mech.app
Dev Tools

AISlop: Static Analysis for AI-Generated Code Patterns

How a CLI tool detects AI-specific code smells through AST analysis, integrates into CI/CD pipelines, and flags patterns that pass tests but degrade mai...

Source: github.com
AISlop: Static Analysis for AI-Generated Code Patterns

AI coding agents write code that passes tests but introduces a new category of technical debt. AISlop is a CLI tool that detects these patterns through static analysis before they reach production. It scans for verbose comments, defensive null checks, unnecessary abstractions, and other structural markers that distinguish AI-generated code from human-written defensive programming.

The tool runs 40+ rules across 7 languages without runtime overhead or LLM calls. It’s deterministic, which means the same codebase always produces the same results. This matters for CI/CD integration where non-deterministic linting breaks reproducible builds.

The AI Code Smell Problem

AI agents produce code that works but carries distinct structural patterns:

  • Excessive defensive checks: Null guards on variables that can’t be null based on type constraints or prior validation
  • Over-commenting: Line-by-line explanations of straightforward logic
  • Premature abstraction: Generic interfaces or factory patterns for single-use code paths
  • Verbose error handling: Try-catch blocks around operations that don’t throw checked exceptions
  • Redundant type annotations: Explicit types where inference is unambiguous

These patterns pass unit tests and type checkers. They degrade readability and increase maintenance surface area. Traditional linters catch syntax issues and style violations. They don’t flag code that’s technically correct but structurally bloated.

How Detection Works

AISlop parses source files into Abstract Syntax Trees and applies pattern-matching rules. Each rule targets a specific structural signature:

# Example: Detecting redundant null checks
def check_redundant_null_guard(node):
    if node.type == 'if_statement':
        condition = node.child_by_field_name('condition')
        if is_null_check(condition):
            variable = extract_variable(condition)
            if variable_cannot_be_null(variable, node.scope):
                return Violation(
                    rule='redundant-null-check',
                    line=node.start_point[0],
                    message=f'{variable} cannot be null in this scope'
                )

The tool uses tree-sitter grammars for language parsing. This provides consistent AST structure across JavaScript, Python, TypeScript, Go, Rust, Java, and C#. Rules are written once and applied uniformly.

Pattern Heuristics

Detection relies on statistical and structural signals rather than LLM inference:

PatternDetection MethodFalse Positive Risk
Verbose commentsComment-to-code ratio exceeds threshold per functionLow (configurable threshold)
Defensive null checksNull guard on non-nullable type or post-validation variableMedium (requires type flow analysis)
Unnecessary abstractionSingle implementation of interface with no extension pointsHigh (legitimate future-proofing looks identical)
Redundant error handlingTry-catch around non-throwing function callsLow (static analysis of throw signatures)
Over-typed codeExplicit type where inference is unambiguousMedium (style preference vs. AI pattern)

The tool allows per-rule configuration to tune sensitivity. Teams can disable rules that conflict with their coding standards or generate too many false positives.

CI/CD Integration

AISlop runs as a standalone binary with zero dependencies. This simplifies pipeline integration:

Pre-commit hook:

#!/bin/bash
aislop scan --changed-files --fail-on-warning

GitHub Actions:

- name: Scan for AI code smells
  run: |
    aislop scan src/ --format github-actions
    if [ $? -ne 0 ]; then
      echo "::error::AI-generated patterns detected"
      exit 1
    fi

GitLab CI:

aislop:
  stage: lint
  script:
    - aislop scan --output report.json
  artifacts:
    reports:
      codequality: report.json

The tool exits with non-zero status when violations exceed configured thresholds. This blocks merges in protected branch workflows.

Incremental Scanning

Full repository scans are slow. AISlop supports incremental mode that only analyzes changed files:

aislop scan --base-ref origin/main --head-ref HEAD

This compares the current branch against main and scans only modified files. Scan time drops from minutes to seconds on large codebases.

Rule Configuration and Evolution

Rules are defined in YAML and version-controlled alongside code:

rules:
  redundant-null-check:
    enabled: true
    severity: warning
    languages: [typescript, javascript]
  
  verbose-comments:
    enabled: true
    severity: info
    threshold: 0.4  # Comment lines / code lines
    
  unnecessary-abstraction:
    enabled: false  # Too many false positives for our codebase

Teams can fork the default ruleset and customize per-project. Rules evolve as AI coding patterns change. The project maintains a rule changelog so teams can opt into new detection logic incrementally.

Shared Rule Libraries

Organizations can publish internal rule packages:

aislop scan --rules-package @company/aislop-rules

This centralizes rule definitions across repositories. When a new AI pattern emerges, updating the package propagates detection logic to all projects.

Observability and Reporting

AISlop outputs structured JSON for downstream analysis:

{
  "violations": [
    {
      "rule": "redundant-null-check",
      "file": "src/handler.ts",
      "line": 42,
      "severity": "warning",
      "message": "Variable 'user' cannot be null after line 38 validation"
    }
  ],
  "summary": {
    "total_files": 127,
    "files_with_violations": 8,
    "violation_count": 23
  }
}

This integrates with observability platforms. Teams can track AI code smell trends over time, correlate with specific agents or prompts, and measure cleanup progress.

Failure Modes

Type flow analysis limitations: Detecting redundant null checks requires tracking variable state across scopes. Complex control flow (nested conditionals, exception paths) can produce false negatives where the tool misses legitimate violations.

Language-specific edge cases: Tree-sitter grammars don’t cover every language feature. Newer syntax (TypeScript decorators, Python match statements) may parse incorrectly or skip analysis.

Rule drift: AI coding styles change as models improve. Rules tuned for GPT-3.5 patterns may not catch GPT-4 or Claude output. Regular rule updates are required.

Performance on monorepos: Full scans of 100k+ file repositories can take minutes even with parallelization. Incremental mode helps but requires CI integration to track base refs correctly.

Configuration sprawl: Per-project rule customization creates maintenance overhead. Teams need governance around which rules are mandatory vs. optional.

Technical Verdict

Use AISlop when:

  • Your team uses AI coding agents (Copilot, Claude Code, Cursor) in daily workflows
  • You need automated detection of AI-specific patterns that traditional linters miss
  • You want deterministic, reproducible linting without LLM API calls
  • Your CI/CD pipeline can enforce quality gates on code smell thresholds

Avoid or defer when:

  • Your codebase is small enough for manual code review to catch these patterns
  • You lack CI/CD infrastructure to enforce automated checks
  • Your team hasn’t standardized on AI coding tools yet (premature optimization)
  • You need deep semantic analysis beyond structural patterns (consider LLM-based review tools instead)

The tool fills a gap between syntax linters and human code review. It catches patterns that are technically correct but structurally problematic. As AI agents become standard development tools, this category of static analysis becomes infrastructure hygiene.