io.github.rigour-labs/rigour
编码与调试by rigour-labs
为 AI agents 提供质量门禁,集成 Lint、test 与 build 检查,并支持 memory 持久化。
什么是 io.github.rigour-labs/rigour?
为 AI agents 提供质量门禁,集成 Lint、test 与 build 检查,并支持 memory 持久化。
README
Rigour
Your AI agent just tried to commit an AWS secret. Rigour blocked it in <100ms.
Try it now (zero config)
npx rigour-scan
Works on any repo. No init, no config, no setup. Instant results in your terminal:
HARDCODED SECRET DETECTED
AWS_SECRET_ACCESS_KEY found in src/config.ts:23
+ 22 more violations across 847 files (2.1s)
Score ████░░░░░░░░░░░░░░░░ 34/100
AI Health ███░░░░░░░░░░░░░░░░░░ 28/100
Gates: ✅ file-size ❌ security ❌ ast ✅ deps
Brain: learned 12 patterns · trend: improving ↑
Add to your AI IDE (30 seconds)
{ "mcpServers": { "rigour": { "command": "npx", "args": ["-y", "@rigour-labs/mcp"] } } }
| IDE / Agent | MCP Tools | Live Dashboard | Real-Time Feed |
|---|---|---|---|
| Claude Desktop | ✅ | ✅ MCP App | ✅ Logging |
| VS Code Copilot | ✅ | ✅ MCP App | ✅ Logging |
| ChatGPT | ✅ | ✅ MCP App | ✅ Logging |
| Goose | ✅ | ✅ MCP App | ✅ Logging |
| Claude Code | ✅ | — | ✅ Logging |
| Cursor | ✅ | — | ✅ Logging |
| Cline | ✅ | — | ✅ Logging |
| Windsurf | ✅ | — | ✅ Logging |
| Codex | ✅ | — | ✅ Logging |
Live governance dashboard (MCP App)
In supported editors, a real-time dashboard appears automatically as your agent works:
┌─ Rigour Governance ──────────────────────────┐
│ Score: 94/100 ✅ PASS │
│ │
│ 14:32:01 rigour_check → FAIL (34/100) │
│ 14:32:03 fix_packet → 8 fixes │
│ 14:32:15 rigour_check → 71/100 (+37) │
│ 14:32:22 rigour_check → ✅ PASS 94/100 │
│ │
│ Brain: 47 patterns · trend: improving ↑ │
└───────────────────────────────────────────────┘
No extra commands. The dashboard appears when the agent calls Rigour tools. Watch your agent self-heal in real time.
What it catches
| Category | Gates |
|---|---|
| Security | Hardcoded secrets (29+ patterns), SQL injection, XSS, CSRF, prototype pollution, Shannon entropy |
| Structural | File size, cyclomatic complexity, method count, parameter count, nesting depth, TODO/FIXME |
| AI Drift | Hallucinated imports, phantom APIs, context drift, retry loop detection |
| Governance | Agent team isolation, checkpoint supervision, memory DLP |
AST-based. Not heuristics. TypeScript, JavaScript, Python, Go, Ruby, C#, Java, Kotlin, Rust.
How it works
Agent writes code → Rigour gates fire → FAIL? → Fix Packet (JSON)
↓
Agent reads exact instructions
↓
Agent fixes → PASS ✓
No human in the loop. The agent gets told exactly what's wrong, on which line, and how to fix it — in JSON it can consume.
The Brain — learns your codebase
Every scan reinforces patterns. Patterns decay when absent. At strength: 0.9, they promote to hard rules. Your project's own immune system — trained locally, zero telemetry.
First week: catches 12 violations
First month: catches 8 violations ← learning your patterns
Third month: catches 3 violations ← your agents have adapted
How it's different
| Rigour | ESLint | Cloud tools | |
|---|---|---|---|
| Runs locally, zero telemetry | ✅ | ✅ | ❌ |
| Learns YOUR codebase (Brain) | ✅ | ❌ | ❌ |
| Agent self-healing (Fix Packets) | ✅ | ❌ | ❌ |
| Works offline (GGUF sidecar) | ✅ | ✅ | ❌ |
| AI-native drift detection | ✅ | ❌ | ❌ |
| MCP-native (26 tools) | ✅ | ❌ | ❌ |
Used in production
- 19,000+ total installs across CLI and MCP
- Organically forked by Alibaba iFlow
- OWASP project — listed
- Cursor MCP directory — listed
- Zero false positives on 202-finding production audit
Quick reference
npx rigour-scan # zero-config scan
npx @rigour-labs/cli init # add gates to your project
npx @rigour-labs/cli check # run gates
npx @rigour-labs/cli check --deep # + local AI analysis
npx @rigour-labs/cli check --deep --provider claude -k sk-ant-xxx # cloud AI
npx @rigour-labs/cli studio # monitoring dashboard
Architecture
| Package | Purpose |
|---|---|
@rigour-labs/core | Gate engine, AST analysis, Fix Packets, Brain |
@rigour-labs/cli | init, check, scan, run, studio |
@rigour-labs/mcp | MCP server — 26 tools for agent integration |
rigour-scan | Zero-config shortcut: npx rigour-scan |
Stack: TypeScript strict, web-tree-sitter, Zod, Vitest.
Full docs | Technical Spec | Philosophy
MIT © Rigour Labs — Built by Ashutosh
If Rigour caught something real in your codebase — tell us.
常见问题
io.github.rigour-labs/rigour 是什么?
为 AI agents 提供质量门禁,集成 Lint、test 与 build 检查,并支持 memory 持久化。
相关 Skills
前端设计
by anthropics
面向组件、页面、海报和 Web 应用开发,按鲜明视觉方向生成可直接落地的前端代码与高质感 UI,适合做 landing page、Dashboard 或美化现有界面,避开千篇一律的 AI 审美。
✎ 想把页面做得既能上线又有设计感,就用前端设计:组件到整站都能产出,难得的是能避开千篇一律的 AI 味。
网页构建器
by anthropics
面向复杂 claude.ai HTML artifact 开发,快速初始化 React + Tailwind CSS + shadcn/ui 项目并打包为单文件 HTML,适合需要状态管理、路由或多组件交互的页面。
✎ 在 claude.ai 里做复杂网页 Artifact 很省心,多组件、状态和路由都能顺手搭起来,React、Tailwind 与 shadcn/ui 组合效率高、成品也更精致。
网页应用测试
by anthropics
用 Playwright 为本地 Web 应用编写自动化测试,支持启动开发服务器、校验前端交互、排查 UI 异常、抓取截图与浏览器日志,适合调试动态页面和回归验证。
✎ 借助 Playwright 一站式验证本地 Web 应用前端功能,调 UI 时还能同步查看日志和截图,定位问题更快。
相关 MCP Server
GitHub
编辑精选by GitHub
GitHub 是 MCP 官方参考服务器,让 Claude 直接读写你的代码仓库和 Issues。
✎ 这个参考服务器解决了开发者想让 AI 安全访问 GitHub 数据的问题,适合需要自动化代码审查或 Issue 管理的团队。但注意它只是参考实现,生产环境得自己加固安全。
Context7 文档查询
编辑精选by Context7
Context7 是实时拉取最新文档和代码示例的智能助手,让你告别过时资料。
✎ 它能解决开发者查找文档时信息滞后的问题,特别适合快速上手新库或跟进更新。不过,依赖外部源可能导致偶尔的数据延迟,建议结合官方文档使用。
by tldraw
tldraw 是让 AI 助手直接在无限画布上绘图和协作的 MCP 服务器。
✎ 这解决了 AI 只能输出文本、无法视觉化协作的痛点——想象让 Claude 帮你画流程图或白板讨论。最适合需要快速原型设计或头脑风暴的开发者。不过,目前它只是个基础连接器,你得自己搭建画布应用才能发挥全部潜力。