Summary
Runs quality gates on your codebase through MCP, exposing 26 tools that let AI agents check for hardcoded secrets, structural issues, and AI-specific drift like hallucinated imports. Gates fire automatically when agents write code and return Fix Packets with exact line numbers and remediation steps agents can consume directly. The Brain learns your codebase patterns over time, promoting recurring violations to hard rules. Works with TypeScript, JavaScript, Python, Go, Ruby, and more through AST analysis. Includes a live dashboard in Claude Desktop and VS Code that shows real-time pass/fail scores as agents iterate. Add it with npx and point your MCP config at @rigour-labs/mcp to get instant governance without leaving the agent loop.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Tools
Public tool metadata for what this MCP can expose to an agent.
9 tools
rigour_checkRun quality gate checks on the project. Matches the CLI 'check' command.1 params
Run quality gate checks on the project. Matches the CLI 'check' command.
Parameters* required
cwdstringAbsolute path to the project root.
rigour_explainExplain the last quality gate failures with actionable bullets. Matches the CLI 'explain' command.1 params
Explain the last quality gate failures with actionable bullets. Matches the CLI 'explain' command.
Parameters* required
cwdstringAbsolute path to the project root.
rigour_statusQuick PASS/FAIL check with JSON-friendly output for polling current project state.1 params
Quick PASS/FAIL check with JSON-friendly output for polling current project state.
Parameters* required
cwdstringAbsolute path to the project root.
rigour_get_fix_packetRetrieves a prioritized 'Fix Packet' (v2 schema) containing detailed machine-readable diagnostic data.1 params
Retrieves a prioritized 'Fix Packet' (v2 schema) containing detailed machine-readable diagnostic data.
Parameters* required
cwdstringAbsolute path to the project root.
rigour_record_failureRecord an operation failure to track retry loops and prompt for documentation consult.3 params
Record an operation failure to track retry loops and prompt for documentation consult.
Parameters* required
cwdstringAbsolute path to the project root.
categorystringOptional category (deployment, runtime_error, network, etc.). Auto-classified if omitted.
errorMessagestringThe error message or type (e.g., 'Deployment failed').
rigour_clear_failureClear failure history for a category after a successful operation or manual fix.2 params
Clear failure history for a category after a successful operation or manual fix.
Parameters* required
cwdstringAbsolute path to the project root.
categorystringThe failure category to clear (e.g., 'deployment').
rigour_rememberStore a persistent instruction or context that the AI should remember across sessions. Use this to persist user preferences, project conventions, or critical instructions that the agent should always follow.3 params
Store a persistent instruction or context that the AI should remember across sessions. Use this to persist user preferences, project conventions, or critical instructions that the agent should always follow.
Parameters* required
cwdstringAbsolute path to the project root.
keystringA unique key for this memory (e.g., 'user_preferences', 'coding_style', 'critical_instructions').
valuestringThe instruction or context to remember.
rigour_recallRetrieve stored instructions or context. Call this at the start of each session to restore memory. Returns all stored memories if no key specified.2 params
Retrieve stored instructions or context. Call this at the start of each session to restore memory. Returns all stored memories if no key specified.
Parameters* required
cwdstringAbsolute path to the project root.
keystringOptional. Key of specific memory to retrieve. If omitted, returns all memories.
rigour_forgetRemove a stored memory by key.2 params
Remove a stored memory by key.
Parameters* required
cwdstringAbsolute path to the project root.
keystringKey of the memory to remove.
Rigour
Your AI agent just tried to commit an AWS secret. Rigour blocked it in <100ms.
Try it now (zero config)
npx rigour-scan
Works on any repo. No init, no config, no setup. Instant results in your terminal:
HARDCODED SECRET DETECTED
AWS_SECRET_ACCESS_KEY found in src/config.ts:23
+ 22 more violations across 847 files (2.1s)
Score ████░░░░░░░░░░░░░░░░ 34/100
AI Health ███░░░░░░░░░░░░░░░░░░ 28/100
Gates: ✅ file-size ❌ security ❌ ast ✅ deps
Brain: learned 12 patterns · trend: improving ↑
Add to your AI IDE (30 seconds)
{ "mcpServers": { "rigour": { "command": "npx", "args": ["-y", "@rigour-labs/mcp"] } } }
| IDE / Agent | MCP Tools | Live Dashboard | Real-Time Feed |
|---|---|---|---|
| Claude Desktop | ✅ | ✅ MCP App | ✅ Logging |
| VS Code Copilot | ✅ | ✅ MCP App | ✅ Logging |
| ChatGPT | ✅ | ✅ MCP App | ✅ Logging |
| Goose | ✅ | ✅ MCP App | ✅ Logging |
| Claude Code | ✅ | — | ✅ Logging |
| Cursor | ✅ | — | ✅ Logging |
| Cline | ✅ | — | ✅ Logging |
| Windsurf | ✅ | — | ✅ Logging |
| Codex | ✅ | — | ✅ Logging |
Live governance dashboard (MCP App)
In supported editors, a real-time dashboard appears automatically as your agent works:
┌─ Rigour Governance ──────────────────────────┐
│ Score: 94/100 ✅ PASS │
│ │
│ 14:32:01 rigour_check → FAIL (34/100) │
│ 14:32:03 fix_packet → 8 fixes │
│ 14:32:15 rigour_check → 71/100 (+37) │
│ 14:32:22 rigour_check → ✅ PASS 94/100 │
│ │
│ Brain: 47 patterns · trend: improving ↑ │
└───────────────────────────────────────────────┘
No extra commands. The dashboard appears when the agent calls Rigour tools. Watch your agent self-heal in real time.
What it catches
| Category | Gates |
|---|---|
| Security | Hardcoded secrets (29+ patterns), SQL injection, XSS, CSRF, prototype pollution, Shannon entropy |
| Structural | File size, cyclomatic complexity, method count, parameter count, nesting depth, TODO/FIXME |
| AI Drift | Hallucinated imports, phantom APIs, context drift, retry loop detection |
| Governance | Agent team isolation, checkpoint supervision, memory DLP |
AST-based. Not heuristics. TypeScript, JavaScript, Python, Go, Ruby, C#, Java, Kotlin, Rust.
How it works
Agent writes code → Rigour gates fire → FAIL? → Fix Packet (JSON)
↓
Agent reads exact instructions
↓
Agent fixes → PASS ✓
No human in the loop. The agent gets told exactly what's wrong, on which line, and how to fix it — in JSON it can consume.
The Brain — learns your codebase
Every scan reinforces patterns. Patterns decay when absent. At strength: 0.9, they promote to hard rules. Your project's own immune system — trained locally, zero telemetry.
First week: catches 12 violations
First month: catches 8 violations ← learning your patterns
Third month: catches 3 violations ← your agents have adapted
How it's different
| Rigour | ESLint | Cloud tools | |
|---|---|---|---|
| Runs locally, zero telemetry | ✅ | ✅ | ❌ |
| Learns YOUR codebase (Brain) | ✅ | ❌ | ❌ |
| Agent self-healing (Fix Packets) | ✅ | ❌ | ❌ |
| Works offline (GGUF sidecar) | ✅ | ✅ | ❌ |
| AI-native drift detection | ✅ | ❌ | ❌ |
| MCP-native (26 tools) | ✅ | ❌ | ❌ |
Used in production
- 19,000+ total installs across CLI and MCP
- Organically forked by Alibaba iFlow
- OWASP project — listed
- Cursor MCP directory — listed
- Zero false positives on 202-finding production audit
Quick reference
npx rigour-scan # zero-config scan
npx @rigour-labs/cli init # add gates to your project
npx @rigour-labs/cli check # run gates
npx @rigour-labs/cli check --deep # + local AI analysis
npx @rigour-labs/cli check --deep --provider claude -k sk-ant-xxx # cloud AI
npx @rigour-labs/cli studio # monitoring dashboard
Architecture
| Package | Purpose |
|---|---|
@rigour-labs/core | Gate engine, AST analysis, Fix Packets, Brain |
@rigour-labs/cli | init, check, scan, run, studio |
@rigour-labs/mcp | MCP server — 26 tools for agent integration |
rigour-scan | Zero-config shortcut: npx rigour-scan |
Stack: TypeScript strict, web-tree-sitter, Zod, Vitest.
Full docs | Technical Spec | Philosophy
MIT © Rigour Labs — Built by Ashutosh
If Rigour caught something real in your codebase — tell us.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Categories
Registryactive
Package@rigour-labs/mcp
TransportSTDIO
UpdatedMar 18, 2026
