HS logo
back to work
case study · Sep 2025 – Dec 2025

StackGate

A self-service internal developer platform that turns plain-English PostgreSQL requests into structured specs, classifies risk, routes policy-based approvals, and provisions databases with a complete audit trail.

Next.js 15TypeScriptPrismaClaudeAzureTerraform
system diagramgithub repo

The problem

Infrastructure requests usually bounce between tickets, Slack threads, and tribal knowledge. StackGate makes the intent the input and produces a governed, auditable provisioning workflow, like a real internal platform product, not a CRUD form.

What it does

  • Natural-language intake: describe a database need in plain English and Claude parses it into a structured PostgreSQL spec, with a deterministic regex fallback if the API is unavailable.
  • Validates required and valid fields before anything provisions.
  • A policy engine classifies each request low / medium / high risk (and a cost band) based on environment, tier, vCores, storage, HA, networking, and data classification.
  • Approval routing: low-risk auto-approves; medium/high route to manager and/or platform approvers with rationale, comments, and full ticket-level audit history.
  • Role-based experiences (requester, approver, admin) with a dashboard, approvals inbox, ticket detail timeline, and a resource handoff card on completion.

Approach & architecture

The data layer is Prisma + SQLite (User, Ticket, TicketSpec, Approval, TicketEvent, ProvisioningJob, ProvisionedResource). Auth is a server-owned signed, httpOnly-cookie session: identity is resolved server-side on every request and never trusted from the request body. Provisioning is simulation-first for safe demos, with a guarded live Azure path (Azure Database for PostgreSQL Flexible Server) restricted to a narrow low-risk dev profile, anything outside that envelope falls back to simulation.

how it fits together

StackGate · architecture

NL request → governed, reviewable provisioning

Plain-English database requests become risk-classified, policy-approved infrastructure-as-Code with a full audit trail.

  1. Natural-language request
    "I need a small Postgres for a staging app…" → Claude parse (deterministic regex fallback).
  2. Structured spec + validation
    Environment, tier, vCores, storage, HA, networking, data classification.
  3. Policy engine · risk + cost
    Classifies low / medium / high risk and an estimated monthly cost band.
  4. Low risk → auto-approve
    Straight to the provisioning queue.
    Med / high → approvers
    Transactional, status-guarded, self-approval blocked.
  5. Provisioning adapter
    Simulation or guarded Azure (az CLI). Live calls gated to a low-risk eligibility envelope, else auto-fallback to simulation.
Terraform plan
reviewable IaC
Key Vault ref
no plaintext secret
Resource handoff
+ audit events
Decommission
destroy-on-date
Next.js 15 · TypeScript · Prisma · SQLite · Claude · Azure PostgreSQL · Azure CLI · Key Vault

product screens

Dashboard: the internal platform control plane, request stats, approval attention with risk + cost bands, and a workflow snapshot.
Dashboard: the internal platform control plane, request stats, approval attention with risk + cost bands, and a workflow snapshot.
A provisioned ticket: policy rationale, the generated Terraform plan, a Key Vault secret reference (no plaintext password), and a lifecycle decommission action.
A provisioned ticket: policy rationale, the generated Terraform plan, a Key Vault secret reference (no plaintext password), and a lifecycle decommission action.
Approvals inbox: medium and high-risk requests routed for review with risk and cost context.
Approvals inbox: medium and high-risk requests routed for review with risk and cost context.

key engineering decisions

Real access control, not a mock user

Replaced a client-side mock-user model with a server-owned, signed-cookie session. Every API route derives the actor from the session, blocking identity spoofing and self-approval, verified with a 6-case auth smoke test.

Safe approval → provision path

Read-decide-write wrapped in a Prisma transaction with a status guard, so concurrent approvals can't double-provision.

Guarded live cloud provisioning

A strict eligibility envelope gates real Azure calls; anything outside it auto-falls back to simulation to cap blast radius and cost.

Policy-as-code classification

Risk and cost are classified by an explainable policy engine, and the rationale is surfaced directly in the UI.

results & outcomes

  • Plain-English requests become traceable workflows with consistent approvals and full audit visibility.
  • Identity spoofing, self-approval, and double-provisioning eliminated, verified with an automated auth test suite.
  • A guarded Azure provisioning path that stays safe by construction, falling back to simulation outside the low-risk envelope.
back to all work