DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

I Spent $39,500 Making Deployment Mistakes So You Don't Have To: Judge Dredd Is Now a Claude Code Plugin

Name: Judge Dredd
Author: Patrick Duggan

Patrick Duggan
Feb 17
4 min read

title: "I Spent $39,500 Making Deployment Mistakes So You Don't Have To: Judge Dredd Is Now a Claude Code Plugin"

slug: judge-dredd-claude-code-plugin

date: 2026-02-17

author: Patrick Duggan

tags: [claude-code, plugin, operational-discipline, devops, judge-dredd, open-source]

category: Security Opinions

featured: true

# I Spent $39,500 Making Deployment Mistakes So You Don't Have To: Judge Dredd Is Now a Claude Code Plugin

On October 24, 2025, I deployed to production without confirmation. Cost: $18,500 in cascading failures. On November 3rd, I skipped a session-start check. Cost: a 7-hour regression that took my partner Paul Galjan and me until 2 AM to unfuck. On November 18th, I auto-blocked 34 legitimate users because I let an autonomous agent celebrate before reviewing results. Total damage across four incidents: $39,500.

Every one of those failures became a rule. Every rule became a hook. And today, those hooks are a Claude Code plugin anyone can install in 30 seconds.

It's called **Judge Dredd**. Because the law doesn't negotiate.

What Judge Dredd Actually Does

Four hooks. Two slash commands. Zero tolerance.

**The Deployment Gate** fires on `PreToolUse(Bash)`. Every time Claude tries to run `docker push`, `git push`, `terraform apply`, or `kubectl apply`, the gate intercepts. The agent stops. Reports "awaiting confirmation." Waits for your confirmation word — mine is "adoy," pick your own — before executing. This single pattern prevented four unauthorized deployments at DugganUSA.

**The Epistemic Cap** fires on `PreToolUse(Edit|Write)`. When Claude writes "100% secure" or "zero vulnerabilities" or "fully compliant" in any file, the hook blocks with exit code 2. We cap certainty at 95%. O'Toole's Axiom: Murphy was an optimist. Something WILL be wrong. Claiming perfection is either lying or ignorance.

**Docker Hygiene** fires on `PreToolUse(Bash)`. Three rules:

- `:latest` is not a version. It's a prayer. Tag with git hashes.

- Alpine uses musl libc. Your Node.js native modules will break in production. Use Debian slim.

- Mac builds ARM64. Production runs AMD64. Forget `--platform linux/amd64` and debug it for hours.

I learned all three the hard way. On the same Tuesday.

**Completion Verify** fires on `Stop`. Before Claude ends its turn, the hook blocks and asks: Did you test this? Did you confirm the health check passed? Did you verify the deploy succeeded? This prevented Issue #113 — the 7-hour regression that happened because the agent said "done" without checking.

The 6D Framework

Two slash commands give you a compliance scorecard:

`/dredd-6d` — quick scan. Six dimensions, 0-95 each:

| Dimension | What It Measures |

|-----------|-----------------|

| **D1: Commit Compliance** | Git history integrity. Conventional messages, no force-pushes. |

| **D2: Corpus Alignment** | Documentation quality. README, tests, inline docs. |

| **D3: Production Evidence** | Security artifacts. Dockerfiles, CI/CD, SBOM. |

| **D4: Temporal Decay** | Freshness. Stale branches, dependency CVEs, update cadence. |

| **D5: Financial Efficiency** | Right-sizing. No over-engineering, minimal dependencies. |

| **D6: Democratic Sharing** | Openness. License, attribution, public docs. |

Every dimension caps at 95. We guarantee 5% bullshit exists in any complex system. If your compliance report says 100%, your compliance report is wrong.

`/dredd-audit` — full audit with per-dimension scoring, top 3 violations, top 3 commendations, and a verdict: COMPLIANT, ADVISORY, or VIOLATION.

Install

That's it. Drop a `.dredd.json` in your project root if you want to customize. All fields optional — the defaults are the lessons I already paid for.

Why I'm Giving This Away

DugganUSA runs a threat intelligence STIX feed consumed by 275+ organizations across 46 countries. Microsoft pulls it. AT&T pulls it. Starlink pulls it. Our monthly infrastructure cost is $76.

We built Judge Dredd to govern our own AI-assisted security operations. After it prevented enough disasters — after the cumulative savings exceeded the cumulative damage — we decided other people should have access to it too.

The plugin is MIT licensed. Use it. Fork it. Make it yours. The 95% cap still applies.

The Philosophy

Three beliefs encoded in Python and shell:

**1. Operational mistakes are more expensive than operational friction.** A 3-second confirmation prompt is cheaper than a 7-hour regression. Every engineer knows this. Most skip the prompt anyway. Dredd doesn't let you skip.

**2. Honesty scales better than perfection.** Claiming 95% with documented gaps is more trustworthy than claiming 100% with hidden ones. Our SOC2 Type 2 compliance sits at 81% on $75/month. We publish that number. Recorded Future raises $100 million and won't tell you theirs.

**3. Institutional knowledge should be executable.** Every rule in this plugin is a lesson someone — me, specifically — learned the hard way. Encoding it as a hook means the next engineer doesn't learn it again. The next dollar doesn't get wasted again. The next 2 AM doesn't happen again.

The Name

> "I am the Law."

The system doesn't negotiate. It doesn't make exceptions. It doesn't care about your deadline. The deployment gate fires whether you're in a hurry or not. The epistemic cap triggers whether you meant it or not.

This is by design. Discipline that bends under pressure isn't discipline. It's theater.

Where to Find It

- **GitHub**: [pduggusa/judge-dredd-plugin](https://github.com/pduggusa/judge-dredd-plugin)

- **Install**: `/plugin install judge-dredd@pduggusa/judge-dredd-plugin`

- **Submitted**: Anthropic's official Claude Code plugin directory (pending review)

The plugin is the first operational discipline framework for Claude Code. Not a linter. Not a formatter. A behavioral gate system that prevents the specific category of mistakes that happen when AI agents move faster than human oversight.

We built it because we needed it. We're releasing it because you probably do too.

*"We guarantee 5% bullshit exists in any complex system." — O'Toole's Axiom, applied.*

*Patrick Duggan is the founder of [DugganUSA LLC](https://www.dugganusa.com), a Minnesota-based threat intelligence operation running on $76/month in Azure credits and spite. The Judge Dredd framework exists because he made every mistake it prevents.*

*Her name was Renee Nicole Good.*

*His name was Alex Jeffery Pretti.*