Skip to content

AISlop

v0.6.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo Developer Productivity
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai ai-slop ai-slop-detection cli code-quality code-review
+13 more
developer-tools go javascript linter php pre-commit pull-request python quality-gate ruby rust static-analysis typescript

Summary

AI summary

Updates Numbers, opt-in, and SHA-256 across a mixed release.

Full changelog

Agent integration hooks. aislop plugs into Claude, Cursor, and Gemini natively, so findings come back on the turn the agent wrote the code.

Install

npx aislop hook install --agent claude
# or: cursor, gemini, codex, windsurf, cline, kilocode, antigravity, copilot
# or just: npx aislop hook install  (all supported agents)

What shipped

Runtime adapters. Every agent edit triggers a scoped scan. Findings flow back as structured JSON (aislop.hook.v1) with score, counts, top-20 findings, and nextSteps.

  • claude — Claude Code PostToolUse
  • cursor — Cursor afterFileEdit
  • gemini — Gemini CLI AfterTool

Rules-only installers. For agents without a native hook lifecycle, aislop writes a rules file the agent reads on every turn.

  • codex · windsurf · cline + Roo · kilocode · antigravity · copilot

Quality-gate mode (opt-in). --quality-gate captures .aislop/baseline.json on install. Claude's Stop hook blocks the session if the score regresses below baseline.

Safety rails. Every write is sentinel-guarded (SHA-256) for idempotent re-runs and exact uninstall. .aislop/hook.lock (30s stale window) stops aislop from scanning itself through its own hook. git diff fallback when stdin carries no file path.

Bug fix

@swagger / @openapi / apidoc blocks are now safe. The narrative-comment rule was flagging OpenAPI documentation as narrative and auto-fix was deleting it. One real project lost 1,340 lines of API docs on a single run. Every API-doc JSDoc tag (swagger, openapi, route, api*, responses, requestBody, tags, security, path, body, query, header, produces, accept, middleware, and more) is now in MEANINGFUL_JSDOC_TAGS. Covered by tests, validated against a live repo.

Also

aislop fix -f pnpm path now handles both the 410-retired-endpoint case (falls back to npm audit) and the non-existent pnpm audit --fix subcommand (writes surgical pnpm.overrides). rail.setActiveLabel bound via arrow wrapper to preserve this.

Numbers

  • 583 tests passing (519 baseline + 64 new)
  • Self-scan: 100/100 Healthy
  • Packaged size: 132 kB (15 files)
  • No CLI contract changes. The hook subcommand is additive.

Manage

npx aislop hook status              # which agents are installed
npx aislop hook install --dry-run   # preview without writing
npx aislop hook uninstall           # sentinel-verified, exact
npx aislop hook baseline            # re-capture baseline

Docs: https://scanaislop.com/docs/hooks

What's Changed

  • release: v0.6.0 + merged develop work into main by @heavykenny in https://github.com/scanaislop/aislop/pull/37

Full Changelog: https://github.com/scanaislop/aislop/compare/v0.5.1...v0.6.0

Security Fixes

  • Prevents inadvertent deletion of @swagger/@openapi JSDoc blocks, closing a documentation loss vulnerability
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track AISlop

Get notified when new releases ship.

Sign up free

About AISlop

All releases →

Related context

Beta — feedback welcome: [email protected]