$ cat why.md
Behavioral rules for AI agents are text in the context window. Under pressure — deep in a fix loop, resolving conflicting instructions, running low on context — the model rationalizes around them. This isn’t a hypothetical failure mode. It’s documented.
$ docs
I built a tool from this.
rigscore scores your AI dev config. Thirteen checks. A number out of 100 and a CI-ready exit code. Runs locally with no account.
Install & run
npx github:Back-Road-Creative/rigscore+----------------------------------------+ | | | rigscore v2.0.0 | | AI Dev Environment Hygiene Check | | | +----------------------------------------+ Scanning /home/user/my-project ... [OK] CLAUDE.md governance.......... 10/10 [OK] Claude settings safety........ 8/8 [OK] Cross-config coherence........ 14/14 [OK] Credential storage hygiene.... 6/6 [OK] Docker security............... 6/6 [OK] Secret exposure............... 8/8 [OK] Git hooks..................... 2/2 [OK] Infrastructure security....... 5/6 [ADV] Instruction effectiveness..... advisory [X] MCP server configuration...... 0/14 [OK] Permissions hygiene........... 4/4 [OK] Skill file safety............. 10/10 [OK] Unicode steganography......... 4/4 +----------------------------------------+ | HYGIENE SCORE: 78/100 | | Grade: B | +----------------------------------------+ CRITICAL (1) [X] MCP server "filesystem" has broad filesystem access: / -> Scope filesystem access to your project directory only.
MCP supply chain
Pins your MCP server configs and flags when they change. Catches typosquats, version drift, and config rug-pulls.
Coherence
Reads your governance file and checks whether the rest of your config backs up the claims it makes.
Local only
No account, no network. --online is opt-in when you want a registry lookup.