Security●●●Banger
AST-guard – Fast, zero-cost structural checks for LLM code execution
Deterministic AST analysis catches AI code bypasses that LLM reviewers miss, verified on 77k+ samples.
Big BrainWizardry
thinking-nick
208d ago
Back to browse
Rigour – Open-source quality gates for AI coding agents
by erashu212·Feb 21, 2026·2 points·1 comment
AI Analysis
●●●BangerBig BrainSolve My ProblemSlick
AST-verified AI code audits prevent hallucinations; LLM findings checked against parser ground truth.
Strengths
- •AST→LLM→AST verification loop is genuinely clever: avoids the 'LLM makes stuff up' trap by grounding every finding in verifiable syntax.
- •OWASP LLM Top 10 coverage + compliance presets (HIPAA, FedRAMP, SOC2) address real enterprise gates AI-generated code previously skipped.
- •Real audit of OpenClaw (3.9s, 2080 violations, 88/88 AST-verified) proves both competence and zero false-positive rigor.
Weaknesses
- •Scope creeps from gate enforcement into full audit; unclear if real teams use this pre-ship vs as post-mortem inspection tool.
- •Competitor landscape unclear: linters + SAST tools (Semgrep, Snyk) already do security checks; SOLID analysis novelty questionable.
Category
Target Audience
Engineering teams using AI coding agents (Claude, Cursor, Cline), regulated industries (fintech, healthcare, government).
Similar To
Semgrep · SonarQube · Snyk Code
Post Description
Hey HN,
I built Rigour, an open-source CLI that catches quality issues AI coding agents introduce. It runs as a quality gate in your workflow — after the agent writes code, before it ships.
v4 adds --deep analysis: AST extracts deterministic facts (line counts, nesting depth, method signatures), an LLM interprets what the patterns mean (god classes, SRP violations, DRY issues), then AST verifies the LLM didn't hallucinate.
I ran it on PicoClaw (open-source AI coding agent, ~50 Go files):
- 202 total findings - 88 from deep analysis (SOLID violations, god functions, design smells) - 88/88 AST-verified (zero hallucinations) - Average confidence: 0.89 - 120 seconds for full codebase scan
Sample finding: pkg/agent/loop.go — 1,147 lines, 23 functions. Deep analysis identified 5 distinct responsibilities (agent init, execution, tool processing, message handling, state management) and suggested specific file decomposition.
Every finding includes actionable refactoring suggestions, not just "fix this."
The tool is local-first — your code never leaves your machine unless you explicitly opt in with your own API key (--deep -k flag).
Tech: Node.js CLI, AST parsing per language, structured LLM prompts with JSON schema enforcement, AST cross-verification of every LLM claim.
GitHub: https://github.com/rigour-labs/rigour
Would love feedback, especially from anyone dealing with AI-generated code quality in production.
Similar Projects
Developer Tools●●Solid
CodeLeash: framework for quality agent development, NOT an orchestrator
TDD state machine leash for Claude Code avoids agent drift, but niche audience.
Big BrainNiche Gem
cadamsdotcom
1243mo ago
Developer Tools●●Solid
Automate Claude in a work->review loop with cook
Work-review-gate loop automates Claude iteration, but templated agentic loops already exist at scale.
Ship ItSolve My Problem
staticvar
203mo ago
AI/ML●●Solid
Governor – Quality gates for AI agents (465 tests, no Deps)
465 passing tests from 5,000+ production executions—guards that don't get tired.
Solve My ProblemDark Horse
june-jule
113mo ago
Developer Tools●●Solid
AI Code Validator – CI/CD quality gate for AI-generated code
AI-specific linting catches hallucinated packages; but static analysis won't catch logic gaps reliably.
Solve My Problem
aneyadeng
103mo ago
Developer Tools●Mid
Glass box governance for multi-agent AI coding workflows
Multi-agent tmux orchestrator with receipt ledger, but still early and narrow audience.
Big BrainShip It
vincentvandeth
103mo ago