# scanaislop > The engineering standards layer and quality gate for AI-written code. Define your standard once — every agent (Claude Code, Codex, Cursor, Gemini, ...) is held to it automatically on every edit and every PR. scanaislop ships the aislop CLI (open source, MIT) and a hosted quality-gate platform. It detects AI-slop code patterns: trivial comments, narrative JSDoc, dead code, unused imports, `any` casts, swallowed exceptions, oversized functions and files, vulnerable dependencies. It auto-fixes what's safely fixable and hands the rest to your coding agent with full context. ## Install ```bash # Run without installing (recommended for first use) npx aislop scan # Project dev dependency pnpm add -D aislop # or: npm install -D aislop | yarn add -D aislop # Global install npm install -g aislop ``` Requires Node >= 20. ## Quick start ```bash # Score your project (0-100 with diagnostics) npx aislop scan # Auto-fix what's safely fixable (formatters, unused imports, trivial comments, etc.) npx aislop fix # Aggressive fixes — runs dependency audit, removes unused files, aligns framework deps npx aislop fix -f # Hand off remaining issues to your coding agent (14 agents supported) npx aislop fix --claude # or: --codex, --cursor, --gemini, --windsurf, --aider, --goose, # --amp, --antigravity, --deep-agents, --kimi, --opencode, # --warp, --vscode npx aislop fix --prompt # print the prompt to paste into any coding tool # Scoped scans npx aislop scan --changes # only files changed vs HEAD npx aislop scan --staged # only staged files (for pre-commit hooks) # Other commands npx aislop init # interactive config wizard (.aislop/config.yml) npx aislop doctor # project-aware toolchain check npx aislop rules # list all detection rules grouped by engine npx aislop # interactive menu ``` ## CI / quality gate ```yaml # .github/workflows/aislop.yml name: aislop on: [pull_request] jobs: quality-gate: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: scanaislop/aislop@v0.10.2 with: version: latest # npm CLI version; pin to "0.10.2" for deterministic CI ``` ```yaml # .aislop/config.yml ci: failBelow: 70 # quality gate threshold (0-100) engines: format: true lint: true code-quality: true ai-slop: true security: true architecture: false # opt-in — requires .aislop/rules.yml quality: maxFunctionLoc: 80 # warn above (10% soft tolerance → flags at 89+) maxFileLoc: 400 # warn above (10% soft tolerance → flags at 441+; JSX/TSX 2x) ``` ## Languages supported TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP, Expo/React Native. ## Engines - **format** — Biome (JS/TS), ruff (Python), gofmt (Go), rubocop (Ruby), php-cs-fixer (PHP), cargo fmt (Rust) - **lint** — oxlint (JS/TS), ruff, golangci-lint, clippy, expo-doctor - **code-quality** — knip (unused files/exports/deps), complexity (function/file size, nesting, params), aislop's own AST-based unused-declaration remover - **ai-slop** — trivial comments, narrative JSDoc, swallowed exceptions, unused imports, console leftovers, unsafe type assertions, dead patterns, TODO stubs, generic naming - **security** — regex for `eval`/`innerHTML`/SQL injection/shell injection, dependency audits (pnpm/npm/pip/cargo/govulncheck) - **architecture** — opt-in; custom import bans, layering rules, required patterns via `.aislop/rules.yml` ## Docs - [Start here](https://scanaislop.com/docs): why aislop, copy-paste first scan, scan vs fix vs ci, who this is for. - [Commands](https://scanaislop.com/docs/commands): every command (scan, fix, ci, init, doctor, rules, fix --) and when to run each. - [Configure](https://scanaislop.com/docs/configure): `.aislop/config.yml` full reference — engines, quality thresholds, scoring, CI gate. - [CI / CD](https://scanaislop.com/docs/ci): GitHub Actions (generated by init + manual), GitLab, CircleCI, pre-commit hook, branch protection, exit codes, JSON shape. - [Agent hooks](https://scanaislop.com/docs/hooks): install aislop into Claude Code (PostToolUse), Cursor (afterFileEdit), Gemini CLI (AfterTool), plus rules-only installers for Codex, Windsurf, Cline, Kilo Code, Antigravity, Copilot. Structured feedback contract, quality-gate mode, sentinel-guarded writes. - [MCP server](https://scanaislop.com/docs/mcp): `npx -y aislop-mcp` exposes four tools any MCP-speaking agent can call — `aislop_scan`, `aislop_fix`, `aislop_why`, `aislop_baseline`. Stdio transport, runs locally, no network listener. Pull-style integration that complements the always-on push hook. Install snippets for Claude Desktop, Cursor, Claude Code, Codex (TOML). - [Agent handoff](https://scanaislop.com/docs/agents): fix --claude / --codex / --cursor / etc, plus --prompt for unlisted agents. - [Agent skill](https://scanaislop.com/docs/skill): drop-in skill for Claude Code, Cursor, Codex, Gemini CLI, Windsurf, Cline — the agentic quality gate fires every turn, not just in CI. Install path, auto-trigger phrases, workflow the agent follows. - [Rules](https://scanaislop.com/docs/rules): every detection rule grouped by engine, with auto-fix status. - [AI Slop patterns](https://scanaislop.com/patterns): the named anti-patterns AI coding agents leave behind, with bad/good code examples and why each pattern shows up. Anchor links per pattern (e.g. /patterns#narrative-comment). - [Research](https://scanaislop.com/research): public repository scans, benchmark-derived rules, research protocol, and the next AI-code-quality scan runs. - [Languages](https://scanaislop.com/docs/languages): support matrix for TS/JS/Python/Go/Rust/Ruby/PHP/Expo. - [Guides](https://scanaislop.com/docs/guides): long-form walkthroughs (starts with "Writing comments"). - [Writing comments guide](https://scanaislop.com/docs/writing-comments): when a comment earns its place, good/bad pairs, decision tree. ## Machine-readable surfaces - [API catalog](https://scanaislop.com/.well-known/api-catalog): Linkset JSON for scanaislop.com and the public API. - [Agent Skills index](https://scanaislop.com/.well-known/agent-skills/index.json): discoverable skills for agents working with aislop. - [aislop agent skill](https://scanaislop.com/.well-known/agent-skills/aislop/SKILL.md): Markdown instructions an agent can load before editing or reviewing code. - [Security contact](https://scanaislop.com/.well-known/security.txt): responsible-disclosure contact routes. - [RSS feed](https://scanaislop.com/rss.xml): published blog and research updates. - [XML sitemap](https://scanaislop.com/sitemap.xml): canonical page index. - [HTML-as-Markdown](https://scanaislop.com/docs): public pages also respond as text/markdown when the request explicitly prefers `Accept: text/markdown`. ## Blog - [AI Slop: How to Detect and Prevent Low-Quality AI Code](https://scanaislop.com/blog/ai-slop-detection-complete-guide/): AI slop compiles, passes tests, and still weakens your codebase. Here is what it is, the named patterns that give it away, how to detect them, and the workflow that keeps them out of review. - [What I fixed after that score, and what I kept](https://scanaislop.com/blog/what-i-fixed-and-what-i-kept/): A clean library scored 1 out of 100, and the score was my bug, not the code. Here is the week I spent fixing it: rule by rule, measured on real projects, including the scoring change I built, liked for an hour, and then reverted because it was lying. - [The feedback that made my launch](https://scanaislop.com/blog/the-feedback-that-made-my-launch/): I launched aislop on Hacker News and went from 21 stars to over 200. Then the maintainer of a library with tens of thousands of stars ran it on his own code, scored 1 out of 100, and told me plainly that I had it wrong. That message is the reason I keep building this. - [aislop v0.9.4. SlopCodeBench called it verbosity. We turned it into rules.](https://scanaislop.com/blog/aislop-v0-9-4-python-scbench-rules/): Four new Python rules drawn from the verbosity signal in SlopCodeBench (SCBench, arXiv 2603.24755). Plus a CLI star prompt and GitHub Discussions for the community. - [aislop v0.9.3. We measured the noise. Then we cut it by 38%.](https://scanaislop.com/blog/aislop-v0-9-3-rule-precision/): Patch release focused on rule precision. Tightens detection across the ai-slop, security, lint, and source-file engines so language conventions are no longer flagged as slop. No new rules — existing ones now discriminate better. - [A prompt is a suggestion. A CI gate is a guardrail.](https://scanaislop.com/blog/your-agents-need-a-guardrail/): A prompt can guide an agent, but an enforced check is what keeps standards visible in the workflow. - [The AI Slop Loop: When AI-Generated Code Creates Self-Reinforcing Quality Problems](https://scanaislop.com/blog/ai-slop-loop-breaks-production/): AI writes shallow code. Shallow code produces incidents. Incidents produce more AI-generated fixes. The fixes introduce new shallow patterns. The loop accelerates. - [AI Slop Statistics 2026: The Data Behind the Backlash](https://scanaislop.com/blog/ai-slop-statistics-2026/): 74% of new web pages contain AI content. 86.5% of Google top-ranking pages are AI-generated. $117M flows to AI slop channels on YouTube. The numbers behind the trend. - [aislop and CodeRabbit: Deterministic Gates and AI-Powered Review](https://scanaislop.com/blog/aislop-vs-coderabbit-deterministic-vs-llm/): Two tools, two philosophies. CodeRabbit helps with LLM-powered PR review. aislop enforces defined AI-code hygiene rules. Here is when each fits. - [Best AI Code Quality Tools 2026: From Linters to Quality Gates](https://scanaislop.com/blog/best-ai-code-quality-tools-2026/): A practical guide to SonarQube, CodeRabbit, Greptile, Qodo, GitHub Copilot Review, and deterministic quality gates: what each category does well, where it stops, and how to choose. - [How to Add a Quality Gate to Your AI Agent in 2 Minutes](https://scanaislop.com/blog/quality-gate-ai-agent-in-2-minutes/): One local scan. One GitHub Actions job. Every PR from every agent held to the same bar. Here is the fastest way to stop AI slop from shipping. - [The Swallowed Exception That Broke Production: AI Slop Pattern Deep Dive](https://scanaislop.com/blog/the-swallowed-exception-that-broke-production/): An empty catch block. A 401 error. Three weeks of blank dashboards. This is the most common bug in AI-generated code — and it has a documented fix. - [Where SonarQube Stops, and AI-Slop Rules Start](https://scanaislop.com/blog/why-sonarqube-misses-ai-slop/): SonarQube is a mature static analysis suite. AI-written code adds a different set of repeatable patterns. Here is where a focused AI-code hygiene layer can help. - [High-quality AI coding standards](https://scanaislop.com/blog/high-quality-ai-coding-standards/): Does your coding agent have a coding standard? AGENTS.md is not enough. Here are ten rules we enforce mechanically, on every commit, on every project. - [Vibe coding, done right](https://scanaislop.com/blog/vibe-coding-done-right/): Letting the agent drive is a cheat code. It is also how you ship five unrelated files full of slop at 2am. Here is how we vibe-code without shipping the slop. - [AGENTS.md is a sign on the wall. Agents don't read signs.](https://scanaislop.com/blog/agents-md-is-not-enough/): AGENTS.md is not enough. You have to hold your agent accountable. AGENTS.md is the WHAT. aislop rules are the HOW. aislop ci is the GATE. aislop fix --agent is the LOOP. Four layers, none optional. - [Stop cleaning up after your coding agent](https://scanaislop.com/blog/we-shouldnt-be-cleaning-up-after-our-agents/): Your agent writes code. You clean up. That is backwards. - [Nobody reads code anymore. Write for the linter.](https://scanaislop.com/blog/nobody-reads-code-anymore/): Median score across 25 real projects was 15 out of 100. That is what code looks like when nobody is reading it. The linter is the reader now. - [aislop v0.7.0. Config inheritance, public score badge, security floor](https://scanaislop.com/blog/aislop-v0-7-0-config-inheritance/): extends: lets project configs inherit a parent and override only what they need. The public score badge puts your live aislop score in any README. A postcss security floor closes the only vulnerability aislop's own scan flagged on itself. - [If your function needs 80 lines, your agent gave up. If your file needs 400, it never started.](https://scanaislop.com/blog/function-size-limits-for-ai-code/): If your function is more than 80 lines, your agent is doing something wrong. If your file is more than 400, same story. We found a 981-line component in the wild. - [You shouldn't be writing comments. And if you do, it should have a reason.](https://scanaislop.com/blog/stop-letting-your-agent-write-comments/): Our pair-programming AI added ~70 narrative comments to our own source during the 0.5 rehaul. Our own tool caught every one. If the tool builder needs the rule, you probably do too. - [Agents add. They don't subtract. That's the bug.](https://scanaislop.com/blog/your-agent-is-leaving-dead-code-behind/): Agents add. They don't subtract. The chrome-extension repo went 9 to 68 to 88 almost entirely on dead code removal. Orphan imports. Unused exports. Half refactored functions the agent forgot to delete. - [The top 10 AI slop patterns we see often](https://scanaislop.com/blog/top-ai-coding-mistakes/): Ten common patterns in agent-written code, ranked by the risk they add. Each one maps to an aislop rule so you can catch it before review. - [What 25 real projects taught us about aislop 0.5](https://scanaislop.com/blog/25-projects-aislop-findings/): Before tagging aislop 0.5 we ran it against 25 real projects from our own backlog. Here is what broke, what got fixed, and why we moved destructive fixes in-house. - [aislop v0.6.0. Agent hooks for Claude, Cursor, Gemini, and six more](https://scanaislop.com/blog/aislop-v0-6-0-agent-hooks/): Findings flow back to the agent on the turn it wrote the code. Runtime adapters for Claude Code, Cursor, Gemini. Rules-only installers for six more. Structured feedback contract, quality-gate mode, sentinel-guarded writes. - [aislop v0.5.0. New CLI, own AST fix engine, stable output, better experience](https://scanaislop.com/blog/aislop-v0-5-0-ast-fix-engine/): The release where we stopped blindly trusting external fixers with destructive cleanup, wrote our own AST engine, and made aislop fix produce zero phantom diffs on clean repos. - [aislop v0.4.0. Agent Handoff, Smarter Fix, Better Scoring](https://scanaislop.com/blog/aislop-v0-4-0-agent-handoff/): aislop v0.4.0 ships agent handoff for 14 coding agents, a fix pipeline that leaves clean files alone, and scoring that treats formatting as warnings not errors. - [How to Add a Quality Gate to Your AI-Assisted Pipeline in 5 Minutes](https://scanaislop.com/blog/aislop-in-ci-cd/): One GitHub Actions workflow. One score threshold. Every PR from every agent held to the same bar. - [What Is AI Slop? The Patterns AI Agents Leave Behind](https://scanaislop.com/blog/what-is-ai-slop/): Trivial comments. Swallowed exceptions. Unsafe casts. None of them fail your CI. All of them reach production. Here is what to look for. - [Why We Built scanaislop: The Problem with Five Linters and No Standard](https://scanaislop.com/blog/why-we-built-aislop/): Every team shipping with AI agents has the same problem. Code that compiles, tests that pass, and a diff that is still a mess. We built aislop because nothing else catches it. ## Product pages - [How it works](https://scanaislop.com/features): deterministic AI-slop detection, the engines, real-time agent hooks across nine coding agents, and how it compares to LLM reviewers and legacy static analysis. - [Pricing](https://scanaislop.com/pricing) - [Enterprise](https://scanaislop.com/enterprise): the governance and control layer for AI-written code — rule provenance, agent attribution, policy and exceptions, audit and compliance export. - [Trust & data handling](https://scanaislop.com/trust): how the CLI runs locally, what telemetry collects (anonymous, on by default, opt out with AISLOP_NO_TELEMETRY=1 or DO_NOT_TRACK=1), and the compliance roadmap. - [The Clean Agent Code Standard](https://scanaislop.com/standard): a public, versioned, deterministic standard for clean AI-written code, with aislop as the reference implementation. - [Agent benchmark](https://scanaislop.com/benchmark): the deterministic AI-coding-agent code-quality benchmark — same tasks, scored reproducibly by aislop. - [Compare](https://scanaislop.com/compare): aislop vs CodeRabbit, Greptile, and SonarQube. - [ROI calculator](https://scanaislop.com/roi): estimate what AI slop is costing your team. - [Research](https://scanaislop.com/research) - [Changelog](https://scanaislop.com/changelog) ## Links - CLI repo: https://github.com/scanaislop/aislop - Skill repo: https://github.com/scanaislop/skills - API catalog: [https://scanaislop.com/.well-known/api-catalog](https://scanaislop.com/.well-known/api-catalog) - Agent Skills: [https://scanaislop.com/.well-known/agent-skills/index.json](https://scanaislop.com/.well-known/agent-skills/index.json) - Full prose of docs + blog posts: [https://scanaislop.com/llms-full.txt](https://scanaislop.com/llms-full.txt)