2026 · INSURANCE OPS

ReadySetBind

Placement-to-bind automation for insurance agencies. A quote PDF goes in, AI extracts the fields, and a human verifies every one before anything binds coverage. Live with a pilot agency; 1,129 commits across 26 active days.

LIVE · PILOT SITE ↗
START HERE The REVOKE that didn't I locked a sensitive database function, verified the lock, and a Supabase default grant to the anonymous role left it open to the internet for three days. Read the full story →
1,129COMMITS
328PULL REQUESTS
26BUILD DAYS
SOURCE: GITHUB COMMIT HISTORY · 2026-06-25
Build cadence — commits per active day
May 26 Heaviest day: 137 commits · Jun 4 Jun 25

Overview

A placement-to-bind pipeline for insurance agencies. A quote PDF goes in, Claude extracts the policy fields, an operator verifies every one, the insured e-signs, and a bind request goes to the underwriter. The rule underneath is structural: AI drafts, but a human verification step is mechanically required before anything binds coverage, so the model can never commit an agency on its own. 1,129 commits across 328 PRs over 26 active days, now live with a pilot agency.

Placement-to-bind flow
Quote PDF AI extraction Human verify E-sign Bind request

Project Design

Claude Code agents built it across roughly 35 parallel git worktrees: one branch and one PR per agent, enforced by a pre-tool hook that blocks branch-switching. Two things were load-bearing from day one: monitoring, and an automated check suite that blocks known failure classes in CI rather than trusting a rule written in a doc. That bias toward structural gates over advisory rules is the throughline of the whole build.

Two-runtime architecture — Deno for AI extraction, Node for PDF resolution
Frontend
Next.js 15 (App Router)React 19Tailwind 4pdf.js canvas + drag editor (@dnd-kit)
API / edge
Next.js Node routes — pdf.js text layer + anchor resolveSupabase Edge Functions (Deno) — Claude extraction
Data
Postgres + row-level securitySupabase Vault (secrets)Supabase Storage (PDFs)Supabase Auth
External
Claude API (field extraction)DocuSeal (e-sign)Momentum / NowCerts (AMS)M365 Graph / Gmail

Key modules

AI

Extraction

Claude reads the quote PDF and returns structured policy fields plus the anchor text printed beside every signable field.

Signing

Anchor resolver

Deterministically matches detected anchor text to the PDF's text layer and computes each field's coordinates.

Signing

Form fingerprinting

Keys operator-confirmed placements to a form's number/edition (plus a MinHash for numberless forms) so recurring templates come back pre-placed.

PDF

PDF kit

pdf.js text extraction, zoom-independent coordinate math, and pdf-lib assembly of the final bind package.

Pipeline

Bind dispatch

Assembles the bind package and routes the request to the underwriter once a human has verified every field.

Comms

Email relay

Fail-closed outbound over M365 Graph / Gmail behind a classified-status gate — unknown outcomes count as failures.

Key features

Form fingerprinting — placement that learns

Signature placement was the agents' biggest friction point, so it got the most attention. Insurance runs on standardized forms — the same ACORD and carrier templates recur constantly — so ReadySetBind treats placement as a learning problem, not a per-document chore. On upload, Claude detects each signable field and returns the verbatim anchor text printed beside it; a deterministic resolver matches that text against the PDF's text layer and computes the field's coordinates. When an agent nudges a field in the drag-and-drop editor, the corrected placement is saved against a fingerprint of the form — its printed form number and edition, plus a MinHash (a compact similarity signature) of the static label text for forms that carry no number. The next time a matching form comes through — confirmed by a similarity check so a genuinely revised edition is never reused blindly — the operator-approved placement is applied automatically and the document arrives pre-placed. One correction pays off on every future document built from that template.

Form PDF inClaude detects fields + anchor textResolver → coordinatesProposed placementsAgent drag-correctsSaved to form template (by fingerprint)
Same form next time → operator-confirmed placement auto-applied, similarity-gated against edition drift

Security & ops decisions

Tenant isolation model
Client request
Deny-by-default: execute rights revoked from public, anonymous, and authenticated roles
Single audited tenant-access function
Row-level security policies
Tables — explicit deny-all where users should never touch

Builder notes

Lessons learned

What carried forward

Every third-party wrapper now returns an explicit status the caller has to branch on, never a bare boolean. Recurring defects earn an automated gate, not a third paragraph of documentation. And every sensitive database function is denied by default and tested against all three Postgres roles, not just the one that bit me.

Posts from this project

POSTMORTEM

Compile-green, deploy-broken

Every test passed and it worked on my laptop. In production, placing PDF signature fields failed four different ways — pdf.js in a serverless runtime — each one invisible until the previous fix.

JUN 2026 · 6 MIN
METHODOLOGY

The email that shipped three times

I let AI agents build my own email plumbing on top of Resend. The same bug — marking undelivered mail as “sent” — shipped three times before a build gate finally stopped it.

JUN 2026 · 5 MIN
SECURITY

The REVOKE that didn't

I locked a sensitive database function, verified the lock, and a Supabase default grant to the anonymous role left it open to the internet for three days.

JUN 2026 · 5 MIN
"A written rule is a suggestion. A gate is a control."
The operating principle behind every project here. The same bug shipped three times past written rules — and zero times past a CI gate. Deterministic enforcement beats advisory documentation, in agent harnesses and security programs alike.