AISlop

Minor release on top of 0.7.0. Major additions: MCP server support, TypeScript typecheck engine, hallucinated-import detector, multi-language AI slop coverage (Python/Go/Rust), ~4,100 false positives eliminated via OSS validation, Claude Code hook improvements, scoring system overhaul, and CI step summaries.

Install

npx [email protected] scan .
# or globally:
npm i -g [email protected]

What shipped

Added

MCP server support (#89). aislop-mcp now available — exposes scan, fix, why, and baseline as MCP tools. AI coding assistants can directly invoke aislop operations via Model Context Protocol. Install with Claude Desktop or compatible MCP clients.

TypeScript typecheck engine (#84). New lint engine runs tsc --noEmit and parses TypeScript compiler diagnostics. Integrates with existing lint scoring, respects tsconfig.json project references. Catches type errors alongside eslint/oxlint findings.

Hallucinated-import detector (#86). Flags imports of packages not declared in any package.json manifest (walks up to depth 4 for monorepos). Catches AI-generated imports of non-existent packages like import { foo } from "some-package-that-doesnt-exist".

Expanded multi-language AI slop patterns (#90). Added 7 new detectors across Python, Go, and Rust:

• Python: bare except, broad except with pass, mutable defaults, print debugging
• Go: library panic outside tests
• Rust: non-test unwrap(), todo!() stubs

Hook envelope v2 + duplicate-import rule (#87). New hook protocol version with structured responses (delta, newSinceBaseline, suggestedActions). Added ai-slop/duplicate-import detector with auto-fix support.

FileChanged hook subscription (#88). Claude Code integration now watches .aislop/config.yml, .aislop/rules.yml, and package.json for changes and auto-refreshes baseline.

GitHub Step Summary writer (#79). CI runs now output rich markdown summaries in GitHub Actions UI with per-finding help text, severity badges, and quick-fix suggestions.

Improved scoring system (#74). New formula with per-engine caps (max 25 points per engine), file-aware density smoothing, and fixable-issue discount (0.5x weight). More stable scores across project sizes.

Public badge command (#57). Added aislop badge command that auto-detects owner/repo from git remote and prints badge URL with README markdown snippet.

Fixed

False-positive reduction via OSS validation (#91). Validated detectors against 25 real OSS projects (requests, flask, fastapi, cobra, gin, hugo, clap, ripgrep, tokio, serde, prisma, trpc, zod, vitest, nest, express, lodash, axios, chalk, commander). Eliminated ~4,100 false positives:

• narrative-comment now skips Rust doc comments (///), Go doc conventions, and JSDoc with WHY markers
• trivial-comment skips rustdoc and vendored/example directories
• console-leftover exempts CLI command source directories
• go-library-panic exempts nil-check preconditions
• hallucinated-import handles monorepo workspaces, self-imports, and virtual modules (astro:, virtual:, bun:*)
• file-too-large adds 10% buffer over configured max
• All detectors skip test files, migrations, fixtures, snapshots, mocks, examples, and generated output

Contributors tracking (#83). Squash-merged PRs now correctly attribute external contributors via GitHub API.

Dependency audit warnings (#76). Missing audit tools (npm audit, cargo audit, etc.) now show clear warning messages instead of silent failures.

CI improvements (#58, #60, #61, #95, #96). Fixed CI triggers for develop branch, split build/test from quality gate jobs, removed pnpm cache from quality-gate job, renamed action to "aislop Quality Gate" for Marketplace.

Documentation

Positioning refinement (#85). Locked "standards layer and quality gate" framing in README and npm description.

PR check clarifications (#80). Updated documentation explaining aislop's PR checks and CI integration patterns.

Breaking changes

None. All changes are backward compatible.

Stats

• 23 commits since v0.7.0
• +5,278 / -180 lines
• 674 tests passing (up from 630)
• 8 new detectors
• ~4,100 false positives eliminated
• 100/100 self-scan

What's Changed

• docs: surface the new aislop badge command in README (#57)
• fix(ci): also trigger CI on develop pushes and PRs (#58)
• fix(ci): sync workflow pushes refresh branch instead of develop (#60)
• refactor(ci): split build & test from quality gate (#61)
• feat(scoring): per-engine cap, file-aware smoothing, fixable discount (#74)
• fix: warn when dependency audit tools are missing (#76)
• feat(ci): GitHub Step Summary writer with help text per finding (#79)
• chore: clarify aislop PR checks (#80)
• fix(contributors): include merged-PR authors so squash-merges don't drop external contributors (#83)
• feat(lint): TypeScript typecheck engine (#84)
• copy(positioning): lock standards-layer-and-quality-gate framing on README + npm description (#85)
• feat(ai-slop): hallucinated-import detector — flags imports of packages not in any manifest (#86)
• feat(hook,ai-slop): hook envelope v2 + ai-slop/duplicate-import rule (#87)
• feat(hook,claude): subscribe to FileChanged for .aislop/config.yml, .aislop/rules.yml, package.json (#88)
• feat(mcp): aislop-mcp server — scan, fix, why, baseline as MCP tools (#89)
• feat(ai-slop): deepen Python / Go / Rust coverage with 7 new patterns (#90)
• fix: reduce false positives based on 25-project OSS validation (#91)
• chore(ai-slop): clean up after dogfooding scan (#92)
• chore: bump version to 0.8.0 (#93)
• fix(ci): remove pnpm cache from quality-gate job (#95)
• feat: rename action to 'aislop Quality Gate' for Marketplace publication (#96)

Full Changelog: https://github.com/scanaislop/aislop/compare/v0.7.0...v0.8.0

What's Changed

• release: promote develop → main (v0.7.0) by @heavykenny in https://github.com/scanaislop/aislop/pull/52
• release: promote develop → main (contributors-workflow CI fix) by @heavykenny in https://github.com/scanaislop/aislop/pull/54
• release: promote develop → main (aislop badge command) by @heavykenny in https://github.com/scanaislop/aislop/pull/56
• fix(ci): also trigger CI on develop pushes and PRs by @heavykenny in https://github.com/scanaislop/aislop/pull/58
• release: promote develop → main (aislop badge command in README) by @heavykenny in https://github.com/scanaislop/aislop/pull/59
• fix(ci): sync workflow pushes refresh branch, no direct write to develop by @heavykenny in https://github.com/scanaislop/aislop/pull/60
• refactor(ci): split build & test from quality gate by @heavykenny in https://github.com/scanaislop/aislop/pull/61
• fix(ci): sync workflow opens auto-merging PR by @heavykenny in https://github.com/scanaislop/aislop/pull/63
• fix(ci): drop --label automated from sync PR create by @heavykenny in https://github.com/scanaislop/aislop/pull/64
• fix(ci): sync workflow uses read-tree instead of replaying main's tip by @heavykenny in https://github.com/scanaislop/aislop/pull/67
• fix(ci): dispatch CI on sync PR to bypass GHA anti-loop guard by @heavykenny in https://github.com/scanaislop/aislop/pull/69
• fix(ci): add actions:write so sync workflow can dispatch CI by @heavykenny in https://github.com/scanaislop/aislop/pull/71
• fix(ci): sync workflow uses PAT so push triggers downstream CI by @heavykenny in https://github.com/scanaislop/aislop/pull/72
• chore: dogfood aislop PR checks by @heavykenny in https://github.com/scanaislop/aislop/pull/77
• ci: remove duplicate push runs by @heavykenny in https://github.com/scanaislop/aislop/pull/81
• release: promote develop → main (v0.8.0) by @heavykenny in https://github.com/scanaislop/aislop/pull/97

Full Changelog: https://github.com/scanaislop/aislop/compare/v0.6.2...v0.8.0