README
CustomGPT Quadruple Verification for Claude Code
Catch security bugs, placeholder code, and hallucinated claims in AI-generated code — before it ships.
Built by CustomGPT.ai for production teams running Claude Code at scale.
The Problem
41% of all new code committed in 2026 is AI-generated — and 58% of it contains security vulnerabilities. Every existing tool (SonarQube, Snyk, Semgrep, CodeRabbit) works after the code is written — at CI, PR review, or repo scan. Nothing catches issues at the moment of generation.
Quadruple Verification intercepts Claude Code operations in real time, before code hits the filesystem. Regex fast-gates block obvious violations in <50ms. An AI self-review layer catches subtle issues across quality, security, research accuracy, and completeness.
What It Does
Four verification cycles run automatically on every Claude Code operation:
| Cycle | When | What |
|---|---|---|
| Cycle 1 — Code Quality | Before file write/edit | Regex gate blocks TODO, placeholder, stub, and incomplete code |
| Cycle 2 — Security | Before write/edit/bash/MCP | Regex gate blocks eval(), hardcoded secrets, SQL injection, XSS, destructive commands |
| Cycle 3 — Output Quality | Before Claude finishes | AI multi-section review: code quality, security, research claims, completeness |
| Cycle 4 — Research Claims | Before write/edit of research .md | Blocks vague language, unverified stats, missing source URLs |
| Audit Trail | After every operation | Full JSONL audit log + optional LLM advisory analysis |
Quick Start
Requirements
- Node.js >= 18
- Claude Code CLI
Option 1: Marketplace (Recommended)
Two commands inside Claude Code — includes auto-updates:
/plugin marketplace add kirollosatef/customgpt-claude-quadruple-verification
/plugin install customgpt-claude-quadruple-verification@kirollosatef-customgpt-claude-quadruple-verification
That's it. The plugin auto-updates every session.
Option 2: npx
Run from any terminal:
npx @customgpt/claude-quadruple-verification
Option 3: Manual Install
Windows (PowerShell):
git clone https://github.com/kirollosatef/customgpt-claude-quadruple-verification.git
cd customgpt-claude-quadruple-verification
.\install\install.ps1
macOS / Linux:
git clone https://github.com/kirollosatef/customgpt-claude-quadruple-verification.git
cd customgpt-claude-quadruple-verification
bash install/install.sh
Verify Installation
node install/verify.mjs
Test It
- Start Claude Code in any project
- Ask: "Create a Python file with a TODO comment"
- The operation should be BLOCKED with an explanation
- Check audit logs in
.claude/quadruple-verify-audit/
Team Setup
To auto-prompt all team members to install the plugin, commit this file to each repo:
.claude/settings.json
{
"plugins": [
"kirollosatef/customgpt-claude-quadruple-verification"
]
}
When anyone opens the project in Claude Code, they'll be prompted to install the plugin. See docs/team-setup/settings.json for the template.
Auto-Updates
- Marketplace installs auto-update every session — push to the repo and everyone gets it.
- npx installs get the latest version each time
npxruns. - Manual installs require
git pullto update.
How It Works
The plugin uses Claude Code's hook system to intercept operations at three points: