Show HN: Wispbit - Linter for AI coding agents
wispbit.comHey HN! Ilya and Nikita here. We're building wispbit (https://wispbit.com) - a tool that helps keep codebase standards alive.
With the help of AI coding tools, engineers are writing more code than ever. Code output has increased, but the tooling to manage this hasn't improved. Background agents still write bad code, and your IDE still writes slop without the right context.
So we built wispbit. It works by scanning your codebase for patterns you already use, and coming up with rules. Rules are kept up to date as standards change, and you can edit rules any time.
You can enforce these rules during code review, and because we have this rules system, you can run a CLI locally to review using these rules. You can think of it as a portable rules file that you can bring anywhere.
We put a lot of work into making a system that produces good rules and avoids slop. For repository crawling, we have an agent that dispatches subagents, similar to Anthropic's research agent. These subagents will go through and look for common patterns within modules and directories, and report back to the main agent, which synthesizes the results. We also do a historical scan on your pull request comments, determine which ones were addressed, filter out comments that wouldn't make a good rule, and use that to create or update rules.
Our early users are seeing 80%+ resolution rates, meaning that 80% of comments that wispbit makes are resolved.
Long-term, we see ourselves being a validation layer for AI-written code. With tools like Devin and Cursor, we find ourselves having to re-prompt the same solution many times. We still don't know the long-term implications on AI-assisted codebases, so we want to get in front of that as soon as possible.
We've opened up signups for free to HN folks at https://wispbit.com. We're also around to chat and answer questions!
SOC2 is definitely not the highest industry standard for security (also: save yourself some money: nobody cares if you have availability attested).
when I did startups, we had multiple companies who would not sign deals until our SOC2 was complete
I don't want to do a whole thread about SOC2 here, just wanted to snipe at a bit of marketing messaging. :)
For their market maybe that line works fine. It just trips a security cool kid tripwire.
Love it :) Thank you!
Pricing?
We do a two week trial and then it's $0.2 per file reviewed. Buying in bulk + optimizing rules gives a significant discount.
Does this produce actual lint rules, or are you templating out lint-like replies from a LLM using a response format?
If you're doing inference, just give me a cli that's userless and free. I'm happy to use left over codex plan tokens or gemini free tokens for this, and while the idea seems interesting and I might be upsellable to more features down the line, the price/offering is a non starter.
We combine determinism + LLMs to catch things a human would normally have to. If the LLM finds a violation, it generates a comment.
Big agree on the CLI being open and letting you bring your own inference provider. We’re holding off on it until we get more feedback from some of our hardcore users.
What are you using for "determinism"? Sounds to me like you might just be running eslint + et al and then charging a fee for it.
We use ast-grep for the determinism part. I should have clarified - we don’t charge for fully deterministic runs. Only ones where the LLM is involved as a judge.
Is that a "yes" on lint rules? AI needs determinism to block commits because once the slop hits code review, it's already a gigantic waste of time. AI needs self-correcting loops.
It supports fully deterministic rules, which we use LLMs to help you write.
Agreed on all of this too. This is why we built the CLI tool - to shift left the work.
congrats on the work Ilya and Nikita! It was nice talking to you, all success to you guys!
<3