Zero Trust Your AI: Why I Built a Linter for Code Slop
The code passed review. It passed tests. It shipped to production.
Three weeks later, I found a // TODO: implement actual validation comment in the authentication flow.
Not a junior engineer. An AI assistant.
That was the moment I realized: AI generates technical debt faster than we can review it.
The Breadcrumbs of Lazy AI
Everyone's using AI coding assistants now. Cursor, Copilot, Agent Mode—they're force multipliers.
But AI models optimize for plausibility, not completeness. They leave breadcrumbs:
| Pattern | What It Means | Why It's Dangerous |
|---|---|---|
TODO, FIXME | "I couldn't finish this" | Ships as silent debt |
| "for now", "temporary" | "I know this is wrong" | Becomes permanent |
todo!(), unimplemented!() | Stub that compiles | Crashes at runtime |
| "hopefully", "should work" | I have no idea if this works | You're now responsible |
I call this code slop. It's the difference between "it compiles" and "it's done."
AntiSlop finds the breadcrumbs AI assistants leave behind.
Why Grep Failed Me
I did what everyone does: grep -r "TODO" .
It failed because:
- False Positives:
print("TODO: Output metrics")is a string literal, not a debt item. Grep flags it. - False Negatives:
raise NotImplementedErrorisn't a "TODO", but it's definitely incompleteness. - Context: A "temporary" comment in valid logic is different from a "temporary" stub.
I needed something that understood structure, not just text.
The Tree-sitter Advantage
I wrote AntiSlop in Rust to be fast enough for CI/CD pipelines.
Instead of regex, it uses Tree-sitter to parse your code into an Abstract Syntax Tree (AST). It walks the tree looking specifically for:
- Comment Nodes: It ignores strings, validating only actual comments.
- Structural Stubs: It finds empty function bodies or specialized macros (
todo!(),pass) based on the language grammar. - Hedging: It detects uncertainty ("assuming", "likely") in documentation.
Installation
AntiSlop is a single binary. No config required.
Pre-built Binaries (Linux/macOS)
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/skew202/antislop/releases/latest/download/antislop-installer.sh | sh
Homebrew
brew install skew202/tap/antislop
Windows (PowerShell)
powershell -c "irm https://github.com/skew202/antislop/releases/latest/download/antislop-installer.ps1 | iex"
Cargo (Rust)
cargo install antislop
For CI/CD (JSON output):
antislop --json
When your code is clean, AntiSlop confirms it:
The "Orthogonal Linter" Philosophy
AntiSlop isn't trying to replace ESLint or Clippy. It's orthogonal.
Standard linters catch syntax errors and style violations. AntiSlop catches incompleteness.
If your linter says the code is clean, but AntiSlop says it's "Sloppy", it means your code is stylistically perfect but functionally unfinished.
Treat AI-generated code with zero trust. Verify that it's actually done before you ship it.
Links:
- GitHub: github.com/skew202/antislop
- Docs: skew202.github.io/antislop
Enjoy this? You might like SeekingSota - weekly essays on what happens when engineers stop programming and start conducting AI agents.
Building tools? Check out envcheck, NerfStatus, or HCT.