@rigour-labs/core 4.2.2 → 4.3.0

package/dist/gates/deep-analysis.js

@@ -11,6 +11,7 @@
 import { Gate } from './base.js';
 import { createProvider } from '../inference/index.js';
 import { extractFacts, factsToPromptString, chunkFacts, buildAnalysisPrompt, buildCrossFilePrompt, verifyFindings } from '../deep/index.js';
+import { checkLocalPatterns } from '../storage/local-memory.js';
 import { Logger } from '../utils/logger.js';
 /** Max files to analyze before truncating (prevents OOM on huge repos) */
 const MAX_ANALYZABLE_FILES = 500;
@@ -62,9 +63,15 @@ export class DeepAnalysisGate extends Gate {
             const agentCount = this.config.options.agents || 1;
             const isCloud = !!this.config.options.apiKey;
             onProgress?.(`  Found ${allFacts.length} files to analyze${agentCount > 1 ? ` with ${agentCount} parallel agents` : ''}.`);
+            // Step 1.5: Check local project memory for known patterns (instant, no LLM)
+            const fileList = allFacts.map(f => f.path).filter(Boolean);
+            const localFindings = checkLocalPatterns(context.cwd, fileList);
+            if (localFindings.length > 0) {
+                onProgress?.(`  🧠 Local memory: ${localFindings.length} known pattern(s) matched instantly.`);
+            }
             // Step 2: LLM interprets facts (in chunks)
             const chunks = chunkFacts(allFacts);
-            const allFindings = [];
+            const allFindings = [...localFindings];
             let failedChunks = 0;
             if (agentCount > 1 && isCloud) {
                 // ── Multi-agent mode: partition chunks across N agents, analyze in parallel ──

package/dist/gates/runner.js

@@ -1,5 +1,6 @@
 import { SEVERITY_WEIGHTS } from '../types/index.js';
 import { DeepAnalysisGate } from './deep-analysis.js';
+import { persistAndReinforce } from '../storage/local-memory.js';
 import { FileGate } from './file.js';
 import { ContentGate } from './content.js';
 import { StructureGate } from './structure.js';
@@ -254,7 +255,8 @@ export class GateRunner {
                     break;
             }
         }
-        return {
+        // Persist findings + reinforce patterns in local SQLite (fire-and-forget)
+        const report = {
             status,
             summary,
             failures,
@@ -269,5 +271,16 @@ export class GateRunner {
                 ...(deepStats ? { deep: deepStats } : {}),
             },
         };
+        // Store findings + reinforce patterns in local SQLite (non-blocking)
+        try {
+            persistAndReinforce(cwd, report, deepStats ? {
+                deepTier: deepStats.tier,
+                deepModel: deepStats.model,
+            } : undefined);
+        }
+        catch {
+            // Silent — local memory is advisory, never blocks scans
+        }
+        return report;
     }
 }

package/dist/index.d.ts

@@ -17,5 +17,7 @@ export type { InferenceProvider, DeepFinding, DeepAnalysisResult, ModelTier } fr
 export { MODELS } from './inference/types.js';
 export { isModelCached, getModelsDir, getModelInfo } from './inference/model-manager.js';
 export { extractFacts, factsToPromptString } from './deep/fact-extractor.js';
-export { openDatabase, isSQLiteAvailable, insertScan, insertFindings, getRecentScans, getScoreTrendFromDB, getTopIssues, reinforcePattern, getStrongPatterns } from './storage/index.js';
-export type { RigourDB } from './storage/index.js';
+export { openDatabase, isSQLiteAvailable, compactDatabase, getDatabaseSize, resetDatabase, insertScan, insertFindings, getRecentScans, getScoreTrendFromDB, getTopIssues, reinforcePattern, getStrongPatterns } from './storage/index.js';
+export type { RigourDB, CompactResult } from './storage/index.js';
+export { checkLocalPatterns, persistAndReinforce, getProjectStats } from './storage/index.js';
+export type { ProjectStats } from './storage/index.js';

package/dist/index.js

@@ -18,7 +18,9 @@ export { MODELS } from './inference/types.js';
 export { isModelCached, getModelsDir, getModelInfo } from './inference/model-manager.js';
 export { extractFacts, factsToPromptString } from './deep/fact-extractor.js';
 // Storage (SQLite Brain)
-export { openDatabase, isSQLiteAvailable, insertScan, insertFindings, getRecentScans, getScoreTrendFromDB, getTopIssues, reinforcePattern, getStrongPatterns } from './storage/index.js';
+export { openDatabase, isSQLiteAvailable, compactDatabase, getDatabaseSize, resetDatabase, insertScan, insertFindings, getRecentScans, getScoreTrendFromDB, getTopIssues, reinforcePattern, getStrongPatterns } from './storage/index.js';
+// Local Project Memory (hybrid intelligence — SQLite-backed per-project learning)
+export { checkLocalPatterns, persistAndReinforce, getProjectStats } from './storage/index.js';
 // Pattern Index is intentionally NOT exported here to prevent
 // native dependency issues (sharp/transformers) from leaking into
 // non-AI parts of the system.

package/dist/inference/model-manager.d.ts

@@ -2,11 +2,11 @@ import { type ModelTier, type ModelInfo } from './types.js';
 export declare function extractSha256FromEtag(etag: string | null): string | null;
 export declare function hashFileSha256(filePath: string): Promise<string>;
 /**
- * Check if a model is already downloaded and valid.
+ * Check if any model for this tier is cached (fine-tuned or fallback).
  */
 export declare function isModelCached(tier: ModelTier): Promise<boolean>;
 /**
- * Get the path to a cached model.
+ * Get the path to a cached model (prefers fine-tuned over fallback).
  */
 export declare function getModelPath(tier: ModelTier): string;
 /**
@@ -15,7 +15,7 @@ export declare function getModelPath(tier: ModelTier): string;
 export declare function getModelInfo(tier: ModelTier): ModelInfo;
 /**
  * Download a model from HuggingFace CDN.
- * Calls onProgress with status updates.
+ * Tries fine-tuned model first, falls back to stock Qwen if unavailable.
  */
 export declare function downloadModel(tier: ModelTier, onProgress?: (message: string, percent?: number) => void): Promise<string>;
 /**

package/dist/inference/model-manager.js

@@ -6,11 +6,11 @@ import path from 'path';
 import fs from 'fs-extra';
 import { createHash } from 'crypto';
 import { RIGOUR_DIR } from '../storage/db.js';
-import { MODELS } from './types.js';
+import { MODELS, FALLBACK_MODELS } from './types.js';
 const MODELS_DIR = path.join(RIGOUR_DIR, 'models');
 const SHA256_RE = /^[a-f0-9]{64}$/i;
-function getModelMetadataPath(tier) {
-    return path.join(MODELS_DIR, MODELS[tier].filename + '.meta.json');
+function getModelMetadataPath(filename) {
+    return path.join(MODELS_DIR, filename + '.meta.json');
 }
 function isValidMetadata(raw) {
     return !!raw &&
@@ -34,17 +34,15 @@ export async function hashFileSha256(filePath) {
     }
     return hash.digest('hex');
 }
-async function writeModelMetadata(tier, metadata) {
-    const metadataPath = getModelMetadataPath(tier);
-    await fs.writeJson(metadataPath, metadata, { spaces: 2 });
+async function writeModelMeta(filename, metadata) {
+    await fs.writeJson(getModelMetadataPath(filename), metadata, { spaces: 2 });
 }
-async function readModelMetadata(tier) {
-    const metadataPath = getModelMetadataPath(tier);
-    if (!(await fs.pathExists(metadataPath))) {
+async function readModelMeta(filename) {
+    const p = getModelMetadataPath(filename);
+    if (!(await fs.pathExists(p)))
         return null;
-    }
     try {
-        const raw = await fs.readJson(metadataPath);
+        const raw = await fs.readJson(p);
         return isValidMetadata(raw) ? raw : null;
     }
     catch {
@@ -52,17 +50,15 @@ async function readModelMetadata(tier) {
     }
 }
 /**
- * Check if a model is already downloaded and valid.
+ * Check if a single model file is cached and valid.
  */
-export async function isModelCached(tier) {
-    const model = MODELS[tier];
+async function isFileCached(model) {
     const modelPath = path.join(MODELS_DIR, model.filename);
     if (!(await fs.pathExists(modelPath)))
         return false;
-    const metadata = await readModelMetadata(tier);
+    const metadata = await readModelMeta(model.filename);
     if (!metadata)
         return false;
-    // Size check + "changed since verification" check.
     const stat = await fs.stat(modelPath);
     const tolerance = model.sizeBytes * 0.1;
     if (stat.size <= model.sizeBytes - tolerance)
@@ -74,10 +70,22 @@ export async function isModelCached(tier) {
     return true;
 }
 /**
- * Get the path to a cached model.
+ * Check if any model for this tier is cached (fine-tuned or fallback).
+ */
+export async function isModelCached(tier) {
+    if (await isFileCached(MODELS[tier]))
+        return true;
+    const fb = FALLBACK_MODELS[tier];
+    return fb.url !== MODELS[tier].url && await isFileCached(fb);
+}
+/**
+ * Get the path to a cached model (prefers fine-tuned over fallback).
  */
 export function getModelPath(tier) {
-    return path.join(MODELS_DIR, MODELS[tier].filename);
+    const primary = path.join(MODELS_DIR, MODELS[tier].filename);
+    if (fs.pathExistsSync(primary))
+        return primary;
+    return path.join(MODELS_DIR, FALLBACK_MODELS[tier].filename);
 }
 /**
  * Get model info for a tier.
@@ -86,73 +94,73 @@ export function getModelInfo(tier) {
     return MODELS[tier];
 }
 /**
- * Download a model from HuggingFace CDN.
- * Calls onProgress with status updates.
+ * Stream a response body to disk with progress + SHA256.
+ * Returns { sha256, downloaded } on success.
  */
-export async function downloadModel(tier, onProgress) {
-    const model = MODELS[tier];
+async function streamToDisk(response, tempPath, model, onProgress) {
+    const contentLength = parseInt(response.headers.get('content-length') || '0', 10);
+    const reader = response.body?.getReader();
+    if (!reader)
+        throw new Error('No response body');
+    const writeStream = fs.createWriteStream(tempPath);
+    const hash = createHash('sha256');
+    let downloaded = 0;
+    let lastPct = 0;
+    while (true) {
+        const { done, value } = await reader.read();
+        if (done)
+            break;
+        const chunk = Buffer.from(value);
+        writeStream.write(chunk);
+        hash.update(chunk);
+        downloaded += value.length;
+        if (contentLength > 0) {
+            const pct = Math.round((downloaded / contentLength) * 100);
+            if (pct >= lastPct + 5) {
+                lastPct = pct;
+                onProgress?.(`Downloading ${model.name}: ${pct}%`, pct);
+            }
+        }
+    }
+    writeStream.end();
+    await new Promise((resolve, reject) => {
+        writeStream.on('finish', resolve);
+        writeStream.on('error', reject);
+    });
+    return { sha256: hash.digest('hex'), downloaded };
+}
+/**
+ * Verify SHA256 against ETag, allowing LFS OID mismatches
+ * if the download size is reasonable.
+ */
+function verifySha256(expectedSha256, actualSha256, downloaded, model) {
+    if (!expectedSha256 || actualSha256 === expectedSha256)
+        return;
+    const tolerance = model.sizeBytes * 0.1;
+    if (downloaded < model.sizeBytes - tolerance) {
+        throw new Error(`Checksum mismatch for ${model.name}: ` +
+            `expected ${expectedSha256}, got ${actualSha256} ` +
+            `(undersized: ${downloaded} bytes)`);
+    }
+    // Size OK — ETag likely a Git LFS OID, not content SHA256
+}
+/**
+ * Download a specific model from its URL, write to disk, save metadata.
+ */
+async function downloadFromUrl(tier, model, onProgress) {
     const destPath = path.join(MODELS_DIR, model.filename);
     const tempPath = destPath + '.download';
-    fs.ensureDirSync(MODELS_DIR);
-    // Already cached
-    if (await isModelCached(tier)) {
-        onProgress?.(`Model ${model.name} already cached`, 100);
-        return destPath;
-    }
-    onProgress?.(`Downloading ${model.name} (${model.sizeHuman})...`, 0);
     try {
         const response = await fetch(model.url);
         if (!response.ok) {
             throw new Error(`HTTP ${response.status}: ${response.statusText}`);
         }
-        const expectedSha256 = extractSha256FromEtag(response.headers.get('etag'));
-        const contentLength = parseInt(response.headers.get('content-length') || '0', 10);
-        const reader = response.body?.getReader();
-        if (!reader)
-            throw new Error('No response body');
-        const writeStream = fs.createWriteStream(tempPath);
-        const hash = createHash('sha256');
-        let downloaded = 0;
-        let lastProgressPercent = 0;
-        while (true) {
-            const { done, value } = await reader.read();
-            if (done)
-                break;
-            const chunk = Buffer.from(value);
-            writeStream.write(chunk);
-            hash.update(chunk);
-            downloaded += value.length;
-            if (contentLength > 0) {
-                const percent = Math.round((downloaded / contentLength) * 100);
-                if (percent >= lastProgressPercent + 5) { // Report every 5%
-                    lastProgressPercent = percent;
-                    onProgress?.(`Downloading ${model.name}: ${percent}%`, percent);
-                }
-            }
-        }
-        writeStream.end();
-        await new Promise((resolve, reject) => {
-            writeStream.on('finish', resolve);
-            writeStream.on('error', reject);
-        });
-        const actualSha256 = hash.digest('hex');
-        if (expectedSha256 && actualSha256 !== expectedSha256) {
-            // HuggingFace ETags for LFS files may contain the Git LFS OID (pointer hash)
-            // rather than the SHA256 of the actual served bytes. This is common when
-            // CDN/Cloudfront serves the file. Only hard-fail if the download is also
-            // suspiciously small (likely corrupt). Otherwise warn and proceed — the
-            // actual content hash is still recorded in metadata for future verification.
-            const tolerance = model.sizeBytes * 0.1;
-            if (downloaded < model.sizeBytes - tolerance) {
-                throw new Error(`Model checksum mismatch for ${model.name}: expected ${expectedSha256}, got ${actualSha256} (download also undersized: ${downloaded} bytes)`);
-            }
-            // Download size is reasonable — ETag likely a Git LFS OID, not content SHA256
-        }
-        // Atomic rename
+        const expectedSha = extractSha256FromEtag(response.headers.get('etag'));
+        const { sha256, downloaded } = await streamToDisk(response, tempPath, model, onProgress);
+        verifySha256(expectedSha, sha256, downloaded, model);
         fs.renameSync(tempPath, destPath);
-        await writeModelMetadata(tier, {
-            sha256: actualSha256,
-            sizeBytes: downloaded,
+        await writeModelMeta(model.filename, {
+            sha256, sizeBytes: downloaded,
             verifiedAt: new Date().toISOString(),
             sourceUrl: model.url,
             sourceEtag: response.headers.get('etag') || undefined,
@@ -161,11 +169,35 @@ export async function downloadModel(tier, onProgress) {
         return destPath;
     }
     catch (error) {
-        // Clean up temp file on failure
         fs.removeSync(tempPath);
         throw error;
     }
 }
+/**
+ * Download a model from HuggingFace CDN.
+ * Tries fine-tuned model first, falls back to stock Qwen if unavailable.
+ */
+export async function downloadModel(tier, onProgress) {
+    fs.ensureDirSync(MODELS_DIR);
+    if (await isModelCached(tier)) {
+        onProgress?.(`Model ${MODELS[tier].name} already cached`, 100);
+        return getModelPath(tier);
+    }
+    const model = MODELS[tier];
+    onProgress?.(`Downloading ${model.name} (${model.sizeHuman})...`, 0);
+    try {
+        return await downloadFromUrl(tier, model, onProgress);
+    }
+    catch (error) {
+        // Fine-tuned model not available — try stock fallback
+        const fallback = FALLBACK_MODELS[tier];
+        if (fallback && fallback.url !== model.url) {
+            onProgress?.(`Fine-tuned model unavailable, using ${fallback.name}`, 0);
+            return downloadFromUrl(tier, fallback, onProgress);
+        }
+        throw error;
+    }
+}
 /**
  * Ensure a model is available, downloading if needed.
  */

package/dist/inference/types.d.ts

@@ -73,5 +73,16 @@ export interface ModelInfo {
     sizeBytes: number;
     sizeHuman: string;
 }
+/**
+ * Model version — bump when new fine-tuned GGUF is published.
+ * The RLAIF pipeline uploads new models to HuggingFace, and
+ * model-manager checks this version to auto-update.
+ */
+export declare const MODEL_VERSION = "1";
 /** All supported model definitions */
 export declare const MODELS: Record<ModelTier, ModelInfo>;
+/**
+ * Fallback stock models — used when fine-tuned model is not yet
+ * available on HuggingFace (initial setup / first-time users).
+ */
+export declare const FALLBACK_MODELS: Record<ModelTier, ModelInfo>;

package/dist/inference/types.js

@@ -1,8 +1,36 @@
+/**
+ * Model version — bump when new fine-tuned GGUF is published.
+ * The RLAIF pipeline uploads new models to HuggingFace, and
+ * model-manager checks this version to auto-update.
+ */
+export const MODEL_VERSION = '1';
 /** All supported model definitions */
 export const MODELS = {
     deep: {
         tier: 'deep',
-        name: 'Qwen2.5-Coder-0.5B-Instruct',
+        name: 'Rigour-Deep-v1 (Qwen2.5-Coder-0.5B fine-tuned)',
+        filename: `rigour-deep-v${MODEL_VERSION}-q4_k_m.gguf`,
+        url: `https://huggingface.co/rigour-labs/rigour-deep-v1-gguf/resolve/main/rigour-deep-v${MODEL_VERSION}-q4_k_m.gguf`,
+        sizeBytes: 350_000_000,
+        sizeHuman: '350MB',
+    },
+    pro: {
+        tier: 'pro',
+        name: 'Rigour-Pro-v1 (Qwen2.5-Coder-1.5B fine-tuned)',
+        filename: `rigour-pro-v${MODEL_VERSION}-q4_k_m.gguf`,
+        url: `https://huggingface.co/rigour-labs/rigour-pro-v1-gguf/resolve/main/rigour-pro-v${MODEL_VERSION}-q4_k_m.gguf`,
+        sizeBytes: 900_000_000,
+        sizeHuman: '900MB',
+    },
+};
+/**
+ * Fallback stock models — used when fine-tuned model is not yet
+ * available on HuggingFace (initial setup / first-time users).
+ */
+export const FALLBACK_MODELS = {
+    deep: {
+        tier: 'deep',
+        name: 'Qwen2.5-Coder-0.5B-Instruct (stock)',
         filename: 'qwen2.5-coder-0.5b-instruct-q4_k_m.gguf',
         url: 'https://huggingface.co/Qwen/Qwen2.5-Coder-0.5B-Instruct-GGUF/resolve/main/qwen2.5-coder-0.5b-instruct-q4_k_m.gguf',
         sizeBytes: 350_000_000,
@@ -10,7 +38,7 @@ export const MODELS = {
     },
     pro: {
         tier: 'pro',
-        name: 'Qwen2.5-Coder-1.5B-Instruct',
+        name: 'Qwen2.5-Coder-1.5B-Instruct (stock)',
         filename: 'qwen2.5-coder-1.5b-instruct-q4_k_m.gguf',
         url: 'https://huggingface.co/Qwen/Qwen2.5-Coder-1.5B-Instruct-GGUF/resolve/main/qwen2.5-coder-1.5b-instruct-q4_k_m.gguf',
         sizeBytes: 900_000_000,

package/dist/storage/db.d.ts

@@ -9,6 +9,25 @@ export interface RigourDB {
  * Returns null if better-sqlite3 is not available.
  */
 export declare function openDatabase(dbPath?: string): RigourDB | null;
+/**
+ * Compact the database — prune old data, reclaim disk space.
+ * Retention policy: keep last `retainDays` of findings, merge old patterns.
+ */
+export declare function compactDatabase(retainDays?: number): CompactResult;
+export interface CompactResult {
+    pruned: number;
+    patternsDecayed: number;
+    sizeBefore: number;
+    sizeAfter: number;
+}
+/**
+ * Get database file size in bytes. Returns 0 if DB doesn't exist.
+ */
+export declare function getDatabaseSize(): number;
+/**
+ * Reset the database — delete and recreate from scratch.
+ */
+export declare function resetDatabase(): void;
 /**
  * Check if SQLite is available (better-sqlite3 installed)
  */

package/dist/storage/db.js

@@ -26,7 +26,15 @@ function loadDatabase() {
 }
 const RIGOUR_DIR = path.join(os.homedir(), '.rigour');
 const DB_PATH = path.join(RIGOUR_DIR, 'rigour.db');
+/** Current schema version — bump when adding migrations. */
+const SCHEMA_VERSION = 2;
 const SCHEMA_SQL = `
+-- Schema version tracking
+CREATE TABLE IF NOT EXISTS meta (
+    key TEXT PRIMARY KEY,
+    value TEXT NOT NULL
+);
+
 -- Every scan result, forever
 CREATE TABLE IF NOT EXISTS scans (
     id TEXT PRIMARY KEY,
@@ -114,8 +122,9 @@ export function openDatabase(dbPath) {
     // WAL mode for better concurrent read performance
     db.pragma('journal_mode = WAL');
     db.pragma('foreign_keys = ON');
-    // Run schema migration
+    // Run schema creation + migrations
     db.exec(SCHEMA_SQL);
+    runMigrations(db);
     return {
         db,
         close() {
@@ -123,6 +132,84 @@ export function openDatabase(dbPath) {
         },
     };
 }
+/**
+ * Run incremental schema migrations based on stored version.
+ */
+function runMigrations(db) {
+    const row = db.prepare("SELECT value FROM meta WHERE key = 'schema_version'").get();
+    const current = row ? parseInt(row.value, 10) : 0;
+    if (current < 1) {
+        // v1: base schema (already created by SCHEMA_SQL)
+        db.prepare("INSERT OR REPLACE INTO meta (key, value) VALUES ('schema_version', '1')").run();
+    }
+    if (current < 2) {
+        // v2: retention indexes for compaction queries
+        db.exec(`
+            CREATE INDEX IF NOT EXISTS idx_findings_file ON findings(file);
+            CREATE INDEX IF NOT EXISTS idx_scans_repo_ts ON scans(repo, timestamp);
+        `);
+        db.prepare("INSERT OR REPLACE INTO meta (key, value) VALUES ('schema_version', '2')").run();
+    }
+    // Future: if (current < 3) { ... ALTER TABLE ... }
+}
+/**
+ * Compact the database — prune old data, reclaim disk space.
+ * Retention policy: keep last `retainDays` of findings, merge old patterns.
+ */
+export function compactDatabase(retainDays = 90) {
+    const Db = loadDatabase();
+    if (!Db)
+        return { pruned: 0, patternsDecayed: 0, sizeBefore: 0, sizeAfter: 0 };
+    const resolvedPath = DB_PATH;
+    const sizeBefore = fs.existsSync(resolvedPath) ? fs.statSync(resolvedPath).size : 0;
+    const db = new Db(resolvedPath);
+    db.pragma('journal_mode = WAL');
+    const cutoff = Date.now() - (retainDays * 24 * 60 * 60 * 1000);
+    let pruned = 0;
+    let patternsDecayed = 0;
+    try {
+        db.transaction(() => {
+            // 1. Delete old findings (keep scan records for trend lines)
+            const r1 = db.prepare(`
+                DELETE FROM findings WHERE scan_id IN (
+                    SELECT id FROM scans WHERE timestamp < ?
+                )
+            `).run(cutoff);
+            pruned += r1.changes;
+            // 2. Prune weak patterns (never grew, seen < 3 times)
+            const r2 = db.prepare("DELETE FROM patterns WHERE strength < 0.3 AND times_seen < 3").run();
+            patternsDecayed += r2.changes;
+            // 3. Prune orphaned feedback
+            db.prepare("DELETE FROM feedback WHERE finding_id NOT IN (SELECT id FROM findings)").run();
+            // 4. Prune old codebase index entries
+            db.prepare("DELETE FROM codebase WHERE last_indexed < ?").run(cutoff);
+        })();
+        // 5. Reclaim disk space
+        db.exec('VACUUM');
+    }
+    finally {
+        db.close();
+    }
+    const sizeAfter = fs.existsSync(resolvedPath) ? fs.statSync(resolvedPath).size : 0;
+    return { pruned, patternsDecayed, sizeBefore, sizeAfter };
+}
+/**
+ * Get database file size in bytes. Returns 0 if DB doesn't exist.
+ */
+export function getDatabaseSize() {
+    return fs.existsSync(DB_PATH) ? fs.statSync(DB_PATH).size : 0;
+}
+/**
+ * Reset the database — delete and recreate from scratch.
+ */
+export function resetDatabase() {
+    if (fs.existsSync(DB_PATH))
+        fs.removeSync(DB_PATH);
+    if (fs.existsSync(DB_PATH + '-wal'))
+        fs.removeSync(DB_PATH + '-wal');
+    if (fs.existsSync(DB_PATH + '-shm'))
+        fs.removeSync(DB_PATH + '-shm');
+}
 /**
  * Check if SQLite is available (better-sqlite3 installed)
  */

package/dist/storage/findings.d.ts

@@ -9,6 +9,7 @@ export declare function insertFindings(store: RigourDB, scanId: string, failures
  */
 export declare function getFindingsForScan(store: RigourDB, scanId: string): any[];
 /**
- * Get all deep analysis findings for a repo.
+ * Get deep analysis and high-confidence AST findings for a repo.
+ * Used by local memory to match known patterns against new scans.
  */
 export declare function getDeepFindings(store: RigourDB, repo: string, limit?: number): any[];

package/dist/storage/findings.js

@@ -25,13 +25,14 @@ export function getFindingsForScan(store, scanId) {
     return stmt.all(scanId);
 }
 /**
- * Get all deep analysis findings for a repo.
+ * Get deep analysis and high-confidence AST findings for a repo.
+ * Used by local memory to match known patterns against new scans.
  */
 export function getDeepFindings(store, repo, limit = 50) {
     const stmt = store.db.prepare(`
         SELECT f.* FROM findings f
         JOIN scans s ON f.scan_id = s.id
-        WHERE s.repo = ? AND f.source = 'llm'
+        WHERE s.repo = ? AND (f.source = 'llm' OR f.source = 'hybrid' OR f.confidence >= 0.7)
         ORDER BY f.confidence DESC LIMIT ?
     `);
     return stmt.all(repo, limit);

package/dist/storage/index.d.ts

@@ -2,8 +2,10 @@
  * Rigour Brain — SQLite storage layer.
  * Everything in one file: ~/.rigour/rigour.db
  */
-export { openDatabase, isSQLiteAvailable, RIGOUR_DIR, DB_PATH } from './db.js';
-export type { RigourDB } from './db.js';
+export { openDatabase, isSQLiteAvailable, compactDatabase, getDatabaseSize, resetDatabase, RIGOUR_DIR, DB_PATH } from './db.js';
+export type { RigourDB, CompactResult } from './db.js';
 export { insertScan, getRecentScans, getScoreTrendFromDB, getTopIssues } from './scans.js';
 export { insertFindings, getFindingsForScan, getDeepFindings } from './findings.js';
 export { reinforcePattern, decayPatterns, getStrongPatterns, getPatterns, getHardRules } from './patterns.js';
+export { checkLocalPatterns, persistAndReinforce, getProjectStats } from './local-memory.js';
+export type { ProjectStats } from './local-memory.js';

package/dist/storage/index.js

@@ -2,7 +2,8 @@
  * Rigour Brain — SQLite storage layer.
  * Everything in one file: ~/.rigour/rigour.db
  */
-export { openDatabase, isSQLiteAvailable, RIGOUR_DIR, DB_PATH } from './db.js';
+export { openDatabase, isSQLiteAvailable, compactDatabase, getDatabaseSize, resetDatabase, RIGOUR_DIR, DB_PATH } from './db.js';
 export { insertScan, getRecentScans, getScoreTrendFromDB, getTopIssues } from './scans.js';
 export { insertFindings, getFindingsForScan, getDeepFindings } from './findings.js';
 export { reinforcePattern, decayPatterns, getStrongPatterns, getPatterns, getHardRules } from './patterns.js';
+export { checkLocalPatterns, persistAndReinforce, getProjectStats } from './local-memory.js';

package/dist/storage/local-memory.d.ts

@@ -0,0 +1,37 @@
+import type { Failure } from '../types/index.js';
+import type { DeepFinding } from '../inference/types.js';
+/**
+ * Pre-scan: check local SQLite for known patterns → produce instant findings.
+ * Returns findings that match known project patterns, WITHOUT model inference.
+ *
+ * @param cwd     - Absolute project root path
+ * @param fileList - Relative file paths (from FileFacts.path or globby)
+ */
+export declare function checkLocalPatterns(cwd: string, fileList: string[]): DeepFinding[];
+/**
+ * Post-scan: persist findings and reinforce patterns.
+ * Wrapped in a single transaction for atomicity.
+ * Called after every scan (check, scan, scan --deep).
+ */
+export declare function persistAndReinforce(cwd: string, report: {
+    status: string;
+    failures: Failure[];
+    stats: any;
+}, meta?: {
+    deepTier?: string;
+    deepModel?: string;
+}): void;
+/**
+ * Get project learning stats (for display in scan output).
+ */
+export declare function getProjectStats(cwd: string): ProjectStats | null;
+export interface ProjectStats {
+    totalScans: number;
+    learnedPatterns: number;
+    hardRules: number;
+    topPatterns: Array<{
+        name: string;
+        strength: number;
+        timesSeen: number;
+    }>;
+}

package/dist/storage/local-memory.js

@@ -0,0 +1,153 @@
+/**
+ * Local Project Memory — the hybrid intelligence layer.
+ *
+ * Before deep scan: checks local SQLite for known patterns in this project.
+ * After any scan: stores verified findings and reinforces patterns.
+ * Result: Rigour gets smarter every time you use it, code never leaves the machine.
+ */
+import path from 'path';
+import { openDatabase } from './db.js';
+import { insertScan, getRecentScans } from './scans.js';
+import { insertFindings, getDeepFindings } from './findings.js';
+import { reinforcePattern, getStrongPatterns, getHardRules, decayPatterns } from './patterns.js';
+import { Logger } from '../utils/logger.js';
+/** Minimum pattern strength to produce instant findings (skip LLM). */
+const INSTANT_MATCH_THRESHOLD = 0.7;
+/** Max local findings to inject per scan (avoid flooding). */
+const MAX_LOCAL_FINDINGS = 15;
+/** Min confidence to reuse a past finding from local memory. */
+const MIN_REUSE_CONFIDENCE = 0.7;
+/**
+ * Build a map of relative file path → known issues from past findings.
+ */
+function buildFileIssueMap(recentFindings) {
+    const map = new Map();
+    for (const f of recentFindings) {
+        const existing = map.get(f.file) || [];
+        existing.push(f);
+        map.set(f.file, existing);
+    }
+    return map;
+}
+/**
+ * Pre-scan: check local SQLite for known patterns → produce instant findings.
+ * Returns findings that match known project patterns, WITHOUT model inference.
+ *
+ * @param cwd     - Absolute project root path
+ * @param fileList - Relative file paths (from FileFacts.path or globby)
+ */
+export function checkLocalPatterns(cwd, fileList) {
+    const db = openDatabase();
+    if (!db)
+        return [];
+    const repoName = path.basename(cwd);
+    const findings = [];
+    try {
+        const patterns = getStrongPatterns(db, repoName, INSTANT_MATCH_THRESHOLD);
+        if (patterns.length === 0)
+            return [];
+        // Include both AST and LLM findings from history
+        const recentFindings = getDeepFindings(db, repoName, 200);
+        if (recentFindings.length === 0)
+            return [];
+        const fileIssueMap = buildFileIssueMap(recentFindings);
+        // fileList contains relative paths — match directly against DB (also relative)
+        for (const relPath of fileList) {
+            const known = fileIssueMap.get(relPath);
+            if (!known)
+                continue;
+            for (const issue of known) {
+                if ((issue.confidence ?? 0) < MIN_REUSE_CONFIDENCE)
+                    continue;
+                const matchingPattern = patterns.find((p) => p.pattern === issue.category && p.strength >= INSTANT_MATCH_THRESHOLD);
+                if (!matchingPattern)
+                    continue;
+                findings.push({
+                    category: issue.category,
+                    severity: issue.severity || 'medium',
+                    file: relPath,
+                    line: issue.line ?? undefined,
+                    description: `[Local Memory] ${issue.description}`,
+                    suggestion: issue.suggestion || 'Review this known issue.',
+                    confidence: Math.min(matchingPattern.strength, issue.confidence ?? 0.5),
+                });
+                if (findings.length >= MAX_LOCAL_FINDINGS)
+                    break;
+            }
+            if (findings.length >= MAX_LOCAL_FINDINGS)
+                break;
+        }
+    }
+    catch (error) {
+        Logger.warn(`Local memory check failed: ${error}`);
+    }
+    finally {
+        db?.db.close();
+    }
+    return findings;
+}
+/**
+ * Post-scan: persist findings and reinforce patterns.
+ * Wrapped in a single transaction for atomicity.
+ * Called after every scan (check, scan, scan --deep).
+ */
+export function persistAndReinforce(cwd, report, meta) {
+    const db = openDatabase();
+    if (!db)
+        return;
+    const repoName = path.basename(cwd);
+    try {
+        // Wrap all writes in a single transaction for atomicity
+        const persist = db.db.transaction(() => {
+            const scanId = insertScan(db, repoName, report, meta);
+            if (report.failures.length > 0) {
+                insertFindings(db, scanId, report.failures);
+            }
+            for (const f of report.failures) {
+                const category = f.category || f.id;
+                const source = f.source === 'llm' ? 'llm' : 'ast';
+                reinforcePattern(db, repoName, category, `${f.title}: ${f.details?.substring(0, 120)}`, source);
+            }
+            decayPatterns(db, 30);
+        });
+        persist();
+        Logger.info(`Local memory: stored ${report.failures.length} findings, ` +
+            `reinforced ${report.failures.length} patterns for ${repoName}`);
+    }
+    catch (error) {
+        Logger.warn(`Local memory persist failed: ${error}`);
+    }
+    finally {
+        db?.db.close();
+    }
+}
+/**
+ * Get project learning stats (for display in scan output).
+ */
+export function getProjectStats(cwd) {
+    const db = openDatabase();
+    if (!db)
+        return null;
+    const repoName = path.basename(cwd);
+    try {
+        const scans = getRecentScans(db, repoName, 100);
+        const patterns = getStrongPatterns(db, repoName, 0.3);
+        const hardRules = getHardRules(db, repoName);
+        return {
+            totalScans: scans.length,
+            learnedPatterns: patterns.length,
+            hardRules: hardRules.length,
+            topPatterns: patterns.slice(0, 5).map(p => ({
+                name: p.pattern,
+                strength: p.strength,
+                timesSeen: p.times_seen,
+            })),
+        };
+    }
+    catch {
+        return null;
+    }
+    finally {
+        db?.db.close();
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rigour-labs/core",
-  "version": "4.2.2",
+  "version": "4.3.0",
   "description": "Deterministic quality gate engine for AI-generated code. AST analysis, drift detection, and Fix Packet generation across TypeScript, JavaScript, Python, Go, Ruby, and C#.",
   "license": "MIT",
   "homepage": "https://rigour.run",
@@ -59,11 +59,11 @@
     "@xenova/transformers": "^2.17.2",
     "better-sqlite3": "^11.0.0",
     "openai": "^4.104.0",
-    "@rigour-labs/brain-darwin-arm64": "4.2.2",
-    "@rigour-labs/brain-linux-arm64": "4.2.2",
-    "@rigour-labs/brain-linux-x64": "4.2.2",
-    "@rigour-labs/brain-win-x64": "4.2.2",
-    "@rigour-labs/brain-darwin-x64": "4.2.2"
+    "@rigour-labs/brain-linux-arm64": "4.3.0",
+    "@rigour-labs/brain-linux-x64": "4.3.0",
+    "@rigour-labs/brain-darwin-x64": "4.3.0",
+    "@rigour-labs/brain-win-x64": "4.3.0",
+    "@rigour-labs/brain-darwin-arm64": "4.3.0"
   },
   "devDependencies": {
     "@types/better-sqlite3": "^7.6.12",