@rigour-labs/mcp 5.2.3 → 5.2.5

package/dist/dashboard/html.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Dashboard HTML — Self-contained MCP App UI
+ *
+ * Served as a ui:// resource. Renders in a sandboxed iframe
+ * inside Claude Desktop, VS Code Copilot, ChatGPT, Goose.
+ *
+ * Features:
+ * - SVG circular score gauge (color-coded)
+ * - Scrolling activity timeline
+ * - Severity breakdown bar
+ * - Brain learning indicator
+ *
+ * No external dependencies. Initial state injected via __INITIAL_STATE__.
+ */
+export declare const DASHBOARD_HTML = "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"UTF-8\">\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1\">\n<title>Rigour Governance</title>\n<style>\n*{margin:0;padding:0;box-sizing:border-box}\nbody{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;background:#0d1117;color:#c9d1d9;padding:16px;font-size:13px;line-height:1.5}\n.header{display:flex;align-items:center;gap:8px;margin-bottom:16px}\n.header h1{font-size:15px;font-weight:600;color:#f0f6fc}\n.header .badge{font-size:11px;padding:2px 8px;border-radius:12px;font-weight:500}\n.badge-pass{background:#1a7f37;color:#fff}\n.badge-fail{background:#da3633;color:#fff}\n.badge-scanning{background:#9e6a03;color:#fff}\n.badge-idle{background:#30363d;color:#8b949e}\n.top{display:flex;gap:16px;margin-bottom:16px}\n.gauge-wrap{flex:0 0 100px;text-align:center}\n.gauge-label{font-size:11px;color:#8b949e;margin-top:4px}\n.severity-wrap{flex:1;display:flex;flex-direction:column;justify-content:center;gap:6px}\n.sev-row{display:flex;align-items:center;gap:6px;font-size:12px}\n.sev-dot{width:8px;height:8px;border-radius:50%;flex-shrink:0}\n.sev-critical{background:#da3633}\n.sev-high{background:#db6d28}\n.sev-medium{background:#9e6a03}\n.sev-low{background:#388bfd}\n.sev-info{background:#8b949e}\n.sev-count{color:#f0f6fc;font-weight:600;min-width:18px}\n.section-title{font-size:11px;color:#8b949e;text-transform:uppercase;letter-spacing:.5px;margin-bottom:8px;font-weight:600}\n.timeline{max-height:200px;overflow-y:auto;margin-bottom:16px}\n.timeline::-webkit-scrollbar{width:4px}\n.timeline::-webkit-scrollbar-thumb{background:#30363d;border-radius:2px}\n.tl-entry{display:flex;gap:8px;padding:4px 0;border-bottom:1px solid #21262d;font-size:12px}\n.tl-time{color:#8b949e;flex:0 0 55px;font-family:'SF Mono',Monaco,monospace;font-size:11px}\n.tl-tool{color:#58a6ff;flex:0 0 auto}\n.tl-arrow{color:#484f58}\n.tl-detail{color:#c9d1d9;flex:1}\n.tl-status-success .tl-detail{color:#3fb950}\n.tl-status-error .tl-detail{color:#da3633}\n.tl-status-warning .tl-detail{color:#d29922}\n.brain{display:flex;align-items:center;gap:8px;padding:8px 12px;background:#161b22;border:1px solid #30363d;border-radius:6px;font-size:12px}\n.brain-icon{font-size:16px}\n.brain-text{color:#c9d1d9}\n.brain-trend{color:#3fb950;font-weight:600}\n.brain-trend.down{color:#da3633}\n.empty{text-align:center;padding:32px 16px;color:#484f58;font-size:12px}\n</style>\n</head>\n<body>\n<div class=\"header\">\n  <h1>Rigour Governance</h1>\n  <span class=\"badge badge-idle\" id=\"statusBadge\">idle</span>\n</div>\n\n<div class=\"top\">\n  <div class=\"gauge-wrap\">\n    <svg viewBox=\"0 0 100 100\" width=\"90\" height=\"90\">\n      <circle cx=\"50\" cy=\"50\" r=\"42\" fill=\"none\" stroke=\"#21262d\" stroke-width=\"8\"/>\n      <circle cx=\"50\" cy=\"50\" r=\"42\" fill=\"none\" stroke=\"#30363d\" stroke-width=\"8\"\n        stroke-dasharray=\"264\" stroke-dashoffset=\"264\" stroke-linecap=\"round\"\n        transform=\"rotate(-90 50 50)\" id=\"gaugeArc\"/>\n      <text x=\"50\" y=\"46\" text-anchor=\"middle\" fill=\"#f0f6fc\" font-size=\"22\" font-weight=\"700\" id=\"gaugeText\">--</text>\n      <text x=\"50\" y=\"62\" text-anchor=\"middle\" fill=\"#8b949e\" font-size=\"9\">SCORE</text>\n    </svg>\n  </div>\n  <div class=\"severity-wrap\" id=\"severityWrap\">\n    <div class=\"sev-row\"><span class=\"sev-dot sev-critical\"></span><span class=\"sev-count\" id=\"sevCritical\">0</span>critical</div>\n    <div class=\"sev-row\"><span class=\"sev-dot sev-high\"></span><span class=\"sev-count\" id=\"sevHigh\">0</span>high</div>\n    <div class=\"sev-row\"><span class=\"sev-dot sev-medium\"></span><span class=\"sev-count\" id=\"sevMedium\">0</span>medium</div>\n    <div class=\"sev-row\"><span class=\"sev-dot sev-low\"></span><span class=\"sev-count\" id=\"sevLow\">0</span>low</div>\n  </div>\n</div>\n\n<div class=\"section-title\">Activity</div>\n<div class=\"timeline\" id=\"timeline\">\n  <div class=\"empty\">Waiting for agent activity...</div>\n</div>\n\n<div class=\"brain\" id=\"brainSection\">\n  <span class=\"brain-icon\">&#x1F9E0;</span>\n  <span class=\"brain-text\" id=\"brainText\">Brain: waiting for data</span>\n  <span class=\"brain-trend\" id=\"brainTrend\"></span>\n</div>\n\n<script>\nconst state = JSON.parse('__INITIAL_STATE__');\n\nfunction scoreColor(s) {\n  if (s === null) return '#30363d';\n  if (s < 50) return '#da3633';\n  if (s < 80) return '#d29922';\n  return '#3fb950';\n}\n\nfunction updateGauge(score) {\n  const arc = document.getElementById('gaugeArc');\n  const text = document.getElementById('gaugeText');\n  if (score === null) {\n    arc.setAttribute('stroke-dashoffset', '264');\n    arc.setAttribute('stroke', '#30363d');\n    text.textContent = '--';\n    return;\n  }\n  const offset = 264 - (264 * Math.min(score, 100) / 100);\n  arc.setAttribute('stroke-dashoffset', String(offset));\n  arc.setAttribute('stroke', scoreColor(score));\n  text.textContent = String(Math.round(score));\n}\n\nfunction updateBadge(status) {\n  const badge = document.getElementById('statusBadge');\n  badge.className = 'badge badge-' + (status || 'idle');\n  const labels = {pass:'PASS',fail:'FAIL',scanning:'SCANNING'};\n  badge.textContent = labels[status] || 'IDLE';\n}\n\nfunction updateSeverity(sev) {\n  document.getElementById('sevCritical').textContent = sev.critical || 0;\n  document.getElementById('sevHigh').textContent = sev.high || 0;\n  document.getElementById('sevMedium').textContent = sev.medium || 0;\n  document.getElementById('sevLow').textContent = sev.low || 0;\n}\n\nfunction formatTime(iso) {\n  const d = new Date(iso);\n  return d.toLocaleTimeString('en-US', {hour12:false,hour:'2-digit',minute:'2-digit',second:'2-digit'});\n}\n\nfunction renderTimeline(entries) {\n  const el = document.getElementById('timeline');\n  if (!entries.length) {\n    el.innerHTML = '<div class=\"empty\">Waiting for agent activity...</div>';\n    return;\n  }\n  el.innerHTML = entries.map(e => {\n    const cls = e.status === 'success' ? 'tl-status-success' : e.status === 'error' ? 'tl-status-error' : 'tl-status-warning';\n    return '<div class=\"tl-entry ' + cls + '\">' +\n      '<span class=\"tl-time\">' + formatTime(e.timestamp) + '</span>' +\n      '<span class=\"tl-tool\">' + e.tool + '</span>' +\n      '<span class=\"tl-arrow\">\u2192</span>' +\n      '<span class=\"tl-detail\">' + e.details + '</span></div>';\n  }).join('');\n  el.scrollTop = el.scrollHeight;\n}\n\nfunction updateBrain(patterns, trend) {\n  const text = document.getElementById('brainText');\n  const trendEl = document.getElementById('brainTrend');\n  text.textContent = 'Brain: ' + patterns + ' patterns learned';\n  if (trend) {\n    const arrows = {improving:'\u2191',stable:'\u2194',declining:'\u2193'};\n    trendEl.textContent = (arrows[trend] || '') + ' ' + trend;\n    trendEl.className = 'brain-trend' + (trend === 'declining' ? ' down' : '');\n  }\n}\n\nfunction render() {\n  updateGauge(state.currentScore);\n  updateBadge(state.status);\n  updateSeverity(state.severityBreakdown || {});\n  renderTimeline(state.timeline || []);\n  updateBrain(state.brainPatterns || 0, state.brainTrend);\n}\n\nrender();\n</script>\n</body>\n</html>";

package/dist/dashboard/html.js

@@ -0,0 +1,182 @@
+/**
+ * Dashboard HTML — Self-contained MCP App UI
+ *
+ * Served as a ui:// resource. Renders in a sandboxed iframe
+ * inside Claude Desktop, VS Code Copilot, ChatGPT, Goose.
+ *
+ * Features:
+ * - SVG circular score gauge (color-coded)
+ * - Scrolling activity timeline
+ * - Severity breakdown bar
+ * - Brain learning indicator
+ *
+ * No external dependencies. Initial state injected via __INITIAL_STATE__.
+ */
+export const DASHBOARD_HTML = `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+<title>Rigour Governance</title>
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;background:#0d1117;color:#c9d1d9;padding:16px;font-size:13px;line-height:1.5}
+.header{display:flex;align-items:center;gap:8px;margin-bottom:16px}
+.header h1{font-size:15px;font-weight:600;color:#f0f6fc}
+.header .badge{font-size:11px;padding:2px 8px;border-radius:12px;font-weight:500}
+.badge-pass{background:#1a7f37;color:#fff}
+.badge-fail{background:#da3633;color:#fff}
+.badge-scanning{background:#9e6a03;color:#fff}
+.badge-idle{background:#30363d;color:#8b949e}
+.top{display:flex;gap:16px;margin-bottom:16px}
+.gauge-wrap{flex:0 0 100px;text-align:center}
+.gauge-label{font-size:11px;color:#8b949e;margin-top:4px}
+.severity-wrap{flex:1;display:flex;flex-direction:column;justify-content:center;gap:6px}
+.sev-row{display:flex;align-items:center;gap:6px;font-size:12px}
+.sev-dot{width:8px;height:8px;border-radius:50%;flex-shrink:0}
+.sev-critical{background:#da3633}
+.sev-high{background:#db6d28}
+.sev-medium{background:#9e6a03}
+.sev-low{background:#388bfd}
+.sev-info{background:#8b949e}
+.sev-count{color:#f0f6fc;font-weight:600;min-width:18px}
+.section-title{font-size:11px;color:#8b949e;text-transform:uppercase;letter-spacing:.5px;margin-bottom:8px;font-weight:600}
+.timeline{max-height:200px;overflow-y:auto;margin-bottom:16px}
+.timeline::-webkit-scrollbar{width:4px}
+.timeline::-webkit-scrollbar-thumb{background:#30363d;border-radius:2px}
+.tl-entry{display:flex;gap:8px;padding:4px 0;border-bottom:1px solid #21262d;font-size:12px}
+.tl-time{color:#8b949e;flex:0 0 55px;font-family:'SF Mono',Monaco,monospace;font-size:11px}
+.tl-tool{color:#58a6ff;flex:0 0 auto}
+.tl-arrow{color:#484f58}
+.tl-detail{color:#c9d1d9;flex:1}
+.tl-status-success .tl-detail{color:#3fb950}
+.tl-status-error .tl-detail{color:#da3633}
+.tl-status-warning .tl-detail{color:#d29922}
+.brain{display:flex;align-items:center;gap:8px;padding:8px 12px;background:#161b22;border:1px solid #30363d;border-radius:6px;font-size:12px}
+.brain-icon{font-size:16px}
+.brain-text{color:#c9d1d9}
+.brain-trend{color:#3fb950;font-weight:600}
+.brain-trend.down{color:#da3633}
+.empty{text-align:center;padding:32px 16px;color:#484f58;font-size:12px}
+</style>
+</head>
+<body>
+<div class="header">
+  <h1>Rigour Governance</h1>
+  <span class="badge badge-idle" id="statusBadge">idle</span>
+</div>
+
+<div class="top">
+  <div class="gauge-wrap">
+    <svg viewBox="0 0 100 100" width="90" height="90">
+      <circle cx="50" cy="50" r="42" fill="none" stroke="#21262d" stroke-width="8"/>
+      <circle cx="50" cy="50" r="42" fill="none" stroke="#30363d" stroke-width="8"
+        stroke-dasharray="264" stroke-dashoffset="264" stroke-linecap="round"
+        transform="rotate(-90 50 50)" id="gaugeArc"/>
+      <text x="50" y="46" text-anchor="middle" fill="#f0f6fc" font-size="22" font-weight="700" id="gaugeText">--</text>
+      <text x="50" y="62" text-anchor="middle" fill="#8b949e" font-size="9">SCORE</text>
+    </svg>
+  </div>
+  <div class="severity-wrap" id="severityWrap">
+    <div class="sev-row"><span class="sev-dot sev-critical"></span><span class="sev-count" id="sevCritical">0</span>critical</div>
+    <div class="sev-row"><span class="sev-dot sev-high"></span><span class="sev-count" id="sevHigh">0</span>high</div>
+    <div class="sev-row"><span class="sev-dot sev-medium"></span><span class="sev-count" id="sevMedium">0</span>medium</div>
+    <div class="sev-row"><span class="sev-dot sev-low"></span><span class="sev-count" id="sevLow">0</span>low</div>
+  </div>
+</div>
+
+<div class="section-title">Activity</div>
+<div class="timeline" id="timeline">
+  <div class="empty">Waiting for agent activity...</div>
+</div>
+
+<div class="brain" id="brainSection">
+  <span class="brain-icon">&#x1F9E0;</span>
+  <span class="brain-text" id="brainText">Brain: waiting for data</span>
+  <span class="brain-trend" id="brainTrend"></span>
+</div>
+
+<script>
+const state = JSON.parse('__INITIAL_STATE__');
+
+function scoreColor(s) {
+  if (s === null) return '#30363d';
+  if (s < 50) return '#da3633';
+  if (s < 80) return '#d29922';
+  return '#3fb950';
+}
+
+function updateGauge(score) {
+  const arc = document.getElementById('gaugeArc');
+  const text = document.getElementById('gaugeText');
+  if (score === null) {
+    arc.setAttribute('stroke-dashoffset', '264');
+    arc.setAttribute('stroke', '#30363d');
+    text.textContent = '--';
+    return;
+  }
+  const offset = 264 - (264 * Math.min(score, 100) / 100);
+  arc.setAttribute('stroke-dashoffset', String(offset));
+  arc.setAttribute('stroke', scoreColor(score));
+  text.textContent = String(Math.round(score));
+}
+
+function updateBadge(status) {
+  const badge = document.getElementById('statusBadge');
+  badge.className = 'badge badge-' + (status || 'idle');
+  const labels = {pass:'PASS',fail:'FAIL',scanning:'SCANNING'};
+  badge.textContent = labels[status] || 'IDLE';
+}
+
+function updateSeverity(sev) {
+  document.getElementById('sevCritical').textContent = sev.critical || 0;
+  document.getElementById('sevHigh').textContent = sev.high || 0;
+  document.getElementById('sevMedium').textContent = sev.medium || 0;
+  document.getElementById('sevLow').textContent = sev.low || 0;
+}
+
+function formatTime(iso) {
+  const d = new Date(iso);
+  return d.toLocaleTimeString('en-US', {hour12:false,hour:'2-digit',minute:'2-digit',second:'2-digit'});
+}
+
+function renderTimeline(entries) {
+  const el = document.getElementById('timeline');
+  if (!entries.length) {
+    el.innerHTML = '<div class="empty">Waiting for agent activity...</div>';
+    return;
+  }
+  el.innerHTML = entries.map(e => {
+    const cls = e.status === 'success' ? 'tl-status-success' : e.status === 'error' ? 'tl-status-error' : 'tl-status-warning';
+    return '<div class="tl-entry ' + cls + '">' +
+      '<span class="tl-time">' + formatTime(e.timestamp) + '</span>' +
+      '<span class="tl-tool">' + e.tool + '</span>' +
+      '<span class="tl-arrow">\u2192</span>' +
+      '<span class="tl-detail">' + e.details + '</span></div>';
+  }).join('');
+  el.scrollTop = el.scrollHeight;
+}
+
+function updateBrain(patterns, trend) {
+  const text = document.getElementById('brainText');
+  const trendEl = document.getElementById('brainTrend');
+  text.textContent = 'Brain: ' + patterns + ' patterns learned';
+  if (trend) {
+    const arrows = {improving:'\u2191',stable:'\u2194',declining:'\u2193'};
+    trendEl.textContent = (arrows[trend] || '') + ' ' + trend;
+    trendEl.className = 'brain-trend' + (trend === 'declining' ? ' down' : '');
+  }
+}
+
+function render() {
+  updateGauge(state.currentScore);
+  updateBadge(state.status);
+  updateSeverity(state.severityBreakdown || {});
+  renderTimeline(state.timeline || []);
+  updateBrain(state.brainPatterns || 0, state.brainTrend);
+}
+
+render();
+</script>
+</body>
+</html>`;

package/dist/dashboard/index.d.ts

@@ -0,0 +1,4 @@
+export declare const DASHBOARD_URI = "ui://rigour/dashboard";
+/** Get dashboard HTML with current state injected. */
+export declare function getDashboardHtml(): string;
+export { getState, pushTimelineEntry, updateScore, updateBrainStatus, setScanning } from './state.js';

package/dist/dashboard/index.js

@@ -0,0 +1,16 @@
+/**
+ * Dashboard Resource Serving
+ *
+ * Serves the MCP App dashboard as a ui:// resource.
+ * Injects current DashboardState into the HTML on each fetch
+ * so the client always gets the latest governance snapshot.
+ */
+import { DASHBOARD_HTML } from './html.js';
+import { getState } from './state.js';
+export const DASHBOARD_URI = "ui://rigour/dashboard";
+/** Get dashboard HTML with current state injected. */
+export function getDashboardHtml() {
+    const stateJson = JSON.stringify(getState()).replace(/'/g, "\\'");
+    return DASHBOARD_HTML.replace('__INITIAL_STATE__', stateJson);
+}
+export { getState, pushTimelineEntry, updateScore, updateBrainStatus, setScanning } from './state.js';

package/dist/dashboard/state.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Dashboard State — Server-side state accumulator
+ *
+ * Maintains the current governance state that gets injected into
+ * the MCP App dashboard HTML on each resource fetch.
+ * Single-threaded Node.js — no locking needed.
+ */
+export interface TimelineEntry {
+    timestamp: string;
+    tool: string;
+    status: string;
+    details: string;
+}
+export interface DashboardState {
+    currentScore: number | null;
+    status: "pass" | "fail" | "scanning" | null;
+    timeline: TimelineEntry[];
+    severityBreakdown: Record<string, number>;
+    brainPatterns: number;
+    brainTrend: string | null;
+}
+export declare function getState(): DashboardState;
+export declare function pushTimelineEntry(tool: string, status: string, details: string): void;
+export declare function updateScore(score: number, status: "pass" | "fail", severity?: Record<string, number>): void;
+export declare function updateBrainStatus(patterns: number, trend?: string): void;
+export declare function setScanning(): void;

package/dist/dashboard/state.js

@@ -0,0 +1,44 @@
+/**
+ * Dashboard State — Server-side state accumulator
+ *
+ * Maintains the current governance state that gets injected into
+ * the MCP App dashboard HTML on each resource fetch.
+ * Single-threaded Node.js — no locking needed.
+ */
+const MAX_TIMELINE = 50;
+const state = {
+    currentScore: null,
+    status: null,
+    timeline: [],
+    severityBreakdown: {},
+    brainPatterns: 0,
+    brainTrend: null,
+};
+export function getState() {
+    return state;
+}
+export function pushTimelineEntry(tool, status, details) {
+    state.timeline.push({
+        timestamp: new Date().toISOString(),
+        tool,
+        status,
+        details,
+    });
+    if (state.timeline.length > MAX_TIMELINE) {
+        state.timeline = state.timeline.slice(-MAX_TIMELINE);
+    }
+}
+export function updateScore(score, status, severity) {
+    state.currentScore = score;
+    state.status = status;
+    if (severity)
+        state.severityBreakdown = severity;
+}
+export function updateBrainStatus(patterns, trend) {
+    state.brainPatterns = patterns;
+    if (trend)
+        state.brainTrend = trend;
+}
+export function setScanning() {
+    state.status = "scanning";
+}

package/dist/index.js

@@ -9,11 +9,14 @@
  */
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import { CallToolRequestSchema, ListToolsRequestSchema, ListPromptsRequestSchema, GetPromptRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+import { CallToolRequestSchema, ListToolsRequestSchema, ListPromptsRequestSchema, GetPromptRequestSchema, ListResourcesRequestSchema, ReadResourceRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
 import { randomUUID } from "crypto";
 import { GateRunner } from "@rigour-labs/core";
 // Utils
 import { loadConfig, loadMcpSettings, logStudioEvent } from './utils/config.js';
+import { bindServer } from './utils/notifications.js';
+// Dashboard (MCP App)
+import { DASHBOARD_URI, getDashboardHtml, pushTimelineEntry, updateScore } from './dashboard/index.js';
 // Tool definitions
 import { TOOL_DEFINITIONS } from './tools/definitions.js';
 // Tool handlers
@@ -27,7 +30,9 @@ import { handleHooksCheck, handleHooksInit } from './tools/hooks-handler.js';
 import { handleCheckDeep, handleDeepStats } from './tools/deep-handlers.js';
 import { handleMcpGetSettings, handleMcpSetSettings } from './tools/mcp-settings-handler.js';
 // ─── Server Setup ─────────────────────────────────────────────────
-const server = new Server({ name: "rigour-mcp", version: "3.0.1" }, { capabilities: { tools: {}, prompts: {} } });
+const server = new Server({ name: "rigour-mcp", version: "3.0.1" }, { capabilities: { tools: {}, prompts: {}, logging: {}, resources: {} } });
+// Bind server for logging notifications from handlers
+bindServer(server);
 // ─── Tool Listing ─────────────────────────────────────────────────
 // Only expose essential tools by default to improve agent tool selection.
 // Research shows agents degrade at 30+ tools (wrong picks, hallucinated args).
@@ -38,6 +43,7 @@ const ESSENTIAL_TOOLS = new Set([
     'rigour_recall', // Load project memory (START of every task)
     'rigour_remember', // Store conventions/decisions
     'rigour_explain', // Explain gate failures
+    'rigour_get_fix_packet', // Get structured fix instructions on FAIL
     'rigour_review', // Review diffs
     'rigour_security_audit', // CVE check
     'rigour_forget', // Remove stored memory
@@ -45,6 +51,27 @@ const ESSENTIAL_TOOLS = new Set([
 server.setRequestHandler(ListToolsRequestSchema, async () => ({
     tools: TOOL_DEFINITIONS.filter(t => ESSENTIAL_TOOLS.has(t.name)),
 }));
+// ─── Resource Listing (MCP App Dashboard) ────────────────────────
+server.setRequestHandler(ListResourcesRequestSchema, async () => ({
+    resources: [{
+            uri: DASHBOARD_URI,
+            name: "Rigour Governance Dashboard",
+            description: "Real-time governance dashboard — quality scores, agent activity timeline, severity breakdown",
+            mimeType: "text/html",
+        }],
+}));
+server.setRequestHandler(ReadResourceRequestSchema, async (request) => {
+    if (request.params.uri === DASHBOARD_URI) {
+        return {
+            contents: [{
+                    uri: DASHBOARD_URI,
+                    mimeType: "text/html",
+                    text: getDashboardHtml(),
+                }],
+        };
+    }
+    throw new Error(`Unknown resource: ${request.params.uri}`);
+});
 // ─── Tool Dispatch ────────────────────────────────────────────────
 server.setRequestHandler(CallToolRequestSchema, async (request) => {
     const { name, arguments: args } = request.params;
@@ -165,6 +192,29 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             type: "tool_response", requestId, tool: name, status: "success",
             content: result.content, _rigour_report: result._rigour_report,
         });
+        // ─── Dashboard State + MCP App UI Hint ──────────────
+        const report = result._rigour_report;
+        const details = report
+            ? `${report.status.toUpperCase()} — Score: ${report.stats?.score ?? '?'}/100`
+            : "completed";
+        pushTimelineEntry(name, result.isError ? "error" : "success", details);
+        if (report?.stats) {
+            updateScore(report.stats.score ?? 0, report.status === "PASS" ? "pass" : "fail", report.stats.severity_breakdown);
+        }
+        // Attach UI hint for MCP-App-capable clients (Claude Desktop, VS Code, ChatGPT, Goose)
+        if (!result.isError) {
+            result._meta = { ui: { resourceUri: DASHBOARD_URI } };
+        }
+        // Notify clients that the dashboard resource has updated
+        try {
+            await server.notification({
+                method: "notifications/resources/updated",
+                params: { uri: DASHBOARD_URI },
+            });
+        }
+        catch {
+            // Client doesn't support resource notifications — fine
+        }
         return result;
     }
     catch (error) {

package/dist/tools/deep-handlers.js

@@ -6,6 +6,7 @@
  * @since v4.0.0
  */
 import path from "path";
+import { notifyProgress } from '../utils/notifications.js';
 function resolveDeepExecution(args) {
     const requestedProvider = (args.provider || '').toLowerCase();
     const isForcedLocal = requestedProvider === 'local';
@@ -31,7 +32,10 @@ export async function handleCheckDeep(runner, cwd, config, args) {
         apiBaseUrl: args.apiBaseUrl,
         modelName: args.modelName,
     };
+    notifyProgress("info", `Deep analysis starting (${execution.isLocal ? 'local sidecar' : execution.provider})...`);
     const report = await runner.run(cwd, undefined, deepOpts);
+    const notifyScore = report.stats.score ?? 100;
+    notifyProgress(report.status === "PASS" ? "info" : "warning", `Deep analysis complete: ${notifyScore}/100 \u2014 ${report.failures.length} findings`);
     // Persist to SQLite (best-effort). Skip during tests to avoid CI timing flakes.
     if (!isTestRuntime()) {
         try {

package/dist/tools/definitions.js

@@ -27,7 +27,7 @@ export const TOOL_DEFINITIONS = [
     // ─── Core Quality Gates ───────────────────────────────
     {
         name: "rigour_check",
-        description: "Run quality gate checks on the project. MUST be called before declaring any coding task complete. Checks code complexity, file size, required docs, security patterns, and more. Returns PASS or FAIL with details.",
+        description: "Run quality gate checks on the project. MUST be called before declaring any coding task complete. Checks code complexity, file size, required docs, security patterns, and more. Returns PASS or FAIL with details. **Always show the user the headline summary from this tool's output** — it tells them what Rigour caught. If FAIL, call rigour_get_fix_packet for structured fix instructions with exact file locations and step-by-step remediation.",
         inputSchema: {
             type: "object",
             properties: {
@@ -52,7 +52,7 @@ export const TOOL_DEFINITIONS = [
     },
     {
         name: "rigour_explain",
-        description: "Explain the last quality gate failures with actionable bullets. Matches the CLI 'explain' command.",
+        description: "Explain WHY quality gates failed in human-readable language. Use this to understand the reasoning behind each violation before fixing. For machine-readable fix instructions, use rigour_get_fix_packet instead.",
         inputSchema: {
             type: "object",
             properties: cwdParam(),
@@ -84,7 +84,7 @@ export const TOOL_DEFINITIONS = [
     },
     {
         name: "rigour_get_fix_packet",
-        description: "Retrieves a prioritized 'Fix Packet' (v2 schema) containing detailed machine-readable diagnostic data.",
+        description: "Call this after rigour_check returns FAIL. Returns a prioritized Fix Packet with exact violations, file locations, and step-by-step fix instructions. Apply fixes in severity order (critical first), then re-run rigour_check to verify. Repeat until PASS. **After applying all fixes, tell the user what Rigour caught and that fixes were applied.**",
         inputSchema: {
             type: "object",
             properties: cwdParam(),

package/dist/tools/execution-handlers.js

@@ -9,6 +9,7 @@ import fs from "fs-extra";
 import path from "path";
 import { FixPacketService } from "@rigour-labs/core";
 import { logStudioEvent } from '../utils/config.js';
+import { notifyProgress } from '../utils/notifications.js';
 export async function handleRun(cwd, command, requestId) {
     // 1. Log Interceptable Event
     await logStudioEvent(cwd, {
@@ -54,8 +55,10 @@ export async function handleRunSupervised(runner, cwd, command, maxRetries, dryR
         maxRetries,
         dryRun,
     });
+    notifyProgress("info", `Supervisor started: ${command} (max ${maxRetries} retries)`);
     while (iteration < maxRetries) {
         iteration++;
+        notifyProgress("info", `Supervisor iteration ${iteration}/${maxRetries}...`);
         if (!dryRun) {
             try {
                 await execa(command, { shell: true, cwd });
@@ -84,6 +87,7 @@ export async function handleRunSupervised(runner, cwd, command, maxRetries, dryR
             failedGates: failedGateIds,
         });
         if (lastReport.status === "PASS") {
+            notifyProgress("info", `Supervisor PASSED on iteration ${iteration} \u2014 Score: ${lastReport.stats.score ?? '?'}/100`);
             const score = lastReport.stats.score !== undefined ? ` | Score: ${lastReport.stats.score}/100` : '';
             result = {
                 content: [{
@@ -94,6 +98,7 @@ export async function handleRunSupervised(runner, cwd, command, maxRetries, dryR
             break;
         }
         if (iteration >= maxRetries) {
+            notifyProgress("error", `Supervisor FAILED after ${iteration} iterations \u2014 ${lastReport.failures.length} violations remain`);
             // Use FixPacketService for structured output instead of ad-hoc formatting
             let fixPacketText;
             if (config) {

package/dist/tools/pattern-handlers.js

@@ -6,6 +6,7 @@
  * @since v2.17.0 — extracted from monolithic index.ts
  */
 import { PatternMatcher, loadPatternIndex, getDefaultIndexPath, StalenessDetector, SecurityDetector, } from "@rigour-labs/core/pattern-index";
+import { notifyProgress } from '../utils/notifications.js';
 export async function handleCheckPattern(cwd, patternName, type, intent) {
     const indexPath = getDefaultIndexPath(cwd);
     const index = await loadPatternIndex(indexPath);
@@ -66,7 +67,9 @@ export async function handleCheckPattern(cwd, patternName, type, intent) {
     return { content: [{ type: "text", text: resultText }] };
 }
 export async function handleSecurityAudit(cwd) {
+    notifyProgress("info", "Running CVE security audit...");
     const security = new SecurityDetector(cwd);
     const summary = await security.getSecuritySummary();
+    notifyProgress("info", "Security audit complete");
     return { content: [{ type: "text", text: summary }] };
 }

package/dist/tools/quality-handlers.js

@@ -1,3 +1,13 @@
+/**
+ * Quality Gate Tool Handlers
+ *
+ * Handlers for: rigour_check, rigour_explain, rigour_status,
+ * rigour_get_fix_packet, rigour_list_gates, rigour_get_config
+ *
+ * @since v2.17.0 — extracted from monolithic index.ts
+ */
+import { renderMcpHeadline, renderFixAttribution } from "@rigour-labs/core";
+import { notifyProgress } from '../utils/notifications.js';
 function resolveDeepExecution(args) {
     const requestedProvider = (args.provider || '').toLowerCase();
     const isForcedLocal = requestedProvider === 'local';
@@ -42,7 +52,22 @@ export async function handleCheck(runner, cwd, args = {}) {
             modelName: args.modelName,
         };
     }
+    notifyProgress("info", fileTargets ? `Scanning ${fileTargets.length} files...` : "Scanning project...");
+    if (deepMode !== 'off') {
+        notifyProgress("info", `Deep analysis: ${execution.isLocal ? 'local sidecar' : execution.provider} (${deepMode} mode)`);
+    }
     const report = await runner.run(cwd, fileTargets, deepOpts);
+    if (report.status === "PASS") {
+        notifyProgress("info", `PASS \u2014 Score: ${report.stats.score ?? '?'}/100`);
+    }
+    else {
+        const sev = report.stats.severity_breakdown || {};
+        const sevParts = Object.entries(sev).filter(([, c]) => c > 0).map(([s, c]) => `${c} ${s}`).join(', ');
+        notifyProgress("warning", `FAIL \u2014 ${sevParts || report.failures.length + ' violations'} (Score: ${report.stats.score ?? '?'}/100)`);
+        const worst = report.failures.find(f => f.severity === 'critical') || report.failures[0];
+        if (worst)
+            notifyProgress("warning", `${worst.title}${worst.files?.[0] ? ' in ' + worst.files[0] : ''}`);
+    }
     const scoreText = formatScoreText(report.stats);
     const sevText = formatSeverityText(report.stats);
     const deepText = deepMode === 'off'
@@ -51,10 +76,12 @@ export async function handleCheck(runner, cwd, args = {}) {
             `${execution.isLocal
                 ? '\nPrivacy: Local sidecar/model execution. Code remains on this machine.'
                 : `\nPrivacy: Cloud provider execution. Code context may be sent to ${execution.provider} API.`}`;
+    // Human-facing headline — agents naturally pass this through to users
+    const headline = renderMcpHeadline(report);
     const result = {
         content: [{
                 type: "text",
-                text: `RIGOUR AUDIT RESULT: ${report.status}${scoreText}${sevText}${deepText}\n\nSummary:\n${Object.entries(report.summary).map(([k, v]) => `- ${k}: ${v}`).join("\n")}`,
+                text: `${headline}\n\n${scoreText.trim()}${sevText}${deepText}\n\nSummary:\n${Object.entries(report.summary).map(([k, v]) => `- ${k}: ${v}`).join("\n")}`,
             }],
     };
     result._rigour_report = report;
@@ -105,11 +132,18 @@ export async function handleGetFixPacket(runner, cwd, config) {
             content: [{ type: "text", text: `ALL QUALITY GATES PASSED.${passScore} The current state meets the required engineering standards.` }],
         };
     }
+    notifyProgress("info", `Generating fix packet for ${report.failures.length} violations...`);
     const { FixPacketService } = await import("@rigour-labs/core");
     const fixPacketService = new FixPacketService();
     const fixPacket = fixPacketService.generate(report, config);
+    // Find worst violation for attribution
+    const worst = report.failures.find(f => f.severity === 'critical')
+        || report.failures.find(f => f.severity === 'high')
+        || report.failures[0];
+    const worstLabel = worst ? worst.title : 'quality violations';
+    const attribution = renderFixAttribution(report.failures.length, worstLabel);
     return {
-        content: [{ type: "text", text: formatFixPacketText(fixPacket, report) }],
+        content: [{ type: "text", text: formatFixPacketText(fixPacket, report) + attribution }],
     };
 }
 /**

package/dist/tools/review-handler.js

@@ -1,9 +1,11 @@
 import { parseDiff } from '../utils/config.js';
+import { notifyProgress } from '../utils/notifications.js';
 export async function handleReview(runner, cwd, diff, changedFiles) {
     // 1. Map diff to line numbers for filtering
     const diffMapping = parseDiff(diff);
     const targetFiles = changedFiles || Object.keys(diffMapping);
     // 2. Run high-fidelity analysis on changed files
+    notifyProgress("info", `Reviewing ${targetFiles.length} changed files...`);
     const report = await runner.run(cwd, targetFiles);
     // 3. Filter failures to only those on changed lines (or global gate failures)
     const filteredFailures = report.failures.filter(failure => {

package/dist/utils/notifications.d.ts

@@ -0,0 +1,18 @@
+/**
+ * MCP Logging Notifications — Singleton
+ *
+ * Gives all handler modules access to server.sendLoggingMessage()
+ * without threading the server instance through every function signature.
+ *
+ * Usage:
+ *   bindServer(server)          — call once at startup
+ *   notifyProgress("info", msg) — fire-and-forget from any handler
+ */
+import type { Server } from "@modelcontextprotocol/sdk/server/index.js";
+/** Bind the MCP server instance (call once at startup). */
+export declare function bindServer(server: Server): void;
+/**
+ * Send a logging notification to the MCP client.
+ * Fire-and-forget — silently drops if client doesn't support logging.
+ */
+export declare function notifyProgress(level: "debug" | "info" | "notice" | "warning" | "error" | "critical", message: string, logger?: string): void;

package/dist/utils/notifications.js

@@ -0,0 +1,19 @@
+let _server = null;
+/** Bind the MCP server instance (call once at startup). */
+export function bindServer(server) {
+    _server = server;
+}
+/**
+ * Send a logging notification to the MCP client.
+ * Fire-and-forget — silently drops if client doesn't support logging.
+ */
+export function notifyProgress(level, message, logger = "rigour") {
+    if (!_server)
+        return;
+    try {
+        void _server.sendLoggingMessage({ level, logger, data: message });
+    }
+    catch {
+        // Client may not support logging — graceful fallback
+    }
+}

package/package.json

@@ -1,30 +1,44 @@
 {
   "name": "@rigour-labs/mcp",
-  "version": "5.2.3",
-  "description": "MCP server for AI code governance — OWASP LLM Top 10 (10/10), real-time hooks, 25+ security patterns, hallucinated import detection, multi-agent governance. Works with Claude, Cursor, Cline, Windsurf, Gemini. Industry presets for HIPAA, SOC2, FedRAMP.",
+  "version": "5.2.5",
+  "description": "MCP server + live dashboard for AI code governance — OWASP LLM Top 10 (10/10), real-time MCP App UI, 25+ security patterns, Bayesian learning Brain, hallucinated import detection, multi-agent governance. Works with Claude, Cursor, VS Code, ChatGPT, Goose, Windsurf. Industry presets for HIPAA, SOC2, FedRAMP.",
   "license": "MIT",
   "homepage": "https://rigour.run",
   "icon": "https://raw.githubusercontent.com/rigour-labs/rigour/main/docs/assets/icon.svg",
   "keywords": [
+    "ai",
+    "llm",
     "mcp",
+    "mcp-app",
+    "mcp-server",
     "model-context-protocol",
-    "owasp-llm-top-10",
+    "ai-agent",
     "ai-code-governance",
+    "owasp-llm-top-10",
+    "bayesian-learning",
     "real-time-hooks",
     "security-patterns",
     "hallucinated-imports",
-    "industry-presets",
-    "hipaa",
-    "soc2",
-    "fedramp",
+    "vibe-coding",
     "claude",
     "cursor",
     "cline",
     "windsurf",
+    "copilot",
+    "gemini",
+    "codex",
+    "chatgpt",
+    "goose",
     "multi-agent-governance",
     "quality-gates",
-    "static-analysis",
-    "code-review"
+    "fix-packets",
+    "agent-governance",
+    "drift-detection",
+    "live-dashboard",
+    "code-quality",
+    "ai-safety",
+    "deep-learning",
+    "rlaif"
   ],
   "type": "module",
   "mcpName": "io.github.rigour-labs/rigour",
@@ -48,7 +62,7 @@
     "execa": "^8.0.1",
     "fs-extra": "^11.2.0",
     "yaml": "^2.8.2",
-    "@rigour-labs/core": "5.2.3"
+    "@rigour-labs/core": "5.2.5"
   },
   "devDependencies": {
     "@types/node": "^25.0.3",