Generic AI reviewers don't know what your repo is. SlopBuster does — and it changes everything about what a good review looks like.
How It Works
SlopBuster is a codebase-aware AI code reviewer that understands your repository, detects AI-generated issues, and explains findings in context.
The fundamental principle
Without knowing what a repo is, a good code review cannot happen. Every other tool reviews your diff against generic rules. SlopBuster first builds a structured understanding of your repo — then reviews the diff against that understanding.
Phase 0: RepoWatch — Building Your Quality Profile
Before any PR is reviewed, RepoWatch runs a structured discovery sequence. These checks are mandatory — they gate everything else:
main-development-branch → Which branch is the integration target?
main-languages → Not just "Python" — which version? 3.9 and 3.13 need completely different advice.
what-is-the-repo-about → Web API? Embedded firmware? ML pipeline? Game engine? This changes everything.
RepoWatch then assembles a repo_intelligence block that gets prepended to every review prompt:
Repository: tacticaledge/prospectory-backend
Stack: Python 3.13 | FastAPI, Pydantic V2, SQLAlchemy
Goals: High test coverage, Schema-first contracts, Type safety
Quality Profile (12 assessments):
architecture: Dependency injection pattern confirmed (excellent)
security: No hardcoded secrets found (good)
testing: Integration tests present, unit coverage low (needs_attention)
Skip these folders: tests/outputs/, docs/_build/
The Fog of War system progressively reveals checks relevant to your domain using expert personas — Raymond Hettinger for Python projects, Rob Pike for Go services, domain experts for embedded, ML, or blockchain repos. Checks are revealed 1–3 at a time. Never overwhelming. Always specific.
Phase 1: The PR Review — 3 Bots in Parallel
When a PR is opened, three specialized bots run simultaneously — each with the repo_intelligence block loaded:
Code Review Bot
Reviews architecture, patterns, maintainability, and adherence to your codebase standards. Catches framework reinvention against full repo grep access.
Slop Checker Bot
Has full repo grep access. Specifically hunts for AI-generated patterns: reimplemented utilities, hallucinated APIs, band-aid fixes that ignore existing solutions.
Security Review Bot
Change-scoped security analysis: injection, secrets, auth, input validation — with domain-specific interpretation based on what the repo is.
Phase 2: Findings & Teaching Chat
SlopBuster shows 1–3 issues at a time, prioritized by impact. Every finding includes a teaching chat grounded in your codebase — ask why it matters, how to fix it, what the better pattern is. The answer uses your code as the example, not a generic Stack Overflow snippet.
11 Quality Pillars
Every check belongs to one of 11 pillars. Each check has domain-specific interpretations — “input validation” means sensor bounds for embedded firmware, SQL parameter binding for a web API, schema validation for an ML pipeline.
Know Yourself
Discovery: stack, languages, versions, repo purpose
Architecture
Layering, dependency direction, module boundaries
Maintainability
Naming, complexity, duplication, modularity
Testing
Coverage, test types, meaningful assertions
Security
Injection, secrets, auth, input validation
Performance
Algorithmic complexity, N+1s, memory budgets
Resilience
Error handling, retries, graceful degradation
Observability
Logging, tracing, alerting
Deployment & Operations
CI/CD, rollback, environment parity
Team Practices
PR hygiene, commit quality, documentation
AI Collaboration
Prompt contracts, structured output, no keyword band-aids