Skip to main content
New aislop v0.6.1. Hook UX polish, three new deterministic rules, config-driven file exclusion. Read more →
← Blog
Release · 6 min read · reads

aislop v0.5.0. New CLI, own AST fix engine, stable output, better experience

For two versions I was blindly trusting external tools to do the destructive cleanup. It worked 90% of the time. The other 10% shipped broken TypeScript into committed code. v0.5.0 is the release where we stopped. Here is the story.

For two versions I was blindly trusting external tools to do the destructive cleanup in aislop. oxlint --fix removed unused imports. knip --fix stripped unused exports. It worked 90% of the time. The other 10% shipped broken TypeScript into committed code in ways I wouldn't see until CI broke three commits later.

v0.5.0 is the release where we stopped. Three threads landed together. A new CLI that shows every engine updating live. Our own AST engine that knows exactly what it is deleting (and reverts if anything goes wrong). And a fix pipeline that's finally stable: run it twice on a clean repo and the second pass is a no-op.

1. A new CLI you can actually watch

Every command was rewritten. Scan now shows all six engines updating concurrently in a live grid with aligned columns. Fix renders as a live rail: each step appears with a spinner while it runs, then resolves to a checkmark, warning, or cross when it completes. The footer always summarizes what happened, and the next-step hints carry an accent-green arrow.

$ npx aislop scan aislop 0.5.0 · the quality gate for agentic coding scan · my-app · typescript · 142 files ◆ Formatting done 0 issues 0.4s ◆ Linting done 0 issues 0.4s ! Code Quality warn 2 issues 0.8s ! AI Slop warn 4 issues 0.5s ◆ Security done 0 issues 1.3s 87 / 100 Healthy · 0 errors · 6 warnings · 4 fixable

The output is invocation-aware. If you ran the tool via npx, every hint in the footer says npx aislop .... If you installed globally, it drops the prefix. Copy-paste works regardless of how the binary got on your machine. Small thing, big difference on a shared team.

2. Our own AST fix engine

The biggest investment in v0.5.0. Here is why.

During the 25-project validation run for 0.5, four real projects broke. Not from our code. From the external --fix tools we were delegating to. A dangling colon left behind after stripping an unused alias. An invalid rest-element rename. A typed shorthand rewrite that broke the property binding. A TDZ error from the exhaustive-deps autofix. Every one of them shipped broken TypeScript. None were caught by fixture tests.

The pattern was always the same. Those tools were designed for humans who review the diff before committing. aislop runs unattended. It's a fundamental mismatch. So we stopped delegating and wrote our own engine.

Every mutation now goes through the TypeScript compiler API. Each change classifies the binding shape first: shorthand property, aliased property, rest element, array binding, positional parameter, catch parameter. Each shape has its own rewrite path. Before a file is written, the output is parsed. If the parse fails, the write is reverted. It's slower than a regex by a factor of ten. It's also the only reason we can promise aislop fix won't corrupt your code.

For now, the more aggressive destructive fixes (dependency audit, unused file removal, Expo alignment) sit behind the -f flag. Run aislop fix -f to opt in. Once enough teams have run it successfully in production, it becomes the default. For the current release, aislop fix on its own does the safe things through the new engine. -f adds the rest.

3. Fix-then-scan is a stable fixed point

Running aislop fix a second time on a clean repo used to produce phantom diffs. Biome reformatting one whitespace. Knip stripping a keyword that wasn't quite unused. Little changes that looked like regressions in git but weren't. In v0.5.0 they're gone.

The fix pipeline scans first, then only runs fixers for engines that actually found issues. If formatting reports zero issues, Biome does not run. If linting is clean, the lint fixer is skipped. A clean repo stays clean after aislop fix. Always. That's a property we can now promise in CI.

Everything else

Added

ChangeDetails
Top-level help outputEvery subcommand help screen now renders with the brand header and a consistent accent-green hint line.
JSON schema metadataOutput gains schemaVersion and cliVersion at the top so consumers can version their parsing.
aislop ci --humanRe-enables the full visual design when you want human-readable CI output.
aislop init wizardNow a proper interactive wizard built on @clack/prompts. Four prompts, preserves existing schema, emits the right next-step hint.
Project-aware doctorOne row per engine with its backing tool. Shows a cross with inline remediation only for tools you actually need.

Changed

ChangeDetails
SQL-injection detectionTemplate literals only flag when preceded by a database-like receiver (db., knex., prisma., etc.). log.raw and similar no longer false-positive.
typescript dependencyMoved from devDependencies to dependencies. Required at runtime by the new AST engine.
Breaking changesNone at the CLI contract level. All flags, exit codes, and JSON field names stayed stable.

Full changelog on GitHub.

Upgrade

$ npx aislop@latest scan

Or if you have it installed already:

$ npm update aislop
$ pnpm update aislop

Star the AI Slop CLI on GitHub if you want the next release in your feed.

← All posts