+settingsCmd
+    .command('set-key')
+    .description('Add or update an API key for a provider')
+    .argument('<provider>', 'Provider name: anthropic, openai, groq, deepseek, mistral, together, gemini, ollama')
+    .argument('<key>', 'API key')
+    .action(async (provider, key) => { await settingsSetKeyCommand(provider, key); });
+settingsCmd
+    .command('remove-key')
+    .description('Remove an API key for a provider')
+    .argument('<provider>', 'Provider name')
+    .action(async (provider) => { await settingsRemoveKeyCommand(provider); });
+settingsCmd
+    .command('set')
+    .description('Set a configuration value (dot-notation)')
+    .argument('<key>', 'Setting key (e.g., deep.defaultProvider, cli.verboseOutput)')
+    .argument('<value>', 'Setting value')
+    .action(async (key, value) => { await settingsSetCommand(key, value); });
+settingsCmd
+    .command('get')
+    .description('Get a configuration value')
+    .argument('<key>', 'Setting key')
+    .action(async (key) => { await settingsGetCommand(key); });
+settingsCmd
+    .command('reset')
+    .description('Reset all settings to defaults')
+    .action(async () => { await settingsResetCommand(); });
+settingsCmd
+    .command('path')
+    .description('Show settings file path')
+    .action(async () => { await settingsPathCommand(); });
 // Check for updates before parsing (non-blocking)
 (async () => {
     try {

package/dist/commands/check.d.ts

@@ -3,5 +3,12 @@ export interface CheckOptions {
     json?: boolean;
     interactive?: boolean;
     config?: string;
+    deep?: boolean;
+    pro?: boolean;
+    apiKey?: string;
+    provider?: string;
+    apiBaseUrl?: string;
+    modelName?: string;
+    agents?: string;
 }
 export declare function checkCommand(cwd: string, files?: string[], options?: CheckOptions): Promise<void>;

package/dist/commands/check.js

@@ -2,7 +2,7 @@ import fs from 'fs-extra';
 import path from 'path';
 import chalk from 'chalk';
 import yaml from 'yaml';
-import { GateRunner, ConfigSchema, recordScore, getScoreTrend } from '@rigour-labs/core';
+import { GateRunner, ConfigSchema, recordScore, getScoreTrend, resolveDeepOptions } from '@rigour-labs/core';
 import inquirer from 'inquirer';
 import { randomUUID } from 'crypto';
 // Exit codes per spec
@@ -42,8 +42,15 @@ export async function checkCommand(cwd, files = [], options = {}) {
         const configContent = await fs.readFile(configPath, 'utf-8');
         const rawConfig = yaml.parse(configContent);
         const config = ConfigSchema.parse(rawConfig);
-        if (!options.ci && !options.json) {
-            console.log(chalk.blue('Running Rigour checks...\n'));
+        const isDeep = !!options.deep || !!options.pro || !!options.apiKey;
+        const isSilent = !!options.ci || !!options.json;
+        if (!isSilent) {
+            if (isDeep) {
+                console.log(chalk.blue.bold('Running Rigour checks + deep analysis...\n'));
+            }
+            else {
+                console.log(chalk.blue('Running Rigour checks...\n'));
+            }
         }
         const runner = new GateRunner(config);
         const requestId = randomUUID();
@@ -51,14 +58,63 @@ export async function checkCommand(cwd, files = [], options = {}) {
             type: "tool_call",
             requestId,
             tool: "rigour_check",
-            arguments: { files }
+            arguments: { files, deep: isDeep }
         });
-        const report = await runner.run(cwd, files.length > 0 ? files : undefined);
+        // Build deep options if enabled
+        // Merges CLI flags with ~/.rigour/settings.json (CLI flags win)
+        let deepOpts;
+        if (isDeep) {
+            const resolved = resolveDeepOptions({
+                apiKey: options.apiKey,
+                provider: options.provider,
+                apiBaseUrl: options.apiBaseUrl,
+                modelName: options.modelName,
+            });
+            // If settings.json provided an API key but user didn't pass --deep explicitly,
+            // treat it as cloud mode
+            const hasApiKey = !!resolved.apiKey;
+            const agentCount = Math.max(1, parseInt(options.agents || '1', 10) || 1);
+            deepOpts = {
+                enabled: true,
+                pro: !!options.pro,
+                apiKey: resolved.apiKey,
+                provider: hasApiKey ? (resolved.provider || 'claude') : 'local',
+                apiBaseUrl: resolved.apiBaseUrl,
+                modelName: resolved.modelName,
+                agents: agentCount > 1 ? agentCount : undefined,
+                onProgress: isSilent ? undefined : (msg) => {
+                    process.stderr.write(msg + '\n');
+                },
+            };
+        }
+        const report = await runner.run(cwd, files.length > 0 ? files : undefined, deepOpts);
         // Write machine report
         const reportPath = path.join(cwd, config.output.report_path);
         await fs.writeJson(reportPath, report, { spaces: 2 });
         // Record score for trend tracking
         recordScore(cwd, report);
+        // Persist to SQLite if deep analysis was used
+        if (isDeep) {
+            try {
+                const { openDatabase, insertScan, insertFindings } = await import('@rigour-labs/core');
+                const db = openDatabase();
+                if (db) {
+                    const repoName = path.basename(cwd);
+                    const scanId = insertScan(db, repoName, report, {
+                        deepTier: options.pro ? 'pro' : (options.apiKey ? 'cloud' : 'deep'),
+                        deepModel: report.stats.deep?.model,
+                    });
+                    insertFindings(db, scanId, report.failures);
+                    db.close();
+                }
+            }
+            catch (dbError) {
+                // SQLite persistence is best-effort — log but don't fail
+                if (process.env.RIGOUR_DEBUG) {
+                    console.error(`[rigour] SQLite persistence failed: ${dbError.message}`);
+                }
+            }
+        }
         await logStudioEvent(cwd, {
             type: "tool_response",
             requestId,
@@ -103,62 +159,14 @@ export async function checkCommand(cwd, files = [], options = {}) {
             await interactiveMode(report, config);
             process.exit(EXIT_FAIL);
         }
-        // Normal human-readable output
-        if (report.status === 'PASS') {
-            console.log(chalk.green.bold('✔ PASS - All quality gates satisfied.'));
+        // ─── HUMAN-READABLE OUTPUT (with deep analysis dopamine engineering) ───
+        if (isDeep) {
+            // Deep analysis output format (from product bible)
+            renderDeepOutput(report, config, options);
         }
         else {
-            console.log(chalk.red.bold('✘ FAIL - Quality gate violations found.\n'));
-            // Score summary line
-            const stats = report.stats;
-            const scoreParts = [];
-            if (stats.score !== undefined)
-                scoreParts.push(`Score: ${stats.score}/100`);
-            if (stats.ai_health_score !== undefined)
-                scoreParts.push(`AI Health: ${stats.ai_health_score}/100`);
-            if (stats.structural_score !== undefined)
-                scoreParts.push(`Structural: ${stats.structural_score}/100`);
-            if (scoreParts.length > 0) {
-                console.log(chalk.bold(scoreParts.join(' | ')) + '\n');
-            }
-            // Severity breakdown
-            if (stats.severity_breakdown) {
-                const parts = Object.entries(stats.severity_breakdown)
-                    .filter(([, count]) => count > 0)
-                    .map(([sev, count]) => {
-                    const color = sev === 'critical' ? chalk.red.bold : sev === 'high' ? chalk.red : sev === 'medium' ? chalk.yellow : chalk.dim;
-                    return color(`${sev}: ${count}`);
-                });
-                if (parts.length > 0) {
-                    console.log('Severity: ' + parts.join(', ') + '\n');
-                }
-            }
-            // Group failures by provenance
-            const severityIcon = (s) => {
-                switch (s) {
-                    case 'critical': return chalk.red.bold('CRIT');
-                    case 'high': return chalk.red('HIGH');
-                    case 'medium': return chalk.yellow('MED ');
-                    case 'low': return chalk.dim('LOW ');
-                    case 'info': return chalk.dim('INFO');
-                    default: return chalk.yellow('MED ');
-                }
-            };
-            for (const failure of report.failures) {
-                const sev = severityIcon(failure.severity);
-                const prov = failure.provenance ? chalk.dim(`[${failure.provenance}]`) : '';
-                console.log(`${sev} ${prov} ${chalk.red(`[${failure.id}]`)} ${failure.title}`);
-                console.log(chalk.dim(`      Details: ${failure.details}`));
-                if (failure.files && failure.files.length > 0) {
-                    console.log(chalk.dim('      Files:'));
-                    failure.files.forEach((f) => console.log(chalk.dim(`        - ${f}`)));
-                }
-                if (failure.hint) {
-                    console.log(chalk.cyan(`      Hint: ${failure.hint}`));
-                }
-                console.log('');
-            }
-            console.log(chalk.yellow(`See ${config.output.report_path} for full details.`));
+            // Standard AST-only output
+            renderStandardOutput(report, config);
         }
         // Score trend display
         const trend = getScoreTrend(cwd);
@@ -171,8 +179,8 @@ export async function checkCommand(cwd, files = [], options = {}) {
             console.log(trendColor(`\nScore Trend: ${scoresStr} (${trend.direction} ${arrow})`));
         }
         // Stats footer
-        const footerParts = [`Finished in ${report.stats.duration_ms}ms`];
-        if (report.status === 'PASS' && report.stats.score !== undefined) {
+        const footerParts = [`Finished in ${(report.stats.duration_ms / 1000).toFixed(1)}s`];
+        if (report.stats.score !== undefined) {
             footerParts.push(`Score: ${report.stats.score}/100`);
         }
         console.log(chalk.dim('\n' + footerParts.join(' | ')));
@@ -200,6 +208,217 @@ export async function checkCommand(cwd, files = [], options = {}) {
         process.exit(EXIT_INTERNAL_ERROR);
     }
 }
+/**
+ * Render deep analysis output — enhanced with detailed findings grouped by provenance.
+ *
+ * Shows:
+ * - Score box at top (AI Health, Code Quality, Overall)
+ * - Detailed findings table grouped by provenance:
+ *   - Deep analysis findings (most detailed): severity, category, file:line, description, suggestion
+ *   - AI drift findings: severity, title, files
+ *   - Security findings: severity, title, hint
+ *   - Traditional findings: severity, title
+ * - Privacy badge and model info
+ * - Summary count at end
+ */
+function renderDeepOutput(report, config, options) {
+    const stats = report.stats;
+    const isLocal = !options.apiKey;
+    console.log('');
+    if (report.status === 'PASS') {
+        console.log(chalk.green.bold('  ✨ All quality gates passed.\n'));
+    }
+    // Score breakdown — the screenshottable moment
+    const aiHealth = stats.ai_health_score ?? 100;
+    const codeQuality = stats.code_quality_score ?? stats.structural_score ?? 100;
+    const overall = stats.score ?? 100;
+    const scoreColor = (score) => score >= 80 ? chalk.green : score >= 60 ? chalk.yellow : chalk.red;
+    console.log(`  ${chalk.bold('AI Health:')}     ${scoreColor(aiHealth).bold(aiHealth + '/100')}`);
+    console.log(`  ${chalk.bold('Code Quality:')}  ${scoreColor(codeQuality).bold(codeQuality + '/100')}`);
+    console.log(`  ${chalk.bold('Overall:')}       ${scoreColor(overall).bold(overall + '/100')}`);
+    console.log('');
+    // Privacy badge — this IS the marketing
+    if (isLocal) {
+        console.log(chalk.green('  🔒 100% local. Your code never left this machine.'));
+    }
+    else {
+        console.log(chalk.yellow(`  ☁️  Code was sent to ${options.provider || 'cloud'} API.`));
+    }
+    // Deep stats
+    if (stats.deep) {
+        const tier = stats.deep.tier === 'cloud' ? options.provider || 'cloud' : stats.deep.tier;
+        const model = stats.deep.model || 'unknown';
+        const inferenceSec = stats.deep.total_ms ? (stats.deep.total_ms / 1000).toFixed(1) + 's' : '';
+        console.log(chalk.dim(`  Model: ${model} (${tier}) ${inferenceSec}`));
+    }
+    console.log('');
+    // Categorize findings by provenance
+    const deepFailures = report.failures.filter((f) => f.provenance === 'deep-analysis');
+    const aiDriftFailures = report.failures.filter((f) => f.provenance === 'ai-drift');
+    const securityFailures = report.failures.filter((f) => f.provenance === 'security');
+    const traditionalFailures = report.failures.filter((f) => f.provenance !== 'deep-analysis' && f.provenance !== 'ai-drift' && f.provenance !== 'security');
+    // DEEP ANALYSIS FINDINGS — most detailed
+    if (deepFailures.length > 0) {
+        console.log(chalk.bold(`  ── Deep Analysis Findings (${deepFailures.length} verified) ──\n`));
+        for (const failure of deepFailures) {
+            const sev = severityIcon(failure.severity);
+            const cat = failure.category || failure.id;
+            const catLabel = formatCategory(cat);
+            // Extract file and line from files array if available
+            let fileLocation = '';
+            if (failure.files && failure.files.length > 0) {
+                fileLocation = failure.files[0];
+            }
+            // Description: up to 120 chars
+            const description = failure.details ? failure.details.substring(0, 120) : failure.title.substring(0, 120);
+            const descDisplay = description.length > 120 ? description.substring(0, 117) + '...' : description;
+            // Suggestion from hint
+            const suggestion = failure.hint || failure.suggestion || '';
+            console.log(`  ${sev} [${catLabel}] ${fileLocation}`);
+            console.log(`       ${descDisplay}`);
+            if (suggestion) {
+                console.log(`       → ${suggestion}`);
+            }
+            // Show confidence and verified status if available
+            if (failure.confidence !== undefined || failure.verified !== undefined) {
+                const confStr = failure.confidence !== undefined ? ` (${(failure.confidence * 100).toFixed(0)}% conf)` : '';
+                const verStr = failure.verified !== undefined ? ` [${failure.verified ? 'verified' : 'unverified'}]` : '';
+                console.log(chalk.dim(`       ${confStr}${verStr}`));
+            }
+            console.log('');
+        }
+    }
+    // AI DRIFT FINDINGS
+    if (aiDriftFailures.length > 0) {
+        console.log(chalk.bold(`  ── AI Drift Findings (${aiDriftFailures.length}) ──\n`));
+        for (const failure of aiDriftFailures) {
+            const sev = severityIcon(failure.severity);
+            console.log(`  ${sev} ${failure.title}`);
+            if (failure.files && failure.files.length > 0) {
+                console.log(`       Files: ${failure.files.slice(0, 3).join(', ')}${failure.files.length > 3 ? ` +${failure.files.length - 3}` : ''}`);
+            }
+            console.log('');
+        }
+    }
+    // SECURITY FINDINGS
+    if (securityFailures.length > 0) {
+        console.log(chalk.bold(`  ── Security Findings (${securityFailures.length}) ──\n`));
+        for (const failure of securityFailures) {
+            const sev = severityIcon(failure.severity);
+            console.log(`  ${sev} ${failure.title}`);
+            if (failure.hint) {
+                console.log(chalk.cyan(`       Hint: ${failure.hint}`));
+            }
+            console.log('');
+        }
+    }
+    // TRADITIONAL FINDINGS
+    if (traditionalFailures.length > 0) {
+        console.log(chalk.bold(`  ── Traditional Quality Findings (${traditionalFailures.length}) ──\n`));
+        for (const failure of traditionalFailures) {
+            const sev = severityIcon(failure.severity);
+            const prov = failure.provenance ? chalk.dim(`[${failure.provenance}]`) : '';
+            console.log(`  ${sev} ${prov} ${failure.title}`);
+            console.log('');
+        }
+    }
+    // Summary count at the end
+    if (deepFailures.length > 0 || aiDriftFailures.length > 0 || securityFailures.length > 0 || traditionalFailures.length > 0) {
+        const summary = [
+            deepFailures.length > 0 ? `${deepFailures.length} deep` : null,
+            aiDriftFailures.length > 0 ? `${aiDriftFailures.length} ai-drift` : null,
+            securityFailures.length > 0 ? `${securityFailures.length} security` : null,
+            traditionalFailures.length > 0 ? `${traditionalFailures.length} traditional` : null
+        ].filter(Boolean).join(' | ');
+        console.log(chalk.dim(`  ${summary}`));
+        console.log('');
+    }
+    console.log(chalk.yellow(`  See ${config.output.report_path} for full details.`));
+}
+/**
+ * Render standard AST-only output (existing behavior).
+ */
+function renderStandardOutput(report, config) {
+    if (report.status === 'PASS') {
+        console.log(chalk.green.bold('✔ PASS - All quality gates satisfied.'));
+    }
+    else {
+        console.log(chalk.red.bold('✘ FAIL - Quality gate violations found.\n'));
+        // Score summary line
+        const stats = report.stats;
+        const scoreParts = [];
+        if (stats.score !== undefined)
+            scoreParts.push(`Score: ${stats.score}/100`);
+        if (stats.ai_health_score !== undefined)
+            scoreParts.push(`AI Health: ${stats.ai_health_score}/100`);
+        if (stats.structural_score !== undefined)
+            scoreParts.push(`Structural: ${stats.structural_score}/100`);
+        if (scoreParts.length > 0) {
+            console.log(chalk.bold(scoreParts.join(' | ')) + '\n');
+        }
+        // Severity breakdown
+        if (stats.severity_breakdown) {
+            const parts = Object.entries(stats.severity_breakdown)
+                .filter(([, count]) => count > 0)
+                .map(([sev, count]) => {
+                const color = sev === 'critical' ? chalk.red.bold : sev === 'high' ? chalk.red : sev === 'medium' ? chalk.yellow : chalk.dim;
+                return color(`${sev}: ${count}`);
+            });
+            if (parts.length > 0) {
+                console.log('Severity: ' + parts.join(', ') + '\n');
+            }
+        }
+        for (const failure of report.failures) {
+            const sev = severityIcon(failure.severity);
+            const prov = failure.provenance ? chalk.dim(`[${failure.provenance}]`) : '';
+            console.log(`${sev} ${prov} ${chalk.red(`[${failure.id}]`)} ${failure.title}`);
+            console.log(chalk.dim(`      Details: ${failure.details}`));
+            if (failure.files && failure.files.length > 0) {
+                console.log(chalk.dim('      Files:'));
+                failure.files.forEach((f) => console.log(chalk.dim(`        - ${f}`)));
+            }
+            if (failure.hint) {
+                console.log(chalk.cyan(`      Hint: ${failure.hint}`));
+            }
+            console.log('');
+        }
+        console.log(chalk.yellow(`See ${config.output.report_path} for full details.`));
+    }
+}
+function severityIcon(s) {
+    switch (s) {
+        case 'critical': return chalk.red.bold('CRIT');
+        case 'high': return chalk.red('HIGH');
+        case 'medium': return chalk.yellow('MED ');
+        case 'low': return chalk.dim('LOW ');
+        case 'info': return chalk.dim('INFO');
+        default: return chalk.yellow('MED ');
+    }
+}
+function formatCategory(cat) {
+    const labels = {
+        srp_violation: 'SOLID: Single Responsibility',
+        ocp_violation: 'SOLID: Open/Closed',
+        lsp_violation: 'SOLID: Liskov Substitution',
+        isp_violation: 'SOLID: Interface Segregation',
+        dip_violation: 'SOLID: Dependency Inversion',
+        dry_violation: 'DRY',
+        god_class: 'Pattern: God class',
+        god_function: 'Pattern: God function',
+        feature_envy: 'Pattern: Feature envy',
+        shotgun_surgery: 'Pattern: Shotgun surgery',
+        long_params: 'Params',
+        data_clump: 'Data clump',
+        inappropriate_intimacy: 'Coupling',
+        error_inconsistency: 'Error handling',
+        empty_catch: 'Empty catch',
+        test_quality: 'Test quality',
+        code_smell: 'Code smell',
+        architecture: 'Architecture',
+        language_idiom: 'Idiom',
+    };
+    return labels[cat] || cat;
+}
 async function interactiveMode(report, config) {
     console.clear();
     console.log(chalk.bold.blue('══ Rigour Interactive Review ══\n'));
@@ -237,6 +456,13 @@ async function interactiveMode(report, config) {
         if (failure.hint) {
             console.log(`\n${chalk.bold.cyan('Hint:')} ${failure.hint}`);
         }
+        // Show deep analysis metadata if present
+        if (failure.confidence !== undefined) {
+            console.log(`\n${chalk.bold('Confidence:')} ${(failure.confidence * 100).toFixed(0)}%`);
+        }
+        if (failure.verified !== undefined) {
+            console.log(`${chalk.bold('Verified:')} ${failure.verified ? chalk.green('Yes') : chalk.red('No')}`);
+        }
         console.log(chalk.dim('\n' + '─'.repeat(40)));
         await inquirer.prompt([{ type: 'input', name: 'continue', message: 'Press Enter to return to list...' }]);
         console.clear();

package/dist/commands/demo-display.d.ts

@@ -0,0 +1,11 @@
+import type { DemoOptions } from './demo-helpers.js';
+export declare function simulateCodeWrite(filename: string, lines: string[], options: DemoOptions): Promise<void>;
+export declare function simulateHookCatch(gate: string, file: string, message: string, severity: string, options: DemoOptions): Promise<void>;
+export declare function renderScoreBar(score: number, label: string, width?: number): string;
+export declare function renderTrendChart(scores: number[]): string;
+export declare function printBanner(cinematic: boolean): void;
+export declare function printPlantedIssues(): void;
+export declare function displayGateResults(report: any, cinematic: boolean): void;
+export declare function printSeverityBreakdown(stats: any): void;
+export declare function printFailure(failure: any): void;
+export declare function printClosing(cinematic: boolean): void;