aislop v0.6.0. Agent hooks for Claude, Cursor, Gemini, and six more
For five versions aislop scanned code after the agent wrote it. v0.6.0 is the release where it started scanning while the agent was writing it. One command wires aislop into nine agents. The agent sees its own slop before you do.
For five versions of aislop the feedback loop was the same shape. Agent writes code. You (or CI) run aislop scan later. Aislop reports 40 findings. You tell the agent. The agent fixes them. Rinse.
That loop is slow and it leaves the agent unaware of what it's producing until the code has already landed somewhere. By the time the feedback arrives, the context is gone. v0.6.0 is the release where we collapsed the loop. One command wires aislop into the agent's native lifecycle. The agent sees its own slop on the turn it wrote the code, not at review time.
1. One command, nine agents
aislop hook install plugs aislop into your agent. Pick the agent, or install everything at once:
Three agents get runtime adapters — Claude Code (PostToolUse), Cursor (afterFileEdit), Gemini CLI (AfterTool). Aislop runs as a hook on every edit and pipes structured findings back.
Six more — Codex, Windsurf, Cline (plus Roo), Kilo Code, Antigravity, Copilot — don't have a native hook lifecycle. They get a rules-only installer: aislop writes an AISLOP.md the agent reads every turn. Same standards, different mechanism.
2. The feedback the agent sees
The agent doesn't get "you made a mess, please fix it." It gets JSON it can act on. Every hook fire emits an aislop.hook.v1 envelope:
File path, line number, rule ID, severity, fixable flag, suggested next steps. No prose-to-action translation step. The agent parses it, acts on it, moves on. Top-20 findings per hook fire so the agent's context doesn't flood on a big edit.
3. Quality-gate mode
One step further. With --quality-gate, aislop captures your project's current score as a baseline at install time. Claude's Stop hook then blocks the session if the score would drop below that baseline.
The agent cannot end a turn that regresses the codebase. It sees the block reason, the diff that caused it, and gets one more pass to clean up before the session stops. Instead of the reviewer being the floor, aislop becomes the floor. Code that leaves the agent's session is always at or above the bar you set.
4. Safety rails
Writing config into nine different agent-specific locations needed a safety model. Four pieces:
| Guard | What it prevents |
|---|---|
| SHA-256 sentinel | Every write stamps a hash fence. Uninstall only removes blocks that match. Hand-edited sections are never touched. |
| Atomic writes | JSON goes to a tempfile and renames in. Markdown is fenced between <!-- aislop:begin --> markers. No half-written config. |
| Recursion guard | .aislop/hook.lock with a 30-second stale window. Aislop doesn't scan itself through its own hook. |
| git diff fallback | Kicks in when the hook payload doesn't carry a file path. Cursor does this on some tool calls. |
Everything else
Added
| Change | Details |
|---|---|
aislop hook command | install, uninstall, status, baseline — full lifecycle management for hooks across all nine supported agents. |
| Structured feedback contract | aislop.hook.v1 — versioned JSON envelope with score, counts, top-20 findings, next steps, regression flag. |
| Swagger / OpenAPI safe | Narrative-comment rule was flagging @swagger, @openapi, @api* blocks as slop and auto-fix was deleting them. Real repos lost 1,340 lines of API docs in a single run. All API-doc JSDoc tags now in MEANINGFUL_JSDOC_TAGS. Covered by tests. |
Fixed
| Change | Details |
|---|---|
npx aislop scan --json clean stdout | postinstall-tools.mjs was logging to stdout. In CI (no npx cache) install progress prefixed the JSON envelope and any parser defaulted to score: 0. Install progress now routes to stderr. |
pnpm audit --fix subcommand | Layered with develop's 410-endpoint fallback. Pnpm now writes surgical pnpm.overrides when the audit endpoint is live, falls back to npm otherwise. |
| Breaking changes | None at the CLI contract. The hook subcommand is additive. |
Full changelog on GitHub.
Install
Or pick every supported agent:
Full guide at /docs/hooks. Star the repo on GitHub if you want the next release in your feed.