NUCLEUS VERIFY

Verify AI-Generated Code Before You Run It

Deterministic structural verification for code from ChatGPT, Claude, Cursor, Copilot, and Gemini. Signed certificates. Proof packs you can independently replay.

Verify a Repository View Benchmark
Verification Corpus
Frozen Benchmark
0
Repos scanned
0
Consistency errors
Live Corpus
0
Repos verified
0
Certificates
0
Lines of code
0
Findings
0
Proof packs
Artifact Integrity Determinism Contract Adherence Build Validation Structural Integrity

Verify a Repository

Public GitHub, GitLab, and Bitbucket repositories. Results in ~15 seconds.

Try an example:

expressjs/express pallets/flask jashkenas/underscore
📁
Drop a ZIP file here or click to browse
Extension determines language detection

Paste the full AI response including code blocks. Nucleus will extract the code and verify the implementation against your claims.

Optional: list what the AI claims to have implemented
🔒
Deterministic Replay
Same inputs, same hash, every time
📜
Signed Certificates
Ed25519 offline verification
Honest Disclosure
Every cert says what was NOT checked
Large repositories supported. Very large scans are processed asynchronously.

How it works

1

Submit your code

Provide a public repository URL, upload a ZIP archive, or paste source code directly. Nucleus Verify clones the repository, indexes every file, and builds a complete artifact map before analysis begins.

2

Five verification gates

Every submission passes through 5 deterministic gates: Artifact Integrity (file tree hashing), Determinism (triple-ordering reproducibility), Contract Adherence (dependency and licence checks), Build Validation (config and manifest analysis), and Structural Integrity (architecture and complexity scoring). Each gate produces a pass/fail result with detailed evidence.

3

424 operators across 31 families

After gates pass, Nucleus runs its full operator suite — scanning for security vulnerabilities, supply chain risks, compliance violations, code quality issues, and AI/LLM-specific risks. Each operator is a focused detection rule that produces structured findings with severity, location, and remediation guidance. Enterprise customers can request custom operators tailored to their specific compliance frameworks, internal policies, or industry regulations.

4

Signed certificate and proof pack

You receive a cryptographically signed verification certificate and a downloadable proof pack containing all gate results, operator findings, deterministic hashes, and scope disclosures. Anyone can independently replay the verification to confirm the result — no trust required.

Five gates. Every verification.

Every repository passes through the same deterministic verification pipeline.

gate_v2 — Artifact Integrity
Repository structure, file tree hash, artifact completeness
gate_d — Determinism
Same inputs always produce identical output. Verified with 3 orderings.
contract — Contract Adherence
Code matches what the README claims. Majority adherence required.
build — Build Validation
Build succeeds. Syntax valid. No blocking errors.
gate_s — Structural Integrity
Internal consistency. Auth without authorisation. Missing pagination. Dead routes.

What Nucleus Verify does not check: runtime correctness, security vulnerabilities, business logic, performance, accessibility.

System Specification

Version 1.1.1 Verification gates 5 Operators 424 across 31 families Certificate signing Ed25519 Hash algorithm SHA-256 Deterministic seed 42 Benchmark corpus 915 repos, 0 errors Test coverage 1400+ tests

Example Verification Result

VERIFIED
gate_v2 passed gate_d passed contract passed build passed gate_s passed
Artifacts scanned 12
Stack detected node
Trust score 100/100 (A)
Scan grade A
Operators matched 55/424

Real result from a public repository verification. All values are deterministic and reproducible.

Deterministic Verification

Every verification run produces the same cryptographic hashes for the same input. You can independently replay any proof pack to confirm the result.

det_hash bfbe36be061fe607bc500ef270ef24f7309dcefce707952b9f6a9d708352b513
spec_hash 29c5e4a36eaa753a155fd1d4e931187c296746ee6309cf68ccd8b419021afccc
artifact_tree_hash 20b196389c6629eb204143556855b3095dc99462cc23a25ea9d18464e147d401
proof_pack_hash 33c0749da9aff525d4dd62bcf764e2cbf343609d21e78ca37465fec53a9e389b

Same repository, same seed, same hashes. Always.

AI-Generated Code Verification

When AI claims it built something, Nucleus Verify checks if the structural evidence actually exists in the code.

PARTIAL
contract — feature_presence
Prompt claims ‘file_upload’ but no structural evidence found in artifacts
CV-B077F5

Real finding from a verification run. The AI claimed it implemented file upload, but the code contained no upload handling, multipart parsing, or file storage logic.

Frozen benchmark (March 2026)

915 public repositories. Python and JavaScript ecosystems. Zero consistency errors.

41%
Verified
38%
Partial
20%
None

A system that verifies 41% of real-world repositories is honest. A system that verifies 90% is lying.

What we don't verify

  • Semantic correctness of business logic — we verify structure exists, not that the logic is right
  • Runtime behavior under production load — no execution, stress testing, or load profiling
  • Security vulnerability scanning — operator-level pattern detection only; no DAST, fuzzing, or pen testing
  • Accessibility compliance — structural checks, not WCAG conformance auditing
  • Performance benchmarks — no runtime profiling or time-complexity analysis
  • Data integrity under concurrent writes — no concurrency testing or race-condition reproduction

Every certificate explicitly lists what was not verified. Honest disclosure is a core design principle.

Who it's for

Developers

Verify AI-generated code before it ships. Certificate in every PR. Know exactly what was built vs what was claimed.

Engineering Managers

Structural gaps caught before production. Audit trail for every decision. Trust scores you can track over time.

Enterprise & Compliance

SOC 2 ready. PostgreSQL audit log. Ed25519 signed. Independently replayable. Full chain of custody.

Pricing

Start free. Scale when you're ready.

Free
$0
forever
  • 5 verifications / day
  • 7-day history retention
  • Full report & proof hashes
  • Public verification URL
Get Started
Plus
$20
/month
  • 50 verifications / day
  • 12-month history retention
  • PDF certificate download
  • Email support
Business
$50
/seat/month
  • Unlimited verifications
  • Full history retention
  • Team seats & API access
  • Priority support
Enterprise
Custom
annual contract
  • Unlimited verifications
  • Private repo verification
  • SLA & dedicated support
  • Custom integration

Need just one certificate? $3 one-time per verification. Available on the result page.

For enterprise enquiries, custom plans, or volume pricing contact contact@altermenta.com