rigour

Rigour is an AI agent governance layer that sits between your AI coding agents and your codebase. It provides data loss prevention (DLP) to intercept credentials before they reach agents, governance to constrain how agents store memory and skills, and a suite of quality gates to detect hallucinated imports, unsafe patterns, and other code issues. With a single setup command, Rigour can auto-detect your project, generate a rigour.yml configuration, and install real-time hooks for multiple agents (such as Claude, Cursor, Cline, Windsurf). The built-in DLP patterns cover cloud keys, API tokens, private keys, database URLs, bearer tokens, JWTs, encoded secrets, and various credential formats, while its governance layer enforces safe memory and skills storage. Rigour also provides optional deep analysis modes and a memory/recall system to help you audit and manage sensitive data over time.

Prerequisites:

• Node.js (LTS) and npm installed on your machine
• Basic familiarity with CLI tools

Installation steps:

1. Install the Rigour CLI from npm (or use npx directly):
   • npm install -g @rigour-labs/cli
   • or simply run commands via npx as in the setup guide
2. Verify installation:
   • rigour --version || npx @rigour-labs/cli --version
3. Initialize Rigour in your project:
   • npx @rigour-labs/cli init
   • This will scan your project, create rigour.yml, and install real-time hooks for your agents
4. (Optional) Run a scan to validate governance:
   • npx @rigour-labs/cli scan

Note: The recommended entry point is using the Rigour CLI via npm or npx, which automatically configures the local environment and integrates with your codebase.

Tips and common considerations:

• The default setup enables DLP and governance locally; code never leaves your machine with the Local-First mode.
• Rigour supports multiple agents (Claude, Cursor, Cline, Windsurf) and can enforce that agents use rigour_remember for persistence.
• If you toggle governance off in rigour.yml, be aware that native memory and skills writes may bypass the guardrails.
• When using the deep analysis features, ensure you have enough disk space and bandwidth for the local LLM models (lite vs deep options).
• For sensitive environments, consider BYOK options and API key management when integrating with cloud services.
• Use rigour brain commands to explore memory findings and manage retention/decay of patterns over time.