Back

ShipLock

Building
Client Delivery SaaSDesign + BuildAI2026

A client delivery protection system for dev studios — scope locking, AI drift detection, signed client review links, and a full audit trail so “that's not what we asked for” becomes impossible.

GitHub

The brief. Seven months into a client engagement, our team hit a wall: a 40-page requirements document, four weeks to deliver everything, salaries on hold, and no way to prove what was agreed versus what was added. The client said “that's not what we asked for.” We had no system to say otherwise.

The real problem. Nobody locked anything. Requirements lived in WhatsApp threads and meeting notes. Demos happened but approvals never did. Scope expanded by roughly 300% — invisibly, incrementally, with no paper trail. The failures were structural, not technical. There was no system enforcing alignment between what was agreed and what was expected.

The approach. I built ShipLock from that pain — not imagined problems. It sits on top of an existing workflow and enforces one principle: nothing exists unless it is documented, acknowledged, and traceable. AI extracts and locks requirements. Demos route through a signed approval pipeline. Scope changes get flagged and costed before a single line of code is written. The audit trail is the product.

Core mechanics

REQ-001User authentication via SSOApproved
REQ-002Risk register with AI scenariosApproved
REQ-003Evidence upload & versioningPending
REQ-004Gap tracker across 6 standardsDisputed
#01Requirement Lock

Upload the brief. AI extracts every requirement into a trackable item with a unique ID. Client approves or disputes each one.

48-hr rule: no response = auto-approved. Silence becomes consent.

2:47
Phase 2 — Risk Module demo
Auto-approves in 31h 14m
#02Demo-to-Approval Pipeline

Record a demo. Send it. Client watches, comments, and signs off — or rejects with a reason. Every demo becomes a timestamped approval record.

Same 48-hr rule. "We showed it" is now a documented fact, not a he-said-she-said.

Meeting notes — Apr 14“Also add Twitter analytics and YouTube integration to the dashboard.”

Scope change detected

YouTube integration not in approved scope · Est. +18 days

#03Scope Change Detector

Paste any meeting note or email. AI scans for drift and flags anything outside the approved scope, then forces a timeline-impact estimate before work begins.

Client must acknowledge the impact. No acknowledgement, no work.

Phase 1 sign-off4h
REQ-008 dispute response26h
Demo approval — Sprint 351h
#04Client Response Timer

Every client-facing send starts a timer. Green → yellow at 24h → red at 48h → auto-escalation at 72h. A visual record of responsiveness, always visible.

BlockerDays
Evidence moduleClient4d
SSO configClient9d
API keysInternal1d
#05Blocker Attribution Dashboard

Real-time view of what's blocked and by whom. "Blocked by Client" isn't accusatory — it's factual. When an exec asks why the project is late, the answer is on a dashboard.

The backstory

Writing · ~10 min read

The client project that almost broke the team, and the tool I built because of it

Seven months. Scope that grew 300% invisibly. No locked requirements. No approval trail. This is how the project unravelled — and what ShipLock is designed to prevent.

Read article
← Back to workVarmply

A portfolio should not be a scaffold for work. The work starts from the portfolio.

Overheard somewherea thought while you wait