Skip to main content
New aislop v0.9.4: four new Python rules from the SlopCodeBench paper, plus a CLI star prompt and GitHub Discussions. Read more →
Enterprise

Govern what your agents ship.

Agents now write a growing share of the code that reaches production, and most of it ships with little human review. aislop is the deterministic control layer that proves what is safe and in-policy before it merges. No LLM at runtime, sub-second, reproducible. Same code in, same score out.

Talk to us How we handle your code →
The category

The governance and control layer for AI-written code. The loop is Scan to Prove to Govern: a deterministic gate, a public evidence base for every rule, and a policy layer that turns the score into something your organization can enforce.

The problem

Unreviewed agent code is a risk surface.

When agents wrote a small fraction of your code, a human read most of it. That assumption no longer holds. Output now outpaces review, and the patterns AI tools leave behind are not just untidy. Swallowed errors, unsafe type escapes, duplicated logic, and risky security constructs are the kinds of defects that reach production unseen.

At scale this is a governance gap, not a tidiness problem. Leaders cannot answer basic questions: which agents introduce the most risk, which teams carry the most unreviewed debt, and whether a passing pipeline actually means the code is in policy. A deterministic gate that proves its findings closes that gap before merge, not after an incident.

The loop

Scan, prove, govern.

One loop ties the free CLI to the platform. The gate scans deterministically, public research proves which patterns agents break, and the policy layer turns that evidence into enforceable standards.

01 — Scan

Deterministic, sub-second, no LLM at runtime.

40+ AI-slop rules across 8 languages run on every keystroke, every PR, and in CI. Same code in, same score out. The gate is reproducible, so a passing build means the same thing for every developer and every agent.

02 — Prove

Every finding traces to evidence.

Rules map to real code patterns, pinned public scans, and benchmark signals. Nothing is a black box, so a finding is something a maintainer can verify rather than a verdict from a model you cannot inspect.

03 — Govern

Turn the score into policy.

Set standards once at the org level, refine them per team and per project, and decide what blocks a merge. Exceptions carry a reason, an expiry, and an approver, so drift is visible instead of silent.

Governance capabilities

The control layer, built in the open.

Provenance, attribution, and policy are the governance plan that the public research program is building toward. Access controls and deployment options are marked as roadmap so you know what is shipped and what is committed.

Rule provenance

Planned

Every rule traces back to the real code pattern, public scan, or benchmark signal that justified it. Reviewers see why a finding fired, not just that it did.

Agent attribution

Planned

Tie each risk class to the agent that introduced it across Claude Code, Cursor, Codex, Gemini, Windsurf, Cline, Kilo Code, Antigravity, and Copilot. Know which tool needs tighter guardrails.

Policy & exceptions

Planned

Standards hierarchy from org to team to project. Exceptions require a reason, an expiry date, and a named approver, so every waiver has an owner and an end date.

Audit & compliance export

Planned

Export scan history, score deltas, and the exception inventory as a record auditors and security reviewers can read without access to your source.

SSO / SCIM

Roadmap

SAML single sign-on and SCIM provisioning for centrally managed access. On the enterprise roadmap, not yet shipped.

Self-hosted / VPC

Roadmap

Run the platform inside your own network for teams that cannot send metadata to a hosted service. On the enterprise roadmap, not yet shipped.

The buyer report

A quarterly AI-code-risk report.

The same evidence the gate produces rolls up into a report a security or engineering leader can act on. Reproducible by construction, because every number traces to a pinned scan.

  • Rule classes broken down by team, so leaders see where AI-slop concentrates instead of one global number.
  • Agent attribution summary: which coding agents introduced which risk classes over the quarter.
  • Exception inventory: every active waiver with its reason, approver, and expiry, plus what is overdue.
  • Remediation velocity: how fast each team closes findings once they surface, and where the backlog grows.

Bring governance to the code your agents ship.

Start with the free MIT CLI on any project today. When you are ready to enforce standards across teams, we will help you plan the rollout.

Talk to us →