@rigour-labs/core 4.1.0 → 4.2.0

package/dist/hooks/checker.js

@@ -12,6 +12,7 @@ import fs from 'fs-extra';
 import path from 'path';
 import yaml from 'yaml';
 import { ConfigSchema } from '../types/index.js';
+import { scanInputForCredentials } from './input-validator.js';
 const JS_TS_PATTERN = /\.(ts|tsx|js|jsx|mts|mjs)$/;
 /**
  * Load rigour config from cwd, falling back to defaults.
@@ -42,6 +43,8 @@ async function resolveFile(filePath, cwd) {
 function checkFile(content, relPath, cwd, config) {
     const failures = [];
     const lines = content.split('\n');
+    // Gate 0: Memory & Skills Governance — block writes to agent-native memory paths
+    checkGovernance(content, relPath, config, failures);
     // Gate 1: File size
     const maxLines = config.gates.max_file_lines ?? 500;
     if (lines.length > maxLines) {
@@ -220,3 +223,89 @@ function checkCommandInjection(line, i, relPath, failures) {
         });
     }
 }
+// ── Memory & Skills Governance (v4.2+) ────────────────────────────
+/**
+ * Simple glob matcher — handles exact paths, `*` (single segment),
+ * and `**` (any depth). No external dependencies.
+ */
+function simpleGlob(filePath, pattern) {
+    // Exact match
+    if (filePath === pattern)
+        return true;
+    // Convert glob to regex: ** → any path, * → single segment
+    const regexStr = pattern
+        .replace(/[.+^${}()|[\]\\]/g, '\\$&') // escape regex specials (except * and ?)
+        .replace(/\*\*/g, '<<<DOUBLESTAR>>>')
+        .replace(/\*/g, '[^/]*')
+        .replace(/<<<DOUBLESTAR>>>/g, '.*');
+    return new RegExp(`^${regexStr}$`).test(filePath);
+}
+/**
+ * Intercept writes to agent-native memory AND skills files.
+ *
+ * Two separate enforcement layers:
+ *   1. enforce_memory — blocks writes to CLAUDE.md, .clinerules, .windsurf/memories/
+ *      → tells agent: "use rigour_remember instead"
+ *   2. enforce_skills — blocks writes to .claude/skills/, .cursor/rules/, etc.
+ *      → tells agent: "use rigour skills system instead"
+ *
+ * Both layers DLP-scan content for credentials regardless of blocking.
+ *
+ * Users can disable via rigour.yml:
+ *   gates:
+ *     governance:
+ *       enabled: false          # disable everything
+ *       enforce_memory: false   # allow native memory, still enforce skills
+ *       enforce_skills: false   # allow native skills, still enforce memory
+ *
+ * @since v4.2.0
+ */
+function checkGovernance(content, relPath, config, failures) {
+    const gov = config.gates.governance;
+    if (!gov?.enabled)
+        return;
+    const exemptPaths = gov.exempt_paths ?? [];
+    const normalizedPath = relPath.replace(/\\/g, '/');
+    // Check exemptions first (Rigour's own hook configs)
+    const isExempt = exemptPaths.some(pattern => simpleGlob(normalizedPath, pattern));
+    if (isExempt)
+        return;
+    // ── Check memory paths ──
+    const memoryPaths = gov.protected_memory_paths ?? [];
+    const isMemoryPath = memoryPaths.some(pattern => simpleGlob(normalizedPath, pattern));
+    // ── Check skills paths ──
+    const skillsPaths = gov.protected_skills_paths ?? [];
+    const isSkillsPath = skillsPaths.some((pattern) => simpleGlob(normalizedPath, pattern));
+    if (!isMemoryPath && !isSkillsPath)
+        return;
+    // ── Enforcement: block memory writes ──
+    if (isMemoryPath && gov.enforce_memory && gov.block_native_memory) {
+        failures.push({
+            gate: 'governance',
+            file: relPath,
+            message: `BLOCKED: Agent writing to native memory path "${relPath}". Use rigour_remember instead — it DLP-scans and persists safely to .rigour/memory.json`,
+            severity: 'critical',
+        });
+    }
+    // ── Enforcement: block skills writes ──
+    if (isSkillsPath && gov.enforce_skills) {
+        failures.push({
+            gate: 'governance-skills',
+            file: relPath,
+            message: `BLOCKED: Agent writing to native skills/rules path "${relPath}". Use Rigour skills system instead — governed, DLP-scanned, and auditable`,
+            severity: 'critical',
+        });
+    }
+    // ── DLP scan the content being written (always, regardless of block settings) ──
+    const dlpResult = scanInputForCredentials(content);
+    if (dlpResult.status !== 'clean') {
+        for (const detection of dlpResult.detections) {
+            failures.push({
+                gate: 'governance-dlp',
+                file: relPath,
+                message: `${detection.description} found in agent ${isMemoryPath ? 'memory' : 'skills'} file. ${detection.recommendation}`,
+                severity: detection.severity === 'critical' ? 'critical' : 'high',
+            });
+        }
+    }
+}

package/dist/hooks/dlp-templates.d.ts

@@ -0,0 +1,26 @@
+/**
+ * DLP Hook Templates — Pre-Input Credential Interception
+ *
+ * Generates tool-native hook configs that intercept user input
+ * BEFORE it reaches the AI agent. Complements the existing
+ * post-output templates in templates.ts.
+ *
+ * Hook events:
+ * - Claude Code: PreToolUse matcher (all tools)
+ * - Cursor: beforeFileEdit event
+ * - Cline: PreToolUse executable script
+ * - Windsurf: pre_write_code event
+ *
+ * @since v4.2.0 — AI Agent DLP layer
+ */
+import type { HookTool } from './types.js';
+export interface GeneratedDLPHookFile {
+    path: string;
+    content: string;
+    executable?: boolean;
+    description: string;
+}
+/**
+ * Generate DLP (pre-input) hook config files for a specific tool.
+ */
+export declare function generateDLPHookFiles(tool: HookTool, checkerCommand: string): GeneratedDLPHookFile[];

package/dist/hooks/dlp-templates.js

@@ -0,0 +1,281 @@
+/**
+ * DLP Hook Templates — Pre-Input Credential Interception
+ *
+ * Generates tool-native hook configs that intercept user input
+ * BEFORE it reaches the AI agent. Complements the existing
+ * post-output templates in templates.ts.
+ *
+ * Hook events:
+ * - Claude Code: PreToolUse matcher (all tools)
+ * - Cursor: beforeFileEdit event
+ * - Cline: PreToolUse executable script
+ * - Windsurf: pre_write_code event
+ *
+ * @since v4.2.0 — AI Agent DLP layer
+ */
+/**
+ * Generate DLP (pre-input) hook config files for a specific tool.
+ */
+export function generateDLPHookFiles(tool, checkerCommand) {
+    switch (tool) {
+        case 'claude':
+            return generateClaudeDLPHooks(checkerCommand);
+        case 'cursor':
+            return generateCursorDLPHooks(checkerCommand);
+        case 'cline':
+            return generateClineDLPHooks(checkerCommand);
+        case 'windsurf':
+            return generateWindsurfDLPHooks(checkerCommand);
+        default:
+            return [];
+    }
+}
+// ── Claude Code DLP Hook ──────────────────────────────────────────
+function generateClaudeDLPHooks(checkerCommand) {
+    // Claude Code supports PreToolUse hooks that fire BEFORE tool execution.
+    // We intercept all tool uses to scan user input for credentials.
+    const settings = {
+        hooks: {
+            PreToolUse: [
+                {
+                    matcher: ".*",
+                    hooks: [
+                        {
+                            type: "command",
+                            command: `${checkerCommand} --mode dlp --stdin`,
+                        }
+                    ]
+                }
+            ]
+        }
+    };
+    return [
+        {
+            path: '.claude/dlp-settings.json',
+            content: JSON.stringify(settings, null, 4),
+            description: 'Claude Code PreToolUse DLP hook — scans input for credentials before agent processing',
+        },
+    ];
+}
+// ── Cursor DLP Hook ───────────────────────────────────────────────
+function generateCursorDLPHooks(checkerCommand) {
+    const hooks = {
+        version: 1,
+        hooks: {
+            beforeFileEdit: [
+                {
+                    command: `${checkerCommand} --mode dlp --stdin`,
+                }
+            ]
+        }
+    };
+    const wrapper = `#!/usr/bin/env node
+/**
+ * Cursor DLP hook — scans input for credentials before agent processing.
+ * Receives { file_path, new_content } on stdin.
+ * Runs Rigour credential scanner on the content.
+ *
+ * @since v4.2.0 — AI Agent DLP
+ */
+
+let data = '';
+process.stdin.on('data', chunk => { data += chunk; });
+process.stdin.on('end', async () => {
+    try {
+        const payload = JSON.parse(data);
+        const textToScan = payload.new_content || payload.content || '';
+
+        if (!textToScan) {
+            process.stdout.write(JSON.stringify({ status: 'ok' }));
+            return;
+        }
+
+        const { spawnSync } = require('child_process');
+        const proc = spawnSync(
+            'node',
+            [require.resolve('@rigour-labs/core/dist/hooks/standalone-dlp-checker.js')],
+            {
+                input: textToScan,
+                encoding: 'utf-8',
+                timeout: 3000,
+            }
+        );
+
+        if (proc.error) throw proc.error;
+
+        const result = JSON.parse((proc.stdout || '').trim());
+        if (result.status === 'blocked') {
+            process.stderr.write('[rigour/dlp] ' + result.detections.length + ' credential(s) BLOCKED\\n');
+            for (const d of result.detections) {
+                process.stderr.write('  [' + d.severity.toUpperCase() + '] ' + d.description + '\\n');
+                process.stderr.write('    → ' + d.recommendation + '\\n');
+            }
+            process.exit(2); // Block the operation
+        }
+
+        process.stdout.write(JSON.stringify({ status: 'ok' }));
+    } catch (err) {
+        process.stderr.write('Rigour DLP hook error: ' + err.message + '\\n');
+        process.stdout.write(JSON.stringify({ status: 'ok' }));
+    }
+});
+`;
+    return [
+        {
+            path: '.cursor/dlp-hooks.json',
+            content: JSON.stringify(hooks, null, 4),
+            description: 'Cursor DLP hook config — pre-input credential scanning',
+        },
+        {
+            path: '.cursor/rigour-dlp-hook.js',
+            content: wrapper,
+            executable: true,
+            description: 'Cursor DLP hook wrapper — credential interception',
+        },
+    ];
+}
+// ── Cline DLP Hook ────────────────────────────────────────────────
+function generateClineDLPHooks(checkerCommand) {
+    const script = `#!/usr/bin/env node
+/**
+ * Cline PreToolUse DLP hook for Rigour.
+ * Receives JSON on stdin with { toolName, toolInput }.
+ * Scans tool input for credentials BEFORE execution.
+ *
+ * @since v4.2.0 — AI Agent DLP
+ */
+
+let data = '';
+process.stdin.on('data', chunk => { data += chunk; });
+process.stdin.on('end', async () => {
+    try {
+        const payload = JSON.parse(data);
+
+        // Extract all string values from toolInput to scan
+        const textsToScan = [];
+        if (payload.toolInput) {
+            for (const [key, value] of Object.entries(payload.toolInput)) {
+                if (typeof value === 'string' && value.length > 5) {
+                    textsToScan.push(value);
+                }
+            }
+        }
+
+        if (textsToScan.length === 0) {
+            process.stdout.write(JSON.stringify({}));
+            return;
+        }
+
+        const combined = textsToScan.join('\\n');
+        const { spawnSync } = require('child_process');
+        const proc = spawnSync(
+            'node',
+            [require.resolve('@rigour-labs/core/dist/hooks/standalone-dlp-checker.js')],
+            {
+                input: combined,
+                encoding: 'utf-8',
+                timeout: 3000,
+            }
+        );
+
+        if (proc.error) throw proc.error;
+
+        const result = JSON.parse((proc.stdout || '').trim());
+        if (result.status === 'blocked') {
+            const msgs = result.detections
+                .map(d => '[rigour/dlp/' + d.type + '] ' + d.description + ' → ' + d.recommendation)
+                .join('\\n');
+
+            process.stdout.write(JSON.stringify({
+                contextModification: '\\n🛑 [Rigour DLP] ' + result.detections.length + ' credential(s) BLOCKED before agent processing:\\n' + msgs + '\\nReplace with environment variable references.',
+            }));
+            process.exit(2);
+        } else {
+            process.stdout.write(JSON.stringify({}));
+        }
+    } catch (err) {
+        process.stderr.write('Rigour DLP hook error: ' + err.message + '\\n');
+        process.stdout.write(JSON.stringify({}));
+    }
+});
+`;
+    return [
+        {
+            path: '.clinerules/hooks/PreToolUse',
+            content: script,
+            executable: true,
+            description: 'Cline PreToolUse DLP hook — credential interception before agent execution',
+        },
+    ];
+}
+// ── Windsurf DLP Hook ─────────────────────────────────────────────
+function generateWindsurfDLPHooks(checkerCommand) {
+    const hooks = {
+        version: 1,
+        hooks: {
+            pre_write_code: [
+                {
+                    command: `${checkerCommand} --mode dlp --stdin`,
+                }
+            ]
+        }
+    };
+    const wrapper = `#!/usr/bin/env node
+/**
+ * Windsurf DLP hook — scans input for credentials before Cascade agent processing.
+ * Receives { file_path, content } on stdin.
+ *
+ * @since v4.2.0 — AI Agent DLP
+ */
+
+let data = '';
+process.stdin.on('data', chunk => { data += chunk; });
+process.stdin.on('end', async () => {
+    try {
+        const payload = JSON.parse(data);
+        const textToScan = payload.content || '';
+
+        if (!textToScan) {
+            return;
+        }
+
+        const { spawnSync } = require('child_process');
+        const proc = spawnSync(
+            'node',
+            [require.resolve('@rigour-labs/core/dist/hooks/standalone-dlp-checker.js')],
+            {
+                input: textToScan,
+                encoding: 'utf-8',
+                timeout: 3000,
+            }
+        );
+
+        if (proc.error) throw proc.error;
+
+        const result = JSON.parse((proc.stdout || '').trim());
+        if (result.status === 'blocked') {
+            for (const d of result.detections) {
+                process.stderr.write('[rigour/dlp] 🛑 ' + d.severity.toUpperCase() + ': ' + d.description + '\\n');
+                process.stderr.write('  → ' + d.recommendation + '\\n');
+            }
+            process.exit(2); // Block
+        }
+    } catch (err) {
+        process.stderr.write('Rigour DLP hook error: ' + err.message + '\\n');
+    }
+});
+`;
+    return [
+        {
+            path: '.windsurf/dlp-hooks.json',
+            content: JSON.stringify(hooks, null, 4),
+            description: 'Windsurf DLP hook config — pre-input credential scanning',
+        },
+        {
+            path: '.windsurf/rigour-dlp-hook.js',
+            content: wrapper,
+            executable: true,
+            description: 'Windsurf DLP hook wrapper — credential interception before Cascade',
+        },
+    ];
+}

package/dist/hooks/index.d.ts

@@ -2,8 +2,13 @@
  * Hooks module — multi-tool hook integration for Rigour.
  *
  * @since v3.0.0
+ * @since v4.2.0 — AI Agent DLP (Data Loss Prevention)
  */
 export { runHookChecker } from './checker.js';
 export { generateHookFiles } from './templates.js';
 export type { HookTool, HookConfig, HookCheckerResult } from './types.js';
 export { DEFAULT_HOOK_CONFIG, FAST_GATE_IDS } from './types.js';
+export { scanInputForCredentials, formatDLPAlert, createDLPAuditEntry } from './input-validator.js';
+export type { CredentialDetection, InputValidationResult, InputValidationConfig } from './input-validator.js';
+export { generateDLPHookFiles } from './dlp-templates.js';
+export type { GeneratedDLPHookFile } from './dlp-templates.js';

package/dist/hooks/index.js

@@ -2,7 +2,11 @@
  * Hooks module — multi-tool hook integration for Rigour.
  *
  * @since v3.0.0
+ * @since v4.2.0 — AI Agent DLP (Data Loss Prevention)
  */
 export { runHookChecker } from './checker.js';
 export { generateHookFiles } from './templates.js';
 export { DEFAULT_HOOK_CONFIG, FAST_GATE_IDS } from './types.js';
+// DLP (Data Loss Prevention) — v4.2.0
+export { scanInputForCredentials, formatDLPAlert, createDLPAuditEntry } from './input-validator.js';
+export { generateDLPHookFiles } from './dlp-templates.js';

package/dist/hooks/input-validator.d.ts

@@ -0,0 +1,70 @@
+/**
+ * Input Validation Gate — AI Agent DLP (Data Loss Prevention)
+ *
+ * Scans user input text for credentials, secrets, and sensitive data
+ * BEFORE it reaches any AI agent. This is the pre-input counterpart
+ * to the existing post-output security patterns in checker.ts.
+ *
+ * Supported credential types:
+ * - AWS Access Keys (AKIA...)
+ * - OpenAI / Anthropic / GitHub API keys (sk-*, ghp_*, etc.)
+ * - Private keys (PEM format)
+ * - Database connection strings (postgresql://, mongodb://, mysql://, redis://)
+ * - Bearer tokens and JWTs
+ * - Generic password/secret assignments
+ * - .env format strings (KEY=value)
+ * - Azure / GCP / Stripe / Twilio keys
+ *
+ * @since v4.2.0 — AI Agent DLP layer
+ */
+export interface CredentialDetection {
+    type: string;
+    severity: 'critical' | 'high' | 'medium';
+    match: string;
+    redacted: string;
+    description: string;
+    recommendation: string;
+    compliance: string[];
+    position?: {
+        start: number;
+        end: number;
+    };
+}
+export interface InputValidationResult {
+    status: 'clean' | 'blocked' | 'warning';
+    detections: CredentialDetection[];
+    duration_ms: number;
+    scanned_length: number;
+}
+export interface InputValidationConfig {
+    enabled?: boolean;
+    block_on_detection?: boolean;
+    /** Minimum length for generic secret values to avoid false positives */
+    min_secret_length?: number;
+    /** Custom patterns to add (regex strings) */
+    custom_patterns?: string[];
+    /** Patterns to ignore (regex strings for whitelisting) */
+    ignore_patterns?: string[];
+    /** Log blocked inputs to audit trail */
+    audit_log?: boolean;
+}
+/**
+ * Scan input text for credential patterns.
+ * Returns all detections with type, severity, and recommendations.
+ *
+ * Designed to complete in <50ms for real-time pre-input hooks.
+ */
+export declare function scanInputForCredentials(input: string, config?: InputValidationConfig): InputValidationResult;
+/**
+ * Format a blocked input result for display in IDE/terminal.
+ * Used by hooks and CLI for human-readable output.
+ */
+export declare function formatDLPAlert(result: InputValidationResult): string;
+/**
+ * Generate a structured audit log entry for a DLP event.
+ */
+export declare function createDLPAuditEntry(result: InputValidationResult, metadata: {
+    agent: string;
+    timestamp?: string;
+    userId?: string;
+}): Record<string, unknown>;