Claude Code Plugin · GitLab & GitHub · One-time license

The autopilot
that knows
when to stop.

For freelancers and teams in Claude Code whose bottleneck is review, not writing code. Give it a brief — it works issue by issue: plan, counter-review, implementation, tests, MR. You review over morning coffee and merge.

One-time · no subscription · 14-day money-back

superproject-auto — /projects/myapp

/superproject-auto --cycles 8

Backlog: 12 open · 3 WIP · 2 in review

── Cycle 1/8 ───────────────────────

✓ Issue #47: Auth middleware refactor

Plan → impl → tests → MR !108 opened

4 tests · lint clean · typecheck ok

── Cycle 2/8 ───────────────────────

✓ Issue #51: Fix payment webhook edge case

⊘ GATE: payment logic · awaiting sign-off

── Cycle 3/8 ───────────────────────

⧗ Conflict on MR !104 — rebasing

✓ Resolved · MR updated

3 MRs await your review. Stopping.

// live run output

7 COMMANDS · GITLAB · GITHUB · LOCAL MODE · ONE-TIME LICENSE · 14-DAY GUARANTEE · DUAL-LLM REVIEW · NO AUTO-RENEWAL · AUDIT TRAIL · WEBHOOK RELAY · 7 COMMANDS · GITLAB · GITHUB · LOCAL MODE · ONE-TIME LICENSE · 14-DAY GUARANTEE · DUAL-LLM REVIEW · NO AUTO-RENEWAL · AUDIT TRAIL · WEBHOOK RELAY ·
00
Watch it work

See the autopilot
in action.

A full setup walkthrough — from install to your first automated MR. Video coming soon.

Setup walkthrough

// video coming soon

superproject.dev
01
The situation

More projects
than hands.
Each one stalls
the moment you
stop watching.

Maybe you've already tried AI agents on your projects. You know the pattern: excitement for the first hour, then a branch built on an unapproved MR, a "small improvement" nobody asked for, and in the worst case a half-wired payment integration — because "it was urgent."

The problem isn't that AI can't do the work. The problem is it doesn't know where to stop.

"Superproject is an autopilot built in reverse: boundaries first, throughput second."

02
How it works

From brief to done.
Seven commands.

/superproject

A brief or PRD becomes a roadmap, risks and issues with testable criteria. A vague brief doesn't pass — you get up to 5 clarifying questions, not a silent guess.

/superproject-sync

The backlog is pushed to GitLab/GitHub issues, idempotently and with labels. Adopt your existing backlog (--adopt) or pull the platform reality back (--reconcile).

/superproject-loop

Plan → counter-review → implementation → check against plan → tests + acceptance criteria → an MR/PR waiting for you. With Codex CLI, a second LLM reviews the same diff.

/superproject-auto

Bounded cycles, a concurrency lock, a ledger, notifications. Ideal in cron — you find finished MRs in the morning.

/superproject-add

A new request or bug: dedupe, triage, placement into the backlog — without replanning the whole project.

/superproject-status

What's happening, what's waiting on you, the single recommended next action. With --doctor it checks the whole environment.

/superproject-finish

Checks the finished project against the original brief, generates a changelog from the MRs/PRs, writes the final report. A project never just fizzles out.

New

Incoming GitLab/GitHub webhooks can feed new issues directly into a running session via the Webhook Relay — no polling, no glue scripts.

03
What it won't do

The guardrails
are the feature.

Not a disclaimer. Not a footnote. The five hard stops are the reason you can trust the autopilot with real client work.

01

It never merges.

Not even "merge once the pipeline is green." An unattended merge is still a merge. Every issue ends as an open MR/PR labelled workflow::review — and that's where the machine's authority stops.

02

Payments, auth and production need your sign-off.

Any issue touching money, login, migrations or production gets gated. Only your comment on that specific issue unblocks it. "The client said to just finish it" won't work.

03

Review agents are read-only.

They report findings, never edit. After every review the git status is checked — an unexpected change is reverted and logged. Every finding is a hypothesis, verified before it's fixed.

04

Verification that can actually fail.

No || true after a test, no PASS on a check the environment can't run. A small diff doesn't mean small risk — a behaviour change gets executed for real.

05

Bounded runs, an audit trail.

At most N cycles per run. When MRs waiting for review pile up, the run stops. Every run is written to a ledger — "why did this happen" always has an answer.

04
Day to day

What it looks like
in practice.

Finished MRs in the morning

A cron runs bounded cycles overnight. Every MR arrives with evidence: test output, passed acceptance criteria, a ledger entry. You just review and merge.

Merge conflict? Priority one

When an MR gets stuck on a conflict, the next run fixes it before touching anything else. A real collision is laid out for your decision instead of guessed.

New bug? One sentence

"Clients are complaining about confirmation emails" — /superproject-add dedupes, triages, respects the gates and queues it. No replanning the project.

A second pair of eyes from another LLM

With Codex CLI every diff passes a second model family. When models disagree, it verifies harder. A different model catches different failure modes.

The project learns from its mistakes

Every detected error pattern becomes a proposed lesson. Approve them once a week — the next runs get them baked into their prompts.

Alerts where you already are

A review-ready MR/PR reaches you via GitLab/GitHub natively. Optionally the autopilot sends a run summary to Telegram.

05
New feature

Webhook Relay —
talk to your autopilot
from anywhere.

A single Go binary that securely bridges the outside world into your running Claude Code sessions. A GitLab webhook fires when someone opens an issue — and the issue lands as a ready-to-review prompt inside the right tmux session. No polling, no glue scripts.

01

GitLab & GitHub webhooks

New issues, comments, and pipeline events are translated through templates and delivered straight into the session that owns the project.

02

REST API for everything else

curl, n8n, CI jobs: one authenticated endpoint to send text to any allowed session. Fire-and-forget; if Claude is mid-task, the prompt waits in the input.

03

Local cron

The same binary doubles as a CLI client. "Every Monday at 9:00, run maintenance" is one crontab line.

Built like the rest of Superproject: distrustful by default

  • Webhook text is inserted WITHOUT auto-submit — a human presses Enter. Issue titles are untrusted input; we treat them as such.
  • One token per project, scoped to its sessions only. Constant-time comparison, 32+ char minimum, rotation is one config edit away.
  • Listens on localhost only; the sole public path is TLS through your reverse proxy. Never plaintext, not even during install.
  • Every rejected request is logged with its source address — journald is the audit trail.

One command to install — builds the binary, generates scoped tokens, sets up systemd and HTTPS:

bash

sudo ./install.sh -d hooks.example.com -p myproject:cl-myproject*

06
Pricing

One price.
Everything included.

No seats. No tiers for "advanced features." No surprise at month 2.

Individual

€129one-time
  • All 7 commands: /superproject through /superproject-finish
  • Webhook Relay included
  • Full documentation (10 chapters), security model, operational guides
  • Config templates and a lessons loop that gets smarter each week
  • Local mode: the full cycle on plain git, no platform account needed
  • 12 months of updates from the private marketplace
  • Email support from me — not a chatbot
Buy Individual License →

Studio

€429one-time · 5 seats

Everything in Individual, for the whole team. One purchase, shared config, consistent workflow across all projects.

Need more seats? Email me →

Buy Studio License →
14-day money-back guarantee · no questions asked
07
Questions

Honest answers.

// ready to ship

Stop watching.
Start reviewing.

One license. Every future project. You show up to morning coffee and find MRs waiting — not chaos.

Secure checkout via Stripe · 14-day money-back