Your AI Doesn't Know 'Only the Owner Can Delete This'

AI writes generic code and enforces your rules only in the UI, leaving the server wide open. afterclick's second eye flags the missing check and pushes it to where requests actually land.

The afterclick teamJune 8, 20266 min read

Ask your AI to add a delete button, and it will add a delete button. It works. It is even styled nicely. What it almost certainly will not do — unless you spell it out — is make sure that only the person who owns the thing can actually delete it. The AI does not know your rule. It gave you a generic solution to a generic request.

This is one of the most dangerous patterns in vibe-coded software, because the gap is invisible right up until someone finds it.

Why your AI gives generic answers

A language model is trained on an enormous amount of generic code, so when you ask for a feature it produces the common-case version — the one that appears most often in its training. The common-case delete button just deletes. The common-case form just submits. The common-case list just shows rows. But your application is not generic. It has rules that live in your head and nowhere else:

  • Only the owner can delete this project.
  • An email address must be unique across the whole workspace.
  • A member can see their own drafts; an admin can see everyone's.
  • You cannot move a card to Done unless its checklist is complete.
  • Refunds over 500 dollars need a second approval.

The AI cannot infer these. They are not in the code yet, not in the request, and specific to your business. So unless you state each one explicitly, every single time, you get the generic version — which silently has no rule at all.

And here is the part that bites hardest: even when you do mention the rule, the AI frequently enforces it in the wrong place. You say "only the owner should be able to delete this," and it hides the delete button from everyone else. The screen looks correct. The owner sees the button; nobody else does. Demo passes. But hiding a button is not a security control. The delete endpoint is still sitting there, and anyone who can send an HTTP request — a curious user with dev tools open, a script, an attacker — can call it directly and delete data they should never touch. The rule exists in the UI and is completely absent from the server, which is the only place it actually matters. That is the gap afterclick is built to catch.

How afterclick makes the rule real

An independent second eye on the risky calls. afterclick runs a review engine — separate from the model that wrote the change — over the calls touching authorization, ownership, user data, money, and production. When the agent ships a change that should carry a rule and does not, the engine reads the diff and reasons about intent: a delete handler with no ownership comparison, a unique field with no constraint, an endpoint that trusts the client to have hidden the button. These get surfaced in plain language, not shipped silently.

It pushes the check to the server. The whole point is that a UI guard is not a guard. afterclick's concern is whether the rule is enforced where requests actually land, so its advice points at server-side authorization and validation — the ownership check inside the delete endpoint, the unique constraint in the database — not the cosmetic version that only hides a button. It names the exact gap between looks enforced and is enforced.

You state the rule once, and it is remembered. afterclick keeps a cross-session memory board of your decisions. So when you establish "only the owner can delete this," you do not have to repeat it on every related change — the rule is recorded, and the second eye holds the line on the risky calls so a fresh session cannot quietly undo a deliberate decision you already made. Your business logic stops being something only you remember.

A keys vault so secrets never become the next leak. Business rules are not the only thing the generic path gets wrong — generic code also tends to hardcode the API key or the database URL right into the source. afterclick gives you a keys vault that keeps secrets out of code, so the credentials behind your protected endpoints are not sitting in a file waiting to be committed to a public repo.

A record you can stand behind. Every flag, override, and decision lands in an audit trail and a read-only human dashboard. When you need to answer "is this endpoint actually protected, and who checked?", the answer is recorded — advisory by default with owner override, and an opt-in enforce mode for the rules you refuse to ship without.

In practice it looks like this: the agent adds a teammate-removal feature and hides the Remove button from non-admins. afterclick's engine reads the endpoint, sees it checks nothing server-side, and surfaces one flag: any logged-in user could remove any teammate by calling this directly. You add the admin check in the handler, the vault keeps the service key out of the code, and the whole exchange is on your dashboard. The rule went from looks enforced to is enforced — before anyone tested it the hard way.

RuleThe generic AI defaultWhat afterclick pushes for
Only the owner can deleteHide the button in the UIOwnership check in the delete endpoint
Email must be uniqueValidate in the formUnique constraint and a server check
Members see only their own dataFilter the visible listAuthorization scoped on every query
Action needs approvalDisable the buttonServer enforces the approval state
Secrets for protected callsHardcoded in the sourcePulled from the keys vault, out of code

State the rule, trust the enforcement

The hard truth of vibe coding is that the AI is a brilliant generic developer and a poor mind reader. It will not know that only the owner can delete this, and even when told, it may guard the wrong layer. afterclick closes both gaps: it surfaces the missing authorization and validation on the calls that matter, insists the check lives on the server, and remembers the rule so it stays enforced.

It is free to start, one paste into your project. Claude is the developer. afterclick is everyone else — including the reviewer who asks "wait, can anyone else call this?" before your users do. Turn it on and let your rules be real where it counts.

Frequently asked questions

Why doesn't my AI enforce my business rules automatically?

Because a language model produces the common-case version of whatever you ask for, based on generic training data. Your rules — who can delete, what must be unique, what only the owner sees — live in your head and your business, not in the request, so the AI cannot infer them unless you state them. afterclick's second eye catches the ones it misses on the risky calls.

How does afterclick make sure a rule is enforced on the server, not just the UI?

afterclick's independent second eye reviews the risky calls — auth, ownership, data, money — and flags when a change is missing a server-side check, like a delete handler with no ownership comparison. It points the fix at enforcing the rule in the endpoint, where requests actually land, not at hiding a button. Advisory by default with owner override.

Do I have to repeat my business rules to afterclick on every change?

No. afterclick keeps a cross-session memory board of your decisions, so once you establish a rule like 'only the owner can delete this,' it is recorded and the second eye holds the line on the risky calls — so a fresh session cannot quietly undo it. It is free to start, one paste, with an opt-in enforce mode for rules you refuse to ship without.

Ship AI-built software with a net

afterclick gives Claude Code memory, a second pair of eyes, and a calm ship queue. One paste, free to start.

Keep reading