aislop

aislop is an MIT-licensed CLI and hosted platform built by Skivelane Limited that detects the low-quality patterns AI coding agents leave behind in codebases. It runs sub-second, deterministic scans using regex, AST analysis, and best-in-class static tooling — no LLM at runtime — and produces a 0–100 score for every file or pull request. The tool is available as a free CLI via npx aislop scan and as a hosted dashboard at scanaislop.com for team-level enforcement.

What It Is

aislop is a code quality gate specifically designed for the era of AI-assisted development. Where traditional linters catch style and syntax issues, aislop targets the structural and semantic patterns that AI agents like Claude Code, Cursor, Codex, and OpenCode routinely produce: narrative JSDoc preambles above self-explanatory code, swallowed exceptions with empty catch blocks, as any type casts, TODO stubs, generic variable names like data2, hallucinated imports, and oversized functions. It scores every change on a 0–100 scale and can block PRs that fall below a configurable threshold.

How the Six-Engine Architecture Works

aislop runs six deterministic engines in parallel, each delegating to specialized tooling where it exists:

• Formatting — Biome, ruff, gofmt, cargo fmt, rubocop, php-cs-fixer
• Linting — oxlint, ruff, golangci-lint, clippy, expo-doctor
• Code Quality — function/file size limits, deep nesting, unused files and dependencies via knip
• AI Slop — aislop's own detectors for narrative comments, trivial comments, dead patterns, as any, console.log leftovers, and TODO stubs
• Security — eval, innerHTML, SQL/shell injection patterns, dependency audits via npm/pip/cargo/govulncheck
• Architecture — opt-in custom import bans, layering rules, and required patterns

The score is weighted so AI-slop patterns and security issues hit harder than style noise. The same code always produces the same score — no API calls, no model variance.

Agent Integration and Workflow

aislop is built around the agentic coding loop. After scanning, npx aislop fix applies mechanical fixes (formatters, unused imports, dead code). For issues requiring judgment, npx aislop fix --claude (or --cursor, --codex, --gemini, and 11 other agents) hands off remaining diagnostics with full context so the agent can resolve them. A hook system (npx aislop hook install) runs after every agent edit to provide immediate feedback. An MCP server (aislop-mcp) exposes aislop_scan, aislop_fix, aislop_why, and aislop_baseline tools for Claude Desktop, Cursor, and Codex. CI integration supports GitHub Actions, GitLab, CircleCI, and pre-commit, with SARIF 2.1.0 output for GitHub code scanning.

Language and Platform Coverage

The tool covers 8 languages: TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP, and Java. It ships 40+ AI-slop detection rules and supports 9 coding agents for hook and handoff integration. The npx aislop scan command requires no installation and no account, and source code never leaves the local machine during CLI scans.

Update: v0.10.1

The latest release, v0.10.1 (published May 30, 2026), focused on real-code accuracy: it fixed Python complexity detection and reduced TypeScript false positives. The project reached 244 GitHub stars and approximately 3,200 npm downloads per month according to the homepage. The GitHub repository was created in March 2026, placing the project in early active development. The hosted scanaislop platform is currently in beta with all features available at no cost during the beta period, according to the pricing page.

Open-Source Deployment Model

The CLI is MIT-licensed and the core source code is publicly available at github.com/scanaislop/aislop. The hosted scanaislop platform adds PR gates, team standards hierarchy (org → team → project), dashboards, and GitHub integration on top of the same engines. The CLI can be run entirely offline; the platform requires an account and connects to GitHub for PR enforcement.