npm - @rigour-labs/mcp - Versions diffs - 5.1.0 → 5.1.2 - Mend

@rigour-labs/mcp 5.1.0 → 5.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.js +15 -2
package/dist/tools/deep-handlers.test.js +1 -1
package/dist/tools/definitions.js +9 -9
package/dist/tools/memory-handlers.js +13 -0
package/dist/tools/quality-handlers.test.js +1 -1
package/package.json +2 -2

package/dist/index.js CHANGED Viewed

@@ -29,8 +29,21 @@ import { handleMcpGetSettings, handleMcpSetSettings } from './tools/mcp-settings
 // ─── Server Setup ─────────────────────────────────────────────────
 const server = new Server({ name: "rigour-mcp", version: "3.0.1" }, { capabilities: { tools: {}, prompts: {} } });
 // ─── Tool Listing ─────────────────────────────────────────────────
+// Only expose essential tools by default to improve agent tool selection.
+// Research shows agents degrade at 30+ tools (wrong picks, hallucinated args).
+// Power-user tools are still callable — they just aren't advertised in the tool list.
+const ESSENTIAL_TOOLS = new Set([
+    'rigour_check', // Run quality gates (BEFORE declaring done)
+    'rigour_check_pattern', // Check if code exists (BEFORE creating new code)
+    'rigour_recall', // Load project memory (START of every task)
+    'rigour_remember', // Store conventions/decisions
+    'rigour_explain', // Explain gate failures
+    'rigour_review', // Review diffs
+    'rigour_security_audit', // CVE check
+    'rigour_forget', // Remove stored memory
+]);
 server.setRequestHandler(ListToolsRequestSchema, async () => ({
-    tools: TOOL_DEFINITIONS,
+    tools: TOOL_DEFINITIONS.filter(t => ESSENTIAL_TOOLS.has(t.name)),
 }));
 // ─── Tool Dispatch ────────────────────────────────────────────────
 server.setRequestHandler(CallToolRequestSchema, async (request) => {
@@ -81,7 +94,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                 break;
             // Memory
             case "rigour_remember":
-                result = await handleRemember(cwd, args.key, args.value);
+                result = await handleRemember(cwd, args.key, args.value || args.content);
                 break;
             case "rigour_recall":
                 result = await handleRecall(cwd, args.key);

package/dist/tools/deep-handlers.test.js CHANGED Viewed

@@ -10,7 +10,7 @@ describe('handleCheckDeep privacy routing', () => {
             score: 100,
             ai_health_score: 100,
             structural_score: 100,
-            deep: { enabled: true, tier: 'lite', model: 'Qwen3.5-0.8B', total_ms: 1000 },
+            deep: { enabled: true, tier: 'lite', model: 'Qwen2.5-Coder-0.5B', total_ms: 1000 },
         },
     };
     it('reports local execution by default', async () => {

package/dist/tools/definitions.js CHANGED Viewed

@@ -27,14 +27,14 @@ export const TOOL_DEFINITIONS = [
     // ─── Core Quality Gates ───────────────────────────────
     {
         name: "rigour_check",
-        description: "Run quality gate checks on the project. Deep modes: off (fast deterministic gates only), quick (deep enabled with lite local model unless cloud provider is configured), full (deep enabled, optional pro flag for full deep model).",
+        description: "Run quality gate checks on the project. MUST be called before declaring any coding task complete. Checks code complexity, file size, required docs, security patterns, and more. Returns PASS or FAIL with details.",
         inputSchema: {
             type: "object",
             properties: {
                 ...cwdParam(),
                 files: { type: "array", items: { type: "string" }, description: "Optional file paths (relative to cwd) to limit scan scope for both deterministic and deep checks." },
                 deep: { type: "string", enum: ["off", "quick", "full"], description: "Deep mode: 'off' (default), 'quick' (deep enabled with lite model), 'full' (deep enabled, combine with pro=true for full deep model)." },
-                pro: { type: "boolean", description: "Use full deep model (Qwen2.5-Coder-1.5B) instead of lite (Qwen3.5-0.8B) when deep is enabled." },
+                pro: { type: "boolean", description: "Use full deep model (Qwen2.5-Coder-1.5B) instead of lite (Qwen2.5-Coder-0.5B) when deep is enabled." },
                 apiKey: { type: "string", description: "Optional cloud API key for deep analysis." },
                 provider: { type: "string", description: "Cloud provider for deep analysis (claude, openai, gemini, groq, mistral, together, deepseek, ollama, etc.)." },
                 apiBaseUrl: { type: "string", description: "Custom API base URL for self-hosted/proxy deep endpoints." },
@@ -172,13 +172,13 @@ export const TOOL_DEFINITIONS = [
     // ─── Memory Persistence ───────────────────────────────
     {
         name: "rigour_remember",
-        description: "Store a persistent instruction or context that the AI should remember across sessions. Use this to persist user preferences, project conventions, or critical instructions.",
+        description: "Store a persistent instruction or context that the AI should remember across sessions. Use this to persist user preferences, project conventions, or critical instructions. IMPORTANT: You must provide both 'key' (a short snake_case identifier) and 'value' (the full text to remember).",
         inputSchema: {
             type: "object",
             properties: {
                 ...cwdParam(),
-                key: { type: "string", description: "A unique key for this memory (e.g., 'user_preferences', 'coding_style')." },
-                value: { type: "string", description: "The instruction or context to remember." },
+                key: { type: "string", description: "A short snake_case identifier for this memory, e.g. 'api_response_format', 'naming_convention', 'testing_strategy'. This is used to retrieve the memory later." },
+                value: { type: "string", description: "The full instruction or convention text to persist. This is the content that will be recalled in future sessions." },
             },
             required: ["cwd", "key", "value"],
         },
@@ -192,7 +192,7 @@ export const TOOL_DEFINITIONS = [
     },
     {
         name: "rigour_recall",
-        description: "Retrieve stored instructions or context. Call this at the start of each session to restore memory. Returns all stored memories if no key specified.",
+        description: "Load project memory and stored conventions. CALL THIS at the start of every coding task to restore team decisions, naming conventions, and architectural preferences stored from previous sessions.",
         inputSchema: {
             type: "object",
             properties: {
@@ -231,7 +231,7 @@ export const TOOL_DEFINITIONS = [
     // ─── Pattern Intelligence ─────────────────────────────
     {
         name: "rigour_check_pattern",
-        description: "Checks if a proposed code pattern (function, component, etc.) already exists, is stale, or has security vulnerabilities (CVEs). CALL THIS BEFORE CREATING NEW CODE.",
+        description: "CALL THIS BEFORE creating any new function, component, hook, or class. Checks if it already exists in the codebase (prevents duplication), and checks for known security vulnerabilities. Pass the name and type of what you plan to create.",
         inputSchema: {
             type: "object",
             properties: {
@@ -461,12 +461,12 @@ export const TOOL_DEFINITIONS = [
     // ─── Deep Analysis (v4.0+) ──────────────────────────────
     {
         name: "rigour_check_deep",
-        description: "Run quality gates WITH deep LLM-powered analysis. Three-step pipeline: AST extracts facts → LLM interprets → AST verifies. Local-first by default (Qwen3.5-0.8B lite sidecar), or bring your own API key for any cloud provider.",
+        description: "Run quality gates WITH deep LLM-powered analysis. Three-step pipeline: AST extracts facts → LLM interprets → AST verifies. Local-first by default (Qwen2.5-Coder-0.5B lite sidecar), or bring your own API key for any cloud provider.",
         inputSchema: {
             type: "object",
             properties: {
                 ...cwdParam(),
-                pro: { type: "boolean", description: "Use full deep model (Qwen2.5-Coder-1.5B) instead of default lite model (Qwen3.5-0.8B)." },
+                pro: { type: "boolean", description: "Use full deep model (Qwen2.5-Coder-1.5B) instead of default lite model (Qwen2.5-Coder-0.5B)." },
                 apiKey: { type: "string", description: "API key for cloud LLM provider. If provided, uses cloud instead of local sidecar." },
                 provider: { type: "string", description: "Cloud provider name (e.g., 'claude', 'openai', 'gemini', 'groq', 'mistral', 'together', 'fireworks', 'deepseek', 'perplexity', 'ollama', 'lmstudio'). Default: 'claude' when apiKey is provided." },
                 apiBaseUrl: { type: "string", description: "Custom API base URL for self-hosted or proxy endpoints." },

package/dist/tools/memory-handlers.js CHANGED Viewed

@@ -50,6 +50,19 @@ function extractStrings(obj, out) {
     }
 }
 export async function handleRemember(cwd, key, value) {
+    // Fallback: if key is missing but value exists, auto-generate a key
+    if (!key && value) {
+        key = value.slice(0, 40).toLowerCase().replace(/[^a-z0-9]+/g, '_').replace(/^_|_$/g, '') || 'convention';
+    }
+    // If value is missing but key exists, something is wrong
+    if (!value) {
+        return {
+            content: [{
+                    type: "text",
+                    text: `ERROR: Missing 'value' parameter. Call rigour_remember with both 'key' (short identifier) and 'value' (the instruction text to persist).`,
+                }],
+        };
+    }
     // ── DLP Gate: deep-scan key + value (including JSON interiors) ──
     const textToScan = deepScanValue(key, value);
     const dlpResult = scanInputForCredentials(textToScan);

package/dist/tools/quality-handlers.test.js CHANGED Viewed

@@ -23,7 +23,7 @@ describe('handleCheck deep routing', () => {
             ...baseReport,
             stats: {
                 ...baseReport.stats,
-                deep: { enabled: true, tier: 'lite', model: 'Qwen3.5-0.8B' },
+                deep: { enabled: true, tier: 'lite', model: 'Qwen2.5-Coder-0.5B' },
             },
         });
         const runner = { run };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rigour-labs/mcp",
-  "version": "5.1.0",
+  "version": "5.1.2",
   "description": "MCP server for AI code governance — OWASP LLM Top 10 (10/10), real-time hooks, 25+ security patterns, hallucinated import detection, multi-agent governance. Works with Claude, Cursor, Cline, Windsurf, Gemini. Industry presets for HIPAA, SOC2, FedRAMP.",
   "license": "MIT",
   "homepage": "https://rigour.run",
@@ -48,7 +48,7 @@
     "execa": "^8.0.1",
     "fs-extra": "^11.2.0",
     "yaml": "^2.8.2",
-    "@rigour-labs/core": "5.1.0"
+    "@rigour-labs/core": "5.1.2"
   },
   "devDependencies": {
     "@types/node": "^25.0.3",