Skip to main content
New aislop v0.13.1 patch — calibrates hidden-fallback detection and fixes regex comment-masker false positives. Read the changelog →
ai-slop/todo-stub manual fix

Orphan TODO stub.

A `// TODO` without an owner, ticket, or completion plan. The kind that survives years.

Flagged shape and clean shape.

Each example shows the exact code shape the rule is looking for, then the smallest version that keeps the intent without hiding risk or adding noise.

Flagged example
async function fetchInvoice(id: string) {
  const response = await fetch(`/api/invoices/${id}`)
  // TODO: handle the retry case
  return response.json()
}
Why this trips

Deterministic regex match: flags TODO/FIXME comments with no owner, ticket reference, or completion plan.

Clean example
async function fetchInvoice(id: string) {
  return retry(() => fetchJson(`/api/invoices/${id}`), {
    retries: 3,
    backoff: 'exponential',
    retryOn: [503],
  })
}
What changed

Either finish the deferred behavior now or attach a real owner, ticket, and completion condition. The goal is to make the deferral trackable instead of permanent background noise.

Agents punt hard cases under a comment and move on. Ungated TODOs accumulate forever; nobody knows whether they're still relevant or already irrelevant.

How this rule is justified.

Rule id

ai-slop/todo-stub

Enforcing engine

ai-slop

Detector strategy

Deterministic regex match: flags TODO/FIXME comments with no owner, ticket reference, or completion plan.

Legitimate code that is NOT flagged

A TODO that carries an owner or ticket reference (e.g. `TODO(#1234)`) is not flagged.

Evidence

Provenance: repeated across public scans as accumulated, ungated deferrals.