Skip to main content

Catch the LLM/AI calls you didn't need. A fast, deterministic linter that flags LLM API calls where plain code is simpler, cheaper, and more reliable.

Project description

overllm

Catch the LLM/AI calls you didn't need.

overllm is a small, fast linter with one job: find the places in your code where you call an AI model to do something plain code does better. You called GPT to parse a date. You called a model to extract JSON that json.loads already handles. You are paying latency, money, and nondeterminism for a regex.

It reads your code with a real parser: Python through the standard-library ast, and JavaScript and TypeScript through tree-sitter. No model runs, no network, no API key. Same code in, same result out. Fast enough for a pre-commit hook.

Everyone else lints the code the AI wrote. overllm catches where you are paying an AI to do what a library already does.

Install

pip install overllm          # Python
pip install "overllm[js]"    # adds JavaScript / TypeScript support

Use it

overllm .            # scan the current project
overllm src/         # scan a folder
overllm app.py       # scan one file

Example output:

app.py:42:5 llm-mechanical  LLM call asks the model to sort
    resp = client.chat.completions.create(model="gpt-4o", messages=[...])
    -> use sorted()

app.py:88:1 llm-in-loop  LLM call inside a loop: one API round-trip per iteration
    completion(model="gpt-4o", messages=[{"role": "user", "content": f"tag {x}"}])
    -> batch the inputs into a single call, cache repeated results, or use a function

2 needless LLM calls in 1 file.

overllm exits non-zero when it finds something, so it gates a commit or a CI check. Pass --exit-zero to report without failing.

Rules

Every rule fires only on a concrete code pattern, and every finding names the deterministic replacement. It stays silent when it is not sure.

Rule Fires when Suggests
static-prompt The user prompt is a compile-time constant, no variables. The input is fixed, so the call buys nothing. precompute or cache the result
llm-extraction The prompt asks the model to extract an email, URL, date, or number. a regex, datetime, or urllib.parse
llm-mechanical The prompt asks for a mechanical transform: sort, reverse, count, sum, deduplicate, change case, base64, arithmetic on literals. the one-line stdlib equivalent
llm-in-loop An LLM call runs once per loop iteration (real N calls, not streaming). batch, cache, or move it out of the loop
prompt-injection Untrusted web-request input (request.args, request.json, ...) flows straight into the prompt. keep it in a separate user message, validate it, constrain the model

It detects the OpenAI, Anthropic, Google, Mistral, Cohere, Groq, AWS Bedrock, HuggingFace, Replicate, LangChain, LiteLLM, and Ollama SDKs in Python, the Vercel AI SDK (generateText, streamText, generateObject) and the openai / anthropic node SDKs in JavaScript and TypeScript, and raw HTTP requests to those hosts.

Silence a false positive

resp = client.chat.completions.create(...)  # overllm: ignore
resp = client.chat.completions.create(...)  # overllm: ignore=llm-in-loop

Put # overllm: ignore-file at the top of a file to skip the whole file.

Configure

In pyproject.toml (Python 3.11+):

[tool.overllm]
ignore = ["llm-in-loop"]
exclude = ["examples/", "migrations/"]

Or on the command line: --select, --ignore, --exclude via config, --config PATH.

Pre-commit hook

In .pre-commit-config.yaml:

repos:
  - repo: https://github.com/theadamdanielsson/overllm
    rev: v0.1.1
    hooks:
      - id: overllm

GitHub Action

overllm ships an Action that scans a pull request and leaves one grounded comment. It stays silent when there is nothing to say.

name: overllm
on:
  pull_request:

permissions:
  contents: read
  pull-requests: write

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: theadamdanielsson/overllm@v1
        with:
          paths: "."

Other output formats

overllm --format json .      # machine-readable
overllm --format sarif .     # upload to GitHub code scanning
overllm --format markdown .  # the PR-comment body

Why not just use an AI code reviewer?

AI reviewers and AI-slop linters look at the code the model produced: comments, dead code, structure. None of them ask the question overllm asks, which is whether you needed the model at all. It is a different axis, and it is one plain static analysis can answer with high precision and zero cost.

License

MIT © Adam Danielsson

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

overllm-0.2.1.tar.gz (27.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

overllm-0.2.1-py3-none-any.whl (24.1 kB view details)

Uploaded Python 3

File details

Details for the file overllm-0.2.1.tar.gz.

File metadata

  • Download URL: overllm-0.2.1.tar.gz
  • Upload date:
  • Size: 27.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for overllm-0.2.1.tar.gz
Algorithm Hash digest
SHA256 b930b4b55758ade3f455939f39c8243f871365f361d6813e502ac34cdc25a09f
MD5 756d4db2c166c7b83efd2e5ff55c8c17
BLAKE2b-256 a45f682905040e338204e371b70aa910f1569bd6518e6f61c68f3ac87c2c37bb

See more details on using hashes here.

Provenance

The following attestation bundles were made for overllm-0.2.1.tar.gz:

Publisher: publish.yml on theadamdanielsson/overllm

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file overllm-0.2.1-py3-none-any.whl.

File metadata

  • Download URL: overllm-0.2.1-py3-none-any.whl
  • Upload date:
  • Size: 24.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for overllm-0.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 ba08afdb0f9d6ce4ffd05a31e8f8d5b650200b5ba1ae26ffae4c77c711202f97
MD5 1793a379e4f0614b2e432a2543630cc1
BLAKE2b-256 325b109afc9b42145a1ee4fb8fedbf198090e1fc7c01ec3181f5f88cee84813e

See more details on using hashes here.

Provenance

The following attestation bundles were made for overllm-0.2.1-py3-none-any.whl:

Publisher: publish.yml on theadamdanielsson/overllm

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page