@rigour-labs/core 2.21.2 → 3.0.0

package/dist/gates/safety.js

@@ -6,6 +6,7 @@ export class FileGuardGate extends Gate {
         super('file-guard', 'File Guard — Protected Paths');
         this.config = config;
     }
+    get provenance() { return 'governance'; }
     async run(context) {
         const failures = [];
         const safety = this.config.safety || {};
@@ -27,7 +28,7 @@ export class FileGuardGate extends Gate {
             for (const file of modifiedFiles) {
                 if (this.isProtected(file, protectedPaths)) {
                     const message = `Protected file '${file}' was modified.`;
-                    failures.push(this.createFailure(message, [file], `Agents are forbidden from modifying files in ${protectedPaths.join(', ')}.`, message));
+                    failures.push(this.createFailure(message, [file], `Agents are forbidden from modifying files in ${protectedPaths.join(', ')}.`, message, undefined, undefined, 'high'));
                 }
             }
         }

package/dist/gates/security-patterns.d.ts

@@ -15,7 +15,7 @@
  * @since v2.14.0
  */
 import { Gate, GateContext } from './base.js';
-import { Failure } from '../types/index.js';
+import { Failure, Provenance } from '../types/index.js';
 export interface SecurityVulnerability {
     type: string;
     severity: 'critical' | 'high' | 'medium' | 'low';
@@ -39,6 +39,7 @@ export declare class SecurityPatternsGate extends Gate {
     private config;
     private severityOrder;
     constructor(config?: SecurityPatternsConfig);
+    protected get provenance(): Provenance;
     run(context: GateContext): Promise<Failure[]>;
     private scanFileForVulnerabilities;
 }

package/dist/gates/security-patterns.js

@@ -148,6 +148,7 @@ export class SecurityPatternsGate extends Gate {
             block_on_severity: config.block_on_severity ?? 'high',
         };
     }
+    get provenance() { return 'security'; }
     async run(context) {
         if (!this.config.enabled) {
             return [];
@@ -186,7 +187,7 @@ export class SecurityPatternsGate extends Gate {
         const blockThreshold = this.severityOrder[this.config.block_on_severity ?? 'high'];
         for (const vuln of filteredVulns) {
             if (this.severityOrder[vuln.severity] <= blockThreshold) {
-                failures.push(this.createFailure(`[${vuln.cwe}] ${vuln.description}`, [vuln.file], `Found: "${vuln.match.slice(0, 60)}..." - Use parameterized queries/sanitization.`, `Security: ${vuln.type.replace('_', ' ').toUpperCase()}`, vuln.line, vuln.line));
+                failures.push(this.createFailure(`[${vuln.cwe}] ${vuln.description}`, [vuln.file], `Found: "${vuln.match.slice(0, 60)}..." - Use parameterized queries/sanitization.`, `Security: ${vuln.type.replace('_', ' ').toUpperCase()}`, vuln.line, vuln.line, vuln.severity));
             }
         }
         if (filteredVulns.length > 0 && failures.length === 0) {

package/dist/gates/structure.js

@@ -17,7 +17,7 @@ export class StructureGate extends Gate {
         }
         if (missing.length > 0) {
             return [
-                this.createFailure('The following required files are missing:', missing, 'Create these files to maintain project documentation and consistency.'),
+                this.createFailure('The following required files are missing:', missing, 'Create these files to maintain project documentation and consistency.', undefined, undefined, undefined, 'low'),
             ];
         }
         return [];

package/dist/index.d.ts

@@ -7,3 +7,4 @@ export * from './types/fix-packet.js';
 export { Gate, GateContext } from './gates/base.js';
 export { RetryLoopBreakerGate } from './gates/retry-loop-breaker.js';
 export * from './utils/logger.js';
+export * from './services/score-history.js';

package/dist/index.js

@@ -7,6 +7,7 @@ export * from './types/fix-packet.js';
 export { Gate } from './gates/base.js';
 export { RetryLoopBreakerGate } from './gates/retry-loop-breaker.js';
 export * from './utils/logger.js';
+export * from './services/score-history.js';
 // Pattern Index is intentionally NOT exported here to prevent
 // native dependency issues (sharp/transformers) from leaking into 
 // non-AI parts of the system. 

package/dist/services/fix-packet-service.d.ts

@@ -2,5 +2,4 @@ import { Report, Config } from '../types/index.js';
 import { FixPacketV2 } from '../types/fix-packet.js';
 export declare class FixPacketService {
     generate(report: Report, config: Config): FixPacketV2;
-    private inferSeverity;
 }

package/dist/services/fix-packet-service.js

@@ -1,17 +1,22 @@
 import { FixPacketV2Schema } from '../types/fix-packet.js';
 export class FixPacketService {
     generate(report, config) {
-        const violations = report.failures.map(f => ({
+        // Sort violations: critical first, then high, medium, low, info
+        const severityOrder = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
+        const violations = report.failures
+            .map(f => ({
             id: f.id,
             gate: f.id,
-            severity: this.inferSeverity(f),
+            severity: (f.severity || 'medium'),
+            category: f.provenance,
             title: f.title,
             details: f.details,
             files: f.files,
             hint: f.hint,
-            instructions: f.hint ? [f.hint] : [], // Use hint as first instruction
+            instructions: f.hint ? [f.hint] : [],
             metrics: f.metrics,
-        }));
+        }))
+            .sort((a, b) => (severityOrder[a.severity] ?? 2) - (severityOrder[b.severity] ?? 2));
         const packet = {
             version: 2,
             goal: "Achieve PASS state by resolving all listed engineering violations.",
@@ -26,14 +31,4 @@ export class FixPacketService {
         };
         return FixPacketV2Schema.parse(packet);
     }
-    inferSeverity(f) {
-        // High complexity or God objects are usually High severity
-        if (f.id === 'ast-analysis')
-            return 'high';
-        // Unit test or Lint failures are Medium
-        if (f.id === 'test' || f.id === 'lint')
-            return 'medium';
-        // Documentation or small file size issues are Low
-        return 'medium';
-    }
 }

package/dist/services/score-history.d.ts

@@ -0,0 +1,54 @@
+/**
+ * Score History Service
+ *
+ * Append-only JSONL tracking of quality scores over time.
+ * Used for compliance dashboards, trend analysis, and audit reports.
+ *
+ * Uses JSONL (not JSON) to avoid read-modify-write race conditions
+ * when multiple agents run checks concurrently.
+ *
+ * @since v2.17.0
+ */
+export interface ScoreEntry {
+    timestamp: string;
+    status: 'PASS' | 'FAIL' | 'SKIP' | 'ERROR';
+    score: number;
+    ai_health_score?: number;
+    structural_score?: number;
+    failureCount: number;
+    severity_breakdown: Record<string, number>;
+    provenance_breakdown: Record<string, number>;
+}
+export interface ScoreTrend {
+    direction: 'improving' | 'stable' | 'degrading';
+    delta: number;
+    recentAvg: number;
+    previousAvg: number;
+    recentScores: number[];
+}
+/**
+ * Record a score entry after a rigour check run.
+ * Appends a single JSONL line. Auto-trims to MAX_ENTRIES.
+ */
+export declare function recordScore(cwd: string, report: {
+    status: string;
+    stats: {
+        score?: number;
+        ai_health_score?: number;
+        structural_score?: number;
+        severity_breakdown?: Record<string, number>;
+        provenance_breakdown?: Record<string, number>;
+    };
+    failures: {
+        length: number;
+    } | any[];
+}): void;
+/**
+ * Read the last N score entries.
+ */
+export declare function getScoreHistory(cwd: string, limit?: number): ScoreEntry[];
+/**
+ * Calculate score trend from history.
+ * Compares average of last 5 runs vs previous 5 runs.
+ */
+export declare function getScoreTrend(cwd: string): ScoreTrend | null;

package/dist/services/score-history.js

@@ -0,0 +1,122 @@
+/**
+ * Score History Service
+ *
+ * Append-only JSONL tracking of quality scores over time.
+ * Used for compliance dashboards, trend analysis, and audit reports.
+ *
+ * Uses JSONL (not JSON) to avoid read-modify-write race conditions
+ * when multiple agents run checks concurrently.
+ *
+ * @since v2.17.0
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+const MAX_ENTRIES = 100;
+const HISTORY_FILE = 'score-history.jsonl';
+function getHistoryPath(cwd) {
+    return path.join(cwd, '.rigour', HISTORY_FILE);
+}
+/**
+ * Record a score entry after a rigour check run.
+ * Appends a single JSONL line. Auto-trims to MAX_ENTRIES.
+ */
+export function recordScore(cwd, report) {
+    try {
+        const rigourDir = path.join(cwd, '.rigour');
+        if (!fs.existsSync(rigourDir)) {
+            fs.mkdirSync(rigourDir, { recursive: true });
+        }
+        const entry = {
+            timestamp: new Date().toISOString(),
+            status: report.status,
+            score: report.stats.score ?? 100,
+            ai_health_score: report.stats.ai_health_score,
+            structural_score: report.stats.structural_score,
+            failureCount: Array.isArray(report.failures) ? report.failures.length : 0,
+            severity_breakdown: report.stats.severity_breakdown ?? {},
+            provenance_breakdown: report.stats.provenance_breakdown ?? {},
+        };
+        const historyPath = getHistoryPath(cwd);
+        fs.appendFileSync(historyPath, JSON.stringify(entry) + '\n');
+        // Auto-trim if over MAX_ENTRIES
+        trimHistory(historyPath);
+    }
+    catch {
+        // Silent fail — score tracking should never break the check command
+    }
+}
+/**
+ * Read the last N score entries.
+ */
+export function getScoreHistory(cwd, limit = 20) {
+    try {
+        const historyPath = getHistoryPath(cwd);
+        if (!fs.existsSync(historyPath))
+            return [];
+        const lines = fs.readFileSync(historyPath, 'utf-8')
+            .trim()
+            .split('\n')
+            .filter(line => line.length > 0);
+        const entries = lines.map(line => JSON.parse(line));
+        return entries.slice(-limit);
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Calculate score trend from history.
+ * Compares average of last 5 runs vs previous 5 runs.
+ */
+export function getScoreTrend(cwd) {
+    const history = getScoreHistory(cwd, 20);
+    if (history.length < 3)
+        return null;
+    const scores = history.map(e => e.score);
+    const recentScores = scores.slice(-5);
+    const previousScores = scores.slice(-10, -5);
+    const recentAvg = recentScores.reduce((a, b) => a + b, 0) / recentScores.length;
+    if (previousScores.length === 0) {
+        return {
+            direction: 'stable',
+            delta: 0,
+            recentAvg: Math.round(recentAvg),
+            previousAvg: Math.round(recentAvg),
+            recentScores,
+        };
+    }
+    const previousAvg = previousScores.reduce((a, b) => a + b, 0) / previousScores.length;
+    const delta = recentAvg - previousAvg;
+    let direction;
+    if (delta > 3)
+        direction = 'improving';
+    else if (delta < -3)
+        direction = 'degrading';
+    else
+        direction = 'stable';
+    return {
+        direction,
+        delta: Math.round(delta * 10) / 10,
+        recentAvg: Math.round(recentAvg),
+        previousAvg: Math.round(previousAvg),
+        recentScores,
+    };
+}
+/**
+ * Trim JSONL file to last MAX_ENTRIES lines.
+ */
+function trimHistory(historyPath) {
+    try {
+        const lines = fs.readFileSync(historyPath, 'utf-8')
+            .trim()
+            .split('\n')
+            .filter(line => line.length > 0);
+        if (lines.length > MAX_ENTRIES) {
+            const trimmed = lines.slice(-MAX_ENTRIES);
+            fs.writeFileSync(historyPath, trimmed.join('\n') + '\n');
+        }
+    }
+    catch {
+        // Silent fail
+    }
+}

package/dist/templates/index.js

@@ -135,6 +135,167 @@ export const TEMPLATES = [
             ],
         },
     },
+    // --- Regulated Industry Presets ---
+    {
+        name: 'healthcare',
+        markers: [
+            'hl7', 'fhir', 'hipaa', 'medical', 'patient', 'health',
+            'ehr', 'phi', 'dicom', 'icd-10', 'snomed',
+        ],
+        config: {
+            preset: 'healthcare',
+            ignore: [
+                '.git/**', 'node_modules/**', 'dist/**', 'build/**',
+                'venv/**', '.venv/**', '__pycache__/**',
+            ],
+            gates: {
+                max_file_lines: 300,
+                required_files: ['docs/COMPLIANCE.md', 'docs/SPEC.md', 'docs/ARCH.md', 'README.md'],
+                security: {
+                    enabled: true,
+                    sql_injection: true,
+                    xss: true,
+                    path_traversal: true,
+                    hardcoded_secrets: true,
+                    insecure_randomness: true,
+                    command_injection: true,
+                    block_on_severity: 'critical',
+                },
+            },
+        },
+    },
+    {
+        name: 'fintech',
+        markers: [
+            'trading', 'payment', 'kyc', 'aml', 'pci', 'transaction',
+            'ledger', 'banking', 'stripe', 'plaid', 'sox',
+        ],
+        config: {
+            preset: 'fintech',
+            ignore: [
+                '.git/**', 'node_modules/**', 'dist/**', 'build/**',
+                'venv/**', '.venv/**', '__pycache__/**', 'vendor/**',
+            ],
+            gates: {
+                max_file_lines: 350,
+                required_files: ['docs/AUDIT_LOG.md', 'docs/SPEC.md', 'docs/ARCH.md', 'README.md'],
+                security: {
+                    enabled: true,
+                    sql_injection: true,
+                    xss: true,
+                    path_traversal: true,
+                    hardcoded_secrets: true,
+                    insecure_randomness: true,
+                    command_injection: true,
+                    block_on_severity: 'high',
+                },
+                agent_team: {
+                    enabled: true,
+                    max_concurrent_agents: 3,
+                    cross_agent_pattern_check: true,
+                    handoff_verification: true,
+                    task_ownership: 'strict',
+                },
+            },
+        },
+    },
+    {
+        name: 'government',
+        markers: [
+            'fedramp', 'nist', 'cmmc', 'federal', 'govcloud',
+            'il4', 'il5', 'fisma', 'itar', 'cui',
+        ],
+        config: {
+            preset: 'government',
+            ignore: [
+                '.git/**', 'node_modules/**', 'dist/**', 'build/**',
+                'venv/**', '.venv/**', '__pycache__/**', 'vendor/**',
+            ],
+            gates: {
+                max_file_lines: 250,
+                required_files: ['docs/SECURITY.md', 'docs/SPEC.md', 'docs/ARCH.md', 'README.md'],
+                ast: {
+                    complexity: 8,
+                    max_methods: 10,
+                    max_params: 4,
+                    max_nesting: 3,
+                    max_inheritance_depth: 3,
+                    max_class_dependencies: 5,
+                    max_function_lines: 40,
+                },
+                security: {
+                    enabled: true,
+                    sql_injection: true,
+                    xss: true,
+                    path_traversal: true,
+                    hardcoded_secrets: true,
+                    insecure_randomness: true,
+                    command_injection: true,
+                    block_on_severity: 'medium',
+                },
+                agent_team: {
+                    enabled: true,
+                    max_concurrent_agents: 3,
+                    cross_agent_pattern_check: true,
+                    handoff_verification: true,
+                    task_ownership: 'strict',
+                },
+                checkpoint: {
+                    enabled: true,
+                    interval_minutes: 10,
+                    quality_threshold: 85,
+                    drift_detection: true,
+                    auto_save_on_failure: true,
+                },
+            },
+        },
+    },
+    // DevSecOps / Security SRE preset
+    {
+        name: 'devsecops',
+        markers: [
+            'trivy', 'snyk', 'semgrep', 'sonarqube', 'owasp',
+            'sast', 'dast', 'pentest', 'vulnerability', 'cve',
+            'security-scan', 'falco', 'wazuh', 'ossec',
+        ],
+        config: {
+            preset: 'devsecops',
+            ignore: [
+                '.git/**', 'node_modules/**', 'dist/**', 'build/**',
+                'venv/**', '.venv/**', '__pycache__/**', 'vendor/**',
+            ],
+            gates: {
+                max_file_lines: 300,
+                required_files: ['docs/SECURITY.md', 'docs/RUNBOOK.md', 'README.md'],
+                ast: {
+                    complexity: 10,
+                    max_methods: 10,
+                    max_params: 5,
+                    max_nesting: 3,
+                    max_inheritance_depth: 3,
+                    max_class_dependencies: 5,
+                    max_function_lines: 50,
+                },
+                security: {
+                    enabled: true,
+                    sql_injection: true,
+                    xss: true,
+                    path_traversal: true,
+                    hardcoded_secrets: true,
+                    insecure_randomness: true,
+                    command_injection: true,
+                    block_on_severity: 'high',
+                },
+                agent_team: {
+                    enabled: true,
+                    max_concurrent_agents: 3,
+                    cross_agent_pattern_check: true,
+                    handoff_verification: true,
+                    task_ownership: 'strict',
+                },
+            },
+        },
+    },
 ];
 export const PARADIGM_TEMPLATES = [
     {
@@ -286,6 +447,40 @@ export const UNIVERSAL_CONFIG = {
                 'prefer-const': false,
             },
         },
+        duplication_drift: {
+            enabled: true,
+            similarity_threshold: 0.8,
+            min_body_lines: 5,
+        },
+        hallucinated_imports: {
+            enabled: true,
+            check_relative: true,
+            check_packages: true,
+            ignore_patterns: [
+                '\\.css$', '\\.scss$', '\\.less$', '\\.svg$', '\\.png$', '\\.jpg$',
+                '\\.json$', '\\.wasm$', '\\.graphql$', '\\.gql$',
+            ],
+        },
+        inconsistent_error_handling: {
+            enabled: true,
+            max_strategies_per_type: 2,
+            min_occurrences: 3,
+            ignore_empty_catches: false,
+        },
+        context_window_artifacts: {
+            enabled: true,
+            min_file_lines: 100,
+            degradation_threshold: 0.4,
+            signals_required: 2,
+        },
+        promise_safety: {
+            enabled: true,
+            check_unhandled_then: true,
+            check_unsafe_parse: true,
+            check_async_without_await: true,
+            check_unsafe_fetch: true,
+            ignore_patterns: [],
+        },
     },
     output: {
         report_path: 'rigour-report.json',

package/dist/types/fix-packet.d.ts

@@ -9,7 +9,7 @@ export declare const FixPacketV2Schema: z.ZodObject<{
     violations: z.ZodArray<z.ZodObject<{
         id: z.ZodString;
         gate: z.ZodString;
-        severity: z.ZodDefault<z.ZodEnum<["low", "medium", "high", "critical"]>>;
+        severity: z.ZodDefault<z.ZodEnum<["info", "low", "medium", "high", "critical"]>>;
         category: z.ZodOptional<z.ZodString>;
         title: z.ZodString;
         details: z.ZodString;
@@ -21,8 +21,8 @@ export declare const FixPacketV2Schema: z.ZodObject<{
         id: string;
         title: string;
         details: string;
+        severity: "critical" | "high" | "medium" | "low" | "info";
         gate: string;
-        severity: "critical" | "high" | "medium" | "low";
         files?: string[] | undefined;
         hint?: string | undefined;
         category?: string | undefined;
@@ -33,10 +33,10 @@ export declare const FixPacketV2Schema: z.ZodObject<{
         title: string;
         details: string;
         gate: string;
+        severity?: "critical" | "high" | "medium" | "low" | "info" | undefined;
         files?: string[] | undefined;
         hint?: string | undefined;
         category?: string | undefined;
-        severity?: "critical" | "high" | "medium" | "low" | undefined;
         instructions?: string[] | undefined;
         metrics?: Record<string, any> | undefined;
     }>, "many">;
@@ -69,8 +69,8 @@ export declare const FixPacketV2Schema: z.ZodObject<{
         id: string;
         title: string;
         details: string;
+        severity: "critical" | "high" | "medium" | "low" | "info";
         gate: string;
-        severity: "critical" | "high" | "medium" | "low";
         files?: string[] | undefined;
         hint?: string | undefined;
         category?: string | undefined;
@@ -92,10 +92,10 @@ export declare const FixPacketV2Schema: z.ZodObject<{
         title: string;
         details: string;
         gate: string;
+        severity?: "critical" | "high" | "medium" | "low" | "info" | undefined;
         files?: string[] | undefined;
         hint?: string | undefined;
         category?: string | undefined;
-        severity?: "critical" | "high" | "medium" | "low" | undefined;
         instructions?: string[] | undefined;
         metrics?: Record<string, any> | undefined;
     }[];

package/dist/types/fix-packet.js

@@ -9,7 +9,7 @@ export const FixPacketV2Schema = z.object({
     violations: z.array(z.object({
         id: z.string(),
         gate: z.string(),
-        severity: z.enum(['low', 'medium', 'high', 'critical']).default('medium'),
+        severity: z.enum(['info', 'low', 'medium', 'high', 'critical']).default('medium'),
         category: z.string().optional(),
         title: z.string(),
         details: z.string(),