Case study / InspectIQ
Make inspection evidence visible before trust is assumed.
An AWS-backed automotive inspection application shaped around reviewable workflows, explicit authorization boundaries, and operational evidence a new owner can follow.
- Role
- Independent builder
- System
- InspectIQ
Demo boundary
Live AWS-backed application
Public walkthrough is read-only
Live AWS-backed application. The public walkthrough is read-only and uses app-level Cognito JWT/RBAC; it does not establish API Gateway authorizer enforcement.
01 / Frame
Problem
- Inspection workflows can hide how a result was produced, leaving reviewers with an answer but little operating context.
- A handoff needs more than a UI: reviewers need architecture, security boundaries, runtime proof, and a recovery path in one index.
Constraints
- The public experience must not create or modify application data.
- Local deterministic evaluation can validate workflow behavior, but it cannot establish model accuracy.
- Authorization claims must remain at the application layer unless gateway enforcement is separately evidenced.
02 / System
Real architecture, retained as review evidence.

03 / Decisions
Three decisions and the cost of each.
01
Separate the public walkthrough from write paths
A read-only public surface lets reviewers inspect the workflow without opening a shared mutation boundary.
Tradeoff
The public walkthrough demonstrates navigation and evidence, not the complete authoring lifecycle.
02
Keep authorization language at the proven layer
Cognito identities and app-level JWT/RBAC are documented without extending that claim to gateway enforcement.
Tradeoff
A stronger edge boundary remains an explicit upgrade rather than an implied capability.
03
Publish operating artifacts beside the application
Architecture, runtime proof, security notes, and a runbook let reviewers trace the system beyond screenshots.
Tradeoff
Maintaining evidence as the system changes becomes part of the delivery work.
04 / Evidence
What the record supports—and how far it goes.
Live
AWS-backed walkthrough
Public access is intentionally read-only.
Inspect evidenceApp-level
Cognito JWT/RBAC boundary
No gateway-authorizer enforcement claim is made.
Inspect evidenceDocumented
Recovery and readiness path
Runbook and readiness notes are review artifacts, not availability guarantees.
Inspect evidence
05 / Reliability & security
App-level authorization paired with inspectable runtime evidence.
Cognito identities and application JWT/RBAC are documented at the layer they were verified. Runtime proof is kept separate, so neither artifact silently widens the other.
Security boundary notesA failed image job has a bounded recovery path.
When image analysis reaches failed or dead-letter state, the runbook traces audit events, the job row, queue payload, provider and object checksum. A transient provider or schema issue can be retried; an unusable image triggers a retake while buyer-visible release stays blocked.
Operator runbook06 / Limits
Known limits
- The public walkthrough is read-only.
- The documented application authorization boundary does not prove API Gateway authorizer enforcement.
- Local deterministic evaluation does not establish Bedrock model accuracy.
Path to sustained operation
- Add and verify gateway-level authorization before describing an edge-enforced identity boundary.
- Establish versioned evaluation datasets and monitored quality thresholds for model behavior.
- Exercise recovery procedures on a schedule and retain dated evidence with the runbook.
07 / Artifact index
Follow the work into the repository.
- architectureSource architecture diagram — its "JWT authorizer" label is not used as evidence of gateway enforcement
- iacTerraform infrastructure
- ciApplication CI workflow
- testsDeterministic evaluation harness — not model-accuracy evidence
- runtimeLive runtime proof
- securitySecurity boundary notes
- runbookOperator runbook
- limitationsReadiness and remaining work