npm - @rigour-labs/mcp - Versions diffs - 5.2.6 → 5.2.8 - Mend

@rigour-labs/mcp 5.2.6 → 5.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.js +1 -1
package/dist/tools/definitions.d.ts +4 -0
package/dist/tools/definitions.js +2 -1
package/dist/tools/pattern-handlers.d.ts +1 -1
package/dist/tools/pattern-handlers.js +49 -3
package/package.json +2 -2

package/dist/index.js CHANGED Viewed

@@ -131,7 +131,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                 break;
             // Pattern intelligence
             case "rigour_check_pattern":
-                result = await handleCheckPattern(cwd, args.name, args.type, args.intent);
+                result = await handleCheckPattern(cwd, args.name, args.type, args.intent, args.file);
                 break;
             case "rigour_security_audit":
                 result = await handleSecurityAudit(cwd);

package/dist/tools/definitions.d.ts CHANGED Viewed

@@ -182,6 +182,10 @@ export declare const TOOL_DEFINITIONS: ({
                 type: string;
                 description: string;
             };
+            file: {
+                type: string;
+                description: string;
+            };
             cwd: {
                 type: "string";
                 description: string;

package/dist/tools/definitions.js CHANGED Viewed

@@ -231,7 +231,7 @@ export const TOOL_DEFINITIONS = [
     // ─── Pattern Intelligence ─────────────────────────────
     {
         name: "rigour_check_pattern",
-        description: "CALL THIS BEFORE creating any new function, component, hook, or class. Checks if it already exists in the codebase (prevents duplication), and checks for known security vulnerabilities. Pass the name and type of what you plan to create.",
+        description: "CALL THIS BEFORE creating any new function, component, hook, or class. Checks if it already exists in the codebase (prevents duplication), checks for known security vulnerabilities, and BLOCKS writes to protected paths (.github/, CI/CD configs, rigour.yml). Always pass the target file path.",
         inputSchema: {
             type: "object",
             properties: {
@@ -239,6 +239,7 @@ export const TOOL_DEFINITIONS = [
                 name: { type: "string", description: "The name of the function, class, or component you want to create." },
                 type: { type: "string", description: "The type of pattern (e.g., 'function', 'component', 'hook', 'type')." },
                 intent: { type: "string", description: "What the code is for (e.g., 'format dates', 'user authentication')." },
+                file: { type: "string", description: "Target file path (relative to cwd) where the code will be written. Used to enforce protected path rules — writes to .github/, rigour.yml, etc. will be BLOCKED." },
             },
             required: ["cwd", "name"],
         },

package/dist/tools/pattern-handlers.d.ts CHANGED Viewed

@@ -4,6 +4,6 @@ type ToolResult = {
         text: string;
     }[];
 };
-export declare function handleCheckPattern(cwd: string, patternName: string, type?: string, intent?: string): Promise<ToolResult>;
+export declare function handleCheckPattern(cwd: string, patternName: string, type?: string, intent?: string, file?: string): Promise<ToolResult>;
 export declare function handleSecurityAudit(cwd: string): Promise<ToolResult>;
 export {};

package/dist/tools/pattern-handlers.js CHANGED Viewed

@@ -5,13 +5,59 @@
  *
  * @since v2.17.0 — extracted from monolithic index.ts
  */
+import path from "path";
+import yaml from "yaml";
+import fs from "fs-extra";
 import { PatternMatcher, loadPatternIndex, getDefaultIndexPath, StalenessDetector, SecurityDetector, } from "@rigour-labs/core/pattern-index";
+import { ConfigSchema } from "@rigour-labs/core";
 import { notifyProgress } from '../utils/notifications.js';
-export async function handleCheckPattern(cwd, patternName, type, intent) {
-    const indexPath = getDefaultIndexPath(cwd);
-    const index = await loadPatternIndex(indexPath);
+/**
+ * Check if a file path is protected by safety.protected_paths in rigour.yml.
+ * Returns the matched pattern or null.
+ */
+async function checkFileGuard(cwd, filePath) {
+    const configPath = path.join(cwd, 'rigour.yml');
+    let protectedPaths = [];
+    try {
+        if (await fs.pathExists(configPath)) {
+            const raw = yaml.parse(await fs.readFile(configPath, 'utf-8'));
+            const config = ConfigSchema.parse(raw);
+            protectedPaths = config.gates.safety?.protected_paths ?? [];
+        }
+    }
+    catch {
+        // Default protected paths if no config
+        protectedPaths = ['.github/**', 'rigour.yml'];
+    }
+    if (protectedPaths.length === 0)
+        return null;
+    const normalized = filePath.replace(/\\/g, '/');
+    return protectedPaths.find(pattern => {
+        const clean = pattern.replace('/**', '').replace('/*', '');
+        if (normalized === clean)
+            return true;
+        if (clean.endsWith('/'))
+            return normalized.startsWith(clean);
+        return normalized.startsWith(clean + '/');
+    }) ?? null;
+}
+export async function handleCheckPattern(cwd, patternName, type, intent, file) {
     let resultText = "";
+    // 0. File Guard — BLOCK writes to protected paths
+    if (file) {
+        const matched = await checkFileGuard(cwd, file);
+        if (matched) {
+            notifyProgress("error", `BLOCKED: Write to protected path ${file}`);
+            resultText = `🛑 BLOCKED: You CANNOT write to "${file}".\n`;
+            resultText += `This path matches protected pattern "${matched}" in rigour.yml.\n`;
+            resultText += `CI/CD pipelines, governance configs, and protected docs require human review.\n\n`;
+            resultText += `RECOMMENDED ACTION: STOP. Do not create or modify this file. Ask the human to make this change manually.`;
+            return { content: [{ type: "text", text: resultText }] };
+        }
+    }
     // 1. Check for Reinvention
+    const indexPath = getDefaultIndexPath(cwd);
+    const index = await loadPatternIndex(indexPath);
     if (index) {
         const matcher = new PatternMatcher(index);
         const matchResult = await matcher.match({ name: patternName, type, intent });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rigour-labs/mcp",
-  "version": "5.2.6",
+  "version": "5.2.8",
   "description": "MCP server + live dashboard for AI code governance — OWASP LLM Top 10 (10/10), real-time MCP App UI, 25+ security patterns, Bayesian learning Brain, hallucinated import detection, multi-agent governance. Works with Claude, Cursor, VS Code, ChatGPT, Goose, Windsurf. Industry presets for HIPAA, SOC2, FedRAMP.",
   "license": "MIT",
   "homepage": "https://rigour.run",
@@ -62,7 +62,7 @@
     "execa": "^8.0.1",
     "fs-extra": "^11.2.0",
     "yaml": "^2.8.2",
-    "@rigour-labs/core": "5.2.6"
+    "@rigour-labs/core": "5.2.8"
   },
   "devDependencies": {
     "@types/node": "^25.0.3",