Stats
Actions
Tags
From clamper
Clamper verification loop — proof-of-work quality gate for code changes. The thing Claude Code is missing.
How this skill is triggered — by the user, by Claude, or both
Slash command
/clamper:verificationThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Claude Code generates code but doesn't verify its own output. Clamper's verification loop ("The Clamp") fills this gap with a structured proof-of-work process that catches issues before they compound.
Claude Code generates code but doesn't verify its own output. Clamper's verification loop ("The Clamp") fills this gap with a structured proof-of-work process that catches issues before they compound.
Every code change falls into one of four risk tiers:
| Tier | Risk | Examples | Verification Level |
|---|---|---|---|
| 1 | Low | Comments, docs, formatting | Style check only |
| 2 | Medium | Business logic, new functions | Tests + imports + style |
| 3 | High | Auth, security, config, build | Full verification + security scan |
| 4 | Critical | Database migrations, API changes, deployments | Full + human review required |
Step 1: Scope — What changed and what could break?
Step 2: Correctness — Does the code do what it claims?
grep -r "export.*functionName" --include="*.ts"Step 3: Tests — Does evidence support correctness?
Step 4: Security — Is it safe?
grep -rn "api_key\|secret\|password\|token" <file>Step 5: Score — Confidence rating 0-100:
| Score | Meaning | Action |
|---|---|---|
| 90-100 | All checks pass, tests green | Accept |
| 80-89 | Minor style issues, tests pass | Accept with notes |
| 60-79 | Missing tests or minor concerns | Flag for review |
| 40-59 | Failing tests or security concerns | Reject, fix required |
| 0-39 | Critical issues found | Reject, immediate fix |
Import ghosts (~30% of failures): Code imports a function that doesn't exist in the target module. Always grep for the actual export.
Untested paths (~25%): New code added without corresponding tests. The "tests pass" signal is meaningless if tests don't cover the change.
Config cascade (~20%): Changing package.json, tsconfig, or pyproject.toml without checking downstream effects. Build may break in ways not caught by unit tests.
Security blindspots (~15%): Auth-adjacent code changes that don't get security review. Any file with "auth", "session", "token", "permission" in the path needs extra scrutiny.
Type drift (~10%): In TypeScript/Python projects, changes that break type contracts caught only at runtime.
Verification results are stored in ${CLAUDE_SKILL_DIR}/../../data/verification-log.jsonl.
post-edit-verify.py which detects risk signals/clamp command runs full verification via clamper-verifier agentnpx claudepluginhub pretinnov-inc/claude-plugin-marketplace --plugin clamperProvides a checklist for code reviews covering functionality, security, performance, maintainability, tests, and quality. Use for pull requests, audits, team standards, and developer training.