Production · Internal Tool

Customer Security Intake

A fully automated security request intake system, from GTM teams to Linear to Wolfia, designed, built, and shipped using AI-native tooling in days, not months. Replaces a chaotic Slack-and-email process with a structured, multi-step form that auto-creates tracked issues and submits questionnaires to AI. As a result of self-service access and end-to-end automation, this system reduced human time spent on customer security questionnaires by over 90%.

Role
Designer, Builder, & Operator
Timeline
Built in days, not months
Status
Live in Production
Built With
AI-Assisted Development
90%+
Human Time Saved
14
Systems Integrated
0
Manual Steps
Days
Not Months
The Problem
Security requests were a black hole
Every customer security questionnaire arrived via Slack, email, or word-of-mouth. No tracking, no SLAs, no visibility for anyone.
Before: Total Chaos
  • Requests lost in Slack DMs
  • No ownership or accountability
  • Duplicate submissions, no deduplication
  • Security team couldn't prioritize by deal size
  • No audit trail for compliance
  • Manual questionnaire uploads to Wolfia
After: Fully Automated
  • Guided form enforces completeness
  • Auto-creates Linear issue with full context
  • Deal value, deadline, SFDC link all captured
  • Wolfia questionnaire submitted automatically
  • Trust Portal deflection reduces false positives
  • Admin override for Security team power users
The Form
Multi-step intake with smart routing
A four-step guided form that validates input, checks for Trust Portal resolution, and routes to the right workflow automatically.
Customer Security Intake | Step 1
H handshake Security 1 Information 2 Intake 3 Trust Center 4 Upload Customer Security Intake Use this form to submit a customer or prospect security request to the Handshake Security team. Why this process? Handshake's Trust Portal answers the majority of security questions automatically, helping customers and prospects get the information they need faster. Please always push for the Trust Portal first. Need a quick answer first? Head to #ask-customer-security in Slack and ask @Wolfia Trust Portal must be shared first You must have already directed the customer or prospect to trust.joinhandshake.com Prospects require an executed NDA For prospects, an NDA must be in place. Customers do not require an NDA. Next Step →
How It Works
From form submission to Linear in seconds
Every submission follows a deterministic path: validated, routed, and tracked automatically.
📝
Step 1

GTM / Sales

Fills out intake form

🔒
Step 2

IAP Auth

Google identity verified

Step 3

Validation

NDA, SFDC, Trust Portal

📋
Step 4

Linear

Issue auto-created

🤖
Step 5

Wolfia

Questionnaire uploaded

🎯
Step 6

Security

Reviews & responds

Smart Features
Not just a form. A system.
Routing

Smart Routing

Prospects go through an NDA step. Customers skip it. If Trust Portal already resolved the question, the ticket is deflected and closed automatically.

Database

Linear as the Database

No separate database needed. Every intake creates a Linear CUS issue with labels, deal value, deadline, and SFDC link, all parsed back for the admin dashboard.

Access

Admin Override

Security team members authenticated via Google IAP get a special mode: SFDC URL and Slack URL become optional. Bypassed submissions labeled "Admin Override" in Linear.

Security

Defense in Depth

Google IAP restricts access to corporate users. Cloud Run deployed with --no-allow-unauthenticated. IAM policy enforced and verified on every deploy.

Tech Stack
14 systems. Zero glue code written by hand.
Every layer was integrated by AI: described in natural language, scaffolded, debugged, and shipped.
AI & Build

Claude (Anthropic)

The Builder

Designed the architecture, wrote all server-side logic, resolved merge conflicts, debugged Cloud Run issues, and built the admin dashboard, all in conversation.

AI & Build

Lovable

Frontend Scaffolding

AI-native UI builder scaffolded the multi-step intake form. Produced production-ready Next.js + Tailwind components from natural language.

AI & Build

Cursor Bot

Automated Code Review

Runs on every PR. Caught the missing --no-allow-unauthenticated flag and dead code guard patterns.

Infrastructure

Google Cloud Run

Runtime / Hosting

Containerized Next.js app served as a stateless Cloud Run service. Auto-scales to zero. New revisions on every deploy.

Integration

Linear

Issue Management + Database

Every submission creates a CUS issue. Labels encode workflow state. Deal value, SFDC link, and Wolfia ID stored in the description.

Integration

Wolfia

Questionnaire Automation

Security questionnaire files uploaded via API automatically. The returned questionnaire ID is posted as a Linear comment for full traceability.

Next.jsReactTailwind CSSDocker GCP Cloud RunGoogle IAPSecret ManagerArtifact Registry Linear GraphQLWolfia APISlackGitHub Aikido SASTGo Links
Build Timeline
From idea to production
Every milestone reached through AI-native development.

Phase 1: Frontend

Multi-step intake form scaffolded in Lovable. Described the form requirements in natural language. Lovable generated the step components: Opportunity Details, NDA Confirmation, Trust Portal, Questionnaire Upload.

Phase 2: Backend

Claude built the /api/submit route, Linear GraphQL mutations, Wolfia file upload, label management, and the full deflection vs. submission routing logic.

Phase 3: Infrastructure

Containerized the app, wired up GCP Secret Manager for API keys, deployed to Cloud Run with IAP enforcing corporate access. Debugged the deploy revision issue that was silently not deploying new code.

Phase 4: Admin Features

Built server-side admin detection via IAP headers, relaxed validation for admin users, Admin Override Linear label, and an /admin dashboard with live Linear data filtered by date and status.

Phase 5: Security Hardening

Cursor Bot caught the missing --no-allow-unauthenticated flag. Claude cleaned up dead code and updated deploy scripts to enforce IAM policy on every deploy. All changes shipped through GitHub PR workflow.

Outcomes
Impact
90%+
Human time saved on questionnaires
14
Systems integrated
0
Manual handoff steps
100%
Request tracking coverage