Documentation

How the team layer works.

afterclick sits above every AI coding session — watching, remembering, and reviewing the work a single session can’t see past. This is what each part does, in plain terms.

Install

afterclick installs in one paste. The AI that does the reviewing is included — there are no API keys to wire and nothing to configure.

$ curl -fsSL https://afterclick.ai/install.sh | sh

That connects the project to your workspace, installs the governance hooks into your AI coding tool, and starts watching every session immediately. To stop, run the uninstaller or disconnect the project from your dashboard — the hooks self-remove on the next session.

How it works

afterclick is deliberately quiet. It speaks at exactly two moments — when a change touches something dangerous, and when you ship — and otherwise just logs what happened so you have a record.

  • Always-on tripwires run locally on every change and only fire on a genuine catastrophe.
  • A review panel weighs in on the small share of changes that touch sensitive surfaces (auth, money, data, secrets).
  • A ship gate does the comprehensive check once, at deploy.

How much it looks, and how much that costs, is one setting — the Care Level.

Care Levels

One knob decides who reviews and how often. It’s the main cost lever: cheaper levels run fewer advisors.

  • Relaxed — the safety floor only: the Safety check on review and the Release manager at ship.
  • Balanced (recommended) — the full review panel: architect, foresight, and security join in.
  • Strict — reviews everything, every time, including a visual design review of your screens.

Uninstall

Removing afterclick is as clean as installing it — one paste reverses everything install.sh did.

$ curl -fsSL https://afterclick.ai/uninstall.sh | sh

That strips the governance hooks from your AI coding tool, clears the repo’s local .gov state, and revokes this machine’s token on the dashboard. Two flags narrow it down:

  • --repo-only — stop governing just this repo; the machine stays connected for your other projects.
  • --keep-token — remove the local files but leave the token active on the dashboard.

You can also just disconnect the project from your dashboard — the hooks then self-remove on the next session. Either way, nothing about afterclick lingers.

The kickoff meeting

Before a session builds something substantial, afterclick can run a short kickoff meeting: the advisor panel reads the plan and surfaces the complications, the decisions to make first, and anything the change will ripple into — the coordinate-with-the-team step a solo builder usually skips.

It’s scoped to real work. A session that’s only reviewing or reading code declares itself review-only and the meeting stands down automatically — no meeting, no cost.

Multi-session safety

This is the part a single session structurally can’t do. afterclick sees what every one of your sessions and worktrees is touching at once — so when two sessions are about to edit the same file, it warns you before one clobbers the other, and can hold a merge until the conflict is resolved.

Clobbers and regressions aren’t bad code — they’re a coordination failure. The architect acts as a live cross-session conflict radar so parallel work stops stepping on itself.

Persistent memory

Claude Code starts each session fresh — afterclick is the friend that holds the long-term memory between them: every session, the files touched, the decisions made, the roadmap, and how each feature works are all kept at the project level and read back into each new session at startup.

So before Claude writes a line it has the full picture — and won’t rebuild something that already exists or re-ask a decision you made last week.

The advisor panel

Reviews are a sequence of specialists at Claude’s side — each with a job, at the moment it matters: before you build (Plan), when the work is done (Review), and before it goes live (Ship). Which advisors run depends on the Care Level.

🏛️
Lead architectPlan + Review

Reviews the plan for complications before any code is written, then reviews the built diff for design problems and bugs.

🔮
ForesightPlan

Surfaces the decisions you should make first — the forks that quietly bite three commits later if left unmade.

🛡️
Safety checkReview

The always-on floor. Flags risky or destructive changes on every review, even at the most relaxed setting.

🔒
Security expertReview

Hunts for security holes — exposed secrets, missing authorization, injection, unsafe defaults.

🎨
Design reviewerReview

Reviews the actual screens against a screenshot and asks for tests. Runs on Strict (a visual review).

🧭
Release managerShip

Plans the ship order — what merges first, what clobbers what — and reads whether it’s safe to go live.

Catastrophe tripwires

The free, always-on floor. Deterministic checks that run instantly and offline, silent unless a genuinely catastrophic pattern matches — then they stop it cold. No AI call, no latency, no noise. Think smoke detector, not reviewer.

  • A destructive SQL statement like DROP TABLE in a routine migration.
  • A service-role or secret key committed, or dropped into client-side code.
  • A new table shipped with row-level security off.
  • A wide rm -rf over a directory that isn’t meant to be deleted.

Prompt-injection defense

AI coding agents read a lot of untrusted text — files, web pages, tool and command output — and a malicious instruction hidden in there can try to hijack the agent into leaking a secret, weakening a safeguard, or planting a backdoor.

afterclick watches for exactly that. When a change looks like it’s following instructions that came from content the agent read rather than from you — disabling a guard, setting up persistence, exfiltrating data, fetching and running code — it flags it, quotes the suspicious source, and asks you to confirm before it’s carried out.

The ship gate

The backstop before production. When you ship, the Release manager reads the whole picture — what’s changed, what depends on what, whether a parallel session’s work would ride along or get clobbered — and plans the safe merge order. It’s the one comprehensive review, run once, at the moment it counts.

The ship queue

Shipping is where parallel sessions get dangerous — two deploys racing to production, one quietly overwriting the other. So production promotes through a single, real deploy lock: only one thing ships at a time, and everything else waits in an ordered queue.

  • A forced rebase onto what’s already live before anything deploys, so a stale change can’t silently revert work that merged ahead.
  • A per-stage QA checklist — tests, review, smoke, regression — that has to clear before the gate to prod opens.
  • A live board showing exactly what’s working, on staging, gated, and live — so you can see the pipeline, not guess at it.

The result: no two deploys ever race, and nothing reaches your users by accident.

Branch protection

afterclick-native branch protection, enforced where the work happens. It catches force-pushes and deletions of protected branches, and direct pushes that should go through a pull request — surfaced in plain English before they land, not after.

It’s advisory by default and policy-driven, and it stands down while you legitimately hold the deploy lock, so it guards the branch without getting in the way of a real ship.

Roadmap

A per-project board that replaces session goals. Every plan, fix, and idea becomes a card in one of four columns — Inbox, Planned, In progress, Done — so nothing gets parked and forgotten.

afterclick reads the board before each session (so a new session knows what’s already planned and doesn’t duplicate it) and adds to it as you work. Cards carry a type, a priority, a checklist, and which sessions touched them.

Autonomous build

Hand afterclick the wheel and it keeps the roadmap moving. A Product Owner ranks your roadmap, picks the next safe, high-priority card, and a governed run builds it, verifies it on staging, and stages it for your sign-off — then moves to the next.

It’s cost-capped, it stops the moment something genuinely needs your judgment, and it never deploys to production on its own. You stay the one who promotes to prod — it just does the safe, well-understood work in between.

Keys Bank

An encrypted vault for the API keys your project needs, organized by provider and environment. Keys are stored encrypted at rest and revealed only to you — so the AI can use a credential without it ever being pasted into your code or committed to the repo.

Feature catalog

A living description of how each feature in your project actually works. Before the AI researches a feature by reading the code, it reads the catalog — so it starts from the truth instead of re-deriving it every time. When a feature changes, the catalog is updated to match. It’s how the project’s knowledge compounds instead of being rediscovered each session.

Sessions & history

Every session is logged to your dashboard — what was done, which files were touched, and a change-and-rollback record — so the oversight is something you can see, not take on faith. A Needs Attention view surfaces buried env and config problems before they get lost in the back-and-forth of a long session.

What we caught

Safety you can’t see is hard to trust, so afterclick keeps a running, plain-English feed of the real things it caught for you — the cross-session clobber it held, the regression it flagged, the risky deploy it paused — each linked to the session responsible.

It’s the receipts: proof the team layer is earning its keep, and a record you can look back on (or share) instead of taking the oversight on faith.

The honest ceiling

afterclick catches the catastrophic, knowable risks before they ship — the clobber, the dropped table, the leaked key, the regression. It is not a guarantee that your app is bulletproof, and it doesn’t replace a senior engineer for deep, multi-layer debugging.

We say this plainly on purpose: a safety tool that claims to catch everything is one you can’t trust. It’s the team that catches the disasters — not a promise that none exist.

Privacy & control

The deterministic tripwires run locally and offline. The deeper LLM review runs server-side and only on the sensitive changes you’ve opted into via the Care Level — UI, copy, and refactors are skipped. You decide how much afterclick looks at, and you can opt a repository out entirely.

Agent-neutral

afterclick is built for Claude Code first and best, and is agent-neutral under the hood. Support for more coding agents is on the roadmap, so the same friend follows you across tools.

Give your AI a team.

One paste, AI included, free to start.