@rigour-labs/cli 3.0.5 → 4.0.0

package/dist/commands/scan.js

@@ -157,12 +157,34 @@ function renderScanHeader(scanCtx, stackSignals) {
 }
 function renderScanResults(report, stackSignals, reportPath, cwd) {
     const fakePackages = extractHallucinatedImports(report.failures);
+    const criticalSecrets = report.failures.filter(f => f.id === 'security-patterns' && f.severity === 'critical');
+    const phantomApis = report.failures.filter(f => f.id === 'phantom-apis');
+    const ignoredErrors = report.failures.filter(f => f.id === 'promise-safety' && (f.severity === 'high' || f.severity === 'critical'));
+    // --- Scary headlines for the worst findings ---
+    let scaryHeadlines = 0;
+    if (criticalSecrets.length > 0) {
+        console.log(chalk.red.bold(`🔑 HARDCODED SECRETS: ${criticalSecrets.length} credential(s) exposed in plain text`));
+        const firstFile = criticalSecrets[0].files?.[0];
+        if (firstFile)
+            console.log(chalk.dim(`   First hit: ${firstFile}`));
+        scaryHeadlines++;
+    }
     if (fakePackages.length > 0) {
         const unique = [...new Set(fakePackages)];
-        console.log(chalk.red.bold(`oh shit: ${unique.length} fake package/path import(s) detected`));
-        console.log(chalk.dim(`Examples: ${unique.slice(0, 5).join(', ')}${unique.length > 5 ? ', ...' : ''}`));
-        console.log('');
+        console.log(chalk.red.bold(`📦 HALLUCINATED PACKAGES: ${unique.length} import(s) don't exist — will crash at runtime`));
+        console.log(chalk.dim(`   Examples: ${unique.slice(0, 4).join(', ')}${unique.length > 4 ? `, +${unique.length - 4} more` : ''}`));
+        scaryHeadlines++;
+    }
+    if (phantomApis.length > 0) {
+        console.log(chalk.red.bold(`👻 PHANTOM APIs: ${phantomApis.length} call(s) to methods that don't exist in stdlib`));
+        scaryHeadlines++;
     }
+    if (ignoredErrors.length > 0) {
+        console.log(chalk.yellow.bold(`🔇 SILENT FAILURES: ${ignoredErrors.length} async error(s) swallowed — failures will vanish without a trace`));
+        scaryHeadlines++;
+    }
+    if (scaryHeadlines > 0)
+        console.log('');
     const statusColor = report.status === 'PASS' ? chalk.green.bold : chalk.red.bold;
     const statusLabel = report.status === 'PASS' ? 'PASS' : 'FAIL';
     const score = report.stats.score ?? 0;
@@ -179,27 +201,48 @@ function renderScanResults(report, stackSignals, reportPath, cwd) {
     renderCoverageWarnings(stackSignals);
     console.log('');
     if (report.status === 'FAIL') {
-        const topFindings = report.failures.slice(0, 8);
+        // Sort by severity so critical findings appear first
+        const SEVERITY_ORDER = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
+        const sorted = [...report.failures].sort((a, b) => (SEVERITY_ORDER[a.severity ?? 'medium'] ?? 2) - (SEVERITY_ORDER[b.severity ?? 'medium'] ?? 2));
+        const topFindings = sorted.slice(0, 8);
         for (const failure of topFindings) {
-            const sev = (failure.severity || 'medium').toUpperCase().padEnd(8, ' ');
-            console.log(`${sev} [${failure.id}] ${failure.title}`);
+            const sev = failure.severity ?? 'medium';
+            const sevColor = sev === 'critical' ? chalk.red.bold
+                : sev === 'high' ? chalk.yellow.bold
+                    : sev === 'medium' ? chalk.white
+                        : chalk.dim;
+            console.log(sevColor(`${sev.toUpperCase().padEnd(8)} [${failure.id}] ${failure.title}`));
             if (failure.files && failure.files.length > 0) {
-                console.log(chalk.dim(`  files: ${failure.files.slice(0, 3).join(', ')}`));
+                console.log(chalk.dim(`         ${failure.files.slice(0, 2).join(', ')}`));
             }
         }
         if (report.failures.length > topFindings.length) {
-            console.log(chalk.dim(`...and ${report.failures.length - topFindings.length} more findings`));
+            console.log(chalk.dim(`\n...and ${report.failures.length - topFindings.length} more. See full report.`));
         }
     }
     const trend = getScoreTrend(cwd);
     if (trend && trend.recentScores.length >= 3) {
-        console.log(chalk.dim(`\nTrend: ${trend.recentScores.join(' -> ')} (${trend.direction})`));
+        const arrow = trend.direction === 'improving' ? '↑' : trend.direction === 'degrading' ? '↓' : '→';
+        const color = trend.direction === 'improving' ? chalk.green : trend.direction === 'degrading' ? chalk.red : chalk.dim;
+        console.log(color(`\nTrend: ${trend.recentScores.join(' → ')} ${arrow}`));
     }
     console.log(chalk.yellow(`\nFull report: ${reportPath}`));
     if (report.status === 'FAIL') {
-        console.log(chalk.yellow('Fix packet: rigour-fix-packet.json'));
+        console.log(chalk.yellow('Fix packet:  rigour-fix-packet.json'));
     }
     console.log(chalk.dim(`Finished in ${report.stats.duration_ms}ms`));
+    // --- Next steps ---
+    console.log('');
+    if (report.status === 'FAIL') {
+        console.log(chalk.bold('Next steps:'));
+        console.log(`  ${chalk.cyan('rigour explain')}      — get plain-English fix suggestions`);
+        console.log(`  ${chalk.cyan('rigour init')}         — add quality gates to your project (blocks AI from repeating this)`);
+        console.log(`  ${chalk.cyan('rigour check --ci')}   — enforce in CI/CD pipeline`);
+    }
+    else {
+        console.log(chalk.green.bold('✓ This repo is clean. Add it to CI to keep it that way:'));
+        console.log(`  ${chalk.cyan('rigour init')}  — write quality gates to rigour.yml + CI config`);
+    }
 }
 function renderCoverageWarnings(stackSignals) {
     const gaps = [];

package/dist/commands/settings.d.ts

@@ -0,0 +1,13 @@
+/**
+ * `rigour settings` — manage ~/.rigour/settings.json
+ *
+ * Like Claude Code's settings.json or Gemini CLI's config.
+ * Stores API keys, default provider, multi-agent config, CLI preferences.
+ */
+export declare function settingsShowCommand(): Promise<void>;
+export declare function settingsSetKeyCommand(provider: string, apiKey: string): Promise<void>;
+export declare function settingsRemoveKeyCommand(provider: string): Promise<void>;
+export declare function settingsSetCommand(key: string, value: string): Promise<void>;
+export declare function settingsGetCommand(key: string): Promise<void>;
+export declare function settingsResetCommand(): Promise<void>;
+export declare function settingsPathCommand(): Promise<void>;

package/dist/commands/settings.js

@@ -0,0 +1,143 @@
+import chalk from 'chalk';
+import { loadSettings, saveSettings, getSettingsPath, updateProviderKey, removeProviderKey } from '@rigour-labs/core';
+/**
+ * `rigour settings` — manage ~/.rigour/settings.json
+ *
+ * Like Claude Code's settings.json or Gemini CLI's config.
+ * Stores API keys, default provider, multi-agent config, CLI preferences.
+ */
+export async function settingsShowCommand() {
+    const settingsPath = getSettingsPath();
+    const settings = loadSettings();
+    console.log(chalk.bold.cyan('\n  Rigour Settings'));
+    console.log(chalk.dim(`  ${settingsPath}\n`));
+    if (Object.keys(settings).length === 0) {
+        console.log(chalk.dim('  No settings configured yet.\n'));
+        console.log(chalk.dim('  Quick start:'));
+        console.log(chalk.dim('    rigour settings set-key anthropic sk-ant-xxx'));
+        console.log(chalk.dim('    rigour settings set-key openai sk-xxx'));
+        console.log(chalk.dim('    rigour settings set provider anthropic'));
+        console.log('');
+        return;
+    }
+    // Show providers
+    if (settings.providers && Object.keys(settings.providers).length > 0) {
+        console.log(chalk.bold('  Providers:'));
+        for (const [name, key] of Object.entries(settings.providers)) {
+            if (key) {
+                const masked = maskKey(key);
+                console.log(`    ${chalk.green(name)}: ${chalk.dim(masked)}`);
+            }
+        }
+        console.log('');
+    }
+    // Show deep defaults
+    if (settings.deep) {
+        console.log(chalk.bold('  Deep Analysis Defaults:'));
+        if (settings.deep.defaultProvider)
+            console.log(`    Provider: ${chalk.cyan(settings.deep.defaultProvider)}`);
+        if (settings.deep.defaultModel)
+            console.log(`    Model: ${chalk.cyan(settings.deep.defaultModel)}`);
+        if (settings.deep.apiBaseUrl)
+            console.log(`    API Base: ${chalk.cyan(settings.deep.apiBaseUrl)}`);
+        if (settings.deep.maxTokens)
+            console.log(`    Max Tokens: ${settings.deep.maxTokens}`);
+        if (settings.deep.temperature !== undefined)
+            console.log(`    Temperature: ${settings.deep.temperature}`);
+        console.log('');
+    }
+    // Show agent configs
+    if (settings.agents && Object.keys(settings.agents).length > 0) {
+        console.log(chalk.bold('  Agent Configurations:'));
+        for (const [name, config] of Object.entries(settings.agents)) {
+            const parts = [];
+            if (config.model)
+                parts.push(`model: ${config.model}`);
+            if (config.provider)
+                parts.push(`provider: ${config.provider}`);
+            if (config.fallback)
+                parts.push(`fallback: ${config.fallback}`);
+            console.log(`    ${chalk.green(name)}: ${chalk.dim(parts.join(', '))}`);
+        }
+        console.log('');
+    }
+    // Show CLI prefs
+    if (settings.cli) {
+        console.log(chalk.bold('  CLI Preferences:'));
+        if (settings.cli.defaultPreset)
+            console.log(`    Default Preset: ${settings.cli.defaultPreset}`);
+        if (settings.cli.colorOutput !== undefined)
+            console.log(`    Color Output: ${settings.cli.colorOutput}`);
+        if (settings.cli.verboseOutput !== undefined)
+            console.log(`    Verbose: ${settings.cli.verboseOutput}`);
+        console.log('');
+    }
+}
+export async function settingsSetKeyCommand(provider, apiKey) {
+    updateProviderKey(provider, apiKey);
+    const masked = maskKey(apiKey);
+    console.log(chalk.green(`  ✓ ${provider} API key saved: ${masked}`));
+    console.log(chalk.dim(`    Stored in ${getSettingsPath()}`));
+    console.log('');
+    console.log(chalk.dim(`  Usage: rigour check --deep --provider ${provider}`));
+    console.log(chalk.dim(`  Or set as default: rigour settings set provider ${provider}`));
+}
+export async function settingsRemoveKeyCommand(provider) {
+    removeProviderKey(provider);
+    console.log(chalk.green(`  ✓ ${provider} API key removed`));
+}
+export async function settingsSetCommand(key, value) {
+    const settings = loadSettings();
+    // Parse dot-notation keys: "deep.defaultProvider" -> settings.deep.defaultProvider
+    const parts = key.split('.');
+    let target = settings;
+    for (let i = 0; i < parts.length - 1; i++) {
+        if (!target[parts[i]])
+            target[parts[i]] = {};
+        target = target[parts[i]];
+    }
+    const lastKey = parts[parts.length - 1];
+    // Auto-convert booleans and numbers
+    if (value === 'true')
+        target[lastKey] = true;
+    else if (value === 'false')
+        target[lastKey] = false;
+    else if (!isNaN(Number(value)) && value.trim() !== '')
+        target[lastKey] = Number(value);
+    else
+        target[lastKey] = value;
+    saveSettings(settings);
+    console.log(chalk.green(`  ✓ ${key} = ${value}`));
+}
+export async function settingsGetCommand(key) {
+    const settings = loadSettings();
+    const parts = key.split('.');
+    let value = settings;
+    for (const part of parts) {
+        if (value === undefined || value === null)
+            break;
+        value = value[part];
+    }
+    if (value === undefined) {
+        console.log(chalk.dim(`  ${key} is not set`));
+    }
+    else if (typeof value === 'object') {
+        console.log(`  ${key} = ${JSON.stringify(value, null, 2)}`);
+    }
+    else {
+        console.log(`  ${key} = ${value}`);
+    }
+}
+export async function settingsResetCommand() {
+    saveSettings({});
+    console.log(chalk.green('  ✓ Settings reset to defaults'));
+    console.log(chalk.dim(`    ${getSettingsPath()}`));
+}
+export async function settingsPathCommand() {
+    console.log(getSettingsPath());
+}
+function maskKey(key) {
+    if (key.length <= 8)
+        return '***';
+    return key.substring(0, 6) + '...' + key.substring(key.length - 4);
+}

package/dist/commands/setup.js

@@ -1,22 +1,113 @@
 import chalk from 'chalk';
+import path from 'path';
+import fs from 'fs-extra';
+import { loadSettings, getSettingsPath, isModelCached, getModelsDir } from '@rigour-labs/core';
 export async function setupCommand() {
-    console.log(chalk.bold.cyan('\n🛠️ Rigour Labs | Setup & Installation\n'));
-    console.log(chalk.bold('1. Global Installation (Recommended)'));
-    console.log(chalk.dim('   To use Rigour anywhere in your terminal:'));
-    console.log(chalk.green('   $ npm install -g @rigour-labs/cli\n'));
-    console.log(chalk.bold('2. Project-Local installation'));
-    console.log(chalk.dim('   To keep Rigour versioned with your project:'));
-    console.log(chalk.green('   $ npm install --save-dev @rigour-labs/cli\n'));
-    console.log(chalk.bold('3. Standalone Binaries (Zero-Install)'));
-    console.log(chalk.dim('   If you do not want to use Node.js:'));
-    console.log(chalk.dim('   • macOS: ') + chalk.cyan('https://github.com/erashu212/rigour/releases/latest/download/rigour-macos'));
-    console.log(chalk.dim('   • Linux: ') + chalk.cyan('https://github.com/erashu212/rigour/releases/latest/download/rigour-linux'));
-    console.log(chalk.dim('   • Windows: ') + chalk.cyan('https://github.com/erashu212/rigour/releases/latest/download/rigour-windows.exe\n'));
-    console.log(chalk.bold('4. MCP Integration (for AI Agents)'));
-    console.log(chalk.dim('   To let Cursor or Claude use Rigour natively:'));
-    console.log(chalk.dim('   Path to MCP: ') + chalk.cyan('packages/rigour-mcp/dist/index.js'));
-    console.log(chalk.dim('   Add this to your Cursor/Claude settings.\n'));
-    console.log(chalk.bold('Update Guidance:'));
-    console.log(chalk.dim('   Keep Rigour sharp by updating regularly:'));
-    console.log(chalk.green('   $ npm install -g @rigour-labs/cli@latest\n'));
+    console.log(chalk.bold.cyan('\n🛠️ Rigour Labs | Setup & System Check\n'));
+    // ── Section 1: Installation Status ──
+    console.log(chalk.bold('  Installation'));
+    const cliVersion = getCliVersion();
+    if (cliVersion) {
+        console.log(chalk.green(`    ✔ Rigour CLI ${cliVersion}`));
+    }
+    // Check if rigour.yml exists in cwd
+    const hasConfig = fs.existsSync(path.join(process.cwd(), 'rigour.yml'));
+    if (hasConfig) {
+        console.log(chalk.green('    ✔ rigour.yml found in current directory'));
+    }
+    else {
+        console.log(chalk.yellow('    ○ No rigour.yml — run `rigour init` to set up'));
+    }
+    // ── Section 2: Settings & API Keys ──
+    console.log(chalk.bold('\n  Settings'));
+    const settingsPath = getSettingsPath();
+    const settings = loadSettings();
+    const providers = settings.providers || {};
+    const configuredKeys = Object.entries(providers).filter(([_, key]) => !!key);
+    if (configuredKeys.length > 0) {
+        for (const [name, key] of configuredKeys) {
+            if (key) {
+                const masked = key.length > 8 ? key.substring(0, 6) + '...' + key.substring(key.length - 4) : '***';
+                console.log(chalk.green(`    ✔ ${name}: ${chalk.dim(masked)}`));
+            }
+        }
+    }
+    else {
+        console.log(chalk.yellow('    ○ No API keys configured'));
+        console.log(chalk.dim(`      ${settingsPath}`));
+    }
+    if (settings.deep?.defaultProvider) {
+        console.log(chalk.green(`    ✔ Default provider: ${settings.deep.defaultProvider}`));
+    }
+    // ── Section 3: Deep Analysis Readiness ──
+    console.log(chalk.bold('\n  Deep Analysis'));
+    // Check local models
+    const hasDeep = isModelCached('deep');
+    const hasPro = isModelCached('pro');
+    if (hasDeep)
+        console.log(chalk.green('    ✔ Local model: deep (Qwen2.5-Coder-0.5B, 350MB)'));
+    if (hasPro)
+        console.log(chalk.green('    ✔ Local model: pro (Qwen2.5-Coder-1.5B, 900MB)'));
+    if (!hasDeep && !hasPro) {
+        console.log(chalk.yellow('    ○ No local models cached'));
+        console.log(chalk.dim(`      Models dir: ${getModelsDir()}`));
+    }
+    // Check sidecar binary
+    let hasSidecar = false;
+    try {
+        const { execSync } = await import('child_process');
+        execSync('which llama-cli 2>/dev/null || which rigour-brain 2>/dev/null', { encoding: 'utf-8', timeout: 3000 });
+        hasSidecar = true;
+        console.log(chalk.green('    ✔ Inference binary found'));
+    }
+    catch {
+        const binDir = path.join(getModelsDir(), '..', 'bin');
+        if (fs.existsSync(path.join(binDir, 'rigour-brain')) || fs.existsSync(path.join(binDir, 'llama-cli'))) {
+            hasSidecar = true;
+            console.log(chalk.green('    ✔ Inference binary found'));
+        }
+        else if (configuredKeys.length === 0) {
+            console.log(chalk.yellow('    ○ No local inference binary'));
+        }
+    }
+    // Cloud readiness
+    const hasCloudKey = configuredKeys.length > 0;
+    const hasLocalReady = hasSidecar && (hasDeep || hasPro);
+    if (hasCloudKey || hasLocalReady) {
+        console.log(chalk.green.bold('\n  ✓ Deep analysis is ready'));
+    }
+    else {
+        console.log(chalk.yellow.bold('\n  ⚠ Deep analysis not configured'));
+    }
+    // ── Section 4: Quick Setup Commands ──
+    if (!hasCloudKey && !hasLocalReady) {
+        console.log(chalk.bold('\n  Quick Setup:'));
+        console.log(chalk.dim('    # Option A: Cloud (recommended)'));
+        console.log(`    ${chalk.cyan('rigour settings set-key anthropic')} ${chalk.dim('sk-ant-xxx')}`);
+        console.log(`    ${chalk.cyan('rigour settings set-key openai')} ${chalk.dim('sk-xxx')}`);
+        console.log(`    ${chalk.cyan('rigour settings set-key groq')} ${chalk.dim('gsk_xxx')}`);
+        console.log('');
+        console.log(chalk.dim('    # Option B: 100% Local'));
+        console.log(`    ${chalk.cyan('rigour check --deep')}  ${chalk.dim('# auto-downloads 350MB model')}`);
+    }
+    // ── Section 5: Installation Methods ──
+    console.log(chalk.bold('\n  Installation Methods:'));
+    console.log(chalk.dim('    Global:  ') + chalk.cyan('npm install -g @rigour-labs/cli'));
+    console.log(chalk.dim('    Local:   ') + chalk.cyan('npm install --save-dev @rigour-labs/cli'));
+    console.log(chalk.dim('    No-install: ') + chalk.cyan('npx @rigour-labs/cli check'));
+    console.log(chalk.dim('    MCP:     ') + chalk.cyan('packages/rigour-mcp/dist/index.js'));
+    console.log('');
+}
+function getCliVersion() {
+    try {
+        const pkgPath = path.resolve(new URL(import.meta.url).pathname, '../../../package.json');
+        if (fs.existsSync(pkgPath)) {
+            const pkg = fs.readJsonSync(pkgPath);
+            return pkg.version || null;
+        }
+    }
+    catch {
+        // fallback
+    }
+    return '2.0.0';
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rigour-labs/cli",
-  "version": "3.0.5",
+  "version": "4.0.0",
   "description": "CLI quality gates for AI-generated code. Forces AI agents (Claude, Cursor, Copilot) to meet strict engineering standards with PASS/FAIL enforcement.",
   "license": "MIT",
   "homepage": "https://rigour.run",
@@ -44,7 +44,7 @@
     "inquirer": "9.2.16",
     "ora": "^8.0.1",
     "yaml": "^2.8.2",
-    "@rigour-labs/core": "3.0.5"
+    "@rigour-labs/core": "4.0.0"
   },
   "devDependencies": {
     "@types/fs-extra": "^11.0.4",