@rigour-labs/core 4.1.1 → 4.2.1

package/dist/gates/promise-safety.js

@@ -157,6 +157,47 @@ export class PromiseSafetyGate extends Gate {
             const funcName = match[1];
             const body = extractIndentedBody(content, match.index + match[0].length);
             if (body && !/\bawait\b/.test(body) && body.trim().split('\n').length > 2) {
+                // Check for framework decorators that require async def without await.
+                // FastAPI, Starlette, Django, pytest, and other frameworks use async handlers
+                // that legitimately don't need await (e.g. exception handlers, simple endpoints).
+                const linesBefore = content.substring(0, match.index);
+                const precedingLines = linesBefore.split('\n');
+                let hasFrameworkDecorator = false;
+                // Walk backwards to find decorators (immediately preceding lines starting with @)
+                for (let j = precedingLines.length - 1; j >= 0 && j >= precedingLines.length - 5; j--) {
+                    const trimmedLine = precedingLines[j].trim();
+                    if (!trimmedLine || trimmedLine.startsWith('#'))
+                        continue;
+                    if (!trimmedLine.startsWith('@'))
+                        break; // Non-decorator, non-empty line — stop
+                    // FastAPI/Starlette: @app.*, @router.*, @exception_handler
+                    if (/^@(?:app|router)\.\w+/.test(trimmedLine)) {
+                        hasFrameworkDecorator = true;
+                        break;
+                    }
+                    // pytest: @pytest.fixture, @pytest.mark.asyncio
+                    if (/^@pytest\.\w+/.test(trimmedLine)) {
+                        hasFrameworkDecorator = true;
+                        break;
+                    }
+                    // Django: @api_view, @action, @admin.*
+                    if (/^@(?:api_view|action|admin\.)/.test(trimmedLine)) {
+                        hasFrameworkDecorator = true;
+                        break;
+                    }
+                    // Generic: @override, @abstractmethod, @staticmethod, @classmethod, @property
+                    if (/^@(?:override|abstractmethod|staticmethod|classmethod|property)\b/.test(trimmedLine)) {
+                        hasFrameworkDecorator = true;
+                        break;
+                    }
+                    // Any decorator with 'handler', 'endpoint', 'route', 'hook', 'middleware', 'listener' in name
+                    if (/^@\w*(?:handler|endpoint|route|hook|middleware|listener|callback|event)/i.test(trimmedLine)) {
+                        hasFrameworkDecorator = true;
+                        break;
+                    }
+                }
+                if (hasFrameworkDecorator)
+                    continue;
                 const lineNum = content.substring(0, match.index).split('\n').length;
                 violations.push({ file, line: lineNum, type: 'async-no-await', code: `async def ${funcName}()`, reason: `async def never uses await` });
             }
@@ -212,9 +253,26 @@ export class PromiseSafetyGate extends Gate {
         }
     }
     detectIgnoredErrorsGo(lines, file, violations) {
+        // Functions where ignoring the error is idiomatic/safe in Go:
+        // - json.Marshal/MarshalIndent on simple types (cannot fail on []string, map[string]string, etc.)
+        // - fmt.Sprintf/Fprintf/Fprint (format functions almost never fail)
+        // - strconv.Itoa (infallible)
+        // - strings.* functions (pure string operations)
+        const safeToIgnorePatterns = [
+            /\bjson\.Marshal\s*\(/, // json.Marshal on simple types
+            /\bjson\.MarshalIndent\s*\(/, // json.MarshalIndent on simple types
+            /\bfmt\.(?:Sprintf|Fprintf|Fprint|Sprint|Sprintln|Fprintln)\s*\(/,
+            /\bstrconv\.(?:Itoa|FormatBool|FormatInt|FormatUint|FormatFloat)\s*\(/,
+            /\bstrings\.(?:Join|Replace|ToLower|ToUpper|TrimSpace|Trim|Split)\s*\(/,
+            /\bbytes\.(?:Join|Replace)\s*\(/,
+        ];
         for (let i = 0; i < lines.length; i++) {
             const match = lines[i].match(/(\w+)\s*,\s*_\s*(?::=|=)\s*(\w+)\./);
             if (match && /\b(?:os|io|ioutil|bufio|sql|net|http|json|xml|yaml|strconv)\./.test(lines[i].trim())) {
+                // Check if this is an infallible operation where _ is idiomatic
+                const isSafeToIgnore = safeToIgnorePatterns.some(p => p.test(lines[i]));
+                if (isSafeToIgnore)
+                    continue;
                 violations.push({ file, line: i + 1, type: 'ignored-error', code: lines[i].trim().substring(0, 80), reason: `Error return ignored with _` });
             }
         }
@@ -310,7 +368,9 @@ export class PromiseSafetyGate extends Gate {
         const normalized = file.replace(/\\/g, '/');
         return (normalized.includes('/examples/') ||
             /\/commands\/demo(?:-|\/)/.test(`/${normalized}`) ||
-            /\/gates\/(?:promise-safety|deprecated-apis-rules(?:-node|-lang)?)\.ts$/i.test(normalized));
+            /\/gates\/(?:promise-safety|deprecated-apis-rules(?:-node|-lang)?)\.ts$/i.test(normalized) ||
+            // Skip conftest.py (pytest fixtures, not application code)
+            /(?:^|\/)conftest\.py$/i.test(normalized));
     }
     sanitizeLine(line) {
         // Remove obvious comments and quoted literals to avoid matching detector text/examples.

package/dist/gates/security-patterns.d.ts

@@ -47,6 +47,11 @@ export declare class SecurityPatternsGate extends Gate {
     run(context: GateContext): Promise<Failure[]>;
     private shouldSkipSecurityFile;
     private scanFileForVulnerabilities;
+    /**
+     * Check if a hardcoded secret match is actually a dummy/placeholder value.
+     * Filters out test values, placeholder defaults, and env-var-name assignments.
+     */
+    private isDummySecretValue;
 }
 /**
  * Quick helper to check a single file for security issues

package/dist/gates/security-patterns.js

@@ -300,16 +300,35 @@ export class SecurityPatternsGate extends Gate {
     }
     shouldSkipSecurityFile(file) {
         const normalized = file.replace(/\\/g, '/');
+        // Skip common non-source directories
         if (/\/(?:examples|studio-dist|dist|build|coverage|target|out)\//.test(`/${normalized}`))
             return true;
-        if (/\/__tests__\//.test(`/${normalized}`))
+        // Skip test directories: __tests__/, tests/, test/, __test__/, e2e/, fixtures/, mocks/
+        if (/\/(?:__tests__|tests|test|__test__|e2e|fixtures|mocks)\//.test(`/${normalized}`))
             return true;
         if (/\/commands\/demo(?:-|\/)/.test(`/${normalized}`))
             return true;
         if (/\/gates\/deprecated-apis-rules(?:-node|-lang)?\.ts$/i.test(normalized))
             return true;
+        // Skip test files: *.test.ts, *.spec.ts (JS/TS/Java)
         if (/\.(test|spec)\.(?:ts|tsx|js|jsx|py|java|go)$/i.test(normalized))
             return true;
+        // Skip Go test files: *_test.go
+        if (/_test\.go$/i.test(normalized))
+            return true;
+        // Skip Python test files: test_*.py, *_test.py, conftest.py
+        if (/(?:^|\/)test_[^/]+\.py$/i.test(normalized))
+            return true;
+        if (/_test\.py$/i.test(normalized))
+            return true;
+        if (/(?:^|\/)conftest\.py$/i.test(normalized))
+            return true;
+        // Skip Java/Kotlin test files in src/test/ directories
+        if (/\/src\/test\//.test(`/${normalized}`))
+            return true;
+        // Skip E2E test files by naming convention
+        if (/[._-]e2e[._-]/i.test(normalized) || /E2E/i.test(path.basename(normalized)))
+            return true;
         return false;
     }
     scanFileForVulnerabilities(content, file, ext, vulnerabilities) {
@@ -323,6 +342,10 @@ export class SecurityPatternsGate extends Gate {
             pattern.regex.lastIndex = 0;
             let match;
             while ((match = pattern.regex.exec(content)) !== null) {
+                // For hardcoded_secrets: filter out placeholder/dummy values and env var names
+                if (pattern.type === 'hardcoded_secrets' && this.isDummySecretValue(match[0])) {
+                    continue;
+                }
                 // Find line number
                 const beforeMatch = content.slice(0, match.index);
                 const lineNumber = beforeMatch.split('\n').length;
@@ -338,6 +361,33 @@ export class SecurityPatternsGate extends Gate {
             }
         }
     }
+    /**
+     * Check if a hardcoded secret match is actually a dummy/placeholder value.
+     * Filters out test values, placeholder defaults, and env-var-name assignments.
+     */
+    isDummySecretValue(matchText) {
+        // Extract the quoted value from the match (e.g., api_key="test-api-key" → test-api-key)
+        const valueMatch = matchText.match(/[:=]\s*['"]([^'"]+)['"]/);
+        if (!valueMatch)
+            return false;
+        const value = valueMatch[1];
+        // Placeholder/example patterns
+        if (/^(?:your[_-]|my[_-]|example[_-]|placeholder|changeme|replace[_-]me|xxx+|dummy|fake|sample)/i.test(value))
+            return true;
+        // Test-specific dummy values
+        if (/^(?:test[_-]|e2e[_-]|mock[_-]|stub[_-]|dev[_-])/i.test(value))
+            return true;
+        if (/^testpass(?:word)?$/i.test(value))
+            return true;
+        // All-caps with underscores = env var names, not actual secrets
+        // e.g., API_KEY = "OPEN_SANDBOX_API_KEY" is referencing a var name, not a real key
+        if (/^[A-Z][A-Z0-9_]{7,}$/.test(value))
+            return true;
+        // Common documentation/tutorial dummy values
+        if (/^(?:sk_test_|pk_test_|sk_live_xxx|password123|secret123|abcdef|abc123)/i.test(value))
+            return true;
+        return false;
+    }
 }
 /**
  * Quick helper to check a single file for security issues

package/dist/gates/test-quality.js

@@ -236,18 +236,38 @@ export class TestQualityGate extends Gate {
     }
     checkPythonTestQuality(content, file, issues) {
         const lines = content.split('\n');
+        const basename = path.basename(file);
+        // Skip conftest.py entirely — these contain fixtures, not tests
+        if (basename === 'conftest.py')
+            return;
         let inTestFunc = false;
         let testStartLine = 0;
         let testIndent = 0;
         let hasAssertion = false;
         let mockCount = 0;
         let testContent = '';
+        let hasFixtureDecorator = false;
         for (let i = 0; i < lines.length; i++) {
             const line = lines[i];
             const trimmed = line.trim();
             // Detect test function start
             const testFuncMatch = line.match(/^(\s*)(?:def|async\s+def)\s+(test_\w+)\s*\(/);
             if (testFuncMatch) {
+                // Check if this function has a @pytest.fixture decorator (not a real test)
+                hasFixtureDecorator = false;
+                for (let j = i - 1; j >= 0 && j >= i - 5; j--) {
+                    const prevLine = lines[j].trim();
+                    if (!prevLine || prevLine.startsWith('#'))
+                        continue;
+                    if (!prevLine.startsWith('@'))
+                        break;
+                    if (/^@pytest\.fixture/.test(prevLine)) {
+                        hasFixtureDecorator = true;
+                        break;
+                    }
+                }
+                if (hasFixtureDecorator)
+                    continue; // Skip — this is a fixture, not a test
                 // If we were in a previous test, analyze it
                 if (inTestFunc) {
                     this.analyzePythonTestBlock(testContent, file, testStartLine, hasAssertion, mockCount, issues);

package/dist/hooks/checker.js

@@ -12,6 +12,7 @@ import fs from 'fs-extra';
 import path from 'path';
 import yaml from 'yaml';
 import { ConfigSchema } from '../types/index.js';
+import { scanInputForCredentials } from './input-validator.js';
 const JS_TS_PATTERN = /\.(ts|tsx|js|jsx|mts|mjs)$/;
 /**
  * Load rigour config from cwd, falling back to defaults.
@@ -42,6 +43,8 @@ async function resolveFile(filePath, cwd) {
 function checkFile(content, relPath, cwd, config) {
     const failures = [];
     const lines = content.split('\n');
+    // Gate 0: Memory & Skills Governance — block writes to agent-native memory paths
+    checkGovernance(content, relPath, config, failures);
     // Gate 1: File size
     const maxLines = config.gates.max_file_lines ?? 500;
     if (lines.length > maxLines) {
@@ -220,3 +223,89 @@ function checkCommandInjection(line, i, relPath, failures) {
         });
     }
 }
+// ── Memory & Skills Governance (v4.2+) ────────────────────────────
+/**
+ * Simple glob matcher — handles exact paths, `*` (single segment),
+ * and `**` (any depth). No external dependencies.
+ */
+function simpleGlob(filePath, pattern) {
+    // Exact match
+    if (filePath === pattern)
+        return true;
+    // Convert glob to regex: ** → any path, * → single segment
+    const regexStr = pattern
+        .replace(/[.+^${}()|[\]\\]/g, '\\$&') // escape regex specials (except * and ?)
+        .replace(/\*\*/g, '<<<DOUBLESTAR>>>')
+        .replace(/\*/g, '[^/]*')
+        .replace(/<<<DOUBLESTAR>>>/g, '.*');
+    return new RegExp(`^${regexStr}$`).test(filePath);
+}
+/**
+ * Intercept writes to agent-native memory AND skills files.
+ *
+ * Two separate enforcement layers:
+ *   1. enforce_memory — blocks writes to CLAUDE.md, .clinerules, .windsurf/memories/
+ *      → tells agent: "use rigour_remember instead"
+ *   2. enforce_skills — blocks writes to .claude/skills/, .cursor/rules/, etc.
+ *      → tells agent: "use rigour skills system instead"
+ *
+ * Both layers DLP-scan content for credentials regardless of blocking.
+ *
+ * Users can disable via rigour.yml:
+ *   gates:
+ *     governance:
+ *       enabled: false          # disable everything
+ *       enforce_memory: false   # allow native memory, still enforce skills
+ *       enforce_skills: false   # allow native skills, still enforce memory
+ *
+ * @since v4.2.0
+ */
+function checkGovernance(content, relPath, config, failures) {
+    const gov = config.gates.governance;
+    if (!gov?.enabled)
+        return;
+    const exemptPaths = gov.exempt_paths ?? [];
+    const normalizedPath = relPath.replace(/\\/g, '/');
+    // Check exemptions first (Rigour's own hook configs)
+    const isExempt = exemptPaths.some(pattern => simpleGlob(normalizedPath, pattern));
+    if (isExempt)
+        return;
+    // ── Check memory paths ──
+    const memoryPaths = gov.protected_memory_paths ?? [];
+    const isMemoryPath = memoryPaths.some(pattern => simpleGlob(normalizedPath, pattern));
+    // ── Check skills paths ──
+    const skillsPaths = gov.protected_skills_paths ?? [];
+    const isSkillsPath = skillsPaths.some((pattern) => simpleGlob(normalizedPath, pattern));
+    if (!isMemoryPath && !isSkillsPath)
+        return;
+    // ── Enforcement: block memory writes ──
+    if (isMemoryPath && gov.enforce_memory && gov.block_native_memory) {
+        failures.push({
+            gate: 'governance',
+            file: relPath,
+            message: `BLOCKED: Agent writing to native memory path "${relPath}". Use rigour_remember instead — it DLP-scans and persists safely to .rigour/memory.json`,
+            severity: 'critical',
+        });
+    }
+    // ── Enforcement: block skills writes ──
+    if (isSkillsPath && gov.enforce_skills) {
+        failures.push({
+            gate: 'governance-skills',
+            file: relPath,
+            message: `BLOCKED: Agent writing to native skills/rules path "${relPath}". Use Rigour skills system instead — governed, DLP-scanned, and auditable`,
+            severity: 'critical',
+        });
+    }
+    // ── DLP scan the content being written (always, regardless of block settings) ──
+    const dlpResult = scanInputForCredentials(content);
+    if (dlpResult.status !== 'clean') {
+        for (const detection of dlpResult.detections) {
+            failures.push({
+                gate: 'governance-dlp',
+                file: relPath,
+                message: `${detection.description} found in agent ${isMemoryPath ? 'memory' : 'skills'} file. ${detection.recommendation}`,
+                severity: detection.severity === 'critical' ? 'critical' : 'high',
+            });
+        }
+    }
+}

package/dist/hooks/dlp-templates.d.ts

@@ -0,0 +1,26 @@
+/**
+ * DLP Hook Templates — Pre-Input Credential Interception
+ *
+ * Generates tool-native hook configs that intercept user input
+ * BEFORE it reaches the AI agent. Complements the existing
+ * post-output templates in templates.ts.
+ *
+ * Hook events:
+ * - Claude Code: PreToolUse matcher (all tools)
+ * - Cursor: beforeFileEdit event
+ * - Cline: PreToolUse executable script
+ * - Windsurf: pre_write_code event
+ *
+ * @since v4.2.0 — AI Agent DLP layer
+ */
+import type { HookTool } from './types.js';
+export interface GeneratedDLPHookFile {
+    path: string;
+    content: string;
+    executable?: boolean;
+    description: string;
+}
+/**
+ * Generate DLP (pre-input) hook config files for a specific tool.
+ */
+export declare function generateDLPHookFiles(tool: HookTool, checkerCommand: string): GeneratedDLPHookFile[];

package/dist/hooks/dlp-templates.js

@@ -0,0 +1,281 @@
+/**
+ * DLP Hook Templates — Pre-Input Credential Interception
+ *
+ * Generates tool-native hook configs that intercept user input
+ * BEFORE it reaches the AI agent. Complements the existing
+ * post-output templates in templates.ts.
+ *
+ * Hook events:
+ * - Claude Code: PreToolUse matcher (all tools)
+ * - Cursor: beforeFileEdit event
+ * - Cline: PreToolUse executable script
+ * - Windsurf: pre_write_code event
+ *
+ * @since v4.2.0 — AI Agent DLP layer
+ */
+/**
+ * Generate DLP (pre-input) hook config files for a specific tool.
+ */
+export function generateDLPHookFiles(tool, checkerCommand) {
+    switch (tool) {
+        case 'claude':
+            return generateClaudeDLPHooks(checkerCommand);
+        case 'cursor':
+            return generateCursorDLPHooks(checkerCommand);
+        case 'cline':
+            return generateClineDLPHooks(checkerCommand);
+        case 'windsurf':
+            return generateWindsurfDLPHooks(checkerCommand);
+        default:
+            return [];
+    }
+}
+// ── Claude Code DLP Hook ──────────────────────────────────────────
+function generateClaudeDLPHooks(checkerCommand) {
+    // Claude Code supports PreToolUse hooks that fire BEFORE tool execution.
+    // We intercept all tool uses to scan user input for credentials.
+    const settings = {
+        hooks: {
+            PreToolUse: [
+                {
+                    matcher: ".*",
+                    hooks: [
+                        {
+                            type: "command",
+                            command: `${checkerCommand} --mode dlp --stdin`,
+                        }
+                    ]
+                }
+            ]
+        }
+    };
+    return [
+        {
+            path: '.claude/dlp-settings.json',
+            content: JSON.stringify(settings, null, 4),
+            description: 'Claude Code PreToolUse DLP hook — scans input for credentials before agent processing',
+        },
+    ];
+}
+// ── Cursor DLP Hook ───────────────────────────────────────────────
+function generateCursorDLPHooks(checkerCommand) {
+    const hooks = {
+        version: 1,
+        hooks: {
+            beforeFileEdit: [
+                {
+                    command: `${checkerCommand} --mode dlp --stdin`,
+                }
+            ]
+        }
+    };
+    const wrapper = `#!/usr/bin/env node
+/**
+ * Cursor DLP hook — scans input for credentials before agent processing.
+ * Receives { file_path, new_content } on stdin.
+ * Runs Rigour credential scanner on the content.
+ *
+ * @since v4.2.0 — AI Agent DLP
+ */
+
+let data = '';
+process.stdin.on('data', chunk => { data += chunk; });
+process.stdin.on('end', async () => {
+    try {
+        const payload = JSON.parse(data);
+        const textToScan = payload.new_content || payload.content || '';
+
+        if (!textToScan) {
+            process.stdout.write(JSON.stringify({ status: 'ok' }));
+            return;
+        }
+
+        const { spawnSync } = require('child_process');
+        const proc = spawnSync(
+            'node',
+            [require.resolve('@rigour-labs/core/dist/hooks/standalone-dlp-checker.js')],
+            {
+                input: textToScan,
+                encoding: 'utf-8',
+                timeout: 3000,
+            }
+        );
+
+        if (proc.error) throw proc.error;
+
+        const result = JSON.parse((proc.stdout || '').trim());
+        if (result.status === 'blocked') {
+            process.stderr.write('[rigour/dlp] ' + result.detections.length + ' credential(s) BLOCKED\\n');
+            for (const d of result.detections) {
+                process.stderr.write('  [' + d.severity.toUpperCase() + '] ' + d.description + '\\n');
+                process.stderr.write('    → ' + d.recommendation + '\\n');
+            }
+            process.exit(2); // Block the operation
+        }
+
+        process.stdout.write(JSON.stringify({ status: 'ok' }));
+    } catch (err) {
+        process.stderr.write('Rigour DLP hook error: ' + err.message + '\\n');
+        process.stdout.write(JSON.stringify({ status: 'ok' }));
+    }
+});
+`;
+    return [
+        {
+            path: '.cursor/dlp-hooks.json',
+            content: JSON.stringify(hooks, null, 4),
+            description: 'Cursor DLP hook config — pre-input credential scanning',
+        },
+        {
+            path: '.cursor/rigour-dlp-hook.js',
+            content: wrapper,
+            executable: true,
+            description: 'Cursor DLP hook wrapper — credential interception',
+        },
+    ];
+}
+// ── Cline DLP Hook ────────────────────────────────────────────────
+function generateClineDLPHooks(checkerCommand) {
+    const script = `#!/usr/bin/env node
+/**
+ * Cline PreToolUse DLP hook for Rigour.
+ * Receives JSON on stdin with { toolName, toolInput }.
+ * Scans tool input for credentials BEFORE execution.
+ *
+ * @since v4.2.0 — AI Agent DLP
+ */
+
+let data = '';
+process.stdin.on('data', chunk => { data += chunk; });
+process.stdin.on('end', async () => {
+    try {
+        const payload = JSON.parse(data);
+
+        // Extract all string values from toolInput to scan
+        const textsToScan = [];
+        if (payload.toolInput) {
+            for (const [key, value] of Object.entries(payload.toolInput)) {
+                if (typeof value === 'string' && value.length > 5) {
+                    textsToScan.push(value);
+                }
+            }
+        }
+
+        if (textsToScan.length === 0) {
+            process.stdout.write(JSON.stringify({}));
+            return;
+        }
+
+        const combined = textsToScan.join('\\n');
+        const { spawnSync } = require('child_process');
+        const proc = spawnSync(
+            'node',
+            [require.resolve('@rigour-labs/core/dist/hooks/standalone-dlp-checker.js')],
+            {
+                input: combined,
+                encoding: 'utf-8',
+                timeout: 3000,
+            }
+        );
+
+        if (proc.error) throw proc.error;
+
+        const result = JSON.parse((proc.stdout || '').trim());
+        if (result.status === 'blocked') {
+            const msgs = result.detections
+                .map(d => '[rigour/dlp/' + d.type + '] ' + d.description + ' → ' + d.recommendation)
+                .join('\\n');
+
+            process.stdout.write(JSON.stringify({
+                contextModification: '\\n🛑 [Rigour DLP] ' + result.detections.length + ' credential(s) BLOCKED before agent processing:\\n' + msgs + '\\nReplace with environment variable references.',
+            }));
+            process.exit(2);
+        } else {
+            process.stdout.write(JSON.stringify({}));
+        }
+    } catch (err) {
+        process.stderr.write('Rigour DLP hook error: ' + err.message + '\\n');
+        process.stdout.write(JSON.stringify({}));
+    }
+});
+`;
+    return [
+        {
+            path: '.clinerules/hooks/PreToolUse',
+            content: script,
+            executable: true,
+            description: 'Cline PreToolUse DLP hook — credential interception before agent execution',
+        },
+    ];
+}
+// ── Windsurf DLP Hook ─────────────────────────────────────────────
+function generateWindsurfDLPHooks(checkerCommand) {
+    const hooks = {
+        version: 1,
+        hooks: {
+            pre_write_code: [
+                {
+                    command: `${checkerCommand} --mode dlp --stdin`,
+                }
+            ]
+        }
+    };
+    const wrapper = `#!/usr/bin/env node
+/**
+ * Windsurf DLP hook — scans input for credentials before Cascade agent processing.
+ * Receives { file_path, content } on stdin.
+ *
+ * @since v4.2.0 — AI Agent DLP
+ */
+
+let data = '';
+process.stdin.on('data', chunk => { data += chunk; });
+process.stdin.on('end', async () => {
+    try {
+        const payload = JSON.parse(data);
+        const textToScan = payload.content || '';
+
+        if (!textToScan) {
+            return;
+        }
+
+        const { spawnSync } = require('child_process');
+        const proc = spawnSync(
+            'node',
+            [require.resolve('@rigour-labs/core/dist/hooks/standalone-dlp-checker.js')],
+            {
+                input: textToScan,
+                encoding: 'utf-8',
+                timeout: 3000,
+            }
+        );
+
+        if (proc.error) throw proc.error;
+
+        const result = JSON.parse((proc.stdout || '').trim());
+        if (result.status === 'blocked') {
+            for (const d of result.detections) {
+                process.stderr.write('[rigour/dlp] 🛑 ' + d.severity.toUpperCase() + ': ' + d.description + '\\n');
+                process.stderr.write('  → ' + d.recommendation + '\\n');
+            }
+            process.exit(2); // Block
+        }
+    } catch (err) {
+        process.stderr.write('Rigour DLP hook error: ' + err.message + '\\n');
+    }
+});
+`;
+    return [
+        {
+            path: '.windsurf/dlp-hooks.json',
+            content: JSON.stringify(hooks, null, 4),
+            description: 'Windsurf DLP hook config — pre-input credential scanning',
+        },
+        {
+            path: '.windsurf/rigour-dlp-hook.js',
+            content: wrapper,
+            executable: true,
+            description: 'Windsurf DLP hook wrapper — credential interception before Cascade',
+        },
+    ];
+}

package/dist/hooks/index.d.ts

@@ -2,8 +2,13 @@
  * Hooks module — multi-tool hook integration for Rigour.
  *
  * @since v3.0.0
+ * @since v4.2.0 — AI Agent DLP (Data Loss Prevention)
  */
 export { runHookChecker } from './checker.js';
 export { generateHookFiles } from './templates.js';
 export type { HookTool, HookConfig, HookCheckerResult } from './types.js';
 export { DEFAULT_HOOK_CONFIG, FAST_GATE_IDS } from './types.js';
+export { scanInputForCredentials, formatDLPAlert, createDLPAuditEntry } from './input-validator.js';
+export type { CredentialDetection, InputValidationResult, InputValidationConfig } from './input-validator.js';
+export { generateDLPHookFiles } from './dlp-templates.js';
+export type { GeneratedDLPHookFile } from './dlp-templates.js';

package/dist/hooks/index.js

@@ -2,7 +2,11 @@
  * Hooks module — multi-tool hook integration for Rigour.
  *
  * @since v3.0.0
+ * @since v4.2.0 — AI Agent DLP (Data Loss Prevention)
  */
 export { runHookChecker } from './checker.js';
 export { generateHookFiles } from './templates.js';
 export { DEFAULT_HOOK_CONFIG, FAST_GATE_IDS } from './types.js';
+// DLP (Data Loss Prevention) — v4.2.0
+export { scanInputForCredentials, formatDLPAlert, createDLPAuditEntry } from './input-validator.js';
+export { generateDLPHookFiles } from './dlp-templates.js';