@rigour-labs/mcp 3.0.0 → 3.0.2

package/dist/index.js

@@ -23,8 +23,9 @@ import { handleCheckPattern, handleSecurityAudit } from './tools/pattern-handler
 import { handleRun, handleRunSupervised } from './tools/execution-handlers.js';
 import { handleAgentRegister, handleCheckpoint, handleHandoff, handleAgentDeregister, handleHandoffAccept } from './tools/agent-handlers.js';
 import { handleReview } from './tools/review-handler.js';
+import { handleHooksCheck, handleHooksInit } from './tools/hooks-handler.js';
 // ─── Server Setup ─────────────────────────────────────────────────
-const server = new Server({ name: "rigour-mcp", version: "1.0.0" }, { capabilities: { tools: {} } });
+const server = new Server({ name: "rigour-mcp", version: "3.0.0" }, { capabilities: { tools: {} } });
 // ─── Tool Listing ─────────────────────────────────────────────────
 server.setRequestHandler(ListToolsRequestSchema, async () => ({
     tools: TOOL_DEFINITIONS,
@@ -105,6 +106,13 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             case "rigour_handoff_accept":
                 result = await handleHandoffAccept(cwd, args.handoffId, args.agentId, requestId);
                 break;
+            // Real-time hooks (v3.0)
+            case "rigour_hooks_check":
+                result = await handleHooksCheck(cwd, args.files, args.timeout);
+                break;
+            case "rigour_hooks_init":
+                result = await handleHooksInit(cwd, args.tool, args.force, args.dryRun);
+                break;
             // Code review
             case "rigour_review":
                 result = await handleReview(runner, cwd, args.diff, args.files);
@@ -134,7 +142,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
 async function main() {
     const transport = new StdioServerTransport();
     await server.connect(transport);
-    console.error("Rigour MCP server v1.0.0 running on stdio");
+    console.error("Rigour MCP server v3.0.0 running on stdio");
 }
 main().catch((error) => {
     console.error("Fatal error in Rigour MCP server:", error);

package/dist/tools/definitions.d.ts

@@ -258,6 +258,55 @@ export declare const TOOL_DEFINITIONS: ({
         };
         required: string[];
     };
+} | {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: string;
+        properties: {
+            files: {
+                type: string;
+                items: {
+                    type: string;
+                };
+                description: string;
+            };
+            timeout: {
+                type: string;
+                description: string;
+            };
+            cwd: {
+                type: "string";
+                description: string;
+            };
+        };
+        required: string[];
+    };
+} | {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: string;
+        properties: {
+            tool: {
+                type: string;
+                description: string;
+            };
+            force: {
+                type: string;
+                description: string;
+            };
+            dryRun: {
+                type: string;
+                description: string;
+            };
+            cwd: {
+                type: "string";
+                description: string;
+            };
+        };
+        required: string[];
+    };
 } | {
     name: string;
     description: string;

package/dist/tools/definitions.js

@@ -230,6 +230,34 @@ export const TOOL_DEFINITIONS = [
             required: ["cwd", "handoffId", "agentId"],
         },
     },
+    // ─── Real-Time Hooks (v3.0) ────────────────────────────
+    {
+        name: "rigour_hooks_check",
+        description: "Run the fast hook checker on specific files. Same checks that run inside IDE hooks (Claude, Cursor, Cline, Windsurf). Catches: hardcoded secrets, hallucinated imports, command injection, file size. Completes in <100ms.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                ...cwdParam(),
+                files: { type: "array", items: { type: "string" }, description: "List of file paths (relative to cwd) to check." },
+                timeout: { type: "number", description: "Optional timeout in milliseconds (default: 5000)." },
+            },
+            required: ["cwd", "files"],
+        },
+    },
+    {
+        name: "rigour_hooks_init",
+        description: "Generate hook configs for AI coding tools (Claude, Cursor, Cline, Windsurf). Installs real-time quality checks that run on every file write.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                ...cwdParam(),
+                tool: { type: "string", description: "Target tool: 'claude', 'cursor', 'cline', or 'windsurf'." },
+                force: { type: "boolean", description: "Overwrite existing hook files (default: false)." },
+                dryRun: { type: "boolean", description: "Preview changes without writing files (default: false)." },
+            },
+            required: ["cwd", "tool"],
+        },
+    },
     // ─── Code Review ──────────────────────────────────────
     {
         name: "rigour_review",

package/dist/tools/hooks-handler.d.ts

@@ -0,0 +1,18 @@
+type ToolResult = {
+    content: {
+        type: string;
+        text: string;
+    }[];
+    isError?: boolean;
+};
+/**
+ * rigour_hooks_check — Run the fast hook checker on specific files.
+ * This is the same check that runs inside IDE hooks (Claude, Cursor, Cline, Windsurf).
+ * Catches: hardcoded secrets, hallucinated imports, command injection, file size.
+ */
+export declare function handleHooksCheck(cwd: string, files: string[], timeout?: number): Promise<ToolResult>;
+/**
+ * rigour_hooks_init — Generate hook configs for AI coding tools.
+ */
+export declare function handleHooksInit(cwd: string, tool: string, force?: boolean, dryRun?: boolean): Promise<ToolResult>;
+export {};

package/dist/tools/hooks-handler.js

@@ -0,0 +1,86 @@
+/**
+ * Hooks Tool Handlers
+ *
+ * Handlers for: rigour_hooks_check, rigour_hooks_init
+ *
+ * @since v3.0.0 — real-time hooks for AI coding tools
+ */
+import { runHookChecker, generateHookFiles } from "@rigour-labs/core";
+import fs from "fs-extra";
+import path from "path";
+/**
+ * rigour_hooks_check — Run the fast hook checker on specific files.
+ * This is the same check that runs inside IDE hooks (Claude, Cursor, Cline, Windsurf).
+ * Catches: hardcoded secrets, hallucinated imports, command injection, file size.
+ */
+export async function handleHooksCheck(cwd, files, timeout) {
+    const input = { cwd, files };
+    if (timeout)
+        input.timeout_ms = timeout;
+    const result = await runHookChecker(input);
+    if (result.status === 'pass') {
+        return {
+            content: [{
+                    type: "text",
+                    text: `✓ PASS — ${files.length} file(s) passed all hook checks.\nDuration: ${result.duration_ms}ms`,
+                }],
+        };
+    }
+    const failureLines = result.failures.map(f => `  [${f.severity.toUpperCase()}] [${f.gate}] ${f.file}:${f.line ?? '?'}\n    → ${f.message}`).join('\n');
+    return {
+        content: [{
+                type: "text",
+                text: `✘ FAIL — ${result.failures.length} issue(s) found in ${files.length} file(s).\nDuration: ${result.duration_ms}ms\n\n${failureLines}`,
+            }],
+    };
+}
+/**
+ * rigour_hooks_init — Generate hook configs for AI coding tools.
+ */
+export async function handleHooksInit(cwd, tool, force = false, dryRun = false) {
+    try {
+        const hookTool = tool;
+        const checkerPath = 'npx @rigour-labs/cli hooks check';
+        const files = generateHookFiles(hookTool, checkerPath);
+        if (dryRun) {
+            const preview = files.map(f => `${f.path}:\n${f.content}`).join('\n\n');
+            return {
+                content: [{
+                        type: "text",
+                        text: `[DRY RUN] Would generate ${files.length} hook file(s) for '${tool}':\n\n${preview}`,
+                    }],
+            };
+        }
+        const written = [];
+        const skipped = [];
+        for (const file of files) {
+            const fullPath = path.join(cwd, file.path);
+            if (!force && await fs.pathExists(fullPath)) {
+                skipped.push(file.path);
+                continue;
+            }
+            await fs.ensureDir(path.dirname(fullPath));
+            await fs.writeFile(fullPath, file.content);
+            written.push(file.path);
+        }
+        const parts = [];
+        if (written.length > 0)
+            parts.push(`✓ Created: ${written.join(', ')}`);
+        if (skipped.length > 0)
+            parts.push(`⊘ Skipped (exists): ${skipped.join(', ')}. Use force=true to overwrite.`);
+        parts.push(`Tool: ${tool}`);
+        parts.push('Checks: file-size, security-patterns, hallucinated-imports, command-injection');
+        return {
+            content: [{ type: "text", text: parts.join('\n') }],
+        };
+    }
+    catch (error) {
+        return {
+            content: [{
+                    type: "text",
+                    text: `Hook init failed: ${error.message}\n\nFallback: run 'npx @rigour-labs/cli hooks init --tool ${tool}' from the terminal.`,
+                }],
+            isError: true,
+        };
+    }
+}

package/dist/utils/config.d.ts

@@ -126,6 +126,13 @@ export declare function loadConfig(cwd: string): Promise<{
             check_unsafe_fetch: boolean;
         };
     };
+    hooks: {
+        enabled: boolean;
+        tools: ("claude" | "cursor" | "cline" | "windsurf")[];
+        fast_gates: string[];
+        timeout_ms: number;
+        block_on_failure: boolean;
+    };
     output: {
         report_path: string;
     };

package/package.json

@@ -1,20 +1,29 @@
 {
   "name": "@rigour-labs/mcp",
-  "version": "3.0.0",
-  "description": "MCP server for AI code quality gates. Integrates with Claude Desktop, Cursor, Cline, and VS Code to enforce engineering standards in real-time.",
+  "version": "3.0.2",
+  "description": "MCP server for AI code governance — OWASP LLM Top 10 (10/10), real-time hooks, 25+ security patterns, hallucinated import detection, multi-agent governance. Works with Claude, Cursor, Cline, Windsurf, Gemini. Industry presets for HIPAA, SOC2, FedRAMP.",
   "license": "MIT",
   "homepage": "https://rigour.run",
   "keywords": [
     "mcp",
     "model-context-protocol",
-    "quality-gates",
-    "ai-code-quality",
+    "owasp-llm-top-10",
+    "ai-code-governance",
+    "real-time-hooks",
+    "security-patterns",
+    "hallucinated-imports",
+    "industry-presets",
+    "hipaa",
+    "soc2",
+    "fedramp",
     "claude",
     "cursor",
     "cline",
-    "code-review",
+    "windsurf",
+    "multi-agent-governance",
+    "quality-gates",
     "static-analysis",
-    "agent-governance"
+    "code-review"
   ],
   "type": "module",
   "mcpName": "io.github.rigour-labs/rigour",
@@ -38,7 +47,7 @@
     "execa": "^8.0.1",
     "fs-extra": "^11.2.0",
     "yaml": "^2.8.2",
-    "@rigour-labs/core": "3.0.0"
+    "@rigour-labs/core": "3.0.2"
   },
   "devDependencies": {
     "@types/node": "^25.0.3",