Security News
US Government Forces Anthropic to Pull Claude Fable Days After Launch
Anthropic says the directive cited national security concerns over a narrow jailbreak, but offered no specific technical details.
By Sarah Gooding - Jun 13, 2026
Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
@rigour-labs/cli
Advanced tools
@rigour-labs/cli
CLI quality gates for AI-generated code. Forces AI agents (Claude, Cursor, Copilot) to meet strict engineering standards with PASS/FAIL enforcement.
@rigour-labs/cli
Local-first quality gates for AI-generated code.
Rigour forces AI agents to meet strict engineering standards before marking tasks "Done".
Core gates run locally. Deep analysis can run local or cloud provider mode.
🚀 Quick Start
npx @rigour-labs/cli scan # Zero-config scan (auto-detect stack)
npx @rigour-labs/cli init # Initialize quality gates
npx @rigour-labs/cli check # Verify code quality
npx @rigour-labs/cli run -- claude "Build feature X" # Agent loop
🍺 Homebrew
brew tap rigour-labs/tap
brew install rigour
🛑 The Problem
AI agents often fall into "Vibe Coding"—claiming success based on narrative, not execution:
- Agent makes a change
- Agent claims "Task 100% complete"
- CI Fails with type errors, lint failures, or broken tests
Rigour breaks this cycle by forcing agents to face the same verification tools (ruff, mypy, vitest) that CI runs—locally and immediately.
🔄 How It Works
Agent writes code → Rigour checks → FAIL? → Fix Packet → Agent retries → PASS ✓
⚙️ Quality Gates
Structural & Security Gates
| Gate | Description |
|---|---|
| File Size | Max lines per file (default: 300-500) |
| Hygiene | No TODO/FIXME comments allowed |
| Complexity | Cyclomatic complexity limits (AST-based) |
| Required Docs | SPEC.md, ARCH.md, README must exist |
| File Guard | Protected paths, max files changed |
| Security Patterns | XSS, SQL injection, hardcoded secrets, command injection |
| Context Alignment | Prevents drift by anchoring on project patterns |
AI-Native Drift Detection (v2.16+)
| Gate | Description |
|---|---|
| Duplication Drift | Near-identical functions across files — AI re-invents what it forgot |
| Hallucinated Imports | Imports referencing modules that don't exist (JS/TS, Python, Go, Ruby, C#) |
| Inconsistent Error Handling | Same error type handled differently across agent sessions |
| Context Window Artifacts | Quality degradation within a file — clean top, messy bottom |
| Async & Error Safety | Unsafe async/promise patterns, unhandled errors across 6 languages |
Multi-Language Support
All gates support TypeScript, JavaScript, Python, Go, Ruby, and C#/.NET.
🛠️ Commands
| Command | Purpose |
|---|---|
rigour scan | Zero-config stack-aware scan using existing gates |
rigour init | Setup Rigour in your project |
rigour check | Validate code against quality gates |
rigour check --ci | CI mode with appropriate output |
rigour hooks init | Install real-time hooks for supported tools |
rigour hooks check --files ... | Run fast hook gates on specific files |
rigour explain | Detailed explanation of validation results |
rigour run | Supervisor loop for iterative refinement |
rigour studio | Dashboard for monitoring |
rigour index | Build semantic index of codebase patterns |
🤖 Works With
- Claude Code:
rigour run -- claude "..." - Cursor / Cline / Gemini: Via MCP server (
rigour_check,rigour_explain)
📖 Documentation
| Quick Links | |
|---|---|
| Getting Started | Install and run in 60 seconds |
| CLI Reference | All commands and options |
| Configuration | Customize quality gates |
| MCP Integration | AI agent setup |
🧪 CI Integration
- run: npx @rigour-labs/cli check --ci
📜 License
MIT © Rigour Labs
"Rigour adds the engineering."
FAQs
AI-native quality gates with local LLM analysis. Forces AI agents (Claude, Cursor, Copilot, Cline, Windsurf) to meet engineering standards. Bayesian Brain learns your codebase. Zero config: npx rigour-scan.
The npm package @rigour-labs/cli receives a total of 290 weekly downloads. As such, @rigour-labs/cli popularity was classified as not popular.
We found that @rigour-labs/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 05 Mar 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic
A network of 152 Chrome live wallpaper extensions hid ad tracking and made extension-driven traffic look like Google search clicks.
By Kush Pandya - Jun 12, 2026
Company News
Andrew Becherer Joins Socket as Chief Information Security Officer
Socket’s first CISO brings deep experience securing high-growth SaaS companies as open source supply chain threats accelerate.
By Sarah Gooding - Jun 11, 2026