Skip to main content
New aislop v0.9.3: rule-precision release. Fewer false positives across docs, imports, eval, wrappers, JSON-LD, and bundled files. Read more →
← Blog
Reference · 7 min read · reads

High-quality AI coding standards

What does a coding standard for an AI agent even look like? Some teams point at an AGENTS.md. Some point at a 2019 style guide. Some shrug. Here is what we landed on after watching AI-generated code fail in production. Ten rules, each one enforced mechanically, none of them optional.

Ask any team shipping with Claude Code, Cursor, Opencode, or Codex what their coding standard for the agent is. You will get a shrug. Maybe an AGENTS.md. Maybe a style guide from 2019. Nothing mechanical. Nothing the agent is actually held to.

These ten rules came out of watching AI-generated code fail in production. Our code. Customer code. The backlog. We tried treating agent output like a junior PR. It does not work. Juniors learn. Models do not. The standard has to be mechanical or it is not a standard.

Each rule below maps to an aislop rule. Your agent hits it on every commit. No review labor. No vibes. The rule is not just declared, it is enforced.

The ten standards

01

No trivial comments

The name carries the information. If the line reads initDB(), a comment saying "initialize the database" is noise. Worse, it rots the first time someone renames the function. Now the comment is a lie the next agent will read as truth.

Enforce. ai-slop/trivial-comment. Autofix on.

02

No narrative preambles

Multi-paragraph JSDoc and section banners belong in a PR description, not in source. Agents write them because the training data rewards visible effort. Readers do not read them. Your agent does not need them.

Enforce. ai-slop/narrative-comment. Autofix on.

03

Explicit error handling

No silent catches. No return [] on failure. The error is handled with a named strategy (retry, fallback, user message), or it propagates. Pick one. Agents love the silent catch because it makes the happy path pass. It also makes the production incident a mystery.

Enforce. ai-slop/swallowed-exception. Severity: error.

04

No console.log in source

Debug output belongs in a logger. Every console.log in production is either forgotten debug or a quiet admission that no real logger exists. Both are a problem. Your agent is leaving them behind. Your pipeline should catch them.

Enforce. ai-slop/console-leftover.

05

No as any

Types are the contract. as any and as unknown as X delete the contract right at the point you needed it. Every escape hatch is a production surprise waiting. Agents reach for them when they do not want to do the actual typing work. Do not let them.

Enforce. ai-slop/unsafe-type-assertion.

06

Size limits

Files under 400 lines. Functions under 80 lines. Ten percent tolerance. If your function is more than 80 lines, your agent is doing something wrong. If your file is more than 400 lines, same story. Agents have no internal pressure to keep anything small. They will append until something warns them. That something is you.

Enforce. file-too-large, function-too-long. Configurable in .aislop/config.yml.

07

Dependency hygiene

Dead code, unused dependencies, unused exports. Your agents are leaving them behind. Every symbol in package.json is a supply chain entry. Every unused export is future dead code nobody wants to touch. Cut them.

Enforce. knip via aislop. Aggressive fix removes unused exports and unimported files.

08

AST-aware fixes only

Never regex-mutate source code. Destructure patterns, generics, JSX, none of them are regular. The three-line regex you wrote this morning will corrupt a file next month. We learned this in 0.5. We have scars.

Enforce. Code review convention. aislop itself uses the TypeScript compiler API for every transformation.

09

Parse-check before write

Every autofix has to prove its output still parses. A mutation that produces a syntax error is silently discarded. Revert on failure. Always. This single rule would have caught three of the four GAP bugs external fixers shipped in 0.5.

Enforce. Engineering discipline. aislop wraps all mutations in a parse gate.

10

Invocation-aware copy

Help text has to work no matter how the user installed the tool. If your CLI says aislop fix --claude but the user ran npx, the copy-paste fails. Use npx <tool> everywhere, or detect the invocation at runtime.

Enforce. aislop 0.5 detects npx vs global vs local install and adapts every hint in its own output.

The scoring model

aislop emits a single score from 0 to 100 per scan. Teams need a quality gate, not just a linter. A linter tells you what is wrong. A gate tells you whether to merge. Warnings contribute proportionally to the deduction. Errors contribute more. The engine count is factored in so small projects are not punished for having fewer surfaces.

Rough guide:

  • 90 and up — clean.
  • 80 and up — a well-maintained codebase.
  • 70 and up — no critical issues.

Start your threshold low. Ratchet up as the slop comes out.

How to enforce

GitHub Actions, one step:

- run: npx aislop@latest ci .

Config lives in .aislop/config.yml:

ci:
failBelow: 70
quality:
maxFileLoc: 400
maxFunctionLoc: 80

Commit this file. It becomes your team's engineering standard. Every human, every agent, every PR is held to the same bar. That is what a coding standard for your agent actually looks like.

Closing

These are not opinions for the sake of opinions. Every rule here came out of watching AI-generated code fail in production. If you want the receipts for any one of them, the 25-project validation post has them.

See your score

$ npx aislop@latest ci .

Run it in CI. Hold your agent to the same ten rules every PR. Star the AI Slop CLI on GitHub if you want the next release in your feed.

← All posts