What is scanaislop?
Scanaislop is a quality gate for AI coding agents. It runs six deterministic engines in parallel across eight language targets, reports findings with file and line locations, repairs mechanical issues, and exits with a non-zero code in CI when the score falls below your threshold. There are no LLMs in the runtime path: the score is computed from regex, AST analysis, and standard open-source tooling, so the same code always produces the same result.The problem it solves
Every major AI coding agent — Claude Code, Cursor, Codex, OpenCode, Gemini CLI — generates code that satisfies local correctness checks but introduces patterns that degrade long-term maintainability. These patterns are consistent enough across agents and projects to define as rules. aislop encodes more than 50 of them, weighted so high-confidence defects and security findings hit harder than mechanical cleanup. You get one number, one gate, and a clear fix list.The six engines
aislop runs six engines on every scan. Each engine targets a different quality dimension and maps to a share of the overall 0–100 score.Formatting
Code style consistency checked by Biome (TypeScript/JavaScript), ruff (Python), gofmt (Go), cargo
fmt (Rust), rubocop (Ruby), and php-cs-fixer (PHP).
Linting
Language-specific correctness checked by oxlint (JS/TS), ruff (Python), golangci-lint (Go),
clippy (Rust), and expo-doctor (Expo/React Native).
Code Quality
Complexity and dead code: function and file size limits, deep nesting detection, unused files and dependencies
via knip, and AST-based unused-declaration removal.
AI Slop
Patterns specific to AI-generated code: narrative comments, trivial comments, dead patterns, unused imports,
as any casts, console.log leftovers, TODO stubs, and generic names.Security
Vulnerabilities and risky code:
eval, innerHTML, SQL and shell injection patterns, and dependency audits via
npm audit, pip-audit, cargo audit, and govulncheck.Architecture
Structural rules (opt-in): custom import bans, layering rules, and required patterns configured in
.aislop/config.yml.Supported languages
aislop analyses eight language targets with full engine coverage. Files in other languages are excluded from scoring rather than partially scored — you always know exactly what the number represents.| Language | Target identifier |
|---|---|
| TypeScript | typescript |
| JavaScript | javascript |
| Expo / React Native | expo |
| Python | python |
| Go | go |
| Rust | rust |
| Ruby | ruby |
| PHP | php |
If a repository is primarily written in an unsupported language (C, C#, Swift, Kotlin, etc.), aislop withholds the
score and reports
scoreable: false rather than printing a number based on a handful of incidental files.Key differentiators
Deterministic, no LLM at runtime. aislop uses regex, AST analysis, and standard open-source tooling — never an API call to a language model. The same code in always produces the same score out. This makes the score reliable enough to enforce as a hard CI gate. Sub-second. All six engines run in parallel. For most projects, a full scan completes in well under a second, making it practical as a pre-commit hook and as a post-edit hook inside your coding agent. 50+ rules, language-specific. Rules are tuned per language and weighted by severity. Sloppy patterns that indicate deeper problems (swallowed exceptions, unsafe type casts) carry more weight than style findings. Zero-config start.npx aislop@latest scan works on any repository without any configuration. Add .aislop/config.yml when you want to tune thresholds, override rule severity, or enable the Architecture engine.
Local repair agent. aislop agent creates an isolated local worktree, runs safe fixes, streams a Codex, Claude Code, or OpenCode repair session, verifies the result, and leaves the diff for review. aislop fix remains the deterministic layer for mechanical cleanup.
Next steps
Quickstart
Scan your first project in under a minute with a single npx command.
How It Works
Deep dive into the scoring model, engine weights, and rule evaluation order.
Local repair agent
Use Codex, Claude Code, or OpenCode while aislop owns scoring and verification.