@rigour-labs/mcp 3.0.1 → 3.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +30 -2
  2. package/dist/index.js +99 -3
  3. package/dist/tools/definitions.d.ts +157 -1
  4. package/dist/tools/definitions.js +185 -1
  5. package/dist/tools/hooks-handler.d.ts +18 -0
  6. package/dist/tools/hooks-handler.js +86 -0
  7. package/dist/tools/prompts.d.ts +17 -0
  8. package/dist/tools/prompts.js +65 -0
  9. package/package.json +17 -7
package/README.md CHANGED
@@ -14,12 +14,16 @@ Rigour is a local-first Model Context Protocol (MCP) server that forces AI agent
14
14
  Rigour moves code quality enforcement from the "Post-Commit" phase to the "In-Progress" phase. By running as an MCP server inside your editor, it provides the AI with a deterministic PASS/FAIL loop, preventing "Vibe Coding" and broken builds.
15
15
 
16
16
  ### Key Features:
17
- - **Quality Gates**: Deterministic checks for file size, complexity, hygiene, and AI-native drift detection.
18
- - **Multi-Language**: Gates support TypeScript, JavaScript, Python, Go, Ruby, and C#/.NET.
17
+ - **Quality Gates**: 23 deterministic checks for file size, complexity, hygiene, security, and AI-native drift detection.
18
+ - **8-Language Support**: JS/TS, Python, Go, Ruby, C#/.NET, Rust, Java, and Kotlin — with stdlib whitelists, dependency manifest parsing, and project-relative import resolution.
19
+ - **Real-Time Hooks**: Sub-200ms file-write hooks for Claude Code, Cursor, Cline, and Windsurf — catches issues as the AI writes, not after CI.
20
+ - **OWASP LLM Top 10**: Strong coverage on all 10 risks from the OWASP Top 10 for LLM-Generated Code, with 25+ security patterns.
19
21
  - **Two-Score System**: Separate AI Health Score and Structural Score with provenance tracking.
20
22
  - **Context Memory**: Persistent memory that tracks project rules and patterns across sessions.
21
23
  - **Pattern Reinvention Blocking**: Warns or blocks the AI when it tries to rewrite existing utilities.
22
24
  - **Security Audits**: Real-time CVE detection for dependencies the AI is suggesting.
25
+ - **Multi-Agent Governance**: Agent registration, scope isolation, checkpoint supervision, and verified handoffs for multi-agent workflows.
26
+ - **Industry Presets**: SOC2, HIPAA, FedRAMP-ready gate configurations.
23
27
  - **Zero Cloud**: 100% local analysis. Your code never leaves your machine.
24
28
 
25
29
  ---
@@ -45,6 +49,13 @@ Rigour moves code quality enforcement from the "Post-Commit" phase to the "In-Pr
45
49
  | `rigour_run_supervised` | Full supervisor mode — iterative command + gate check loop. |
46
50
  | `rigour_review` | High-fidelity code review on a PR diff against all quality gates. |
47
51
 
52
+ ### Real-Time Hooks (v3.0)
53
+
54
+ | Tool | Description |
55
+ |:---|:---|
56
+ | `rigour_hooks_check` | Run fast hook checker on specific files (<100ms). Catches: hardcoded secrets, hallucinated imports, command injection, file size. |
57
+ | `rigour_hooks_init` | Generate hook configs for Claude, Cursor, Cline, or Windsurf. Installs real-time checks on every file write. |
58
+
48
59
  ### Frontier Model Tools (v2.14+)
49
60
 
50
61
  For next-gen multi-agent workflows (Opus 4.6, GPT-5.3-Codex):
@@ -59,6 +70,23 @@ For next-gen multi-agent workflows (Opus 4.6, GPT-5.3-Codex):
59
70
 
60
71
  ---
61
72
 
73
+ ## 🌐 Language Support
74
+
75
+ Hallucinated import detection with full stdlib whitelists and dependency manifest parsing:
76
+
77
+ | Language | Stdlib | Dependency Manifest | Import Patterns |
78
+ |:---|:---|:---|:---|
79
+ | **JavaScript/TypeScript** | Node.js 22.x builtins | `package.json` | `import`, `require()`, `export from` |
80
+ | **Python** | 160+ stdlib modules (3.12+) | Local module resolution | `import`, `from ... import` |
81
+ | **Go** | 150+ stdlib packages (1.22+) | `go.mod` module path | `import "..."`, aliased imports |
82
+ | **Ruby** | 80+ stdlib gems (3.3+ MRI) | `Gemfile`, `.gemspec` | `require`, `require_relative` |
83
+ | **C# / .NET** | .NET 8 framework namespaces | `.csproj` (NuGet PackageReference) | `using`, `using static` |
84
+ | **Rust** | `std`/`core`/`alloc`/`proc_macro` | `Cargo.toml` (with `-` → `_`) | `use`, `extern crate`, `pub use` |
85
+ | **Java** | `java.*`/`javax.*`/`jakarta.*` | `build.gradle`, `pom.xml` | `import`, `import static` |
86
+ | **Kotlin** | `kotlin.*`/`kotlinx.*` + Java interop | `build.gradle.kts` | `import` |
87
+
88
+ ---
89
+
62
90
  ## 📦 Installation
63
91
 
64
92
  ### 1. Install via npm
package/dist/index.js CHANGED
@@ -9,7 +9,7 @@
9
9
  */
10
10
  import { Server } from "@modelcontextprotocol/sdk/server/index.js";
11
11
  import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
12
- import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
12
+ import { CallToolRequestSchema, ListToolsRequestSchema, ListPromptsRequestSchema, GetPromptRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
13
13
  import { randomUUID } from "crypto";
14
14
  import { GateRunner } from "@rigour-labs/core";
15
15
  // Utils
@@ -23,8 +23,9 @@ import { handleCheckPattern, handleSecurityAudit } from './tools/pattern-handler
23
23
  import { handleRun, handleRunSupervised } from './tools/execution-handlers.js';
24
24
  import { handleAgentRegister, handleCheckpoint, handleHandoff, handleAgentDeregister, handleHandoffAccept } from './tools/agent-handlers.js';
25
25
  import { handleReview } from './tools/review-handler.js';
26
+ import { handleHooksCheck, handleHooksInit } from './tools/hooks-handler.js';
26
27
  // ─── Server Setup ─────────────────────────────────────────────────
27
- const server = new Server({ name: "rigour-mcp", version: "1.0.0" }, { capabilities: { tools: {} } });
28
+ const server = new Server({ name: "rigour-mcp", version: "3.0.1" }, { capabilities: { tools: {}, prompts: {} } });
28
29
  // ─── Tool Listing ─────────────────────────────────────────────────
29
30
  server.setRequestHandler(ListToolsRequestSchema, async () => ({
30
31
  tools: TOOL_DEFINITIONS,
@@ -105,6 +106,13 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
105
106
  case "rigour_handoff_accept":
106
107
  result = await handleHandoffAccept(cwd, args.handoffId, args.agentId, requestId);
107
108
  break;
109
+ // Real-time hooks (v3.0)
110
+ case "rigour_hooks_check":
111
+ result = await handleHooksCheck(cwd, args.files, args.timeout);
112
+ break;
113
+ case "rigour_hooks_init":
114
+ result = await handleHooksInit(cwd, args.tool, args.force, args.dryRun);
115
+ break;
108
116
  // Code review
109
117
  case "rigour_review":
110
118
  result = await handleReview(runner, cwd, args.diff, args.files);
@@ -130,11 +138,99 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
130
138
  return errorResponse;
131
139
  }
132
140
  });
141
+ // ─── Prompt Templates ────────────────────────────────────────────
142
+ import { PROMPT_DEFINITIONS } from './tools/prompts.js';
143
+ server.setRequestHandler(ListPromptsRequestSchema, async () => ({
144
+ prompts: PROMPT_DEFINITIONS,
145
+ }));
146
+ server.setRequestHandler(GetPromptRequestSchema, async (request) => {
147
+ const { name, arguments: promptArgs } = request.params;
148
+ const cwd = promptArgs?.cwd || process.env.RIGOUR_CWD || process.cwd();
149
+ const prompt = PROMPT_DEFINITIONS.find((p) => p.name === name);
150
+ if (!prompt) {
151
+ throw new Error(`Unknown prompt: ${name}`);
152
+ }
153
+ // Generate dynamic messages based on prompt name
154
+ switch (name) {
155
+ case "rigour-setup": {
156
+ return {
157
+ description: prompt.description,
158
+ messages: [
159
+ {
160
+ role: "user",
161
+ content: {
162
+ type: "text",
163
+ text: `Initialize Rigour quality gates for the project at ${cwd}. Run \`rigour_check\` to see current quality score, then use \`rigour_hooks_init\` to install real-time hooks for the detected AI coding tool. Report the score breakdown (overall, AI health, structural) and any critical violations.`,
164
+ },
165
+ },
166
+ ],
167
+ };
168
+ }
169
+ case "rigour-fix-loop": {
170
+ return {
171
+ description: prompt.description,
172
+ messages: [
173
+ {
174
+ role: "user",
175
+ content: {
176
+ type: "text",
177
+ text: `Run \`rigour_check\` on ${cwd}. If the project FAILS, retrieve the fix packet with \`rigour_get_fix_packet\` and fix every violation in priority order (critical → high → medium → low). After each fix, re-run \`rigour_check\` to verify. Repeat until PASS. Do NOT skip any violation. Report progress after each iteration.`,
178
+ },
179
+ },
180
+ ],
181
+ };
182
+ }
183
+ case "rigour-security-review": {
184
+ return {
185
+ description: prompt.description,
186
+ messages: [
187
+ {
188
+ role: "user",
189
+ content: {
190
+ type: "text",
191
+ text: `Perform a full security review on ${cwd}. First run \`rigour_security_audit\` for CVE checks on dependencies. Then run \`rigour_check\` and filter for security-provenance violations (hardcoded secrets, SQL injection, XSS, command injection, path traversal). Report all findings with severity, file locations, and remediation instructions.`,
192
+ },
193
+ },
194
+ ],
195
+ };
196
+ }
197
+ case "rigour-pre-commit": {
198
+ return {
199
+ description: prompt.description,
200
+ messages: [
201
+ {
202
+ role: "user",
203
+ content: {
204
+ type: "text",
205
+ text: `Run a pre-commit quality check on ${cwd}. Execute \`rigour_check\` and \`rigour_hooks_check\` on all staged files. If any critical or high severity violations exist, list them and block the commit. For medium/low violations, warn but allow. Provide a one-line summary: PASS (safe to commit) or FAIL (must fix first).`,
206
+ },
207
+ },
208
+ ],
209
+ };
210
+ }
211
+ case "rigour-ai-health-report": {
212
+ return {
213
+ description: prompt.description,
214
+ messages: [
215
+ {
216
+ role: "user",
217
+ content: {
218
+ type: "text",
219
+ text: `Generate an AI code health report for ${cwd}. Run \`rigour_check\` and focus on AI-drift provenance violations: hallucinated imports, duplication drift, context window artifacts, inconsistent error handling, and promise safety. Compare AI health score vs structural score. Provide a summary table of AI-specific issues and concrete next steps to improve the AI health score.`,
220
+ },
221
+ },
222
+ ],
223
+ };
224
+ }
225
+ default:
226
+ throw new Error(`Unknown prompt: ${name}`);
227
+ }
228
+ });
133
229
  // ─── Start ────────────────────────────────────────────────────────
134
230
  async function main() {
135
231
  const transport = new StdioServerTransport();
136
232
  await server.connect(transport);
137
- console.error("Rigour MCP server v1.0.0 running on stdio");
233
+ console.error("Rigour MCP server v3.0.0 running on stdio");
138
234
  }
139
235
  main().catch((error) => {
140
236
  console.error("Fatal error in Rigour MCP server:", error);
package/dist/tools/definitions.d.ts CHANGED
@@ -2,9 +2,18 @@
2
2
  * MCP Tool Definitions
3
3
  *
4
4
  * Schema definitions for all Rigour MCP tools.
5
- * Each tool has a name, description, and JSON Schema for its input.
5
+ * Each tool has a name, description, JSON Schema for input, and MCP annotations.
6
+ *
7
+ * Annotations follow the MCP spec (2025-03-26):
8
+ * title — human-readable display name
9
+ * readOnlyHint — true if tool only reads/computes, never writes
10
+ * destructiveHint — true if tool deletes or overwrites data
11
+ * idempotentHint — true if repeated calls produce same result
12
+ * openWorldHint — true if tool reaches outside the user's project
6
13
  *
7
14
  * @since v2.17.0 — extracted from monolithic index.ts
15
+ * @since v3.0.0 — hooks tools added
16
+ * @since v3.0.1 — MCP annotations added for Smithery quality compliance
8
17
  */
9
18
  export declare const TOOL_DEFINITIONS: ({
10
19
  name: string;
@@ -19,6 +28,13 @@ export declare const TOOL_DEFINITIONS: ({
19
28
  };
20
29
  required: string[];
21
30
  };
31
+ annotations: {
32
+ title: string;
33
+ readOnlyHint: boolean;
34
+ destructiveHint: boolean;
35
+ idempotentHint: boolean;
36
+ openWorldHint: boolean;
37
+ };
22
38
  } | {
23
39
  name: string;
24
40
  description: string;
@@ -40,6 +56,13 @@ export declare const TOOL_DEFINITIONS: ({
40
56
  };
41
57
  required: string[];
42
58
  };
59
+ annotations: {
60
+ title: string;
61
+ readOnlyHint: boolean;
62
+ destructiveHint: boolean;
63
+ idempotentHint: boolean;
64
+ openWorldHint: boolean;
65
+ };
43
66
  } | {
44
67
  name: string;
45
68
  description: string;
@@ -57,6 +80,13 @@ export declare const TOOL_DEFINITIONS: ({
57
80
  };
58
81
  required: string[];
59
82
  };
83
+ annotations: {
84
+ title: string;
85
+ readOnlyHint: boolean;
86
+ destructiveHint: boolean;
87
+ idempotentHint: boolean;
88
+ openWorldHint: boolean;
89
+ };
60
90
  } | {
61
91
  name: string;
62
92
  description: string;
@@ -82,6 +112,13 @@ export declare const TOOL_DEFINITIONS: ({
82
112
  };
83
113
  required: string[];
84
114
  };
115
+ annotations: {
116
+ title: string;
117
+ readOnlyHint: boolean;
118
+ destructiveHint: boolean;
119
+ idempotentHint: boolean;
120
+ openWorldHint: boolean;
121
+ };
85
122
  } | {
86
123
  name: string;
87
124
  description: string;
@@ -103,6 +140,13 @@ export declare const TOOL_DEFINITIONS: ({
103
140
  };
104
141
  required: string[];
105
142
  };
143
+ annotations: {
144
+ title: string;
145
+ readOnlyHint: boolean;
146
+ destructiveHint: boolean;
147
+ idempotentHint: boolean;
148
+ openWorldHint: boolean;
149
+ };
106
150
  } | {
107
151
  name: string;
108
152
  description: string;
@@ -128,6 +172,13 @@ export declare const TOOL_DEFINITIONS: ({
128
172
  };
129
173
  required: string[];
130
174
  };
175
+ annotations: {
176
+ title: string;
177
+ readOnlyHint: boolean;
178
+ destructiveHint: boolean;
179
+ idempotentHint: boolean;
180
+ openWorldHint: boolean;
181
+ };
131
182
  } | {
132
183
  name: string;
133
184
  description: string;
@@ -152,6 +203,13 @@ export declare const TOOL_DEFINITIONS: ({
152
203
  };
153
204
  required: string[];
154
205
  };
206
+ annotations: {
207
+ title: string;
208
+ readOnlyHint: boolean;
209
+ destructiveHint: boolean;
210
+ idempotentHint: boolean;
211
+ openWorldHint: boolean;
212
+ };
155
213
  } | {
156
214
  name: string;
157
215
  description: string;
@@ -184,6 +242,13 @@ export declare const TOOL_DEFINITIONS: ({
184
242
  };
185
243
  required: string[];
186
244
  };
245
+ annotations: {
246
+ title: string;
247
+ readOnlyHint: boolean;
248
+ destructiveHint: boolean;
249
+ idempotentHint: boolean;
250
+ openWorldHint: boolean;
251
+ };
187
252
  } | {
188
253
  name: string;
189
254
  description: string;
@@ -220,6 +285,13 @@ export declare const TOOL_DEFINITIONS: ({
220
285
  };
221
286
  required: string[];
222
287
  };
288
+ annotations: {
289
+ title: string;
290
+ readOnlyHint: boolean;
291
+ destructiveHint: boolean;
292
+ idempotentHint: boolean;
293
+ openWorldHint: boolean;
294
+ };
223
295
  } | {
224
296
  name: string;
225
297
  description: string;
@@ -237,6 +309,13 @@ export declare const TOOL_DEFINITIONS: ({
237
309
  };
238
310
  required: string[];
239
311
  };
312
+ annotations: {
313
+ title: string;
314
+ readOnlyHint: boolean;
315
+ destructiveHint: boolean;
316
+ idempotentHint: boolean;
317
+ openWorldHint: boolean;
318
+ };
240
319
  } | {
241
320
  name: string;
242
321
  description: string;
@@ -258,6 +337,76 @@ export declare const TOOL_DEFINITIONS: ({
258
337
  };
259
338
  required: string[];
260
339
  };
340
+ annotations: {
341
+ title: string;
342
+ readOnlyHint: boolean;
343
+ destructiveHint: boolean;
344
+ idempotentHint: boolean;
345
+ openWorldHint: boolean;
346
+ };
347
+ } | {
348
+ name: string;
349
+ description: string;
350
+ inputSchema: {
351
+ type: string;
352
+ properties: {
353
+ files: {
354
+ type: string;
355
+ items: {
356
+ type: string;
357
+ };
358
+ description: string;
359
+ };
360
+ timeout: {
361
+ type: string;
362
+ description: string;
363
+ };
364
+ cwd: {
365
+ type: "string";
366
+ description: string;
367
+ };
368
+ };
369
+ required: string[];
370
+ };
371
+ annotations: {
372
+ title: string;
373
+ readOnlyHint: boolean;
374
+ destructiveHint: boolean;
375
+ idempotentHint: boolean;
376
+ openWorldHint: boolean;
377
+ };
378
+ } | {
379
+ name: string;
380
+ description: string;
381
+ inputSchema: {
382
+ type: string;
383
+ properties: {
384
+ tool: {
385
+ type: string;
386
+ description: string;
387
+ };
388
+ force: {
389
+ type: string;
390
+ description: string;
391
+ };
392
+ dryRun: {
393
+ type: string;
394
+ description: string;
395
+ };
396
+ cwd: {
397
+ type: "string";
398
+ description: string;
399
+ };
400
+ };
401
+ required: string[];
402
+ };
403
+ annotations: {
404
+ title: string;
405
+ readOnlyHint: boolean;
406
+ destructiveHint: boolean;
407
+ idempotentHint: boolean;
408
+ openWorldHint: boolean;
409
+ };
261
410
  } | {
262
411
  name: string;
263
412
  description: string;
@@ -290,4 +439,11 @@ export declare const TOOL_DEFINITIONS: ({
290
439
  };
291
440
  required: string[];
292
441
  };
442
+ annotations: {
443
+ title: string;
444
+ readOnlyHint: boolean;
445
+ destructiveHint: boolean;
446
+ idempotentHint: boolean;
447
+ openWorldHint: boolean;
448
+ };
293
449
  })[];
package/dist/tools/definitions.js CHANGED
@@ -2,9 +2,18 @@
2
2
  * MCP Tool Definitions
3
3
  *
4
4
  * Schema definitions for all Rigour MCP tools.
5
- * Each tool has a name, description, and JSON Schema for its input.
5
+ * Each tool has a name, description, JSON Schema for input, and MCP annotations.
6
+ *
7
+ * Annotations follow the MCP spec (2025-03-26):
8
+ * title — human-readable display name
9
+ * readOnlyHint — true if tool only reads/computes, never writes
10
+ * destructiveHint — true if tool deletes or overwrites data
11
+ * idempotentHint — true if repeated calls produce same result
12
+ * openWorldHint — true if tool reaches outside the user's project
6
13
  *
7
14
  * @since v2.17.0 — extracted from monolithic index.ts
15
+ * @since v3.0.0 — hooks tools added
16
+ * @since v3.0.1 — MCP annotations added for Smithery quality compliance
8
17
  */
9
18
  function cwdParam() {
10
19
  return {
@@ -24,6 +33,13 @@ export const TOOL_DEFINITIONS = [
24
33
  properties: cwdParam(),
25
34
  required: ["cwd"],
26
35
  },
36
+ annotations: {
37
+ title: "Run Quality Gates",
38
+ readOnlyHint: true,
39
+ destructiveHint: false,
40
+ idempotentHint: true,
41
+ openWorldHint: false,
42
+ },
27
43
  },
28
44
  {
29
45
  name: "rigour_explain",
@@ -33,6 +49,13 @@ export const TOOL_DEFINITIONS = [
33
49
  properties: cwdParam(),
34
50
  required: ["cwd"],
35
51
  },
52
+ annotations: {
53
+ title: "Explain Gate Failures",
54
+ readOnlyHint: true,
55
+ destructiveHint: false,
56
+ idempotentHint: true,
57
+ openWorldHint: false,
58
+ },
36
59
  },
37
60
  {
38
61
  name: "rigour_status",
@@ -42,6 +65,13 @@ export const TOOL_DEFINITIONS = [
42
65
  properties: cwdParam(),
43
66
  required: ["cwd"],
44
67
  },
68
+ annotations: {
69
+ title: "Quality Status",
70
+ readOnlyHint: true,
71
+ destructiveHint: false,
72
+ idempotentHint: true,
73
+ openWorldHint: false,
74
+ },
45
75
  },
46
76
  {
47
77
  name: "rigour_get_fix_packet",
@@ -51,6 +81,13 @@ export const TOOL_DEFINITIONS = [
51
81
  properties: cwdParam(),
52
82
  required: ["cwd"],
53
83
  },
84
+ annotations: {
85
+ title: "Get Fix Packet",
86
+ readOnlyHint: true,
87
+ destructiveHint: false,
88
+ idempotentHint: true,
89
+ openWorldHint: false,
90
+ },
54
91
  },
55
92
  {
56
93
  name: "rigour_list_gates",
@@ -60,6 +97,13 @@ export const TOOL_DEFINITIONS = [
60
97
  properties: cwdParam(),
61
98
  required: ["cwd"],
62
99
  },
100
+ annotations: {
101
+ title: "List Quality Gates",
102
+ readOnlyHint: true,
103
+ destructiveHint: false,
104
+ idempotentHint: true,
105
+ openWorldHint: false,
106
+ },
63
107
  },
64
108
  {
65
109
  name: "rigour_get_config",
@@ -69,6 +113,13 @@ export const TOOL_DEFINITIONS = [
69
113
  properties: cwdParam(),
70
114
  required: ["cwd"],
71
115
  },
116
+ annotations: {
117
+ title: "Get Configuration",
118
+ readOnlyHint: true,
119
+ destructiveHint: false,
120
+ idempotentHint: true,
121
+ openWorldHint: false,
122
+ },
72
123
  },
73
124
  // ─── Memory Persistence ───────────────────────────────
74
125
  {
@@ -83,6 +134,13 @@ export const TOOL_DEFINITIONS = [
83
134
  },
84
135
  required: ["cwd", "key", "value"],
85
136
  },
137
+ annotations: {
138
+ title: "Store Memory",
139
+ readOnlyHint: false,
140
+ destructiveHint: false,
141
+ idempotentHint: true,
142
+ openWorldHint: false,
143
+ },
86
144
  },
87
145
  {
88
146
  name: "rigour_recall",
@@ -95,6 +153,13 @@ export const TOOL_DEFINITIONS = [
95
153
  },
96
154
  required: ["cwd"],
97
155
  },
156
+ annotations: {
157
+ title: "Recall Memory",
158
+ readOnlyHint: true,
159
+ destructiveHint: false,
160
+ idempotentHint: true,
161
+ openWorldHint: false,
162
+ },
98
163
  },
99
164
  {
100
165
  name: "rigour_forget",
@@ -107,6 +172,13 @@ export const TOOL_DEFINITIONS = [
107
172
  },
108
173
  required: ["cwd", "key"],
109
174
  },
175
+ annotations: {
176
+ title: "Delete Memory",
177
+ readOnlyHint: false,
178
+ destructiveHint: true,
179
+ idempotentHint: true,
180
+ openWorldHint: false,
181
+ },
110
182
  },
111
183
  // ─── Pattern Intelligence ─────────────────────────────
112
184
  {
@@ -122,6 +194,13 @@ export const TOOL_DEFINITIONS = [
122
194
  },
123
195
  required: ["cwd", "name"],
124
196
  },
197
+ annotations: {
198
+ title: "Check Pattern Exists",
199
+ readOnlyHint: true,
200
+ destructiveHint: false,
201
+ idempotentHint: true,
202
+ openWorldHint: false,
203
+ },
125
204
  },
126
205
  {
127
206
  name: "rigour_security_audit",
@@ -131,6 +210,13 @@ export const TOOL_DEFINITIONS = [
131
210
  properties: cwdParam(),
132
211
  required: ["cwd"],
133
212
  },
213
+ annotations: {
214
+ title: "Security Audit",
215
+ readOnlyHint: true,
216
+ destructiveHint: false,
217
+ idempotentHint: true,
218
+ openWorldHint: true,
219
+ },
134
220
  },
135
221
  // ─── Execution & Supervision ──────────────────────────
136
222
  {
@@ -145,6 +231,13 @@ export const TOOL_DEFINITIONS = [
145
231
  },
146
232
  required: ["cwd", "command"],
147
233
  },
234
+ annotations: {
235
+ title: "Run Command",
236
+ readOnlyHint: false,
237
+ destructiveHint: false,
238
+ idempotentHint: false,
239
+ openWorldHint: false,
240
+ },
148
241
  },
149
242
  {
150
243
  name: "rigour_run_supervised",
@@ -159,6 +252,13 @@ export const TOOL_DEFINITIONS = [
159
252
  },
160
253
  required: ["cwd", "command"],
161
254
  },
255
+ annotations: {
256
+ title: "Supervised Execution",
257
+ readOnlyHint: false,
258
+ destructiveHint: false,
259
+ idempotentHint: false,
260
+ openWorldHint: false,
261
+ },
162
262
  },
163
263
  // ─── Multi-Agent Governance (v2.14+) ──────────────────
164
264
  {
@@ -173,6 +273,13 @@ export const TOOL_DEFINITIONS = [
173
273
  },
174
274
  required: ["cwd", "agentId", "taskScope"],
175
275
  },
276
+ annotations: {
277
+ title: "Register Agent",
278
+ readOnlyHint: false,
279
+ destructiveHint: false,
280
+ idempotentHint: true,
281
+ openWorldHint: false,
282
+ },
176
283
  },
177
284
  {
178
285
  name: "rigour_checkpoint",
@@ -188,6 +295,13 @@ export const TOOL_DEFINITIONS = [
188
295
  },
189
296
  required: ["cwd", "progressPct", "summary", "qualityScore"],
190
297
  },
298
+ annotations: {
299
+ title: "Record Checkpoint",
300
+ readOnlyHint: false,
301
+ destructiveHint: false,
302
+ idempotentHint: false,
303
+ openWorldHint: false,
304
+ },
191
305
  },
192
306
  {
193
307
  name: "rigour_handoff",
@@ -204,6 +318,13 @@ export const TOOL_DEFINITIONS = [
204
318
  },
205
319
  required: ["cwd", "fromAgentId", "toAgentId", "taskDescription"],
206
320
  },
321
+ annotations: {
322
+ title: "Handoff Task",
323
+ readOnlyHint: false,
324
+ destructiveHint: false,
325
+ idempotentHint: false,
326
+ openWorldHint: false,
327
+ },
207
328
  },
208
329
  {
209
330
  name: "rigour_agent_deregister",
@@ -216,6 +337,13 @@ export const TOOL_DEFINITIONS = [
216
337
  },
217
338
  required: ["cwd", "agentId"],
218
339
  },
340
+ annotations: {
341
+ title: "Deregister Agent",
342
+ readOnlyHint: false,
343
+ destructiveHint: true,
344
+ idempotentHint: true,
345
+ openWorldHint: false,
346
+ },
219
347
  },
220
348
  {
221
349
  name: "rigour_handoff_accept",
@@ -229,6 +357,55 @@ export const TOOL_DEFINITIONS = [
229
357
  },
230
358
  required: ["cwd", "handoffId", "agentId"],
231
359
  },
360
+ annotations: {
361
+ title: "Accept Handoff",
362
+ readOnlyHint: false,
363
+ destructiveHint: false,
364
+ idempotentHint: true,
365
+ openWorldHint: false,
366
+ },
367
+ },
368
+ // ─── Real-Time Hooks (v3.0) ────────────────────────────
369
+ {
370
+ name: "rigour_hooks_check",
371
+ description: "Run the fast hook checker on specific files. Same checks that run inside IDE hooks (Claude, Cursor, Cline, Windsurf). Catches: hardcoded secrets, hallucinated imports, command injection, file size. Completes in <100ms.",
372
+ inputSchema: {
373
+ type: "object",
374
+ properties: {
375
+ ...cwdParam(),
376
+ files: { type: "array", items: { type: "string" }, description: "List of file paths (relative to cwd) to check." },
377
+ timeout: { type: "number", description: "Optional timeout in milliseconds (default: 5000)." },
378
+ },
379
+ required: ["cwd", "files"],
380
+ },
381
+ annotations: {
382
+ title: "Fast Hook Check",
383
+ readOnlyHint: true,
384
+ destructiveHint: false,
385
+ idempotentHint: true,
386
+ openWorldHint: false,
387
+ },
388
+ },
389
+ {
390
+ name: "rigour_hooks_init",
391
+ description: "Generate hook configs for AI coding tools (Claude, Cursor, Cline, Windsurf). Installs real-time quality checks that run on every file write.",
392
+ inputSchema: {
393
+ type: "object",
394
+ properties: {
395
+ ...cwdParam(),
396
+ tool: { type: "string", description: "Target tool: 'claude', 'cursor', 'cline', or 'windsurf'." },
397
+ force: { type: "boolean", description: "Overwrite existing hook files (default: false)." },
398
+ dryRun: { type: "boolean", description: "Preview changes without writing files (default: false)." },
399
+ },
400
+ required: ["cwd", "tool"],
401
+ },
402
+ annotations: {
403
+ title: "Install IDE Hooks",
404
+ readOnlyHint: false,
405
+ destructiveHint: false,
406
+ idempotentHint: true,
407
+ openWorldHint: false,
408
+ },
232
409
  },
233
410
  // ─── Code Review ──────────────────────────────────────
234
411
  {
@@ -245,5 +422,12 @@ export const TOOL_DEFINITIONS = [
245
422
  },
246
423
  required: ["cwd", "diff"],
247
424
  },
425
+ annotations: {
426
+ title: "Code Review",
427
+ readOnlyHint: true,
428
+ destructiveHint: false,
429
+ idempotentHint: true,
430
+ openWorldHint: false,
431
+ },
248
432
  },
249
433
  ];
package/dist/tools/hooks-handler.d.ts ADDED
@@ -0,0 +1,18 @@
1
+ type ToolResult = {
2
+ content: {
3
+ type: string;
4
+ text: string;
5
+ }[];
6
+ isError?: boolean;
7
+ };
8
+ /**
9
+ * rigour_hooks_check — Run the fast hook checker on specific files.
10
+ * This is the same check that runs inside IDE hooks (Claude, Cursor, Cline, Windsurf).
11
+ * Catches: hardcoded secrets, hallucinated imports, command injection, file size.
12
+ */
13
+ export declare function handleHooksCheck(cwd: string, files: string[], timeout?: number): Promise<ToolResult>;
14
+ /**
15
+ * rigour_hooks_init — Generate hook configs for AI coding tools.
16
+ */
17
+ export declare function handleHooksInit(cwd: string, tool: string, force?: boolean, dryRun?: boolean): Promise<ToolResult>;
18
+ export {};
package/dist/tools/hooks-handler.js ADDED
@@ -0,0 +1,86 @@
1
+ /**
2
+ * Hooks Tool Handlers
3
+ *
4
+ * Handlers for: rigour_hooks_check, rigour_hooks_init
5
+ *
6
+ * @since v3.0.0 — real-time hooks for AI coding tools
7
+ */
8
+ import { runHookChecker, generateHookFiles } from "@rigour-labs/core";
9
+ import fs from "fs-extra";
10
+ import path from "path";
11
+ /**
12
+ * rigour_hooks_check — Run the fast hook checker on specific files.
13
+ * This is the same check that runs inside IDE hooks (Claude, Cursor, Cline, Windsurf).
14
+ * Catches: hardcoded secrets, hallucinated imports, command injection, file size.
15
+ */
16
+ export async function handleHooksCheck(cwd, files, timeout) {
17
+ const input = { cwd, files };
18
+ if (timeout)
19
+ input.timeout_ms = timeout;
20
+ const result = await runHookChecker(input);
21
+ if (result.status === 'pass') {
22
+ return {
23
+ content: [{
24
+ type: "text",
25
+ text: `✓ PASS — ${files.length} file(s) passed all hook checks.\nDuration: ${result.duration_ms}ms`,
26
+ }],
27
+ };
28
+ }
29
+ const failureLines = result.failures.map(f => ` [${f.severity.toUpperCase()}] [${f.gate}] ${f.file}:${f.line ?? '?'}\n → ${f.message}`).join('\n');
30
+ return {
31
+ content: [{
32
+ type: "text",
33
+ text: `✘ FAIL — ${result.failures.length} issue(s) found in ${files.length} file(s).\nDuration: ${result.duration_ms}ms\n\n${failureLines}`,
34
+ }],
35
+ };
36
+ }
37
+ /**
38
+ * rigour_hooks_init — Generate hook configs for AI coding tools.
39
+ */
40
+ export async function handleHooksInit(cwd, tool, force = false, dryRun = false) {
41
+ try {
42
+ const hookTool = tool;
43
+ const checkerPath = 'npx @rigour-labs/cli hooks check';
44
+ const files = generateHookFiles(hookTool, checkerPath);
45
+ if (dryRun) {
46
+ const preview = files.map(f => `${f.path}:\n${f.content}`).join('\n\n');
47
+ return {
48
+ content: [{
49
+ type: "text",
50
+ text: `[DRY RUN] Would generate ${files.length} hook file(s) for '${tool}':\n\n${preview}`,
51
+ }],
52
+ };
53
+ }
54
+ const written = [];
55
+ const skipped = [];
56
+ for (const file of files) {
57
+ const fullPath = path.join(cwd, file.path);
58
+ if (!force && await fs.pathExists(fullPath)) {
59
+ skipped.push(file.path);
60
+ continue;
61
+ }
62
+ await fs.ensureDir(path.dirname(fullPath));
63
+ await fs.writeFile(fullPath, file.content);
64
+ written.push(file.path);
65
+ }
66
+ const parts = [];
67
+ if (written.length > 0)
68
+ parts.push(`✓ Created: ${written.join(', ')}`);
69
+ if (skipped.length > 0)
70
+ parts.push(`⊘ Skipped (exists): ${skipped.join(', ')}. Use force=true to overwrite.`);
71
+ parts.push(`Tool: ${tool}`);
72
+ parts.push('Checks: file-size, security-patterns, hallucinated-imports, command-injection');
73
+ return {
74
+ content: [{ type: "text", text: parts.join('\n') }],
75
+ };
76
+ }
77
+ catch (error) {
78
+ return {
79
+ content: [{
80
+ type: "text",
81
+ text: `Hook init failed: ${error.message}\n\nFallback: run 'npx @rigour-labs/cli hooks init --tool ${tool}' from the terminal.`,
82
+ }],
83
+ isError: true,
84
+ };
85
+ }
86
+ }
package/dist/tools/prompts.d.ts ADDED
@@ -0,0 +1,17 @@
1
+ /**
2
+ * MCP Prompt Definitions
3
+ *
4
+ * Reusable prompt templates that guide AI agents through common Rigour workflows.
5
+ * These appear in the MCP prompts capability and can be invoked by any MCP client.
6
+ *
7
+ * @since v3.0.1 — added for Smithery quality compliance
8
+ */
9
+ export declare const PROMPT_DEFINITIONS: {
10
+ name: string;
11
+ description: string;
12
+ arguments: {
13
+ name: string;
14
+ description: string;
15
+ required: boolean;
16
+ }[];
17
+ }[];
package/dist/tools/prompts.js ADDED
@@ -0,0 +1,65 @@
1
+ /**
2
+ * MCP Prompt Definitions
3
+ *
4
+ * Reusable prompt templates that guide AI agents through common Rigour workflows.
5
+ * These appear in the MCP prompts capability and can be invoked by any MCP client.
6
+ *
7
+ * @since v3.0.1 — added for Smithery quality compliance
8
+ */
9
+ export const PROMPT_DEFINITIONS = [
10
+ {
11
+ name: "rigour-setup",
12
+ description: "Initialize Rigour quality gates for a project. Runs gate checks, installs IDE hooks, and reports the initial quality score breakdown.",
13
+ arguments: [
14
+ {
15
+ name: "cwd",
16
+ description: "Absolute path to the project root.",
17
+ required: false,
18
+ },
19
+ ],
20
+ },
21
+ {
22
+ name: "rigour-fix-loop",
23
+ description: "Iteratively fix all quality gate violations until the project passes. Retrieves fix packets and resolves issues in priority order (critical → low).",
24
+ arguments: [
25
+ {
26
+ name: "cwd",
27
+ description: "Absolute path to the project root.",
28
+ required: false,
29
+ },
30
+ ],
31
+ },
32
+ {
33
+ name: "rigour-security-review",
34
+ description: "Full security review: CVE audit on dependencies + code-level vulnerability scan (OWASP LLM Top 10). Reports all findings with remediation steps.",
35
+ arguments: [
36
+ {
37
+ name: "cwd",
38
+ description: "Absolute path to the project root.",
39
+ required: false,
40
+ },
41
+ ],
42
+ },
43
+ {
44
+ name: "rigour-pre-commit",
45
+ description: "Pre-commit quality gate check. Runs fast hooks on staged files and full gate check. Returns PASS/FAIL verdict for commit safety.",
46
+ arguments: [
47
+ {
48
+ name: "cwd",
49
+ description: "Absolute path to the project root.",
50
+ required: false,
51
+ },
52
+ ],
53
+ },
54
+ {
55
+ name: "rigour-ai-health-report",
56
+ description: "AI code health report focusing on drift detection: hallucinated imports, duplication drift, context window artifacts, inconsistent error handling, and promise safety.",
57
+ arguments: [
58
+ {
59
+ name: "cwd",
60
+ description: "Absolute path to the project root.",
61
+ required: false,
62
+ },
63
+ ],
64
+ },
65
+ ];
package/package.json CHANGED
@@ -1,20 +1,30 @@
1
1
  {
2
2
  "name": "@rigour-labs/mcp",
3
- "version": "3.0.1",
4
- "description": "MCP server for AI code quality gates. Integrates with Claude Desktop, Cursor, Cline, and VS Code to enforce engineering standards in real-time.",
3
+ "version": "3.0.3",
4
+ "description": "MCP server for AI code governance — OWASP LLM Top 10 (10/10), real-time hooks, 25+ security patterns, hallucinated import detection, multi-agent governance. Works with Claude, Cursor, Cline, Windsurf, Gemini. Industry presets for HIPAA, SOC2, FedRAMP.",
5
5
  "license": "MIT",
6
6
  "homepage": "https://rigour.run",
7
+ "icon": "https://raw.githubusercontent.com/rigour-labs/rigour/main/docs/assets/icon.svg",
7
8
  "keywords": [
8
9
  "mcp",
9
10
  "model-context-protocol",
10
- "quality-gates",
11
- "ai-code-quality",
11
+ "owasp-llm-top-10",
12
+ "ai-code-governance",
13
+ "real-time-hooks",
14
+ "security-patterns",
15
+ "hallucinated-imports",
16
+ "industry-presets",
17
+ "hipaa",
18
+ "soc2",
19
+ "fedramp",
12
20
  "claude",
13
21
  "cursor",
14
22
  "cline",
15
- "code-review",
23
+ "windsurf",
24
+ "multi-agent-governance",
25
+ "quality-gates",
16
26
  "static-analysis",
17
- "agent-governance"
27
+ "code-review"
18
28
  ],
19
29
  "type": "module",
20
30
  "mcpName": "io.github.rigour-labs/rigour",
@@ -38,7 +48,7 @@
38
48
  "execa": "^8.0.1",
39
49
  "fs-extra": "^11.2.0",
40
50
  "yaml": "^2.8.2",
41
- "@rigour-labs/core": "3.0.1"
51
+ "@rigour-labs/core": "3.0.3"
42
52
  },
43
53
  "devDependencies": {
44
54
  "@types/node": "^25.0.3",