How It Works

How It Works

Slopcannon analyzes pull request diffs to detect patterns commonly associated with AI-generated code.

Analysis Pipeline

PR Opened/Updated → Webhook → Diff Fetched → Patterns Detected → Score Calculated → Results Stored

1. Webhook Trigger

When a pull request is opened, synchronized, or reopened, GitHub sends a webhook to Slopcannon. The system then:

  • Verifies the webhook signature
  • Checks if the repository is enabled
  • Checks draft PR settings
  • Queues the analysis job

2. Diff Analysis

The worker fetches the PR diff from GitHub and parses it to identify:

  • Added lines (new code)
  • Modified files
  • File types and classifications

3. Pattern Detection

Each file is classified and analyzed for slop patterns:

File Classification

TypeExamplesAnalysis
Executable.js, .ts, .py, .goFull behavioral analysis
Declarative.json, .yaml, .cssStructure only
Generatedpackage-lock.json, *.min.jsSkipped
Test*_test.go, *.spec.tsRelaxed thresholds

Detection Patterns

Mystery Fallbacks (2 points each)

// Empty catch blocks
try { ... } catch (e) { }
 
// Generic error swallowing
catch (error) { console.log(error) }

Silent Catches (3 points each)

// Ignored promise rejections
promise.catch(() => {})
 
// Swallowed exceptions
try { risky() } catch { /* nothing */ }

Style Drift (1 point each)

  • Inconsistent naming conventions
  • Mixed formatting patterns
  • Orphaned TODO/FIXME comments

Complexity Issues (variable points)

  • Deeply nested conditionals (>4 levels)
  • Excessive function length
  • High cyclomatic complexity

Scoring System

The slop score is additive - each finding adds to the total. There is no maximum score.

Finding TypePoints
Silent Catch+3
Mystery Fallback+2
Complexity/Abstraction+1-2
Style/Naming Drift+1

For detailed explanations of each pattern and why it matters, see Slop Scoring.

Ghost Mode

By default, Slopcannon operates in ghost mode:

  • ✅ Analyzes all PRs
  • ✅ Stores results in the dashboard
  • ❌ Does not post GitHub comments
  • ❌ Does not create check runs

This allows teams to evaluate the tool before enabling visible feedback.

Priority Queue

Analysis jobs are prioritized:

  1. Live PRs (from webhooks) - Immediate processing
  2. Open PRs (initial import) - High priority
  3. Recent closed (last 7 days) - Medium priority
  4. Historical (7-90 days) - Low priority

This ensures new PRs get analyzed quickly while historical imports happen in the background.

Getting StartedSlop Scoring