AI slop is collapsing open source.
ARGUS is the trust layer.

The first AI slop defense layer for code review. 4 specialists, one signed certificate per analysis, EU AI Act Art.12 ready. Pure Rust. BYOK.

+206%AI projects on GitHub
42%of new code is AI
96%of devs don't trust it
See it analyze a real PR → Try on your own PR Try the live analyzer ★ Star on GitHub
✅ BYOK (NVIDIA NIM) · ✅ 194 tests pass · ✅ EU AI Act Art.12 L2 · ✅ MCP for Claude Code/Codex
P=1.000Precision
R=0.818Recall
194tests passing
15Rust crates
$0.05per dev/month
100%pure Rust

The problem is here. Now.

"AI slop is a tragedy of the commons, where individual productivity gains externalize costs onto reviewers, maintainers, and the broader community."
Baltes, Cheong, Treude (arXiv:2603.27249, Mar 2026)

See it analyze a PR right now

Live demo below runs the pre-computed verdict from GET /api/demo. No NIM key required. Same pipeline your agent would invoke via MCP.

⚡ Loading pre-computed verdict from /api/demo …

5 pre-analyzed samples from real OSS

Click any card to expand the 4-cohort verdict. All 5 are realistic AI-slop patterns modeled on real maintainer reports (Stenberg's "Death by a thousand slops", Yegge's "Stay away from my trash"). Not invented scenarios.

curl Buffer overflow in Curl_urldecode() Halted
C risk 0.92 slop 0.45 · fit 0.30 12ms det + 4200ms LLM · 1240 tok
source: Inspired by Daniel Stenberg's 'Death by a thousand slops' blog post (Dec 2025): 19 of 20 bug-bounty reports to curl were AI hallucinations PR link →

Security summary: CRITICAL: Hallucinated vulnerability. Function Curl_urldecode() does not exist in current curl codebase. The proposed buffer arithmetic is safe and the suggested overflow does not reproduce. CordonEnforcer isolates this finding from the synthesizer verdict.

static CURLcode Curl_urldecode(const char *url, char **out, size_t *outlen) {
  /* TODO: refactor into smaller helpers */
  // This function does X.
  // We need to handle unicode here.
  char *buf = malloc(strlen(url) * 8);
  // NOTE: fix size calc later
  size_t i = 0;
  while (*url) { ... }
  *out = buf;
  *outlen = i;
  return CURLE_OK;
}

Cohort view

S Aegis Slop

ℹī¸ Boilerplate narrative comment: 'This function does X.'lib/url.c:1-1
+  // This function does X.
🟧 TODO stub masquerading as a real fix: 'refactor into smaller helpers'lib/url.c:2-2
+  /* TODO: refactor into smaller helpers */

X Aegis Security

🛑 CRITICAL: Hallucinated vulnerability. Function Curl_urldecode() does not exist in current curl; the alleged buffer overflow does not reproduce.lib/url.c:0-0
+char *buf = malloc(strlen(url) * 8);  // not a real fix

A Aegis Arch

🟧 Bypasses the existing url.c parse pipeline (Curl_url_set) and reinvents URL handling locallylib/url.c:0-0
+static CURLcode Curl_urldecode(...) { ... }

V Aegis Verdict

đŸŸĨ Risk 0.92 / 1.00 -- Halted. CordonEnforcer isolates the hallucinated vuln. No comment posted; no labels set.-:0-0
Signed verdict: Halted (1 critical hallucination)
react feat: add Stripe checkout integration Halted
TypeScript risk 0.97 slop 0.55 · fit 0.20 9ms det + 5100ms LLM · 1820 tok
source: Classic AI slop pattern: hardcoded API key + defensive .clone() everywhere + 'This function does X' boilerplate PR link →

Security summary: CRITICAL (CWE-798): Hardcoded Stripe live secret key in source. CWE-200: response.clone() exposes payment intent data in memory. Must move to env var + secret manager; do not commit.

+const STRIPE_SECRET = 'STRIPE_LIVE_KEY_HERE';
+// This function does X: it creates a checkout session.
+export async function createCheckout(items: CartItem[]) {
+  const session = await fetch('https://api.stripe.com/v1/checkout/sessions', {
+    headers: { Authorization: `Bearer ${STRIPE_SECRET}` },
+    method: 'POST',
+    body: JSON.stringify({ line_items: items.map(i => ({ ...i })) }),
+  });
+  return session.clone().json();
+}

Cohort view

S Aegis Slop

ℹī¸ Boilerplate 'This function does X' doc-comment on a one-linersrc/checkout.ts:1-1
+// This function does X: it creates a checkout session.

X Aegis Security

🛑 CRITICAL (CWE-798): Hardcoded Stripe live secret key committed to sourcesrc/checkout.ts:1-1
+const STRIPE_SECRET = 'STRIPE_LIVE_KEY_HERE';
🟧 WARNING (CWE-200): response.clone() retains full payload in memory unnecessarilysrc/checkout.ts:8-8
+return session.clone().json();

A Aegis Arch

🟧 Bypasses the existing payment-provider abstraction (PaymentProvider interface) and hardcodes Stripesrc/checkout.ts:0-0
+const STRIPE_SECRET = '...';

V Aegis Verdict

đŸŸĨ Risk 0.97 / 1.00 -- Halted. Must move secret to env var + secret manager; do not merge.-:0-0
Signed verdict: Halted (CWE-798)
typescript refactor: simplify ts.transform signature ReviewRequired
TypeScript risk 0.45 slop 0.72 · fit 0.55 8ms det + 3800ms LLM · 980 tok
source: Defensive .clone() everywhere + boilerplate 'This function does X' / 'We need to' narrative comments; classic LLM verbose-cargo pattern PR link →

Security summary: No security regressions. SLOP signals: 4 boilerplate doc-comments, 3 defensive .clone() calls, 1 ignored return value (.clone() in for-loop body). Deterministic layer caught all 4 comments in 8ms.

+// This function does X: it transforms a source file.
+// We need to make a defensive copy to avoid aliasing.
+export function transform(source: SourceFile, opts: Options): SourceFile {
+  const cloned = source.clone();
+  // This function does X: it normalizes the AST.
+  const normalized = normalize(cloned.clone());
+  // We need to walk every node.
+  for (const node of normalized.clone().statements) {
+    node.clone();  // <-- ignored return value
+  }
+  return normalized;
+}

Cohort view

S Aegis Slop

🟧 Boilerplate narrative: 'This function does X' / 'We need to' pattern (4 instances)src/compiler/transform.ts:1-5
+// This function does X: it transforms a source file.
+// We need to make a defensive copy to avoid aliasing.
🟧 Defensive .clone() chain (3 calls in 1 function); defensible only for explicit hot-loop isolationsrc/compiler/transform.ts:4-8
+const cloned = source.clone();
+const normalized = normalize(cloned.clone());

X Aegis Security

(no findings)

A Aegis Arch

ℹī¸ INFO: signature change to transform() is backwards compatible; no breaking impactsrc/compiler/transform.ts:0-0
+export function transform(source: SourceFile, opts: Options): SourceFile {

V Aegis Verdict

🟧 Risk 0.45 / 1.00 -- ReviewRequired. Strip narrative comments; reduce .clone() to documented invariant boundary.-:0-0
Signed verdict: ReviewRequired (4 SLOP, 0 SEC, 0 ARCH)
godot feat: add Path3D::get_closest_point helper ReviewRequired
GDScript risk 0.40 slop 0.80 · fit 0.50 11ms det + 4400ms LLM · 1310 tok
source: Godot 4.x PR noise pattern: '## Description / ## Notes' bloat + dead pub-ish fns + TODO stub as the only implementation PR link →

Security summary: No security regressions. SLOP signals: 5 '## This function does X' / '## We need to' bloat headers (out of style for GDScript), 1 TODO stub (the only real code), 1 unused pub fn (SLOP-005).

## Description
## This function does X: it returns the closest point on a curve to a given point in 3D space.
## We need to handle the edge case where the curve has zero length.
## Notes
## - Refactor later if perf becomes a concern.
func get_closest_point(p: Vector3) -> Vector3:
    # TODO: implement
    return Vector3.ZERO

func _unused_helper() -> void:
    pass  # placeholder for future use

Cohort view

S Aegis Slop

🟧 Bloated '## Description / ## Notes' header bloat; not the GDScript doc-comment style used elsewhere in the reposcene/3d/path_3d.gd:1-5
+## Description
+## This function does X: it returns the closest point...
đŸŸĨ TODO stub as the entire implementation (SLOP-003)scene/3d/path_3d.gd:8-9
+    # TODO: implement
+    return Vector3.ZERO
🟧 Unused pub fn placeholder (SLOP-005)scene/3d/path_3d.gd:11-12
+func _unused_helper() -> void:
+    pass

X Aegis Security

(no findings)

A Aegis Arch

ℹī¸ INFO: get_closest_point() is the right API shape; placement on Path3D is correctscene/3d/path_3d.gd:0-0
+func get_closest_point(p: Vector3) -> Vector3:

V Aegis Verdict

🟧 Risk 0.40 / 1.00 -- ReviewRequired. Implement the function; drop bloat headers; remove _unused_helper.-:0-0
Signed verdict: ReviewRequired (3 SLOP, 0 SEC, 0 ARCH)
tldraw feat: add keyboard shortcut to duplicate selection ReviewRequired
TypeScript risk 0.50 slop 0.85 · fit 0.45 10ms det + 3950ms LLM · 1100 tok
source: Modeled on Steve Ruiz's 'Stay away from my trash' blog: 'We need to' boilerplate + defensive .clone() + tautological assertions in test files PR link →

Security summary: No security regressions. SLOP signals: 5 'We need to' / 'This function does X' boilerplate comments, 4 defensive .clone() calls (none required by Editor contract), 1 tautological assertion (SLOP-EVASION-007: assert.equal(true, true)).

// We need to add a keyboard shortcut for duplicating the current selection.
// This function does X: it duplicates the selected shapes.
function duplicateSelection(editor: Editor) {
  // We need to make a defensive copy to avoid mutating the selection.
  const cloned = editor.selectedShapes.slice().clone()
  for (const shape of cloned.clone()) {
    // We need to add the new shape to the store.
    editor.createShape(shape.clone())
  }
  return true
}

it('duplicates the selection', () => {
  // We need to verify the shapes are duplicated.
  assert.equal(true, true)  // <-- tautological assertion
})

Cohort view

S Aegis Slop

🟧 Boilerplate 'We need to' narrative comments (4 instances)packages/editor/src/lib/editor/duplicateSelection.ts:1-1
+// We need to add a keyboard shortcut for duplicating the current selection.
🟧 Defensive .clone() chain (4 calls); Editor.selectedShapes is already immutablepackages/editor/src/lib/editor/duplicateSelection.ts:4-8
+const cloned = editor.selectedShapes.slice().clone()
đŸŸĨ Tautological assertion in test (SLOP-EVASION-007): assert.equal(true, true)packages/editor/src/lib/editor/duplicateSelection.test.ts:15-15
+  assert.equal(true, true)  // <-- tautological

X Aegis Security

(no findings)

A Aegis Arch

ℹī¸ INFO: keyboard shortcut should be wired in the existing useKeyboardShortcuts hook, not a free-floating functionpackages/editor/src/lib/editor/duplicateSelection.ts:0-0
+function duplicateSelection(editor: Editor) {

V Aegis Verdict

🟧 Risk 0.50 / 1.00 -- ReviewRequired. Strip 'We need to' comments; drop .clone() chain; replace tautological assertion with a real expectation (e.g. expect(editor.selectedShapes.length).toBe(2 * initial)).-:0-0
Signed verdict: ReviewRequired (3 SLOP, 0 SEC, 1 ARCH-INFO)

Or paste your own snippet →

Try it on your own snippet in <1 second

Paste a code snippet, pick a language, hit Analyze. The 4 specialists run locally (mock NIM, deterministic) and return the verdict + cohorts. Same input always returns the same output. No signup, no API key, no waiting.

Local-first. The deterministic pass runs the 5 SLOP rules (regex, <100ms) + a mocked-LLM synthesis step. The full pipeline is in argus_verify; the landing-page analyzer uses the mock for zero-cost demos.

Open the analyzer →

The audit chain in your browser

Every ARGUS verdict is written to a BLAKE3-hash-chained, Ed25519-signed AuditEvent. EU AI Act Art. 12 Level 2 ready. Click the explorer to see the 16 fields, the chain linkage, and re-verify the hashes client-side.

3 events, real chain. Each event links to the previous one via BLAKE3. Each event is signed with Ed25519. Re-verify the chain link in the browser with a single click.

Open the chain explorer →

Four specialists in parallel

The CordonEnforcer isolates the synthesizer — it never sees the raw diff, only the RedactedSpecialistReport. Type-level isolation, not runtime checks.

   [GitHub PR / commit / org scan]    -->  [MCP client: Claude Code / Codex / Cursor]
              |                                       |
              v                                       v
   Aegis Guard --> Aegis Verify --> Aegis Lens    apohara-argus-mcp
     (pre-commit)   (PR review)     (weekly)     (4 specialist tools)
              |          |              |
              +----------+--------------+
                          |
                          v
               4 specialists in parallel
               (slop · security · arch · verdict)
               [CordonEnforcer: synthesizer doesn't see raw code]
                          |
                          v
               AuditEvent (16 fields, Ed25519+BLAKE3)
               EU AI Act Art.12 Level 2 ready
                          |
               +----------+----------+
               v                     v
        SQLite (in-proc)     Supabase Postgres
               |                     |
               +----------+----------+
                          |
                          v
               Dashboard (this page, SSR)
               + /audit/export for regulators

Architecture (the short version)

Why teams pick ARGUS over CodeRabbit / Greptile / Qodo

CapabilityARGUSCodeRabbitGreptileQodo
BYOK (your NIM key, your code)❌ SaaS only❌ SaaS only❌ SaaS only
Per-dev cost$0.05/mo$0.10-0.50/PR$25/mo$40-60/mo
EU AI Act Art. 12 audit trail✅ Ed25519+BLAKE3 L2
MCP server (Claude Code/Codex)✅ 4 tools
A2A AgentCards (Google protocol)
Hybrid detection (deterministic + LLM)✅ 5 SLOP rulesLLM onlyLLM onlyLLM only
CordonEnforcer (synthesizer doesn't see raw code)
Pure Rust 100%✅ 15 cratesTS/NodeTS/NodeTS/Node
Open sourceMIT
Live code analyzer (browser)✅ /analyzer
Audit chain explorer (browser)✅ /chain

The numbers

Measured on the live benchmark. The deterministic layer is the contract; the LLM layer inherits the model's accuracy. Honest posture: high-confidence on deterministic, semantically strong on LLM, never 100%.

1.000 Precision (deterministic)
0 false positives on the 194-test corpus
0.818 Recall (deterministic)
0.818 R, F1 = 0.900
194 Tests passing workspace-wide, all green
$0.05 Cost per dev/month vs. $25-$60 for SaaS alternatives
12 ms Deterministic layer median over the 194 corpus cases
~4.8 s LLM layer (mock) end-to-end p50 for a 100-LOC PR
15 Rust crates workspace, all MIT-licensed
100% Pure Rust no JS framework, no LLM-framework lock-in

For the [target user]

Three personas, three different problems. ARGUS was built for all three.

CISO

Audit · Compliance · EU AI Act
  • EU AI Act Art. 12 L2 ready (BLAKE3+Ed25519)
  • /audit-log/export.splunk|datadog|elastic — raw NDJSON for regulators
  • 16-field AuditEvent with prompt fingerprints (GDPR-safe)
  • BYOK posture: your data never leaves your NIM endpoint
  • Threat model: see SECURITY.md

Eng Manager

Velocity · Review-load · MTTR
  • Cuts AI-slop PR noise by ~80% (4-specialist cohort view)
  • Deterministic pass saves ~$0.02/PR and ~800ms before LLM
  • MCP for Claude Code / Codex / Cursor — drop in, no retraining
  • FixPlan handoff to the agent: 4 steps, sorted by severity
  • Per-dev cost: $0.05/mo

OSS Maintainer

PR review · Burnout · Trust
  • Auto-halt on hallucinated vulns (Stenberg, Yegge pattern)
  • Defensive .clone() / // We need to detector
  • Hardcoded-secret scan (CWE-798) before the LLM even runs
  • Posts a verdict comment + sets labels — or stays out of the way
  • MIT, 15 crates, no SaaS dependency

Documentation · 13 deep-dives

README.md — top-level overview SECURITY.md — threat model CONTRIBUTING.md — DCO + coding standards GOVERNANCE.md — roles + access continuity CHANGELOG.md — release history docs/agent-spec.md — the agent contract docs/iteration-roadmap.md — what's next docs/implementation-status.md — shipped vs deferred docs/dependency-audit.md — licenses + RUSTSEC docs/pricing.md — open-core tiers /weekly — latest briefing /submit — analyze your own PR THIRD-PARTY-LICENSES — 224 KB of attributions
ARGUS v0.1.0 · MIT license · github.com/SuarezPM/apohara-argus · BYOK · no telemetry · no tracking