@rigour-labs/cli 4.0.5 → 4.1.1

package/dist/commands/settings.js

@@ -6,7 +6,7 @@ import { loadSettings, saveSettings, getSettingsPath, updateProviderKey, removeP
  * Like Claude Code's settings.json or Gemini CLI's config.
  * Stores API keys, default provider, multi-agent config, CLI preferences.
  */
-export async function settingsShowCommand() {
+export function settingsShowCommand() {
     const settingsPath = getSettingsPath();
     const settings = loadSettings();
     console.log(chalk.bold.cyan('\n  Rigour Settings'));
@@ -73,7 +73,7 @@ export async function settingsShowCommand() {
         console.log('');
     }
 }
-export async function settingsSetKeyCommand(provider, apiKey) {
+export function settingsSetKeyCommand(provider, apiKey) {
     updateProviderKey(provider, apiKey);
     const masked = maskKey(apiKey);
     console.log(chalk.green(`  ✓ ${provider} API key saved: ${masked}`));
@@ -82,11 +82,11 @@ export async function settingsSetKeyCommand(provider, apiKey) {
     console.log(chalk.dim(`  Usage: rigour check --deep --provider ${provider}`));
     console.log(chalk.dim(`  Or set as default: rigour settings set provider ${provider}`));
 }
-export async function settingsRemoveKeyCommand(provider) {
+export function settingsRemoveKeyCommand(provider) {
     removeProviderKey(provider);
     console.log(chalk.green(`  ✓ ${provider} API key removed`));
 }
-export async function settingsSetCommand(key, value) {
+export function settingsSetCommand(key, value) {
     const settings = loadSettings();
     // Parse dot-notation keys: "deep.defaultProvider" -> settings.deep.defaultProvider
     const parts = key.split('.');
@@ -109,7 +109,7 @@ export async function settingsSetCommand(key, value) {
     saveSettings(settings);
     console.log(chalk.green(`  ✓ ${key} = ${value}`));
 }
-export async function settingsGetCommand(key) {
+export function settingsGetCommand(key) {
     const settings = loadSettings();
     const parts = key.split('.');
     let value = settings;
@@ -128,12 +128,12 @@ export async function settingsGetCommand(key) {
         console.log(`  ${key} = ${value}`);
     }
 }
-export async function settingsResetCommand() {
+export function settingsResetCommand() {
     saveSettings({});
     console.log(chalk.green('  ✓ Settings reset to defaults'));
     console.log(chalk.dim(`    ${getSettingsPath()}`));
 }
-export async function settingsPathCommand() {
+export function settingsPathCommand() {
     console.log(getSettingsPath());
 }
 function maskKey(key) {

package/dist/commands/setup.js

@@ -43,8 +43,8 @@ export async function setupCommand() {
     // ── Section 3: Deep Analysis Readiness ──
     console.log(chalk.bold('\n  Deep Analysis'));
     // Check local models
-    const hasDeep = isModelCached('deep');
-    const hasPro = isModelCached('pro');
+    const hasDeep = await isModelCached('deep');
+    const hasPro = await isModelCached('pro');
     if (hasDeep)
         console.log(chalk.green('    ✔ Local model: deep (Qwen2.5-Coder-0.5B, 350MB)'));
     if (hasPro)
@@ -57,7 +57,12 @@ export async function setupCommand() {
     let hasSidecar = false;
     try {
         const { execSync } = await import('child_process');
-        execSync('which llama-cli 2>/dev/null || which rigour-brain 2>/dev/null', { encoding: 'utf-8', timeout: 3000 });
+        if (process.platform === 'win32') {
+            execSync('where llama-cli || where rigour-brain', { encoding: 'utf-8', timeout: 3000 });
+        }
+        else {
+            execSync('which llama-cli 2>/dev/null || which rigour-brain 2>/dev/null', { encoding: 'utf-8', timeout: 3000 });
+        }
         hasSidecar = true;
         console.log(chalk.green('    ✔ Inference binary found'));
     }
@@ -96,6 +101,7 @@ export async function setupCommand() {
     console.log(chalk.dim('    Global:  ') + chalk.cyan('npm install -g @rigour-labs/cli'));
     console.log(chalk.dim('    Local:   ') + chalk.cyan('npm install --save-dev @rigour-labs/cli'));
     console.log(chalk.dim('    No-install: ') + chalk.cyan('npx @rigour-labs/cli check'));
+    console.log(chalk.dim('    Diagnostics: ') + chalk.cyan('rigour doctor'));
     console.log(chalk.dim('    MCP:     ') + chalk.cyan('packages/rigour-mcp/dist/index.js'));
     console.log('');
 }

package/dist/commands/studio.js

@@ -84,9 +84,17 @@ export const studioCommand = new Command('studio')
     });
 });
 async function setupApiAndLaunch(apiPort, studioPort, eventsPath, cwd, studioProcess) {
+    const allowedOrigins = new Set([
+        `http://localhost:${studioPort}`,
+        `http://127.0.0.1:${studioPort}`,
+    ]);
     const apiServer = http.createServer(async (req, res) => {
         const url = new URL(req.url || '', `http://${req.headers.host || 'localhost'}`);
-        res.setHeader('Access-Control-Allow-Origin', '*');
+        const requestOrigin = req.headers.origin;
+        if (typeof requestOrigin === 'string' && allowedOrigins.has(requestOrigin)) {
+            res.setHeader('Access-Control-Allow-Origin', requestOrigin);
+            res.setHeader('Vary', 'Origin');
+        }
         res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS, POST');
         res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
         if (req.method === 'OPTIONS') {
@@ -108,15 +116,19 @@ async function setupApiAndLaunch(apiPort, studioPort, eventsPath, cwd, studioPro
                 }
             }
             await fs.ensureDir(path.dirname(eventsPath));
-            const watcher = fs.watch(path.dirname(eventsPath), (eventType, filename) => {
+            const watcher = fs.watch(path.dirname(eventsPath), async (_eventType, filename) => {
                 if (filename === 'events.jsonl') {
-                    fs.readFile(eventsPath, 'utf8').then(content => {
+                    try {
+                        const content = await fs.readFile(eventsPath, 'utf8');
                         const lines = content.split('\n').filter(l => l.trim());
                         const lastLine = lines[lines.length - 1];
                         if (lastLine) {
                             res.write(`data: ${lastLine}\n\n`);
                         }
-                    }).catch(() => { });
+                    }
+                    catch {
+                        // ignore transient file read failures during writes
+                    }
                 }
             });
             req.on('close', () => watcher.close());

package/dist/smoke.test.js

@@ -61,7 +61,7 @@ gates:
         }
     }, 30_000);
     it('should check specific files when provided', async () => {
-        await fs.writeFile(path.join(testDir, 'bad.js'), 'TODO: fixme');
+        await fs.writeFile(path.join(testDir, 'bad.js'), '// TODO: fixme');
         await fs.writeFile(path.join(testDir, 'good.js'), 'console.log("hello")');
         await fs.writeFile(path.join(testDir, 'rigour.yml'), `
 version: 1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rigour-labs/cli",
-  "version": "4.0.5",
+  "version": "4.1.1",
   "description": "CLI quality gates for AI-generated code. Forces AI agents (Claude, Cursor, Copilot) to meet strict engineering standards with PASS/FAIL enforcement.",
   "license": "MIT",
   "homepage": "https://rigour.run",
@@ -44,7 +44,7 @@
     "inquirer": "9.2.16",
     "ora": "^8.0.1",
     "yaml": "^2.8.2",
-    "@rigour-labs/core": "4.0.5"
+    "@rigour-labs/core": "4.1.1"
   },
   "devDependencies": {
     "@types/fs-extra": "^11.0.4",