Designing a Safe & Seamless Sandbox → Production Promotion System

Customers had no true Sandbox, meaning they had to test directly in production or rebuild changes manually across UAT and prod. Bulk imports frequently broke systems, slowed delivery, and made teams afraid to experiment. My role was to design a safe place to test changes and a seamless, governed workflow to promote those tested updates into production without starting over.

Role

Role

Principal Product Designer

Timeline

Timeline

July 2024- Dec 2024

Team

Team

PM, Engineering, Content

Platforms

Platforms

Web

Why This Problem Was Critical

The consequences of not having a Sandbox were severe:

  • hours of rework recreating configs

  • inconsistent production environments

  • dependency failures

  • no way to preview impact or validate issues ahead of time

  • governance teams blind to unauthorized changes

  • customers relying heavily on error-prone bulk import/export

Customers wanted to move faster — but the system didn’t let them move safely.

Across interviews, the message was universal:

“Let me test without breaking things.”
“Tell me what will break before I break it.”
“Give me a clean path from test → prod without rebuilding everything.”

The Insight That Pivoted Our Direction

As we spoke to admins across Gore-Tex, ConocoPhillips, IKEA, John Deere, and Nvidia, one insight consistently emerged:

They didn’t just need a Sandbox — they needed a governed lifecycle.

Teams needed:

  • a place to stage changes

  • early validation

  • visibility into dependencies

  • approvals

  • version history

  • and a safe, guided way to push updates to production

The breakthrough was realizing:

the unit of promotion wasn’t a file — it was a Change Request.

This turned configuration changes into structured, reviewable, promotable units of work that could safely move across environments.

My Design Approach

As Principal Designer, my goal was to redesign the entire lifecycle from test → promotion → production so it felt:

  • predictable

  • transparent

  • safe

  • explainable

  • governed

The lifecycle became:

Sandbox → Change Request → Validation → Approval → Deployment → Audit

1. Making Sandbox meaningful

We designed the Sandbox to be a real staging environment—one where customers could:

  • safely test

  • make iterative changes

  • validate dependencies

  • preview configuration behavior

All without affecting production.

2. Making Change Requests the backbone of the system

Change Requests created the structure customers were missing:

  • versioning

  • approvals

  • diffs

  • audit trails

  • dependency visibility

This also solved the problem of UAT → Prod recreation.
Now users could make changes once, then promote them confidently.

3. Early, protective validation

Before this project, validation often happened after a user had already broken something.

Customers told us:

“Don’t wait until deployment to tell me something is wrong.”

So we designed validation that surfaced:

  • missing dependencies

  • incompatible versions

  • rules not included

  • circular references

  • orphaned changes

before approval, before promotion, and before anything touched production.

4. Designing approvals that matched real governance

Every customer requested approvals — not as a checkbox, but as a trust gate.

We added:

  • module-based reviewers

  • explicit signoff

  • rejection reasons

  • timestamps

  • role-based permissions

5. Making production promotion feel safe

Promotion had to feel controlled, not risky.

We added:

  • before/after diffs

  • confirmation patterns

  • environment comparisons

  • guided deployment steps

  • future-state rollback pathways

Stack

Stack

Stack

The Experience We Delivered

The new experience allows users to:

  1. Build and test changes safely in Sandbox

  2. Package them into a Change Request

  3. Validate dependencies early

  4. Request approvals

  5. Deploy directly into Production

  6. Track everything through audit logs and versioning

Customers no longer rebuild changes twice.
No more risky bulk imports.
No more production surprises.

What Changed for Customers

Before

  • No real Sandbox

  • Risky testing directly in Prod or UAT

  • Manual recreation of changes

  • Hidden dependency failures

  • No approvals, no history

  • High stress, high risk

After

  • Safe Sandbox for testing

  • One-click promotion to production

  • Automatic dependency checks

  • Clear approvals

  • Consistent versions

  • Trusted audit trails

  • Reduced rework

  • Faster, safer delivery

One admin said:

“For the first time, I can test confidently and promote without fear.”

Business Value

Accelerated implementation cycles

  • Reduced support tickets and breakage

  • Increased customer confidence and adoption

  • Clear governance and traceability

  • More experimentation, less fear

  • A shift toward true sandbox-first development

  • A dramatically safer way for customers to deliver change

This wasn’t just a UX improvement —
it redefined how customers build and ship configuration across their entire ecosystem.