@rigour-labs/mcp 4.3.2 → 4.3.3

package/dist/tools/deep-handlers.js

@@ -40,7 +40,7 @@ export async function handleCheckDeep(runner, cwd, config, args) {
             if (db) {
                 const repoName = path.basename(cwd);
                 const scanId = insertScan(db, repoName, report, {
-                    deepTier: args.pro ? 'pro' : (execution.isLocal ? 'deep' : 'cloud'),
+                    deepTier: args.pro ? 'deep' : (execution.isLocal ? 'lite' : 'cloud'),
                     deepModel: report.stats.deep?.model,
                 });
                 insertFindings(db, scanId, report.failures);

package/dist/tools/deep-handlers.test.js

@@ -10,7 +10,7 @@ describe('handleCheckDeep privacy routing', () => {
             score: 100,
             ai_health_score: 100,
             structural_score: 100,
-            deep: { enabled: true, tier: 'deep', model: 'Qwen2.5-Coder-0.5B', total_ms: 1000 },
+            deep: { enabled: true, tier: 'lite', model: 'Qwen3.5-0.8B', total_ms: 1000 },
         },
     };
     it('reports local execution by default', async () => {

package/dist/tools/definitions.js

@@ -27,14 +27,14 @@ export const TOOL_DEFINITIONS = [
     // ─── Core Quality Gates ───────────────────────────────
     {
         name: "rigour_check",
-        description: "Run quality gate checks on the project. Deep modes: off (fast deterministic gates only), quick (deep enabled with standard local tier unless cloud provider is configured), full (deep enabled, optional pro model).",
+        description: "Run quality gate checks on the project. Deep modes: off (fast deterministic gates only), quick (deep enabled with lite local model unless cloud provider is configured), full (deep enabled, optional pro flag for full deep model).",
         inputSchema: {
             type: "object",
             properties: {
                 ...cwdParam(),
                 files: { type: "array", items: { type: "string" }, description: "Optional file paths (relative to cwd) to limit scan scope for both deterministic and deep checks." },
-                deep: { type: "string", enum: ["off", "quick", "full"], description: "Deep mode: 'off' (default), 'quick' (deep enabled with standard model), 'full' (deep enabled, combine with pro=true for larger local model)." },
-                pro: { type: "boolean", description: "Use larger local deep model tier when deep is enabled." },
+                deep: { type: "string", enum: ["off", "quick", "full"], description: "Deep mode: 'off' (default), 'quick' (deep enabled with lite model), 'full' (deep enabled, combine with pro=true for full deep model)." },
+                pro: { type: "boolean", description: "Use full deep model (Qwen2.5-Coder-1.5B) instead of lite (Qwen3.5-0.8B) when deep is enabled." },
                 apiKey: { type: "string", description: "Optional cloud API key for deep analysis." },
                 provider: { type: "string", description: "Cloud provider for deep analysis (claude, openai, gemini, groq, mistral, together, deepseek, ollama, etc.)." },
                 apiBaseUrl: { type: "string", description: "Custom API base URL for self-hosted/proxy deep endpoints." },
@@ -461,12 +461,12 @@ export const TOOL_DEFINITIONS = [
     // ─── Deep Analysis (v4.0+) ──────────────────────────────
     {
         name: "rigour_check_deep",
-        description: "Run quality gates WITH deep LLM-powered analysis. Three-step pipeline: AST extracts facts → LLM interprets → AST verifies. Local-first by default (Qwen2.5-Coder), or bring your own API key for any cloud provider.",
+        description: "Run quality gates WITH deep LLM-powered analysis. Three-step pipeline: AST extracts facts → LLM interprets → AST verifies. Local-first by default (Qwen3.5-0.8B lite sidecar), or bring your own API key for any cloud provider.",
         inputSchema: {
             type: "object",
             properties: {
                 ...cwdParam(),
-                pro: { type: "boolean", description: "Use the larger 1.5B model (--pro tier). Default: false (0.5B model)." },
+                pro: { type: "boolean", description: "Use full deep model (Qwen2.5-Coder-1.5B) instead of default lite model (Qwen3.5-0.8B)." },
                 apiKey: { type: "string", description: "API key for cloud LLM provider. If provided, uses cloud instead of local sidecar." },
                 provider: { type: "string", description: "Cloud provider name (e.g., 'claude', 'openai', 'gemini', 'groq', 'mistral', 'together', 'fireworks', 'deepseek', 'perplexity', 'ollama', 'lmstudio'). Default: 'claude' when apiKey is provided." },
                 apiBaseUrl: { type: "string", description: "Custom API base URL for self-hosted or proxy endpoints." },

package/dist/tools/quality-handlers.test.js

@@ -23,7 +23,7 @@ describe('handleCheck deep routing', () => {
             ...baseReport,
             stats: {
                 ...baseReport.stats,
-                deep: { enabled: true, tier: 'deep', model: 'Qwen2.5-Coder-0.5B' },
+                deep: { enabled: true, tier: 'lite', model: 'Qwen3.5-0.8B' },
             },
         });
         const runner = { run };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rigour-labs/mcp",
-  "version": "4.3.2",
+  "version": "4.3.3",
   "description": "MCP server for AI code governance — OWASP LLM Top 10 (10/10), real-time hooks, 25+ security patterns, hallucinated import detection, multi-agent governance. Works with Claude, Cursor, Cline, Windsurf, Gemini. Industry presets for HIPAA, SOC2, FedRAMP.",
   "license": "MIT",
   "homepage": "https://rigour.run",
@@ -48,7 +48,7 @@
     "execa": "^8.0.1",
     "fs-extra": "^11.2.0",
     "yaml": "^2.8.2",
-    "@rigour-labs/core": "4.3.2"
+    "@rigour-labs/core": "4.3.3"
   },
   "devDependencies": {
     "@types/node": "^25.0.3",