Practices & Feedback
The categories of automated checks that keep your repo healthy
๐ Security
- SAST โ Static application security testing flags vulnerabilities in source code before merge
- DAST โ Dynamic scanning probes a running site for common web vulnerabilities
- Secrets Detection โ Scans every commit for accidentally committed credentials or tokens
- Dependency Scanning โ Checks all dependencies for known CVEs on every pull request
๐งน Hygiene
- Complexity Checks โ Enforces complexity thresholds to keep functions readable and maintainable
- Doc Structure โ Validates that required documentation sections are present
- Doc Accuracy โ Ensures documentation reflects the actual state of the codebase
- Doc Size โ Prevents documentation from growing unwieldy or stale
โ Reliability
- E2E Tests โ Playwright tests verify all pages and user flows work on every pull request
- Smoke Tests โ Lightweight smoke tests run against staging and production after every deploy
๐ Deployment
- Preview Deploys โ Every pull request gets a unique preview URL on Netlify for review
- Production Deploy โ Merges to main trigger an automatic production release
- Preview Cleanup โ Stale preview environments are automatically removed after PRs close
Development Loops
SlopStopper organises quality feedback into two loops that keep velocity high and quality consistent.
Inner Loop โ Local
The fast, local cycle a developer (or AI agent) runs before pushing. Completes in seconds to minutes.
โ๏ธ Write Codewith AI
โ
๐จ Build & Lintlocally
โ
๐งช Run Testslocally
โ
๐ค Commit & Pushopen PR
โฉ iterate on feedback
Outer Loop โ CI/CD
Automated checks triggered on every push or PR. Deterministic feedback before code reaches production.
๐ค Push / PR
โ
๐ SecuritySAST ยท DAST ยท Secrets ยท CVEs
โ
๐งน HygieneComplexity ยท Docs
โ
โ
ReliabilityE2E ยท Smoke Tests
โ
๐ DeployPreview URL
โ
๐ฌ Feedbackto developer
โฉ fix & iterate