{"id":35566107,"url":"https://github.com/rigour-labs/rigour","last_synced_at":"2026-04-01T17:26:06.352Z","repository":{"id":331965426,"uuid":"1127532861","full_name":"rigour-labs/rigour","owner":"rigour-labs","description":"Local-first quality gate + fix-loop controller for AI coding agents (CLI + MCP).","archived":false,"fork":false,"pushed_at":"2026-03-14T05:20:48.000Z","size":7376,"stargazers_count":18,"open_issues_count":1,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-14T16:36:05.325Z","etag":null,"topics":["agentic-workflow","ai","ai-agents","cli","code-quality","developer-productivity","devtools","guardrails","lint","llm","mcp","model-context-protocol","refactoring","software-engineering","static-analysis","testing","typescript","typesystem"],"latest_commit_sha":null,"homepage":"https://www.rigour.run/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rigour-labs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-01-04T04:35:38.000Z","updated_at":"2026-03-14T05:20:51.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/rigour-labs/rigour","commit_stats":null,"previous_names":["rigour-labs/rigour","erashu212/rigour"],"tags_count":89,"template":false,"template_full_name":null,"purl":"pkg:github/rigour-labs/rigour","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rigour-labs%2Frigour","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rigour-labs%2Frigour/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rigour-labs%2Frigour/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rigour-labs%2Frigour/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rigour-labs","download_url":"https://codeload.github.com/rigour-labs/rigour/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rigour-labs%2Frigour/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31290537,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentic-workflow","ai","ai-agents","cli","code-quality","developer-productivity","devtools","guardrails","lint","llm","mcp","model-context-protocol","refactoring","software-engineering","static-analysis","testing","typescript","typesystem"],"created_at":"2026-01-04T15:13:49.777Z","updated_at":"2026-04-01T17:26:06.346Z","avatar_url":"https://github.com/rigour-labs.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Rigour\n\n[![npm version](https://img.shields.io/npm/v/@rigour-labs/cli?color=cyan\u0026label=cli)](https://www.npmjs.com/package/@rigour-labs/cli)\n[![cli downloads](https://img.shields.io/npm/dm/@rigour-labs/cli?color=blue\u0026label=cli+downloads)](https://www.npmjs.com/package/@rigour-labs/cli)\n[![mcp downloads](https://img.shields.io/npm/dm/@rigour-labs/mcp?color=blue\u0026label=mcp+downloads)](https://www.npmjs.com/package/@rigour-labs/mcp)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![MCP Registry](https://img.shields.io/badge/MCP-Listed-green)](https://rigour.run)\n[![OWASP](https://img.shields.io/badge/OWASP-Project-red)](https://rigour.run)\n\n**Your AI agent just tried to commit an AWS secret. Rigour blocked it in \u003c100ms.**\n\n## Try it now (zero config)\n\n```bash\nnpx rigour-scan\n```\n\nWorks on any repo. No init, no config, no setup. Instant results in your terminal:\n\n```\n  HARDCODED SECRET DETECTED\n  AWS_SECRET_ACCESS_KEY found in src/config.ts:23\n\n  + 22 more violations across 847 files (2.1s)\n\n  Score        ████░░░░░░░░░░░░░░░░  34/100\n  AI Health    ███░░░░░░░░░░░░░░░░░░  28/100\n\n  Gates:  ✅ file-size  ❌ security  ❌ ast  ✅ deps\n\n  Brain: learned 12 patterns · trend: improving ↑\n```\n\n## Add to your AI IDE (30 seconds)\n\n```json\n{ \"mcpServers\": { \"rigour\": { \"command\": \"npx\", \"args\": [\"-y\", \"@rigour-labs/mcp\"] } } }\n```\n\n| IDE / Agent | MCP Tools | Live Dashboard | Real-Time Feed |\n|---|---|---|---|\n| **Claude Desktop** | ✅ | ✅ MCP App | ✅ Logging |\n| **VS Code Copilot** | ✅ | ✅ MCP App | ✅ Logging |\n| **ChatGPT** | ✅ | ✅ MCP App | ✅ Logging |\n| **Goose** | ✅ | ✅ MCP App | ✅ Logging |\n| **Claude Code** | ✅ | — | ✅ Logging |\n| **Cursor** | ✅ | — | ✅ Logging |\n| **Cline** | ✅ | — | ✅ Logging |\n| **Windsurf** | ✅ | — | ✅ Logging |\n| **Codex** | ✅ | — | ✅ Logging |\n\n## Live governance dashboard (MCP App)\n\nIn supported editors, a real-time dashboard appears automatically as your agent works:\n\n```\n┌─ Rigour Governance ──────────────────────────┐\n│  Score: 94/100  ✅ PASS                      │\n│                                               │\n│  14:32:01  rigour_check → FAIL (34/100)       │\n│  14:32:03  fix_packet → 8 fixes               │\n│  14:32:15  rigour_check → 71/100 (+37)        │\n│  14:32:22  rigour_check → ✅ PASS 94/100      │\n│                                               │\n│  Brain: 47 patterns · trend: improving ↑      │\n└───────────────────────────────────────────────┘\n```\n\nNo extra commands. The dashboard appears when the agent calls Rigour tools. Watch your agent self-heal in real time.\n\n## What it catches\n\n| Category | Gates |\n|---|---|\n| **Security** | Hardcoded secrets (29+ patterns), SQL injection, XSS, CSRF, prototype pollution, Shannon entropy |\n| **Structural** | File size, cyclomatic complexity, method count, parameter count, nesting depth, TODO/FIXME |\n| **AI Drift** | Hallucinated imports, phantom APIs, context drift, retry loop detection |\n| **Governance** | Agent team isolation, checkpoint supervision, memory DLP |\n\nAST-based. Not heuristics. **TypeScript, JavaScript, Python, Go, Ruby, C#, Java, Kotlin, Rust.**\n\n## How it works\n\n```\nAgent writes code → Rigour gates fire → FAIL? → Fix Packet (JSON)\n                                           ↓\n                                    Agent reads exact instructions\n                                           ↓\n                                    Agent fixes → PASS ✓\n```\n\nNo human in the loop. The agent gets told exactly what's wrong, on which line, and how to fix it — in JSON it can consume.\n\n## The Brain — learns your codebase\n\nEvery scan reinforces patterns. Patterns decay when absent. At `strength: 0.9`, they promote to hard rules. Your project's own immune system — trained locally, zero telemetry.\n\n```\nFirst week:  catches 12 violations\nFirst month: catches 8 violations  ← learning your patterns\nThird month: catches 3 violations  ← your agents have adapted\n```\n\n## How it's different\n\n| | Rigour | ESLint | Cloud tools |\n|---|---|---|---|\n| Runs locally, zero telemetry | ✅ | ✅ | ❌ |\n| Learns YOUR codebase (Brain) | ✅ | ❌ | ❌ |\n| Agent self-healing (Fix Packets) | ✅ | ❌ | ❌ |\n| Works offline (GGUF sidecar) | ✅ | ✅ | ❌ |\n| AI-native drift detection | ✅ | ❌ | ❌ |\n| MCP-native (26 tools) | ✅ | ❌ | ❌ |\n\n## Used in production\n\n- **19,000+ total installs** across CLI and MCP\n- **Organically forked by Alibaba iFlow**\n- **OWASP project** — listed\n- **Cursor MCP directory** — listed\n- **Zero false positives** on 202-finding production audit\n\n## Quick reference\n\n```bash\nnpx rigour-scan                              # zero-config scan\nnpx @rigour-labs/cli init                    # add gates to your project\nnpx @rigour-labs/cli check                   # run gates\nnpx @rigour-labs/cli check --deep            # + local AI analysis\nnpx @rigour-labs/cli check --deep --provider claude -k sk-ant-xxx  # cloud AI\nnpx @rigour-labs/cli studio                  # monitoring dashboard\n```\n\n## Architecture\n\n| Package | Purpose |\n|---|---|\n| `@rigour-labs/core` | Gate engine, AST analysis, Fix Packets, Brain |\n| `@rigour-labs/cli` | `init`, `check`, `scan`, `run`, `studio` |\n| `@rigour-labs/mcp` | MCP server — 26 tools for agent integration |\n| `rigour-scan` | Zero-config shortcut: `npx rigour-scan` |\n\n**Stack:** TypeScript strict, web-tree-sitter, Zod, Vitest.\n\n---\n\n**[Full docs](https://docs.rigour.run)** | **[Technical Spec](docs/SPEC.md)** | **[Philosophy](docs/PHILOSOPHY.md)**\n\nMIT © [Rigour Labs](https://github.com/rigour-labs) — Built by [Ashutosh](https://github.com/erashu212)\n\n*If Rigour caught something real in your codebase — [tell us](https://github.com/rigour-labs/rigour/discussions).*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frigour-labs%2Frigour","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frigour-labs%2Frigour","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frigour-labs%2Frigour/lists"}