Rigour MCP
OfficialClick on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Rigour MCPscan current repository for hardcoded secrets and structural issues"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Rigour
Your AI agent just tried to commit an AWS secret. Rigour blocked it in <100ms.
Try it now (zero config)
npx rigour-scanWorks on any repo. No init, no config, no setup. Instant results in your terminal:
HARDCODED SECRET DETECTED
AWS_SECRET_ACCESS_KEY found in src/config.ts:23
+ 22 more violations across 847 files (2.1s)
Score ████░░░░░░░░░░░░░░░░ 34/100
AI Health ███░░░░░░░░░░░░░░░░░░ 28/100
Gates: ✅ file-size ❌ security ❌ ast ✅ deps
Brain: learned 12 patterns · trend: improving ↑Related MCP server: inkog
Add to your AI IDE (30 seconds)
{ "mcpServers": { "rigour": { "command": "npx", "args": ["-y", "@rigour-labs/mcp"] } } }IDE / Agent | MCP Tools | Live Dashboard | Real-Time Feed |
Claude Desktop | ✅ | ✅ MCP App | ✅ Logging |
VS Code Copilot | ✅ | ✅ MCP App | ✅ Logging |
ChatGPT | ✅ | ✅ MCP App | ✅ Logging |
Goose | ✅ | ✅ MCP App | ✅ Logging |
Claude Code | ✅ | — | ✅ Logging |
Cursor | ✅ | — | ✅ Logging |
Cline | ✅ | — | ✅ Logging |
Windsurf | ✅ | — | ✅ Logging |
Codex | ✅ | — | ✅ Logging |
Live governance dashboard (MCP App)
In supported editors, a real-time dashboard appears automatically as your agent works:
┌─ Rigour Governance ──────────────────────────┐
│ Score: 94/100 ✅ PASS │
│ │
│ 14:32:01 rigour_check → FAIL (34/100) │
│ 14:32:03 fix_packet → 8 fixes │
│ 14:32:15 rigour_check → 71/100 (+37) │
│ 14:32:22 rigour_check → ✅ PASS 94/100 │
│ │
│ Brain: 47 patterns · trend: improving ↑ │
└───────────────────────────────────────────────┘No extra commands. The dashboard appears when the agent calls Rigour tools. Watch your agent self-heal in real time.
What it catches
Category | Gates |
Security | Hardcoded secrets (29+ patterns), SQL injection, XSS, CSRF, prototype pollution, Shannon entropy |
Structural | File size, cyclomatic complexity, method count, parameter count, nesting depth, TODO/FIXME |
AI Drift | Hallucinated imports, phantom APIs, context drift, retry loop detection |
Governance | Agent team isolation, checkpoint supervision, memory DLP |
AST-based. Not heuristics. TypeScript, JavaScript, Python, Go, Ruby, C#, Java, Kotlin, Rust.
How it works
Agent writes code → Rigour gates fire → FAIL? → Fix Packet (JSON)
↓
Agent reads exact instructions
↓
Agent fixes → PASS ✓No human in the loop. The agent gets told exactly what's wrong, on which line, and how to fix it — in JSON it can consume.
The Brain — learns your codebase
Every scan reinforces patterns. Patterns decay when absent. At strength: 0.9, they promote to hard rules. Your project's own immune system — trained locally, zero telemetry.
First week: catches 12 violations
First month: catches 8 violations ← learning your patterns
Third month: catches 3 violations ← your agents have adaptedHow it's different
Rigour | ESLint | Cloud tools | |
Runs locally, zero telemetry | ✅ | ✅ | ❌ |
Learns YOUR codebase (Brain) | ✅ | ❌ | ❌ |
Agent self-healing (Fix Packets) | ✅ | ❌ | ❌ |
Works offline (GGUF sidecar) | ✅ | ✅ | ❌ |
AI-native drift detection | ✅ | ❌ | ❌ |
MCP-native (26 tools) | ✅ | ❌ | ❌ |
Used in production
19,000+ total installs across CLI and MCP
Organically forked by Alibaba iFlow
OWASP project — listed
Cursor MCP directory — listed
Zero false positives on 202-finding production audit
Quick reference
npx rigour-scan # zero-config scan
npx @rigour-labs/cli init # add gates to your project
npx @rigour-labs/cli check # run gates
npx @rigour-labs/cli check --deep # + local AI analysis
npx @rigour-labs/cli check --deep --provider claude -k sk-ant-xxx # cloud AI
npx @rigour-labs/cli studio # monitoring dashboardArchitecture
Package | Purpose |
| Gate engine, AST analysis, Fix Packets, Brain |
|
|
| MCP server — 26 tools for agent integration |
| Zero-config shortcut: |
Stack: TypeScript strict, web-tree-sitter, Zod, Vitest.
Full docs | Technical Spec | Philosophy
MIT © Rigour Labs — Built by Ashutosh
If Rigour caught something real in your codebase — tell us.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/rigour-labs/rigour'
If you have feedback or need assistance with the MCP directory API, please join our Discord server