Slopgate: stop AI code slop before it reaches review

AI tools generate code fast, but code review was never designed for that volume. Linters also miss many of the common mistakes AI-generated code introduces.

The problem

A 2025 DORA survey found that 84% of developers use AI coding tools, but only 29% fully trust the output. That trust gap lands on reviewers, who still need to inspect every pull request.

A Pragmatic Engineer survey called this the "Coaster Problem" — reviewers start rubber-stamping AI-generated PRs because carefully reviewing each one is unrealistic. Senior engineers end up wasting hours on repetitive issues that should have been caught automatically before review.

By 2026, automated review tools like LLM-based analysis, static checks, security scans, and performance testing had become standard in CI pipelines. But there is still a missing layer: catching obvious AI-generated mistakes before code even reaches review.

The answer is not another review tool. It is a quality gate before the review queue.

What linters miss

Traditional linters were built for human-written code. They catch syntax issues and style violations, but often miss AI-specific failure patterns such as:

• Empty test stubs with no real assertions
• Swallowed errors (catch {} blocks that do nothing)
• Fake or incomplete auth validation
• Unsafe SQL built with string interpolation
• API keys accidentally committed to code
• Transactions missing rollback paths

Credential leaks are especially common. AI models frequently reproduce API key patterns from context, which can lead to secrets being committed before anyone notices. A pre-commit check is the fastest way to stop that.

Most of these issues pass static analysis, pass CI, and only get caught later during review — if they are caught at all.

What Slopgate does

Slopgate scans your git diff using 153 rules designed to detect common AI-generated code problems. It runs in milliseconds, making it fast enough for pre-commit hooks.

The rules are grouped into four categories:

• Core diff checks (SLP001–SLP070): code hygiene, test quality, safety, and API smells
• Go AST checks (SLP071–SLP080): Go-specific issues like nil dereferences, ignored errors, SQL injection, and race conditions
• Extended checks (SLP081–SLP152): auth, concurrency, pagination, dead code, and test completeness across Go, TypeScript, Python, Java, Rust, and Ruby
• Semantic bug checks (SLP202–SLP209): runtime issues like swallowed promises, inconsistent async returns, and missing DB constraint checks

Each rule can be configured as block, warn, or info. Blocking rules fail the run automatically.

Most teams can use the default setup with no configuration. For customization, add a .slopgate.toml file:

[rules.SLP017]

[rules.SLP007] ignore_paths = ["*/_test.go"] ```

Install

Requires Go 1.22 or newer.

Install:

go install github.com/messagesgoel-blip/slopgate/cmd/slopgate@latest

Pre-commit hook — add to .git/hooks/pre-commit:

slopgate --staged --no-color

CI usage — scan changes against the base branch:

slopgate --no-color --base origin/main

List all available rules:

slopgate --list-rules

What Slopgate is not

Slopgate is not a replacement for tools like CodeRabbit or human reviewers. It acts as a quality floor — filtering out obvious mechanical issues so reviewers can focus on problems that actually require judgment.

Source code, rule catalog, and contribution guide: Slopgate on GitHub