Skip to main content
New aislop v0.5.0. New CLI, own AST fix engine, stable output, better experience Read more →
Documentation

Configure.

aislop runs with zero config. When you want to customize — enable the architecture engine, tighten a threshold, raise the CI gate — it lives in .aislop/config.yml.

Where it lives

.aislop/config.yml at the repo root. aislop walks up the directory tree to find it, so subpackages inherit the root config automatically (useful in monorepos).

Run npx aislop init for an interactive wizard that writes the file for you. Or hand-write it — the schema is small.

Full example

# .aislop/config.yml

engines:
  format: true
  lint: true
  code-quality: true
  ai-slop: true
  architecture: false      # opt-in; requires .aislop/rules.yml
  security: true

quality:
  maxFunctionLoc: 80       # warn above (10% soft tolerance → flags at 89+)
  maxFileLoc: 400          # warn above (10% soft tolerance → flags at 441+; JSX/TSX 2x)
  maxNesting: 5
  maxParams: 6

security:
  audit: true              # run npm/pnpm audit
  auditTimeout: 25000      # ms

scoring:
  weights:
    format: 0.3
    lint: 0.6
    code-quality: 0.8
    ai-slop: 2.5           # highest weight — catching slop is the point
    architecture: 1.0
    security: 1.5
  thresholds:
    good: 75               # "Healthy" label at or above this
    ok: 50                 # "Needs Work" between ok and good; "Critical" below ok
  smoothing: 20            # damps score volatility on small repos

ci:
  failBelow: 70            # exit 1 when score drops below
  format: json             # json | human

telemetry:
  enabled: true            # anonymous usage only — no code, no paths

Fields

engines

Toggle each engine on or off. All on by default except architecture (opt-in).

  • format — Biome (JS/TS), ruff (Python), gofmt (Go), rubocop (Ruby), php-cs-fixer (PHP), cargo fmt (Rust)
  • lint — oxlint, ruff, golangci-lint, clippy, expo-doctor
  • code-quality — knip (unused files/exports/deps) + aislop's complexity checks (file/function size, nesting, params)
  • ai-slop — trivial & narrative comments, dead patterns, unused imports, console leftovers, as any, TODO stubs, generic naming
  • architecture — your own import bans and layering rules; needs .aislop/rules.yml
  • security — regex for eval / innerHTML / SQL & shell injection + dependency audits

quality

Complexity thresholds. All have a 10% soft tolerance — a file at 441 lines flags, a file at 440 doesn't.

  • maxFunctionLoc — default 80. Functions whose body is dominated by a single template literal are exempt.
  • maxFileLoc — default 400. JSX/TSX files get 2× since markup is verbose.
  • maxNesting — default 5. Counts control-flow blocks (if / for / while / switch / catch).
  • maxParams — default 6.

scoring

How the 0–100 score is computed. Most people don't touch this.

  • weights — per-engine weight. ai-slop is weighted highest because it's the slop the rest miss.
  • thresholds.good / thresholds.ok — score bucket labels.
  • smoothing — softens score swings on tiny repos where one issue moves the number by 20 points.

ci

  • failBelowaislop ci exits with code 1 when the score drops below this, or when any error-severity diagnostic is present.
  • formatjson (default, CI-friendly) or human.

telemetry

Anonymous usage stats only — command name, language, engine timings, score bucket. No file contents, no paths, no identifying data. Opt out with enabled: false or the env var AISLOP_TELEMETRY_DISABLED=1.

Architecture rules (opt-in)

If you enable architecture: true, aislop also reads .aislop/rules.yml. This is where you put your rules — the ones specific to this codebase. 

# .aislop/rules.yml
rules:
  - name: no-axios
    type: forbid_import
    match: "axios"
    severity: error

  - name: controllers-cant-touch-db
    type: forbid_import_from_path
    from: "src/controllers/**"
    forbid: "src/db/**"
    severity: error