@rigour-labs/mcp 4.0.4 → 4.1.0

package/README.md

@@ -24,7 +24,7 @@ Rigour moves code quality enforcement from the "Post-Commit" phase to the "In-Pr
 - **Security Audits**: Real-time CVE detection for dependencies the AI is suggesting.
 - **Multi-Agent Governance**: Agent registration, scope isolation, checkpoint supervision, and verified handoffs for multi-agent workflows.
 - **Industry Presets**: SOC2, HIPAA, FedRAMP-ready gate configurations.
-- **Zero Cloud**: 100% local analysis. Your code never leaves your machine.
+- **Local-First**: Deterministic gates run locally. If deep analysis is configured with a cloud provider, code context may be sent to that provider.
 
 ---
 

package/dist/index.js

@@ -13,7 +13,7 @@ import { CallToolRequestSchema, ListToolsRequestSchema, ListPromptsRequestSchema
 import { randomUUID } from "crypto";
 import { GateRunner } from "@rigour-labs/core";
 // Utils
-import { loadConfig, logStudioEvent } from './utils/config.js';
+import { loadConfig, loadMcpSettings, logStudioEvent } from './utils/config.js';
 // Tool definitions
 import { TOOL_DEFINITIONS } from './tools/definitions.js';
 // Tool handlers
@@ -25,6 +25,7 @@ import { handleAgentRegister, handleCheckpoint, handleHandoff, handleAgentDeregi
 import { handleReview } from './tools/review-handler.js';
 import { handleHooksCheck, handleHooksInit } from './tools/hooks-handler.js';
 import { handleCheckDeep, handleDeepStats } from './tools/deep-handlers.js';
+import { handleMcpGetSettings, handleMcpSetSettings } from './tools/mcp-settings-handler.js';
 // ─── Server Setup ─────────────────────────────────────────────────
 const server = new Server({ name: "rigour-mcp", version: "3.0.1" }, { capabilities: { tools: {}, prompts: {} } });
 // ─── Tool Listing ─────────────────────────────────────────────────
@@ -43,9 +44,20 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         let result;
         switch (name) {
             // Quality gates
-            case "rigour_check":
-                result = await handleCheck(runner, cwd);
+            case "rigour_check": {
+                const { files, deep, pro, apiKey, provider, apiBaseUrl, modelName } = args;
+                const mcpSettings = await loadMcpSettings(cwd);
+                result = await handleCheck(runner, cwd, {
+                    files,
+                    deep: deep ?? mcpSettings.deep_default_mode,
+                    pro,
+                    apiKey,
+                    provider,
+                    apiBaseUrl,
+                    modelName,
+                });
                 break;
+            }
             case "rigour_explain":
                 result = await handleExplain(runner, cwd);
                 break;
@@ -61,6 +73,12 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             case "rigour_get_config":
                 result = handleGetConfig(config);
                 break;
+            case "rigour_mcp_get_settings":
+                result = await handleMcpGetSettings(cwd);
+                break;
+            case "rigour_mcp_set_settings":
+                result = await handleMcpSetSettings(cwd, args);
+                break;
             // Memory
             case "rigour_remember":
                 result = await handleRemember(cwd, args.key, args.value);
@@ -156,6 +174,8 @@ server.setRequestHandler(ListPromptsRequestSchema, async () => ({
 server.setRequestHandler(GetPromptRequestSchema, async (request) => {
     const { name, arguments: promptArgs } = request.params;
     const cwd = promptArgs?.cwd || process.env.RIGOUR_CWD || process.cwd();
+    const mcpSettings = await loadMcpSettings(cwd);
+    const deepMode = mcpSettings.deep_default_mode;
     const prompt = PROMPT_DEFINITIONS.find((p) => p.name === name);
     if (!prompt) {
         throw new Error(`Unknown prompt: ${name}`);
@@ -170,7 +190,7 @@ server.setRequestHandler(GetPromptRequestSchema, async (request) => {
                         role: "user",
                         content: {
                             type: "text",
-                            text: `Initialize Rigour quality gates for the project at ${cwd}. Run \`rigour_check\` to see current quality score, then use \`rigour_hooks_init\` to install real-time hooks for the detected AI coding tool. Report the score breakdown (overall, AI health, structural) and any critical violations.`,
+                            text: `Initialize Rigour quality gates for the project at ${cwd}. Run \`rigour_check\` to see current quality score, then use \`rigour_hooks_init\` to install real-time hooks for the detected AI coding tool. MCP default deep mode for \`rigour_check\` is "${deepMode}". Report the score breakdown (overall, AI health, structural) and any critical violations.`,
                         },
                     },
                 ],
@@ -184,7 +204,7 @@ server.setRequestHandler(GetPromptRequestSchema, async (request) => {
                         role: "user",
                         content: {
                             type: "text",
-                            text: `Run \`rigour_check\` on ${cwd}. If the project FAILS, retrieve the fix packet with \`rigour_get_fix_packet\` and fix every violation in priority order (critical → high → medium → low). After each fix, re-run \`rigour_check\` to verify. Repeat until PASS. Do NOT skip any violation. Report progress after each iteration.`,
+                            text: `Run \`rigour_check\` on ${cwd}. MCP default deep mode for \`rigour_check\` is "${deepMode}". If the project FAILS, retrieve the fix packet with \`rigour_get_fix_packet\` and fix every violation in priority order (critical → high → medium → low). After each fix, re-run \`rigour_check\` to verify. Repeat until PASS. Do NOT skip any violation. Report progress after each iteration.`,
                         },
                     },
                 ],
@@ -198,7 +218,7 @@ server.setRequestHandler(GetPromptRequestSchema, async (request) => {
                         role: "user",
                         content: {
                             type: "text",
-                            text: `Perform a full security review on ${cwd}. First run \`rigour_security_audit\` for CVE checks on dependencies. Then run \`rigour_check\` and filter for security-provenance violations (hardcoded secrets, SQL injection, XSS, command injection, path traversal). Report all findings with severity, file locations, and remediation instructions.`,
+                            text: `Perform a full security review on ${cwd}. First run \`rigour_security_audit\` for CVE checks on dependencies. Then run \`rigour_check\` (default deep mode "${deepMode}") and filter for security-provenance violations (hardcoded secrets, SQL injection, XSS, command injection, path traversal). Report all findings with severity, file locations, and remediation instructions.`,
                         },
                     },
                 ],
@@ -212,7 +232,7 @@ server.setRequestHandler(GetPromptRequestSchema, async (request) => {
                         role: "user",
                         content: {
                             type: "text",
-                            text: `Run a pre-commit quality check on ${cwd}. Execute \`rigour_check\` and \`rigour_hooks_check\` on all staged files. If any critical or high severity violations exist, list them and block the commit. For medium/low violations, warn but allow. Provide a one-line summary: PASS (safe to commit) or FAIL (must fix first).`,
+                            text: `Run a pre-commit quality check on ${cwd}. Execute \`rigour_check\` (default deep mode "${deepMode}") and \`rigour_hooks_check\` on all staged files. If any critical or high severity violations exist, list them and block the commit. For medium/low violations, warn but allow. Provide a one-line summary: PASS (safe to commit) or FAIL (must fix first).`,
                         },
                     },
                 ],
@@ -226,7 +246,7 @@ server.setRequestHandler(GetPromptRequestSchema, async (request) => {
                         role: "user",
                         content: {
                             type: "text",
-                            text: `Generate an AI code health report for ${cwd}. Run \`rigour_check\` and focus on AI-drift provenance violations: hallucinated imports, duplication drift, context window artifacts, inconsistent error handling, and promise safety. Compare AI health score vs structural score. Provide a summary table of AI-specific issues and concrete next steps to improve the AI health score.`,
+                            text: `Generate an AI code health report for ${cwd}. Run \`rigour_check\` (default deep mode "${deepMode}") and focus on AI-drift provenance violations: hallucinated imports, duplication drift, context window artifacts, inconsistent error handling, and promise safety. Compare AI health score vs structural score. Provide a summary table of AI-specific issues and concrete next steps to improve the AI health score.`,
                         },
                     },
                 ],

package/dist/tools/agent-handlers.js

@@ -9,12 +9,23 @@
 import fs from "fs-extra";
 import path from "path";
 import { logStudioEvent } from '../utils/config.js';
+function parseJsonOrNull(raw) {
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
 // ─── Agent Register ───────────────────────────────────────────────
 export async function handleAgentRegister(cwd, agentId, taskScope, requestId) {
     const sessionPath = path.join(cwd, '.rigour', 'agent-session.json');
     let session = { agents: [], startedAt: new Date().toISOString() };
     if (await fs.pathExists(sessionPath)) {
-        session = JSON.parse(await fs.readFile(sessionPath, 'utf-8'));
+        const parsed = parseJsonOrNull(await fs.readFile(sessionPath, 'utf-8'));
+        if (parsed) {
+            session = parsed;
+        }
     }
     const existingIdx = session.agents.findIndex((a) => a.agentId === agentId);
     if (existingIdx >= 0) {
@@ -63,7 +74,10 @@ export async function handleCheckpoint(cwd, progressPct, filesChanged, summary,
         status: 'active',
     };
     if (await fs.pathExists(checkpointPath)) {
-        session = JSON.parse(await fs.readFile(checkpointPath, 'utf-8'));
+        const parsed = parseJsonOrNull(await fs.readFile(checkpointPath, 'utf-8'));
+        if (parsed) {
+            session = parsed;
+        }
     }
     const checkpointId = `cp-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
     const warnings = [];
@@ -128,7 +142,10 @@ export async function handleAgentDeregister(cwd, agentId, requestId) {
     if (!await fs.pathExists(sessionPath)) {
         return { content: [{ type: "text", text: `❌ No active agent session found.` }] };
     }
-    const session = JSON.parse(await fs.readFile(sessionPath, 'utf-8'));
+    const session = parseJsonOrNull(await fs.readFile(sessionPath, 'utf-8'));
+    if (!session || !Array.isArray(session.agents)) {
+        return { content: [{ type: "text", text: `❌ Agent session file is malformed.` }], isError: true };
+    }
     const initialCount = session.agents.length;
     session.agents = session.agents.filter((a) => a.agentId !== agentId);
     if (session.agents.length === initialCount) {
@@ -150,7 +167,12 @@ export async function handleHandoffAccept(cwd, handoffId, agentId, requestId) {
         return { content: [{ type: "text", text: `❌ No handoffs found.` }] };
     }
     const content = await fs.readFile(handoffPath, 'utf-8');
-    const handoffs = content.trim().split('\n').filter(l => l).map(line => JSON.parse(line));
+    const handoffs = content
+        .trim()
+        .split('\n')
+        .filter(l => l)
+        .map(line => parseJsonOrNull(line))
+        .filter((entry) => !!entry);
     const handoff = handoffs.find((h) => h.handoffId === handoffId);
     if (!handoff) {
         return { content: [{ type: "text", text: `❌ Handoff "${handoffId}" not found.` }] };

package/dist/tools/deep-handlers.js

@@ -6,15 +6,25 @@
  * @since v4.0.0
  */
 import path from "path";
+function resolveDeepExecution(args) {
+    const requestedProvider = (args.provider || '').toLowerCase();
+    const isForcedLocal = requestedProvider === 'local';
+    const isLocal = !args.apiKey || isForcedLocal;
+    return {
+        isLocal,
+        provider: isLocal ? 'local' : (args.provider || 'claude'),
+    };
+}
 /**
  * Run quality gates with deep LLM-powered analysis.
  */
 export async function handleCheckDeep(runner, cwd, config, args) {
+    const execution = resolveDeepExecution(args);
     const deepOpts = {
         enabled: true,
         pro: !!args.pro,
         apiKey: args.apiKey,
-        provider: args.apiKey ? (args.provider || 'claude') : 'local',
+        provider: execution.provider,
         apiBaseUrl: args.apiBaseUrl,
         modelName: args.modelName,
     };
@@ -26,7 +36,7 @@ export async function handleCheckDeep(runner, cwd, config, args) {
         if (db) {
             const repoName = path.basename(cwd);
             const scanId = insertScan(db, repoName, report, {
-                deepTier: args.pro ? 'pro' : (args.apiKey ? 'cloud' : 'deep'),
+                deepTier: args.pro ? 'pro' : (execution.isLocal ? 'deep' : 'cloud'),
                 deepModel: report.stats.deep?.model,
             });
             insertFindings(db, scanId, report.failures);
@@ -41,19 +51,19 @@ export async function handleCheckDeep(runner, cwd, config, args) {
     const aiHealth = stats.ai_health_score ?? 100;
     const codeQuality = stats.code_quality_score ?? stats.structural_score ?? 100;
     const overall = stats.score ?? 100;
-    const isLocal = !args.apiKey;
+    const isLocal = execution.isLocal;
     let text = `RIGOUR DEEP ANALYSIS: ${report.status}\n\n`;
     text += `AI Health:     ${aiHealth}/100\n`;
     text += `Code Quality:  ${codeQuality}/100\n`;
     text += `Overall:       ${overall}/100\n\n`;
     if (isLocal) {
-        text += `🔒 100% local. Code never left this machine.\n`;
+        text += `🔒 Local sidecar/model execution. Code remains on this machine.\n`;
     }
     else {
-        text += `☁️  Code was sent to ${args.provider || 'cloud'} API.\n`;
+        text += `☁️  Cloud provider execution. Code context may be sent to ${execution.provider} API.\n`;
     }
     if (stats.deep) {
-        const tier = stats.deep.tier === 'cloud' ? (args.provider || 'cloud') : stats.deep.tier;
+        const tier = stats.deep.tier === 'cloud' ? execution.provider : stats.deep.tier;
         const model = stats.deep.model || 'unknown';
         const inferenceSec = stats.deep.total_ms ? (stats.deep.total_ms / 1000).toFixed(1) + 's' : '';
         text += `Model: ${model} (${tier}) ${inferenceSec}\n`;

package/dist/tools/deep-handlers.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tools/deep-handlers.test.js

@@ -0,0 +1,48 @@
+import { describe, expect, it, vi } from 'vitest';
+import { handleCheckDeep } from './deep-handlers.js';
+describe('handleCheckDeep privacy routing', () => {
+    const baseReport = {
+        status: 'PASS',
+        summary: { 'ast-analysis': 'PASS' },
+        failures: [],
+        stats: {
+            duration_ms: 10,
+            score: 100,
+            ai_health_score: 100,
+            structural_score: 100,
+            deep: { enabled: true, tier: 'deep', model: 'Qwen2.5-Coder-0.5B', total_ms: 1000 },
+        },
+    };
+    it('reports local execution by default', async () => {
+        const run = vi.fn().mockResolvedValue(baseReport);
+        const runner = { run };
+        const result = await handleCheckDeep(runner, '/repo', {}, {});
+        expect(run).toHaveBeenCalledWith('/repo', undefined, {
+            enabled: true,
+            pro: false,
+            apiKey: undefined,
+            provider: 'local',
+            apiBaseUrl: undefined,
+            modelName: undefined,
+        });
+        expect(result.content[0].text).toContain('Local sidecar/model execution');
+    });
+    it('respects provider=local even when apiKey exists', async () => {
+        const run = vi.fn().mockResolvedValue(baseReport);
+        const runner = { run };
+        const result = await handleCheckDeep(runner, '/repo', {}, {
+            apiKey: 'sk-test',
+            provider: 'local',
+        });
+        expect(run).toHaveBeenCalledWith('/repo', undefined, {
+            enabled: true,
+            pro: false,
+            apiKey: 'sk-test',
+            provider: 'local',
+            apiBaseUrl: undefined,
+            modelName: undefined,
+        });
+        expect(result.content[0].text).toContain('Local sidecar/model execution');
+        expect(result.content[0].text).not.toContain('Code context may be sent');
+    });
+});

package/dist/tools/definitions.d.ts

@@ -21,6 +21,83 @@ export declare const TOOL_DEFINITIONS: ({
     inputSchema: {
         type: string;
         properties: {
+            files: {
+                type: string;
+                items: {
+                    type: string;
+                };
+                description: string;
+            };
+            deep: {
+                type: string;
+                enum: string[];
+                description: string;
+            };
+            pro: {
+                type: string;
+                description: string;
+            };
+            apiKey: {
+                type: string;
+                description: string;
+            };
+            provider: {
+                type: string;
+                description: string;
+            };
+            apiBaseUrl: {
+                type: string;
+                description: string;
+            };
+            modelName: {
+                type: string;
+                description: string;
+            };
+            cwd: {
+                type: "string";
+                description: string;
+            };
+        };
+        required: string[];
+    };
+    annotations: {
+        title: string;
+        readOnlyHint: boolean;
+        destructiveHint: boolean;
+        idempotentHint: boolean;
+        openWorldHint: boolean;
+    };
+} | {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: string;
+        properties: {
+            cwd: {
+                type: "string";
+                description: string;
+            };
+        };
+        required: string[];
+    };
+    annotations: {
+        title: string;
+        readOnlyHint: boolean;
+        destructiveHint: boolean;
+        idempotentHint: boolean;
+        openWorldHint: boolean;
+    };
+} | {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: string;
+        properties: {
+            deep_default_mode: {
+                type: string;
+                enum: string[];
+                description: string;
+            };
             cwd: {
                 type: "string";
                 description: string;

package/dist/tools/definitions.js

@@ -27,10 +27,19 @@ export const TOOL_DEFINITIONS = [
     // ─── Core Quality Gates ───────────────────────────────
     {
         name: "rigour_check",
-        description: "Run quality gate checks on the project. Matches the CLI 'check' command.",
+        description: "Run quality gate checks on the project. Deep modes: off (fast deterministic gates only), quick (deep enabled with standard local tier unless cloud provider is configured), full (deep enabled, optional pro model).",
         inputSchema: {
             type: "object",
-            properties: cwdParam(),
+            properties: {
+                ...cwdParam(),
+                files: { type: "array", items: { type: "string" }, description: "Optional file paths (relative to cwd) to limit scan scope for both deterministic and deep checks." },
+                deep: { type: "string", enum: ["off", "quick", "full"], description: "Deep mode: 'off' (default), 'quick' (deep enabled with standard model), 'full' (deep enabled, combine with pro=true for larger local model)." },
+                pro: { type: "boolean", description: "Use larger local deep model tier when deep is enabled." },
+                apiKey: { type: "string", description: "Optional cloud API key for deep analysis." },
+                provider: { type: "string", description: "Cloud provider for deep analysis (claude, openai, gemini, groq, mistral, together, deepseek, ollama, etc.)." },
+                apiBaseUrl: { type: "string", description: "Custom API base URL for self-hosted/proxy deep endpoints." },
+                modelName: { type: "string", description: "Override cloud model name for deep analysis." },
+            },
             required: ["cwd"],
         },
         annotations: {
@@ -121,6 +130,45 @@ export const TOOL_DEFINITIONS = [
             openWorldHint: false,
         },
     },
+    {
+        name: "rigour_mcp_get_settings",
+        description: "Get Rigour MCP runtime settings for this repository (.rigour/mcp-settings.json).",
+        inputSchema: {
+            type: "object",
+            properties: cwdParam(),
+            required: ["cwd"],
+        },
+        annotations: {
+            title: "Get MCP Settings",
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
+    {
+        name: "rigour_mcp_set_settings",
+        description: "Set Rigour MCP runtime settings for this repository. Currently supports deep_default_mode: off | quick | full.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                ...cwdParam(),
+                deep_default_mode: {
+                    type: "string",
+                    enum: ["off", "quick", "full"],
+                    description: "Default deep mode applied to rigour_check when deep is not passed.",
+                },
+            },
+            required: ["cwd", "deep_default_mode"],
+        },
+        annotations: {
+            title: "Set MCP Settings",
+            readOnlyHint: false,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    },
     // ─── Memory Persistence ───────────────────────────────
     {
         name: "rigour_remember",

package/dist/tools/execution-handlers.js

@@ -122,7 +122,13 @@ async function pollArbitration(cwd, rid, timeout) {
             const content = await fs.readFile(eventsPath, 'utf-8');
             const lines = content.split('\n').filter(l => l.trim());
             for (const line of lines.reverse()) {
-                const event = JSON.parse(line);
+                let event;
+                try {
+                    event = JSON.parse(line);
+                }
+                catch {
+                    continue;
+                }
                 if (event.tool === 'human_arbitration' && event.requestId === rid) {
                     return event.decision;
                 }

package/dist/tools/hooks-handler.js

@@ -40,8 +40,8 @@ export async function handleHooksCheck(cwd, files, timeout) {
 export async function handleHooksInit(cwd, tool, force = false, dryRun = false) {
     try {
         const hookTool = tool;
-        const checkerPath = 'npx @rigour-labs/cli hooks check';
-        const files = generateHookFiles(hookTool, checkerPath);
+        const checkerCommand = 'rigour hooks check';
+        const files = generateHookFiles(hookTool, checkerCommand);
         if (dryRun) {
             const preview = files.map(f => `${f.path}:\n${f.content}`).join('\n\n');
             return {
@@ -61,6 +61,9 @@ export async function handleHooksInit(cwd, tool, force = false, dryRun = false)
             }
             await fs.ensureDir(path.dirname(fullPath));
             await fs.writeFile(fullPath, file.content);
+            if (file.executable) {
+                await fs.chmod(fullPath, 0o755);
+            }
             written.push(file.path);
         }
         const parts = [];

package/dist/tools/mcp-settings-handler.d.ts

@@ -0,0 +1,12 @@
+type ToolResult = {
+    content: {
+        type: string;
+        text: string;
+    }[];
+    isError?: boolean;
+};
+export declare function handleMcpGetSettings(cwd: string): Promise<ToolResult>;
+export declare function handleMcpSetSettings(cwd: string, settings: {
+    deep_default_mode?: string;
+}): Promise<ToolResult>;
+export {};

package/dist/tools/mcp-settings-handler.js

@@ -0,0 +1,20 @@
+import { loadMcpSettings, saveMcpSettings } from "../utils/config.js";
+export async function handleMcpGetSettings(cwd) {
+    const settings = await loadMcpSettings(cwd);
+    return {
+        content: [{ type: "text", text: JSON.stringify(settings, null, 2) }],
+    };
+}
+export async function handleMcpSetSettings(cwd, settings) {
+    const value = settings.deep_default_mode;
+    if (value !== "off" && value !== "quick" && value !== "full") {
+        return {
+            content: [{ type: "text", text: "Invalid deep_default_mode. Use one of: off, quick, full." }],
+            isError: true,
+        };
+    }
+    await saveMcpSettings(cwd, { deep_default_mode: value });
+    return {
+        content: [{ type: "text", text: `Saved MCP settings: deep_default_mode=${value}` }],
+    };
+}

package/dist/tools/mcp-settings-handler.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tools/mcp-settings-handler.test.js

@@ -0,0 +1,31 @@
+import fs from 'fs-extra';
+import os from 'os';
+import path from 'path';
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
+import { handleMcpGetSettings, handleMcpSetSettings } from './mcp-settings-handler.js';
+describe('mcp settings handlers', () => {
+    let testDir;
+    beforeEach(async () => {
+        testDir = await fs.mkdtemp(path.join(os.tmpdir(), 'rigour-mcp-settings-'));
+        await fs.ensureDir(path.join(testDir, '.rigour'));
+    });
+    afterEach(async () => {
+        await fs.remove(testDir);
+    });
+    it('returns default settings when file is missing', async () => {
+        const result = await handleMcpGetSettings(testDir);
+        const parsed = JSON.parse(result.content[0].text);
+        expect(parsed.deep_default_mode).toBe('off');
+    });
+    it('persists deep_default_mode through set/get', async () => {
+        const setResult = await handleMcpSetSettings(testDir, { deep_default_mode: 'quick' });
+        expect(setResult.isError).toBeUndefined();
+        const getResult = await handleMcpGetSettings(testDir);
+        const parsed = JSON.parse(getResult.content[0].text);
+        expect(parsed.deep_default_mode).toBe('quick');
+    });
+    it('rejects invalid deep_default_mode', async () => {
+        const result = await handleMcpSetSettings(testDir, { deep_default_mode: 'invalid' });
+        expect(result.isError).toBe(true);
+    });
+});

package/dist/tools/prompts.js

@@ -64,7 +64,7 @@ export const PROMPT_DEFINITIONS = [
     },
     {
         name: "rigour-deep-analysis",
-        description: "Run deep LLM-powered code quality analysis. AST extracts facts, LLM interprets patterns (SOLID violations, code smells, architecture issues), AST verifies findings. 100% local by default.",
+        description: "Run deep LLM-powered code quality analysis. AST extracts facts, LLM interprets patterns (SOLID violations, code smells, architecture issues), AST verifies findings. Local sidecar by default; cloud provider mode when configured.",
         arguments: [
             {
                 name: "cwd",

package/dist/tools/quality-handlers.d.ts

@@ -16,7 +16,17 @@ type ToolResult = {
     isError?: boolean;
     _rigour_report?: Report;
 };
-export declare function handleCheck(runner: GateRunner, cwd: string): Promise<ToolResult>;
+type DeepMode = 'off' | 'quick' | 'full';
+export interface CheckArgs {
+    files?: string[];
+    deep?: DeepMode;
+    pro?: boolean;
+    apiKey?: string;
+    provider?: string;
+    apiBaseUrl?: string;
+    modelName?: string;
+}
+export declare function handleCheck(runner: GateRunner, cwd: string, args?: CheckArgs): Promise<ToolResult>;
 export declare function handleExplain(runner: GateRunner, cwd: string): Promise<ToolResult>;
 export declare function handleStatus(runner: GateRunner, cwd: string): Promise<ToolResult>;
 export declare function handleGetFixPacket(runner: GateRunner, cwd: string, config: Config): Promise<ToolResult>;

package/dist/tools/quality-handlers.js

@@ -1,3 +1,12 @@
+function resolveDeepExecution(args) {
+    const requestedProvider = (args.provider || '').toLowerCase();
+    const isForcedLocal = requestedProvider === 'local';
+    const isLocal = !args.apiKey || isForcedLocal;
+    return {
+        isLocal,
+        provider: isLocal ? 'local' : (args.provider || 'claude'),
+    };
+}
 // ─── Score / Severity Formatters ──────────────────────────────────
 function formatScoreText(stats) {
     let text = '';
@@ -17,14 +26,35 @@ function formatSeverityText(stats) {
     return parts.length > 0 ? `\nSeverity: ${parts.join(', ')}` : '';
 }
 // ─── Handlers ─────────────────────────────────────────────────────
-export async function handleCheck(runner, cwd) {
-    const report = await runner.run(cwd);
+export async function handleCheck(runner, cwd, args = {}) {
+    const deepMode = args.deep || 'off';
+    const fileTargets = args.files && args.files.length > 0 ? args.files : undefined;
+    const execution = resolveDeepExecution(args);
+    let deepOpts;
+    if (deepMode !== 'off') {
+        deepOpts = {
+            enabled: true,
+            // full mode always means pro-depth analysis in MCP.
+            pro: deepMode === 'full' ? true : !!args.pro,
+            apiKey: args.apiKey,
+            provider: execution.provider,
+            apiBaseUrl: args.apiBaseUrl,
+            modelName: args.modelName,
+        };
+    }
+    const report = await runner.run(cwd, fileTargets, deepOpts);
     const scoreText = formatScoreText(report.stats);
     const sevText = formatSeverityText(report.stats);
+    const deepText = deepMode === 'off'
+        ? ''
+        : `\nDeep: ${deepMode} | Execution: ${execution.isLocal ? 'local' : 'cloud'}${report.stats.deep?.model ? ` | Model: ${report.stats.deep.model}` : ''}` +
+            `${execution.isLocal
+                ? '\nPrivacy: Local sidecar/model execution. Code remains on this machine.'
+                : `\nPrivacy: Cloud provider execution. Code context may be sent to ${execution.provider} API.`}`;
     const result = {
         content: [{
                 type: "text",
-                text: `RIGOUR AUDIT RESULT: ${report.status}${scoreText}${sevText}\n\nSummary:\n${Object.entries(report.summary).map(([k, v]) => `- ${k}: ${v}`).join("\n")}`,
+                text: `RIGOUR AUDIT RESULT: ${report.status}${scoreText}${sevText}${deepText}\n\nSummary:\n${Object.entries(report.summary).map(([k, v]) => `- ${k}: ${v}`).join("\n")}`,
             }],
     };
     result._rigour_report = report;

package/dist/tools/quality-handlers.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tools/quality-handlers.test.js

@@ -0,0 +1,108 @@
+import { describe, expect, it, vi } from 'vitest';
+import { handleCheck } from './quality-handlers.js';
+describe('handleCheck deep routing', () => {
+    const baseReport = {
+        status: 'PASS',
+        summary: { 'ast-analysis': 'PASS' },
+        failures: [],
+        stats: {
+            duration_ms: 10,
+            score: 100,
+            ai_health_score: 100,
+            structural_score: 100,
+        },
+    };
+    it('runs standard check by default', async () => {
+        const run = vi.fn().mockResolvedValue(baseReport);
+        const runner = { run };
+        await handleCheck(runner, '/repo');
+        expect(run).toHaveBeenCalledWith('/repo', undefined, undefined);
+    });
+    it('maps quick deep mode and file scope', async () => {
+        const run = vi.fn().mockResolvedValue({
+            ...baseReport,
+            stats: {
+                ...baseReport.stats,
+                deep: { enabled: true, tier: 'deep', model: 'Qwen2.5-Coder-0.5B' },
+            },
+        });
+        const runner = { run };
+        const result = await handleCheck(runner, '/repo', {
+            deep: 'quick',
+            files: ['src/a.ts', 'src/b.ts'],
+        });
+        expect(run).toHaveBeenCalledWith('/repo', ['src/a.ts', 'src/b.ts'], {
+            enabled: true,
+            pro: false,
+            apiKey: undefined,
+            provider: 'local',
+            apiBaseUrl: undefined,
+            modelName: undefined,
+        });
+        expect(result.content[0].text).toContain('Deep: quick');
+        expect(result.content[0].text).toContain('Execution: local');
+        expect(result.content[0].text).toContain('Code remains on this machine');
+    });
+    it('maps full deep mode with cloud provider', async () => {
+        const run = vi.fn().mockResolvedValue({
+            ...baseReport,
+            stats: {
+                ...baseReport.stats,
+                deep: { enabled: true, tier: 'cloud', model: 'claude-sonnet' },
+            },
+        });
+        const runner = { run };
+        await handleCheck(runner, '/repo', {
+            deep: 'full',
+            pro: true,
+            apiKey: 'sk-test',
+            provider: 'openai',
+            modelName: 'gpt-4o-mini',
+            apiBaseUrl: 'https://example.com/v1',
+        });
+        expect(run).toHaveBeenCalledWith('/repo', undefined, {
+            enabled: true,
+            pro: true,
+            apiKey: 'sk-test',
+            provider: 'openai',
+            apiBaseUrl: 'https://example.com/v1',
+            modelName: 'gpt-4o-mini',
+        });
+    });
+    it('treats full deep mode as pro even when pro flag is omitted', async () => {
+        const run = vi.fn().mockResolvedValue(baseReport);
+        const runner = { run };
+        await handleCheck(runner, '/repo', {
+            deep: 'full',
+            apiKey: 'sk-test',
+            provider: 'openai',
+        });
+        expect(run).toHaveBeenCalledWith('/repo', undefined, {
+            enabled: true,
+            pro: true,
+            apiKey: 'sk-test',
+            provider: 'openai',
+            apiBaseUrl: undefined,
+            modelName: undefined,
+        });
+    });
+    it('forces local execution when provider=local even if apiKey is present', async () => {
+        const run = vi.fn().mockResolvedValue(baseReport);
+        const runner = { run };
+        const result = await handleCheck(runner, '/repo', {
+            deep: 'full',
+            apiKey: 'sk-test',
+            provider: 'local',
+        });
+        expect(run).toHaveBeenCalledWith('/repo', undefined, {
+            enabled: true,
+            pro: true,
+            apiKey: 'sk-test',
+            provider: 'local',
+            apiBaseUrl: undefined,
+            modelName: undefined,
+        });
+        expect(result.content[0].text).toContain('Execution: local');
+        expect(result.content[0].text).toContain('Code remains on this machine');
+    });
+});

package/dist/utils/config.d.ts

@@ -202,5 +202,11 @@ export interface MemoryStore {
 export declare function getMemoryPath(cwd: string): Promise<string>;
 export declare function loadMemory(cwd: string): Promise<MemoryStore>;
 export declare function saveMemory(cwd: string, store: MemoryStore): Promise<void>;
+export interface McpSettings {
+    deep_default_mode: 'off' | 'quick' | 'full';
+}
+export declare function getMcpSettingsPath(cwd: string): Promise<string>;
+export declare function loadMcpSettings(cwd: string): Promise<McpSettings>;
+export declare function saveMcpSettings(cwd: string, settings: McpSettings): Promise<void>;
 export declare function logStudioEvent(cwd: string, event: any): Promise<void>;
 export declare function parseDiff(diff: string): Record<string, Set<number>>;

package/dist/utils/config.js

@@ -37,7 +37,15 @@ export async function loadMemory(cwd) {
     const memPath = await getMemoryPath(cwd);
     if (await fs.pathExists(memPath)) {
         const content = await fs.readFile(memPath, "utf-8");
-        return JSON.parse(content);
+        try {
+            const parsed = JSON.parse(content);
+            if (parsed && typeof parsed === 'object' && parsed.memories && typeof parsed.memories === 'object') {
+                return parsed;
+            }
+        }
+        catch {
+            // fall through to default
+        }
     }
     return { memories: {} };
 }
@@ -45,6 +53,35 @@ export async function saveMemory(cwd, store) {
     const memPath = await getMemoryPath(cwd);
     await fs.writeFile(memPath, JSON.stringify(store, null, 2));
 }
+const DEFAULT_MCP_SETTINGS = {
+    deep_default_mode: 'off',
+};
+export async function getMcpSettingsPath(cwd) {
+    const rigourDir = path.join(cwd, ".rigour");
+    await fs.ensureDir(rigourDir);
+    return path.join(rigourDir, "mcp-settings.json");
+}
+export async function loadMcpSettings(cwd) {
+    const settingsPath = await getMcpSettingsPath(cwd);
+    if (!(await fs.pathExists(settingsPath))) {
+        return DEFAULT_MCP_SETTINGS;
+    }
+    try {
+        const raw = await fs.readJson(settingsPath);
+        const deepMode = raw?.deep_default_mode;
+        if (deepMode === 'quick' || deepMode === 'full' || deepMode === 'off') {
+            return { deep_default_mode: deepMode };
+        }
+    }
+    catch {
+        // Fall through to defaults.
+    }
+    return DEFAULT_MCP_SETTINGS;
+}
+export async function saveMcpSettings(cwd, settings) {
+    const settingsPath = await getMcpSettingsPath(cwd);
+    await fs.writeJson(settingsPath, settings, { spaces: 2 });
+}
 // ─── Studio Event Logging ─────────────────────────────────────────
 export async function logStudioEvent(cwd, event) {
     try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rigour-labs/mcp",
-  "version": "4.0.4",
+  "version": "4.1.0",
   "description": "MCP server for AI code governance — OWASP LLM Top 10 (10/10), real-time hooks, 25+ security patterns, hallucinated import detection, multi-agent governance. Works with Claude, Cursor, Cline, Windsurf, Gemini. Industry presets for HIPAA, SOC2, FedRAMP.",
   "license": "MIT",
   "homepage": "https://rigour.run",
@@ -48,7 +48,7 @@
     "execa": "^8.0.1",
     "fs-extra": "^11.2.0",
     "yaml": "^2.8.2",
-    "@rigour-labs/core": "4.0.4"
+    "@rigour-labs/core": "4.1.0"
   },
   "devDependencies": {
     "@types/node": "^25.0.3",