Claude Code review

Get your Claude Code project reviewed, architecture, security and infrastructure in view

Claude Code builds a lot, and very fast, but a production-ready project is decided by auth, RLS, secrets, dependencies and infrastructure. I review a project built with Claude Code on exactly those points and keep it under ongoing technical oversight afterwards, instead of stopping at a one-off audit.

View packages
  • Baseline from 790 €
  • Fixed monthly plans
  • Repo + CVE + infrastructure
  • German point of contact
Timo Wevelsiep

Direct point of contact

Timo Wevelsiep

Software engineer, cloud architect, founder & managing director

I review code, security and infrastructure and surface what is technically risky before launch, customer use or due diligence.

I have delivered production software, infrastructure and cloud systems for clients worldwide, including Europe, the UAE, Asia, Australia and the Americas: from automated multi-location platforms and cloud migrations to remote access systems for industrial plants.

For questions like:

  • Is this release production-ready?
  • Which CVEs are really critical?
  • Are auth, data access and tenant isolation clean?
01

Claude Code builds a lot and fast, but production gaps remain

Claude Code generates whole features, migrations and deployments in no time. The speed is impressive, yet the decisions that determine real production are often missing or incomplete. These are the gaps I see most often in Claude Code projects:

  • Authentication without a clean roles and permissions model
  • Supabase RLS not enabled, too open or inconsistent per table
  • Secrets and API keys in the frontend, in configs or in the repository
  • Dependencies with known CVEs, often several versions behind
  • Tests missing, only placeholders or not covering the critical paths
  • Infrastructure without a backup, recovery and rollback plan
  • No monitoring and no logging when something breaks in operation
  • Open or unthrottled endpoints without rate limiting
02

Why even strong AI code needs an independent review

Claude Code often writes clean, readable code. That is exactly the trap: code that looks good is rarely questioned. Readability is no proof that tenant isolation holds, that secrets do not leak or that the infrastructure survives an outage.

The model optimises for the prompt in front of it, not for the whole system. It rarely sees the full attack surface, does not know your data flow across multiple tables in detail, and does not check whether a dependency has picked up a new CVE since its training cut-off. Letting the same assistant grade its own code also tends to produce an overly favourable verdict.

An independent review looks at the repository and infrastructure from the outside, with a clear severity per finding and human prioritisation. Not to talk Claude Code down, but to close the gaps that sit between building fast and real production.

03

What I review in your Claude Code project

I look at the points that decide production readiness and rank every finding by severity. I review:

  • Repo and architecture: structure, dependencies, obvious weak spots
  • Security and access control: auth, roles, exposed secrets
  • CVEs and dependencies: known vulnerabilities in the packages you use
  • Database and RLS: tenant isolation, policies, access protection
  • Infrastructure, deployment, backups and monitoring
  • Production readiness: what is still missing before real users
04

One review is not enough: ongoing oversight

A one-off audit describes yesterday's state. With Claude Code, features land daily: every new feature adds new dependencies, new CVEs surface every week, and every prompt shifts the architecture a little. An action plan that is four weeks old no longer covers that movement.

This is exactly where Veriploy comes in: you get the project reviewed once (Baseline) and then keep it under ongoing technical oversight with Oversight, Guard or Launch. That keeps the risk dashboard current instead of going stale with every merge.

On an ongoing plan, new dependencies and CVEs are watched, risky changes are flagged early, and before larger releases you get a human judgement instead of an automated score. Async sparring and a direct channel are included depending on the plan.

05

Baseline or ongoing plan

You start with a one-off review and then decide whether ongoing oversight makes sense. Prices are fixed and transparent.

Baseline 790 €Plan from 990 €/mo
ScopeDeep initial baseline: repo, architecture, dependencies, configRecurring reviews based on the baseline
ResultRisk dashboard, CVE baseline, secrets check, plan recommendationRecurring reports with fix prioritisation
CVEs and dependenciesFull baseline as a reference pointOngoing CVE and dependency monitoring
SupportOne-off, with a recommendation for the right planAsync sparring and a direct channel by plan
Best forClean starting point before any planProjects that keep growing with Claude Code
How it works

How the Claude Code review works

  1. 01

    Fit check

    Free first contact: a short check of whether a review fits the Claude Code project and which question matters most. No obligation and no effort on the project side.

  2. 02

    Scope and access

    Define which repository, which environments and which areas get reviewed. Read-only access is set up and the focus on tests, CI/CD and operability is agreed.

  3. 03

    Technical analysis

    Review of test coverage on critical paths, the CI/CD pipeline and build gates, operability with monitoring, logging and rollback, plus the context gaps that Claude Code leaves between individual prompts. On top of that, auth, RLS, secrets and CVEs in the dependencies.

  4. 04

    Report and recommendations

    Findings land in a clear report: risk dashboard, prioritised findings and concrete recommendations with a verdict on what to do now, before launch or later.

  5. 05

    Next step

    A Baseline can turn into ongoing oversight when needed: Oversight, Guard or Launch keep tests, CI/CD and dependencies current while the project keeps growing with Claude Code.

Many projects start with a Baseline review. If the product keeps being built with AI afterwards, I can provide ongoing oversight.

What I need for the review

  • Read-only access to the repository
  • a short description of stack, tool and goal
  • details on hosting and deployment
  • database and auth context
  • notes on sensitive data or user roles
  • open questions or specific concerns

What the review delivers

  • an understandable risk dashboard
  • top risks at a glance
  • prioritised findings
  • concrete recommendations
  • a verdict: fix now, fix before launch, plan for later
  • an optional recommendation for Oversight, Guard or Launch
Example finding

What a finding looks like

veriploy-reportCritical
SEC-04Secrets

The Supabase service-role key sits in the frontend bundle and can be read from the shipped JavaScript file. Recommendation: keep the key server-side, rotate it and use it only through a protected route.

Comparison

Let Claude Code review itself or review it independently?

Claude Code reviews itselfVeriploy independent
PerspectiveOptimised for the current promptOutside view on repo and infrastructure
CVEs and dependenciesTraining state, no live comparisonOngoing monitoring with alerts
Tenant isolationRarely sees the full data flowTargeted review of RLS and policies
Before a releaseAutomated, often favourable verdictHuman prioritisation included in the plan
Over timeOnly assesses the moment of the promptContinuous, with every new change
FAQ

Frequently asked questions

  • Is Claude Code output worse than hand-written code?

    Not by default. Claude Code often produces clean, readable code. The risks lie less in the syntax than in architecture and operations decisions: roles, RLS, secrets, dependencies and infrastructure. Those are exactly the points I review, regardless of how the code was created.

  • Can't I just ask Claude Code for a review myself?

    You can, but the same assistant that built the code often grades it too favourably and rarely sees the full attack surface or new CVEs since its training cut-off. An independent Claude Code review looks at the repo and infrastructure from the outside and prioritises the findings with a human.

  • Do you also do the fixes?

    Not within the plan. I review, prioritise and explain what needs to be done. Implementation runs separately through Wevelsiep Advisory or WZ-IT, or your own team. That keeps the review independent from the implementation.

  • Do you need repo access?

    Yes, read-only by default. Read access to the repository is enough for the review. I do not need write access, because I do not commit the fixes myself.

  • What does it cost?

    The entry point is fixed: Baseline 790 € as a one-off review. Ongoing oversight starts at 990 € per month (Oversight), then Guard at 1.950 € and Launch at 3.900 € per month, with larger projects on Scale on request. All prices net plus VAT. Ongoing packages start with a 3-month minimum term, then cancelable monthly, unless agreed otherwise.

  • How fast do I get results?

    I deliver the Baseline within a few business days. On an ongoing plan you get regular reports and a prompt heads-up on critical CVEs.

Do you recognize these risks in your own app?

The AI-app risk self-check assesses product status, stack, auth, data access, infrastructure, CVEs and your technical knowledge, and shows whether a review makes sense.

Start the risk self-check

Get your Claude Code project reviewed and keep it monitored afterwards.

Start with the Baseline, then ongoing oversight in the plan that fits.

View packages
Repo fit

Check repo fit

Briefly describe the project.

Direct contact with me, no anonymous ticket system. I get back to you with a first assessment and the right entry point.

Timo Wevelsiep

Timo Wevelsiep

Software engineer, cloud architect, founder & managing director

[email protected]

By submitting, you agree to our Privacy Policy.

or