Detect AI hallucinations in your code before they reach production.
Works with Claude-generated code, Cursor, Copilot, ChatGPT, Tabnine, Replit AI, and every other AI coding tool.
pip install aiverify-cli-cli → aiverify your-code.py → done.
AI coding assistants are incredible — until they're not.
Last month, a developer on r/cursor pushed code that deployed an API key to production. An AI hallucinated a function name, the developer didn't notice, and the security scan caught it 3 weeks later.
Every AI model hallucinates:
- Claude Sonnet 4.5: 15-25% hallucination rate on code generation
- GPT-4o: ~20% of generated code contains at least one API hallucination
- Copilot: 33% of generated code has security vulnerabilities (MIT study)
- Cursor: Developers report "phantom imports" and "invented methods" daily
The result? You spend 20 minutes in code review catching issues an AI should never have made. Or worse — they ship.
# Scan any Python/JS/TS file for AI-generated code patterns
aiverify main.py
# Scan entire project in 1 second
aiverify src/
# Integrate into CI/CD
aiverify src/ --jsonaiverify — AI Code Verification
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✗ [GEN001] Hardcoded OpenAI API key (sk-...)
→ src/config.py:15:12 ← AI leaked your API key again
⚠ [PY001] Unused import: 'os'
→ src/main.py:3:1 ← AI left a messy import trail
⚠ [PY002] Function 'calculate_metricz' is called but not defined
→ src/main.py:19:15 ← AI invented a function. It doesn't exist.
⚠ [PY003] Deprecated import 'pkg_resources'
→ src/main.py:8:1 ← AI used an API removed in Python 3.12
⚠ [PY005] Type mismatch: string + integer
→ src/main.py:29:9 ← AI concatenated strings with numbers
ℹ [GEN002] Infinite loop: 'while True' without 'break'
→ src/main.py:34:1 ← AI will crash your server
ℹ [GEN005] Magic number 42 appears 5 times
→ src/main.py:29:1 ← AI left unexplained constants everywhere
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
7 issues found | 1 error | 5 warnings | 1 info
Exit code 1 — your CI pipeline rejects it. The hallucination never ships. ✅
| Feature | aiverify | pylint | flake8 | eslint | semgrep |
|---|---|---|---|---|---|
| Catches AI hallucinations | ✅ 15 dedicated rules | ❌ | ❌ | ❌ | ❌ |
| Detects invented functions | ✅ PY002 / JS002 | ❌ | ❌ | ❌ | ❌ |
| Catches deprecated API usage | ✅ PY003 / JS003 | ❌ | ❌ | ✅ | |
| Hardcoded credential scanning | ✅ GEN001 | ❌ | ❌ | ❌ | ✅ |
| Infinite loop detection | ✅ GEN002 | ❌ | ❌ | ❌ | ❌ |
| Commented-out dead code | ✅ GEN004 | ❌ | ❌ | ❌ | ❌ |
| Magic number detection | ✅ GEN005 | ❌ | ❌ | ❌ | ❌ |
| Tree-sitter AST parsing (not regex) | ✅ | ❌ regex | ❌ regex | ❌ regex | ✅ |
| Zero config, runs in 3 seconds | ✅ | ❌ | ❌ | ❌ | ❌ |
| Python + JavaScript + TypeScript | ✅ | 🐍 only | 🐍 only | 🌐 only | ✅ |
| JSON output for CI/CD | ✅ | ✅ | ✅ | ✅ | ✅ |
The bottom line: Existing linters find style issues. aiverify finds the issues that prove your code was written by an AI — hallucinations, invented APIs, leaked credentials, and logic traps.
# Install (package name differs from CLI command)
pip install aiverify-cli
# Scan a single file
aiverify app.py
# Scan your whole project
aiverify src/
# JSON output (for GitHub Actions, GitLab CI, etc.)
aiverify src/ --json
# Filter to specific rules only
aiverify app.py --rules PY002 GEN001
# See all available rules
aiverify --list-rules
⚠️ PyPI note: Package isaiverify-cli(the nameaiverifybelongs to another project).
Afterpip install aiverify-cli, just useaiverifyas the CLI command.
Every rule uses tree-sitter AST parsing (not regex) for zero false positives.
🐍 Python — 5 rules (click to expand)
| Code | Rule | What it catches |
|---|---|---|
PY001 |
unused-import | Imported module never used — AI leaves messy trails |
PY002 |
hallucinated-func | Function called but doesn't exist — classic AI hallucination |
PY003 |
deprecated-api | pkg_resources, distutils, imp, inspect.getargspec — AI uses old APIs |
PY004 |
wrong-arg-order | Duplicate keyword args — AI confuses parameter order |
PY005 |
type-mismatch | str + int, len() == "string" — AI forgets types |
🌐 JavaScript / TypeScript — 5 rules (click to expand)
| Code | Rule | What it catches |
|---|---|---|
JS001 |
unused-import | Imported but never referenced |
JS002 |
hallucinated-func | Function call with no definition |
JS003 |
deprecated-api | substr(), createClass, console.exception — AI uses removed APIs |
JS004 |
wrong-arg-order | Callback (data, error) instead of (error, data) — classic AI mistake |
JS005 |
null-undefined | Property access on nullable variables with no null check |
🔧 Generic — 5 rules (all languages)
| Code | Rule | What it catches |
|---|---|---|
GEN001 |
hardcoded-creds | API_KEY=, password=, sk-..., AWS keys, DB URLs |
GEN002 |
infinite-loop-risk | while True with no break or return |
GEN003 |
unused-variable | Assigned but never read |
GEN004 |
commented-deadcode | Large commented blocks — AI failed, you gave up |
GEN005 |
magic-number | Same literal 3+ times with no named constant |
# .github/workflows/aiverify.yml
name: aiverify
on: [pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- run: pip install aiverify-cli
- run: aiverify src/ --json# .pre-commit-config.yaml
repos:
- repo: https://github.com/FMATheNomad/aiverify
rev: v0.1.0
hooks:
- id: aiverify#!/bin/sh
# .git/hooks/pre-commit
pip install -q aiverify
STAGED=$(git diff --cached --name-only --diff-filter=ACM | grep -E '\.(py|js|ts)$')
[ -z "$STAGED" ] && exit 0
echo "$STAGED" | xargs aiverify --json || exit 1Create .aiverifyrc in your project root:
aiverify --init{
"rules": {
"PY001": true,
"GEN001": true,
"GEN004": false
},
"severity_threshold": "warning"
}| Language | Extensions | Parser |
|---|---|---|
| Python | .py |
tree-sitter-python |
| JavaScript | .js, .jsx |
tree-sitter-javascript |
| TypeScript | .ts, .tsx |
tree-sitter-javascript |
- Rust core — 10x faster scanning via PyO3 bindings
- GitHub App — auto-comment on PRs with AI-detected issues
- VS Code extension — inline highlighting as you type
- Go + Rust + Java + Ruby language support
- AI probability score — how likely is this code AI-generated?
-
.aiverify-ignore— per-file/per-line suppression - Claude/Copilot/GPT attribution — detect which AI wrote it
-
aiverify fix— auto-fix common issues
aiverify is free and open source. If it saves you even one production incident, consider supporting it.
❤️ Sponsor on GitHub — supports development
🐛 Report issues — helps make it better
🔄 Share on Twitter / Reddit / Hacker News
git clone https://github.com/FMATheNomad/aiverify.git
cd aiverify
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
pip install -e .
python -m pytest tests/ -vaiverify/
├── aiverify/
│ ├── cli.py # CLI (click-based)
│ ├── scanner.py # Core scanning engine
│ ├── rules/ # 15 detection rules
│ │ ├── base.py # BaseRule + Finding classes
│ │ ├── python_rules.py # 5 Python-specific rules
│ │ ├── js_rules.py # 5 JS/TS-specific rules
│ │ └── generic.py # 5 language-agnostic rules
│ ├── parsers/ # tree-sitter AST parsers
│ └── formatters/ # text + JSON output
├── tests/ # 42 tests, all passing
├── examples/ # Test files to scan
├── setup.py # PyPI packaging
└── Makefile # test, build, publish
- Create a class in
aiverify/rules/extendingBaseRule - Use tree-sitter queries (not regex)
- Add tests in
tests/test_rules.py - Submit a PR 🚀
MIT © FMA Software Labs
If this tool saves you one deploy failure, please ⭐ star it.