@rigour-labs/mcp 5.2.3 → 5.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +1 -0
- package/dist/tools/definitions.js +3 -3
- package/dist/tools/quality-handlers.js +19 -2
- package/package.json +14 -9
package/dist/index.js
CHANGED
|
@@ -38,6 +38,7 @@ const ESSENTIAL_TOOLS = new Set([
|
|
|
38
38
|
'rigour_recall', // Load project memory (START of every task)
|
|
39
39
|
'rigour_remember', // Store conventions/decisions
|
|
40
40
|
'rigour_explain', // Explain gate failures
|
|
41
|
+
'rigour_get_fix_packet', // Get structured fix instructions on FAIL
|
|
41
42
|
'rigour_review', // Review diffs
|
|
42
43
|
'rigour_security_audit', // CVE check
|
|
43
44
|
'rigour_forget', // Remove stored memory
|
|
@@ -27,7 +27,7 @@ export const TOOL_DEFINITIONS = [
|
|
|
27
27
|
// ─── Core Quality Gates ───────────────────────────────
|
|
28
28
|
{
|
|
29
29
|
name: "rigour_check",
|
|
30
|
-
description: "Run quality gate checks on the project. MUST be called before declaring any coding task complete. Checks code complexity, file size, required docs, security patterns, and more. Returns PASS or FAIL with details.",
|
|
30
|
+
description: "Run quality gate checks on the project. MUST be called before declaring any coding task complete. Checks code complexity, file size, required docs, security patterns, and more. Returns PASS or FAIL with details. **Always show the user the headline summary from this tool's output** — it tells them what Rigour caught. If FAIL, call rigour_get_fix_packet for structured fix instructions with exact file locations and step-by-step remediation.",
|
|
31
31
|
inputSchema: {
|
|
32
32
|
type: "object",
|
|
33
33
|
properties: {
|
|
@@ -52,7 +52,7 @@ export const TOOL_DEFINITIONS = [
|
|
|
52
52
|
},
|
|
53
53
|
{
|
|
54
54
|
name: "rigour_explain",
|
|
55
|
-
description: "Explain
|
|
55
|
+
description: "Explain WHY quality gates failed in human-readable language. Use this to understand the reasoning behind each violation before fixing. For machine-readable fix instructions, use rigour_get_fix_packet instead.",
|
|
56
56
|
inputSchema: {
|
|
57
57
|
type: "object",
|
|
58
58
|
properties: cwdParam(),
|
|
@@ -84,7 +84,7 @@ export const TOOL_DEFINITIONS = [
|
|
|
84
84
|
},
|
|
85
85
|
{
|
|
86
86
|
name: "rigour_get_fix_packet",
|
|
87
|
-
description: "
|
|
87
|
+
description: "Call this after rigour_check returns FAIL. Returns a prioritized Fix Packet with exact violations, file locations, and step-by-step fix instructions. Apply fixes in severity order (critical first), then re-run rigour_check to verify. Repeat until PASS. **After applying all fixes, tell the user what Rigour caught and that fixes were applied.**",
|
|
88
88
|
inputSchema: {
|
|
89
89
|
type: "object",
|
|
90
90
|
properties: cwdParam(),
|
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Quality Gate Tool Handlers
|
|
3
|
+
*
|
|
4
|
+
* Handlers for: rigour_check, rigour_explain, rigour_status,
|
|
5
|
+
* rigour_get_fix_packet, rigour_list_gates, rigour_get_config
|
|
6
|
+
*
|
|
7
|
+
* @since v2.17.0 — extracted from monolithic index.ts
|
|
8
|
+
*/
|
|
9
|
+
import { renderMcpHeadline, renderFixAttribution } from "@rigour-labs/core";
|
|
1
10
|
function resolveDeepExecution(args) {
|
|
2
11
|
const requestedProvider = (args.provider || '').toLowerCase();
|
|
3
12
|
const isForcedLocal = requestedProvider === 'local';
|
|
@@ -51,10 +60,12 @@ export async function handleCheck(runner, cwd, args = {}) {
|
|
|
51
60
|
`${execution.isLocal
|
|
52
61
|
? '\nPrivacy: Local sidecar/model execution. Code remains on this machine.'
|
|
53
62
|
: `\nPrivacy: Cloud provider execution. Code context may be sent to ${execution.provider} API.`}`;
|
|
63
|
+
// Human-facing headline — agents naturally pass this through to users
|
|
64
|
+
const headline = renderMcpHeadline(report);
|
|
54
65
|
const result = {
|
|
55
66
|
content: [{
|
|
56
67
|
type: "text",
|
|
57
|
-
text:
|
|
68
|
+
text: `${headline}\n\n${scoreText.trim()}${sevText}${deepText}\n\nSummary:\n${Object.entries(report.summary).map(([k, v]) => `- ${k}: ${v}`).join("\n")}`,
|
|
58
69
|
}],
|
|
59
70
|
};
|
|
60
71
|
result._rigour_report = report;
|
|
@@ -108,8 +119,14 @@ export async function handleGetFixPacket(runner, cwd, config) {
|
|
|
108
119
|
const { FixPacketService } = await import("@rigour-labs/core");
|
|
109
120
|
const fixPacketService = new FixPacketService();
|
|
110
121
|
const fixPacket = fixPacketService.generate(report, config);
|
|
122
|
+
// Find worst violation for attribution
|
|
123
|
+
const worst = report.failures.find(f => f.severity === 'critical')
|
|
124
|
+
|| report.failures.find(f => f.severity === 'high')
|
|
125
|
+
|| report.failures[0];
|
|
126
|
+
const worstLabel = worst ? worst.title : 'quality violations';
|
|
127
|
+
const attribution = renderFixAttribution(report.failures.length, worstLabel);
|
|
111
128
|
return {
|
|
112
|
-
content: [{ type: "text", text: formatFixPacketText(fixPacket, report) }],
|
|
129
|
+
content: [{ type: "text", text: formatFixPacketText(fixPacket, report) + attribution }],
|
|
113
130
|
};
|
|
114
131
|
}
|
|
115
132
|
/**
|
package/package.json
CHANGED
|
@@ -1,30 +1,35 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rigour-labs/mcp",
|
|
3
|
-
"version": "5.2.
|
|
3
|
+
"version": "5.2.4",
|
|
4
4
|
"description": "MCP server for AI code governance — OWASP LLM Top 10 (10/10), real-time hooks, 25+ security patterns, hallucinated import detection, multi-agent governance. Works with Claude, Cursor, Cline, Windsurf, Gemini. Industry presets for HIPAA, SOC2, FedRAMP.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"homepage": "https://rigour.run",
|
|
7
7
|
"icon": "https://raw.githubusercontent.com/rigour-labs/rigour/main/docs/assets/icon.svg",
|
|
8
8
|
"keywords": [
|
|
9
|
+
"ai",
|
|
10
|
+
"llm",
|
|
9
11
|
"mcp",
|
|
10
12
|
"model-context-protocol",
|
|
11
|
-
"
|
|
13
|
+
"ai-agent",
|
|
12
14
|
"ai-code-governance",
|
|
15
|
+
"owasp-llm-top-10",
|
|
16
|
+
"bayesian-learning",
|
|
13
17
|
"real-time-hooks",
|
|
14
18
|
"security-patterns",
|
|
15
19
|
"hallucinated-imports",
|
|
16
|
-
"
|
|
17
|
-
"hipaa",
|
|
18
|
-
"soc2",
|
|
19
|
-
"fedramp",
|
|
20
|
+
"vibe-coding",
|
|
20
21
|
"claude",
|
|
21
22
|
"cursor",
|
|
22
23
|
"cline",
|
|
23
24
|
"windsurf",
|
|
25
|
+
"copilot",
|
|
26
|
+
"gemini",
|
|
27
|
+
"codex",
|
|
24
28
|
"multi-agent-governance",
|
|
25
29
|
"quality-gates",
|
|
26
|
-
"
|
|
27
|
-
"
|
|
30
|
+
"fix-packets",
|
|
31
|
+
"agent-governance",
|
|
32
|
+
"drift-detection"
|
|
28
33
|
],
|
|
29
34
|
"type": "module",
|
|
30
35
|
"mcpName": "io.github.rigour-labs/rigour",
|
|
@@ -48,7 +53,7 @@
|
|
|
48
53
|
"execa": "^8.0.1",
|
|
49
54
|
"fs-extra": "^11.2.0",
|
|
50
55
|
"yaml": "^2.8.2",
|
|
51
|
-
"@rigour-labs/core": "5.2.
|
|
56
|
+
"@rigour-labs/core": "5.2.4"
|
|
52
57
|
},
|
|
53
58
|
"devDependencies": {
|
|
54
59
|
"@types/node": "^25.0.3",
|