io.github.rigour-labs/rigour
Quality gates for AI agents. Lint, test, build checks with memory persistence.
Ask AI about io.github.rigour-labs/rigour
Powered by Claude Β· Grounded in docs
I know everything about io.github.rigour-labs/rigour. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
Rigour
Your AI agent just tried to commit an AWS secret. Rigour blocked it in <100ms.
Try it now (zero config)
npx rigour-scan
Works on any repo. No init, no config, no setup. Instant results in your terminal:
HARDCODED SECRET DETECTED
AWS_SECRET_ACCESS_KEY found in src/config.ts:23
+ 22 more violations across 847 files (2.1s)
Score ββββββββββββββββββββ 34/100
AI Health βββββββββββββββββββββ 28/100
Gates: β
file-size β security β ast β
deps
Brain: learned 12 patterns Β· trend: improving β
Add to your AI IDE (30 seconds)
{ "mcpServers": { "rigour": { "command": "npx", "args": ["-y", "@rigour-labs/mcp"] } } }
| IDE / Agent | MCP Tools | Live Dashboard | Real-Time Feed |
|---|---|---|---|
| Claude Desktop | β | β MCP App | β Logging |
| VS Code Copilot | β | β MCP App | β Logging |
| ChatGPT | β | β MCP App | β Logging |
| Goose | β | β MCP App | β Logging |
| Claude Code | β | β | β Logging |
| Cursor | β | β | β Logging |
| Cline | β | β | β Logging |
| Windsurf | β | β | β Logging |
| Codex | β | β | β Logging |
Live governance dashboard (MCP App)
In supported editors, a real-time dashboard appears automatically as your agent works:
ββ Rigour Governance βββββββββββββββββββββββββββ
β Score: 94/100 β
PASS β
β β
β 14:32:01 rigour_check β FAIL (34/100) β
β 14:32:03 fix_packet β 8 fixes β
β 14:32:15 rigour_check β 71/100 (+37) β
β 14:32:22 rigour_check β β
PASS 94/100 β
β β
β Brain: 47 patterns Β· trend: improving β β
βββββββββββββββββββββββββββββββββββββββββββββββββ
No extra commands. The dashboard appears when the agent calls Rigour tools. Watch your agent self-heal in real time.
What it catches
| Category | Gates |
|---|---|
| Security | Hardcoded secrets (29+ patterns), SQL injection, XSS, CSRF, prototype pollution, Shannon entropy |
| Structural | File size, cyclomatic complexity, method count, parameter count, nesting depth, TODO/FIXME |
| AI Drift | Hallucinated imports, phantom APIs, context drift, retry loop detection |
| Governance | Agent team isolation, checkpoint supervision, memory DLP |
AST-based. Not heuristics. TypeScript, JavaScript, Python, Go, Ruby, C#, Java, Kotlin, Rust.
How it works
Agent writes code β Rigour gates fire β FAIL? β Fix Packet (JSON)
β
Agent reads exact instructions
β
Agent fixes β PASS β
No human in the loop. The agent gets told exactly what's wrong, on which line, and how to fix it β in JSON it can consume.
The Brain β learns your codebase
Every scan reinforces patterns. Patterns decay when absent. At strength: 0.9, they promote to hard rules. Your project's own immune system β trained locally, zero telemetry.
First week: catches 12 violations
First month: catches 8 violations β learning your patterns
Third month: catches 3 violations β your agents have adapted
How it's different
| Rigour | ESLint | Cloud tools | |
|---|---|---|---|
| Runs locally, zero telemetry | β | β | β |
| Learns YOUR codebase (Brain) | β | β | β |
| Agent self-healing (Fix Packets) | β | β | β |
| Works offline (GGUF sidecar) | β | β | β |
| AI-native drift detection | β | β | β |
| MCP-native (26 tools) | β | β | β |
Used in production
- 19,000+ total installs across CLI and MCP
- Organically forked by Alibaba iFlow
- OWASP project β listed
- Cursor MCP directory β listed
- Zero false positives on 202-finding production audit
Quick reference
npx rigour-scan # zero-config scan
npx @rigour-labs/cli init # add gates to your project
npx @rigour-labs/cli check # run gates
npx @rigour-labs/cli check --deep # + local AI analysis
npx @rigour-labs/cli check --deep --provider claude -k sk-ant-xxx # cloud AI
npx @rigour-labs/cli studio # monitoring dashboard
Architecture
| Package | Purpose |
|---|---|
@rigour-labs/core | Gate engine, AST analysis, Fix Packets, Brain |
@rigour-labs/cli | init, check, scan, run, studio |
@rigour-labs/mcp | MCP server β 26 tools for agent integration |
rigour-scan | Zero-config shortcut: npx rigour-scan |
Stack: TypeScript strict, web-tree-sitter, Zod, Vitest.
Full docs | Technical Spec | Philosophy
MIT Β© Rigour Labs β Built by Ashutosh
If Rigour caught something real in your codebase β tell us.