gotcha
Claude Code Plugin

gotcha

claude said done. gotcha said otherwise.

// proof-of-work receipts for Claude Code

Install Now View Source
scroll

The Problem

Claude has a habit
of lying politely.

Ask Claude to fix a bug. It says "done!" with confidence. Which files did it actually touch? Did it run the tests, or just assume they would pass? You find out the hard way - in review, in a failed deploy, at 2am.

Without gotcha

"Done! I've patched the null check in the auth handler, updated the tests, and everything should be passing now."

  • Which files changed?
  • Did it run the tests or just assume?
  • What does "should be" mean exactly?
  • What about the other test suites?
With gotcha

Every claim is verified this session, or labeled [GUESS] in plain sight. Exact files, exact commands, exact exit codes. No ambiguity.

  • Files changed with line counts
  • Every command with its exit code
  • Test suite name and pass count
  • Unverified claims tagged honestly

The Receipt

Show your
work.

Every task ends with a structured receipt. Two independent sources: Claude writes one in prose; the bash hooks write another directly from the tool log. They can be compared.

That comparison is the whole point.

[v] Verified this session - Claude actually ran the command or touched the file.
[GUESS] Not verified. Labeled honestly. Never hidden or softened.

GOTCHA RECEIPT

SESSION 2026-05-02   14:23:07
TASK
patch null check in auth handler + update tests
Files Changed (verified)
src/auth/handler.ts [+8 -3]
src/auth/handler.test.ts [+14 -0]
Commands Run (verified)
$ npm test -- auth
exit 0   7 passed, 0 failed
$ npm run typecheck
exit 0
Tests
ran: 7 tests in handler.test.ts
result: PASS
Claims Made
[v] Null check added before token decode
[v] Existing 6 tests still pass
[!] GUESS No regressions elsewhere
Next Steps
IF YOU TRUST ME: merge it
IF YOU DON'T: npm run test:all
* [v] VERIFIED IN SESSION * [GUESS] NOT VERIFIED *

Architecture

Two truth sources,
on purpose.

Claude writes the receipt in prose. The hooks write it independently from the raw tool log. Claude cannot influence the hook receipt. That redundancy is the guarantee.

📜
The Skill

Loads at session start and instructs Claude to emit the receipt format after every task. Enforces the [GUESS] rule: unverified claims must be labeled, not softened, not omitted.

🪝
The Hooks

Run outside Claude's context window entirely. They produce the ground-truth receipt from bash and the JSONL tool log. Claude does not write it and cannot influence it.

Script Fires on
snapshot-git.sh SessionStart - captures git SHA baseline
log-tool.sh PostToolUse - logs every Bash/Edit/Write call
build-receipt.sh Stop - generates the hook-verified receipt

Commands

Three commands.
All signal.

/gotcha:receipt

Print the last receipt from the current session. Pass a number to see the last N receipts. /gotcha:receipt 3

/gotcha:audit

Re-run every command from the last receipt and cross-check every file against git diff --stat. Returns a verdict:

AUDIT PASSED - all claims reproduce AUDIT DRIFT - N claims no longer reproduce AUDIT FAILED - receipt was wrong
/gotcha:reset

Clear the session log and start fresh. Use when starting a new task and you do not want previous session noise in your audits.

If gotcha has caught Claude lying to you, leave a star. Every star is a bug that did not reach production. ⭐ Star on GitHub

Install

Two commands.
No config.

Install gotcha into Claude Code. The skill auto-activates on any coding task. No setup required. Receipts show up automatically.

Claude Code
# 1. add the marketplace
claude> /plugin marketplace add arsovskidev/gotcha
  Successfully added marketplace: arsovskidev

# 2. install the plugin
claude> /plugin install gotcha@arsovskidev
  Installed gotcha. Run /reload-plugins to apply.

# 3. reload
claude> /reload-plugins
  Reloaded: 1 plugins · 1 skills · 0 agents

Prefer to clone manually? git clone + claude --plugin-dir ./gotcha