Score a public repo

Paste a github URL. Score over the last 100 commits, out of 100. Higher is cleaner.

Receipts: litellm opencode rsync faker

—/ 100

· commits · changed lines · hits

Top categories

Worst files

The AI slop detector for teams shipping with LLMs

Sloppoke is the slop detector + AI slop fix tool for the codebase your team ships with Cursor, Claude Code, or Copilot. Same engine catches LLM slop (the residue every assistant leaves around the working code) and patches it in the same commit.

Three names, one tool: AI slop detector when you ask what it does, LLM slop tool when you list what's in your stack, AI code slop fix when you describe the cleanup. The pre-commit gate is the same either way.

How it works

diff → scan → verdict → apply

slop poke sends your staged diff, returns a verdict + a unified-diff patch. Sub-10ms. Safe deletes auto-applied; anything semantic gets a // TODO(slop) spliced — you decide.

Adaptive. Every slop learn "…" tunes detection for your account. False positives quiet down, real misses get caught next time.

How sloppoke compares

What sloppoke is. A statistical detector for the correlation between known LLM-coding patterns and codebase failures. Two surfaces: a public scanner (VC / PM / HR due-diligence on code quality) and a developer-side CLI (catch + clean at the commit boundary).

What sloppoke is not. Not a perf tool. Not a safety guarantee. Slop density is a correlation signal, not a proof of correctness. For runtime: profilers, load tests. For correctness: types, tests, formal verification.

	sloppoke	CodeRabbit	OSS slop	Linters
Pre-commit gate	✓	✗	✓	✓
Verdict latency	<10 ms	15 min+	~ms	~ms
Action on a hit	strip / `TODO(slop)`	review comment	flag only	`--fix` rewrites body
Deterministic verdict	✓	✗	✓	✓
Learns from your feedback	✓	✗	✗	✗
Multi-model RL loop	✓ (NSED)	✗	✗	✗
Vendor sees source	diff only	full repo + PR	—	—
Pricing	flat sub	seat + LLM tokens	free	free

CodeRabbit lives in the PR by design. Vendor logo, post-push, more LLM prose in the diff. Sloppoke gates pre-commit — residue stripped before it lands.
The RL loop is ours, and it's SOTA. Catalog tuning runs on NSED — N-way Self-Evaluating Deliberation, peeramid labs — where ensembles of consumer-grade <20B models match or exceed proprietary 100B+ SOTA on AIME 2025 + LiveCodeBench, with peer-mediated correction pushing DarkBench sycophancy below any single agent. OSS + linters have no equivalent — static rule sets you upgrade on a release schedule.

Tiers

Launch − 40%

Starter

$20 $12 / month

100,000 pokes / month
All detectors + adaptive learning
One SSH key per sub
30-day money-back guarantee · cancel anytime

Get started →

Install, run slop poke — first metered call returns a Stripe URL keyed to your SSH key. No signup.

Enterprise

Talk to us

Custom volume + team accounts
Private-corpus calibration
SLA, audit trail, SSO
On-prem or confidential-compute (TEE) deployment

See ROI →

Or email us.

Install

Homebrew (macOS + Linux)

brew install peeramid-labs/tap/slop

From source

git clone https://github.com/peeramid-labs/sloppoke.git
cd sloppoke
cargo install --path crates/sloppoke-cli

First run

slop login                              # SSH-key handshake
slop poke                               # scan working tree
slop poke --gh org/repo --range X..Y    # scan any public repo
slop apply                              # apply + amend HEAD

Stdout = patch, stderr = verdict — pipes to git apply --unidiff-zero or delta directly.

Claude Code plugin — slash commands + skill bundled:

/plugin marketplace add peeramid-labs/plugin-marketplace
/plugin install sloppoke@peeramid-labs

Adds /slop:poke, /slop:apply, /slop:learn. Skill ships inside.

Codex CLI plugin — same hook + skill via the same tap:

codex plugin marketplace add github:peeramid-labs/plugin-marketplace
codex plugin install sloppoke@peeramid-labs

Wires the before_command hook so Codex's git commit calls are gated by slop poke --staged too.

Just the skill (Cursor / Continue / any agent):

mkdir -p ~/.claude/skills
curl -fsSL https://raw.githubusercontent.com/peeramid-labs/sloppoke/main/skills/slop.md \
  -o ~/.claude/skills/slop.md

Privacy & data

Servers in Germany, EU rules. We process diffs, return verdicts, persist only the learning signals — never raw source. Purge anytime via billing portal.

Identity = SSH key fingerprint. No emails, no usernames, no trackers. Stripe handles billing in isolation.

Security

Both CLI and server in Rust — memory-safety CVEs don't exist by construction. Minimal deps: one binary, one HTTP client, one ssh-keygen sign.

7-day release buffer on third-party crate upgrades — they bake, the Rust security advisory feed catches bad ones, then we ship. Stable over cutting edge.

FAQ

What does AI slop cost — and what does sloppoke measure?#

Receipts — slop shipping to production:

LiteLLM 1.86.2 (May 2026) — LLM-generated cache-merge in caching_handler.py appended sub-batch indices verbatim; downstream Java / Python ETL pipelines violently crashed on duplicated data[*].index. Scanner: 332 hits / 100 commits.
OpenCode v1.15.13 (Jun 2026) — PR #23068 refactor dropped mandatory agent / model args from tool/task.ts; every sub-agent silently NULL'd the columns. Telemetry blind for days. Scanner: 60/100 DRIFTING, 169 hits / 100c ↑.
rsync 3.4.3 (May 2026) — incremental backups silently broke. Emergency 3.4.4 Jun 8. Scanner: 42/100 SLOPPY, 99 hits / 100c ↑.
Faker.js — LLM-generated locale "optimisation" broke seed determinism; CI runs fail unpredictably across identical seeds. Scanner: 83/100 CLEAN, 25 hits — average looks fine, the temporal signal flags the slop event commit-by-commit.
C23 / glibc compile-fix wave (early 2026) — LLM "shortest semantic path" patches across legacy C utilities to clear glibc 2.43 errors. Aggressive const-casts + macro masking → modern GCC/Clang optimise unreachable branches → segfaults, silent memory leaks, buffer holes in decade-stable code. (Generic-git scan support inbound: sourceware.org/git/glibc.git and other non-GitHub hosts.)
13 h AWS outage, Dec 2025 — AI agent Kiro autonomously delete-and-recreated prod. Guardian/FT.
$186/mo invisible tax per affected employee — 1 hr 56 min cleanup × 40% of staff hit. HBR · Stanford · BetterUp, n=1,150. ~$9M/yr per 10k-employee org.
CIO press: Forbes Apr 2026, TechTarget Jan 2026.

What sloppoke measures:

Slop density per repo over time (gate merges on a target).
Hits blocked × 1 hr 56 min × your eng rate = hours/dollars saved.
Determinism — same diff → same finding, audit-ready.
Per-category TP / FP, tracked each catalog release.
Verdict p95 <10 ms (elapsed_ms in every response).

Does sloppoke measure runtime performance or guarantee correctness?#

No. Different tool category. Runtime perf → profilers (perf, flamegraphs) + load tests (k6, wrk, Locust). Correctness → types, tests, formal verification. Density of LLM residue in source is what sloppoke measures — a statistical correlation with the failure modes the FAQ above documents, not a proof of correctness or speed.

Adjacent failure mode it does catch indirectly: "shortest semantic path" compile-fix patches (see the C23 / glibc bullet above) leave the code compiling but push GCC/Clang into UB. The markers fire because the patches drop language-level guarantees, not because we instrument the runtime.

Wait, is this frontend vibecoded?#

Yes — landing, copy, pixel widgets, all agent-sketched. The catalog is not: deterministic ML + ruleset from 15+ yrs regulated engineering. Vibe the visible layer; stay deterministic where it counts.

How do you characterize slop?#

Three flavours: wordy nothing (comments restating code, vacant names), defensive theatre (guards for impossible cases, empty catches), unfinished work shipped (placeholders, untested branches, AI trailers in commits). Catalog isn't published and isn't static — every slop learn tunes yours.

Why no GitHub app or PR bot?#

PR bots fire after the slop is in git history. slop poke runs on the staged diff before commit. No force-push cleanup. CI still covered: slop poke --range $BASE..$HEAD drops into any pipeline as a one-liner, exits non-zero on SLOP. No GitHub-App scope on your repo.

Why SSH keys instead of an email signup?#

Reuse what already works. Requests signed by ssh-keygen -Y sign; fingerprint = account. Nothing to provision, no email breach target, no marketing list. Same key in CI: drop in a secret, done.

What does slop actually see about my code?#

Unified diff. Nothing else. No origin URL, no SHA, no OAuth token, no clone. Server processes the patch in memory, returns verdict + apply-patch, persists only learning weights. Diff bytes do contain your literal lines — treat sending them like any code-review tool.

What languages are supported?#

Surface detection on every language. Deep analysis lights up first for Rust, TS/JS, Python, Go. More land continuously server-side — no CLI reinstall.

What if I disagree with a finding?#

slop learn "false positive on … because …". Quiets next scan for your account + project. We keep the calibration weights, not the raw text.

Can sloppoke run inside a Trusted Execution Environment?#

Yes, Enterprise. Server runs in AMD SEV-SNP confidential VM; we can't read your diffs even with root on the host. Remote attestation proves the running binary matches our published hash; session key sealed to that measurement. EU residency default; Intel TDX / AWS Nitro on request. Trust the math.

Can I run it on-prem or self-hosted?#

Enterprise. Private-corpus calibration, SSO, SLA, audit trail, server image inside your perimeter. engineering@peeramid.xyz.

Does the CLI work without the cloud API?#

Today: no. Thin client → catalog match runs server-side. On-prem / TEE available under Enterprise. Patches kept 24 h for the learning loop on our own model fleet (no third-party LLM APIs); only anonymised patterns survive after. EU residency, per- account purge on request.