@rigour-labs/mcp 5.0.0 → 5.0.1

package/dist/tools/hooks-handler.js

@@ -27,7 +27,7 @@ export async function handleHooksCheck(cwd, files, timeout, text, agent) {
             block_on_detection: true,
             audit_log: true,
         });
-        // Log to audit trail
+        // Log to audit trail (with rotation to prevent unbounded growth)
         if (result.status !== 'clean') {
             try {
                 const rigourDir = path.join(cwd, '.rigour');
@@ -37,6 +37,15 @@ export async function handleHooksCheck(cwd, files, timeout, text, agent) {
                     agent: agent ?? 'mcp',
                 });
                 await fs.appendFile(eventsPath, JSON.stringify(auditEntry) + '\n');
+                // Rotate: only check when file exceeds ~500KB
+                const stat = await fs.stat(eventsPath);
+                if (stat.size >= 512 * 1024) {
+                    const content = await fs.readFile(eventsPath, 'utf-8');
+                    const lines = content.trim().split('\n');
+                    if (lines.length > 2000) {
+                        await fs.writeFile(eventsPath, lines.slice(-2000).join('\n') + '\n');
+                    }
+                }
             }
             catch {
                 // Silent

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rigour-labs/mcp",
-  "version": "5.0.0",
+  "version": "5.0.1",
   "description": "MCP server for AI code governance — OWASP LLM Top 10 (10/10), real-time hooks, 25+ security patterns, hallucinated import detection, multi-agent governance. Works with Claude, Cursor, Cline, Windsurf, Gemini. Industry presets for HIPAA, SOC2, FedRAMP.",
   "license": "MIT",
   "homepage": "https://rigour.run",
@@ -48,7 +48,7 @@
     "execa": "^8.0.1",
     "fs-extra": "^11.2.0",
     "yaml": "^2.8.2",
-    "@rigour-labs/core": "5.0.0"
+    "@rigour-labs/core": "5.0.1"
   },
   "devDependencies": {
     "@types/node": "^25.0.3",