Founder · 2018→ Portrait of James Caldwell

Founder & principal engineer

James Caldwell.
17 years building production software
that doesn't fall over on Tuesday.

I started ShipAfterAI after seeing the same five problems in every AI-built MVP that crossed my desk in 2024 — and watching founders take avoidable losses because nobody told them what production actually requires. My job is to be the senior engineer you wish you had hired six months ago, without the $250k salary or the 30-day notice.

17Years shipping production code
120+Audits since founding
9YC & Seedcamp portfolio clients
0Post-launch incidents on hardened apps

Previously: Staff Engineer at Stripe (payments infra, 2019–2023), Senior Engineer at GitLab (CI/CD, 2016–2019), and three early-stage CTO seats before that. I've shipped code that handled $4B in annual transaction volume; I've also been the person on call at 3 a.m. when a bad migration took it offline. Both perspectives matter.

I am not a generalist. I do one thing: read AI-built codebases honestly, and write down what I find in language a founder can act on. If your problem is design, marketing, or hiring sales — I'll tell you that and refer you to someone good.

Book a call with me → Read what I've written

Brooklyn & Austin · Available for US (ET / CT / PT) hours · Response within 1 business day

"We hired James because three other consultants told us our app was 'fine.' He wrote us a 14-page report that found a service-role key in our client bundle, no RLS on our user table, and an unverified Stripe webhook. We were two weeks from launching to 8,000 waitlist users. He paused the launch. We owe him the company."

— Founder, seed-stage SaaS · Anonymized at request · Audit, March 2025

The team

Five senior engineers. No juniors, no offshoring, no AI doing the audit for you.

Every audit and every hardening sprint is staffed by two of the five people on this page. We don't subcontract. We don't outsource. The person you meet on the intake call is the person reading your code on day three.

Principal Security Engineer

Sarah Mitchell

Leads the auth, RLS, and secrets tracks. Spent six years at Auth0 building enterprise SSO; before that, application security at a US fintech. The reason our reports never miss a privilege-escalation path.

Previously · Auth0, Capital One · M.Sc. Carnegie Mellon

Staff Engineer · Infra

Marcus Rivera

Owns the deployment, backups, and observability tracks. Ten years on platform teams at Heroku and Fly.io. Has personally rolled back more bad deploys than he'd like to admit.

Previously · Heroku, Fly.io, Salesforce

Senior Engineer · LLM systems

Rachel Kim

Specialist in the LLM track: spending caps, rate limits, prompt-injection surfaces, and grounded retrieval. Two years at Anthropic on developer experience before joining us in 2024.

Previously · Anthropic, Coursera · Stanford CS

Engineering Manager · Diligence

Tyler Brennan

Runs technical due diligence engagements. Six years at a16z's portfolio engineering team reviewing pre- and post-Series-A codebases. Writes the diligence reports investors actually read.

Previously · a16z portfolio eng, Square

Founder · Principal

James Caldwell

17 years shipping production software. Staff Engineer at Stripe (2019–2023, payments infra), Senior Engineer at GitLab (CI/CD), and three early-stage CTO seats. Reads every audit report before it ships.

Previously · Stripe, GitLab · 3× CTO

Operations & client lead

Emily Carter

Your first point of contact. Handles intake, scheduling, NDAs, and access provisioning. Background in technical program management at Asana. The reason engagements start on time.

Previously · Asana, Stripe Operations

Track record

Numbers from the last 18 months.

Independently owned. Not VC-funded. Not trying to grow into a 50-person consultancy. Honest, boring numbers.

120+

Audits delivered

Hardening sprints

Acquirer-grade DD reports

100%

Engagements delivered on time

Client list available under NDA · References on request after intake call

How we work

Six commitments we make to every client.

These aren't marketing copy. They're the reason we lose some deals — and keep the clients we do take, for years.

We tell the truth, even when it costs us the engagement.

If we don't think you need an audit, we'll say so for free. If your codebase shouldn't be maintained, we'll say that on day three — not three months in.

Fixed scope, fixed price, no retainers you can't escape.

Every engagement is quoted in writing before we start. If a project will go over scope, we tell you before we begin — not at the invoice.

Read-only, NDA-first, no exceptions.

We sign your NDA before access. Read-only credentials throughout. Everything we touch is logged. Your code is never used to train any model.

Two senior engineers on every engagement.

No subcontractors. No juniors learning on your code. No "AI agent" doing the review. The names on this page are the people doing the work.

Reports written for founders first.

Plain English summary up top. Engineering appendix in the back. Both useful, neither padded. If you can't understand the first page, we failed.

We don't grow for growth's sake.

Five people, by design. We turn down work we can't staff well. The roadmap is to stay this size — not to become a 200-person consultancy.

Ready when you are

Talk to the person who'll do the work.

The first call is with James. Thirty minutes, no slides, no qualification questions. You describe the situation. He tells you whether we're the right fit — even if the answer is no.

Book a 30-min call → Or get the free checklist

In the first call we'll cover

What you've built and what's keeping you up at night
Whether an audit, sprint, or neither is the right next step
A written quote within 24 hours if it's a fit
An honest referral elsewhere if it isn't

James Caldwell.17 years building production softwarethat doesn't fall over on Tuesday.