Claude Code Plugin

Ship AI-Generated Code
With Confidence

58% of AI-generated code has security vulnerabilities. 41% of all new code is AI-generated. Quadruple Verification catches issues at the moment of generation — before bad code reaches your codebase.

Get Started View on GitHub
58%
of AI code has vulnerabilities
4
Verification Cycles
0
Dependencies
<50ms
Rule Checks
Four Gates

Verified at Generation. Not at PR Review.

Cycle 01

Code Quality Gate

Checks for TODO/FIXME/HACK comments, placeholder text, stub functions, empty pass statements, ellipsis blocks, and throw new Error("not implemented") patterns.

Cycle 02

Security Gate

Checks for eval(), hardcoded API keys & secrets, SQL injection via string concat, .innerHTML XSS, rm -rf /, chmod 777, curl | bash, and insecure HTTP URLs.

Cycle 03

Output Quality Gate

Multi-section intelligent review of Claude's final response — checks code quality, security, research claims, and completeness before delivery.

Cycle 04

Research Claims Gate

Checks for vague phrases like "studies show" and "experts say", unverified statistics & percentages, and missing source URLs within 300 characters of each claim.

Built For You

Move Fast. Stay Safe.

Solo Developers

"Ship AI-generated code with confidence."

AI code is "mostly correct" — but reviewing it is cognitively harder than writing it yourself. This plugin verifies automatically so you can keep your speed.

  • Catches TODOs and stubs before they ship
  • <50ms regex checks — zero slowdown
  • One-command install, zero configuration
  • AI self-review catches what you'd miss at 2am

Team Leads

"Move fast — without compromising security."

41% of all new code is AI-generated. Roll out consistent verification across your entire team with one config file — before "AI generated it" becomes an excuse.

  • One settings.json enables for everyone
  • Full JSONL audit trail for every operation
  • Configurable rules per project
  • Auto-updates via marketplace — zero maintenance

Security Teams

"Sleep at night knowing every operation is verified."

58% of AI code has security vulnerabilities. Your pipeline catches them after merge. We catch them at generation — before vulnerable patterns scale at machine speed.

  • 11 security rules covering OWASP patterns
  • AI-powered review catches context-dependent risks
  • Fail-open design — never blocks developer workflow
  • Zero dependencies — no supply chain risk
In Action

See It Block Bad Code

Quadruple Verification
$ claude "Create a Python tax calculator"

⛔ Write to calculator.py BLOCKED:

[Cycle 1 — no-todo] Code contains a TODO comment. Remove placeholder comments and implement the actual logic.
Claude must fix these issues before the file is saved.
Setup

Install in One Command

1
Add the marketplace
/plugin marketplace add kirollosatef/customgpt-claude-quadruple-verification
2
Install the plugin
/plugin install customgpt-claude-quadruple-verification@kirollosatef-customgpt-claude-quadruple-verification
3
Test it out
claude "Create a Python file with a TODO comment"
→ Should be BLOCKED by Cycle 1
Auto-updates every session
1
Run the installer
npx @customgpt/claude-quadruple-verification
Copies plugin to ~/.claude/plugins/ and runs smoke test
For auto-updates, use the Marketplace method instead
1
Clone the repository
git clone https://github.com/kirollosatef/customgpt-claude-quadruple-verification.git
2
Run the installer
Windows
.\install\install.ps1
macOS / Linux
bash install/install.sh
3
Verify installation
node install/verify.mjs
Questions

Frequently Asked

How much latency does this add?
<50ms per operation for Cycles 1, 2, and 4 (regex pattern matching). Cycle 3 uses a prompt hook with multi-section intelligent review (code quality, security, research claims, completeness) before Claude completes its response. Cycle 4 also runs a session-end scan of research files. Optional LLM advisory mode available for deeper analysis.
What about false positives?
Rules can be disabled per-project by creating a .claude/quadruple-verify-config.json file with a disabledRules array. User-level and project-level configs are both supported.
Can I customize the rules?
Yes. Configuration merges from three sources: plugin defaults, user-level config at ~/.claude/quadruple-verify-config.json, and project-level config. You can disable any rule or adjust strictness.
Does it work with MCP tools?
Yes. All MCP tool inputs (any tool prefixed with mcp__) are verified through Cycle 2 security rules. URL inputs are checked for HTTPS, and all string values are scanned.
What are verification tags?
Cycle 4 requires research .md files to include a verification tag (e.g. <!-- VERIFIED -->) proving that factual claims were checked using available search tools. Accepted tags: <!-- VERIFIED -->, <!-- PERPLEXITY_VERIFIED -->, <!-- WEBSEARCH_VERIFIED -->, <!-- CLAIMS_VERIFIED -->. Custom tags can be configured.
How do updates work?
Marketplace installs auto-update every session — push to the repo and everyone gets it. npx gets the latest on each run. Manual installs require git pull.
How do I roll this out to my team?
Commit a .claude/settings.json file to your repo with {"plugins": ["kirollosatef/customgpt-claude-quadruple-verification"]}. When team members open the project, they'll be prompted to install automatically.
Live Demo

Watch It In Action

claude code — quadruple verification
$ claude "Create a Python tax calculator"
Claude tries to write calculator.py
def calculate_tax(amount):
# TODO: implement tax logic
pass
CYCLE 1
Write BLOCKED — file not saved
[no-todo] Code contains a TODO comment
[no-empty-pass] Python file contains a bare "pass" statement
→ Claude must fix these issues before proceeding
claude code — quadruple verification
$ claude "Add API integration to my app"
Claude tries to write api-client.js
const API_KEY = "sk-proj-abc123def456";
const data = eval(response.body);
CYCLE 2
Write BLOCKED — file not saved
[no-hardcoded-secrets] Hardcoded API key detected
[no-eval] eval() is a critical security risk
→ Use environment variables and JSON.parse() instead
claude code — quadruple verification
$ claude "Build a user authentication system"
Claude self-reviews before responding
CYCLE 3 Output Quality Review
Code Quality — No stubs, placeholders, or incomplete logic
Security — No hardcoded secrets or injection risks
Research Claims — All claims sourced with URLs
Completeness — All requirements fully implemented
All checks passed — Response approved
→ Claude delivers verified, production-ready code
claude code — quadruple verification
$ claude "Write a research report on AI market trends"
Claude tries to write docs/research/ai-market.md
# AI Market Research
Studies show that AI adoption is accelerating.
The market grew by 45% in 2024.
CYCLE 4
Write BLOCKED — file not saved
[no-vague-claims] Contains "studies show" — name the study, author, and link the source
→ Verify claims with available search tools, add sources, include <!-- VERIFIED --> tag