← Work

Case study

Trickest · Solutions (Workflow Templates & Linked Updates)

Let teams publish a workflow as a template, copy it as a linked-but-editable instance, and pull source improvements through a reviewable, GitHub-style diff, without one cancelling out the other.

Role
Design Engineer
Timeframe
2026
Focus
SaaS, Content Distribution, Versioning

Design engineer on the feature. I framed the problem and the link/diff model and built every mockup here in code; the diff mechanics were shaped with the PM and the workflow-engine engineers before I designed and prototyped the review UI.

app.trickest.io/solutions

Solutions

Publish a workflow as a template and share it across the account. Copy from existing templates and stay in sync as they improve.

Refresh Mark as template
Search templates…/AllReconVulnCloud4 templates
CVE Triage Pipeline
by Trickest

Correlate scanner output against known CVEs, rank by exploitability.

Templatev2 63Use this template
Subdomain Takeover Sweep
by Red Team

Resolve subdomains, fingerprint dangling records, flag takeovers.

Templatev3 41Use this template
Cloud Secrets Audit
by Trickest

Scan buckets and repos for leaked keys and credentials.

Templatev1 29Use this template

Everything below is mock data — template names, workflows and counts. The design and reasoning are real.

01

The problem

Trickest lets people build security-automation workflows — chains of tools and scripts that scan infrastructure. Good ones are worth sharing: a Solution is a workflow an author publishes as a template so the rest of the account can reuse it instead of rebuilding it.

The moment you let people copy a template, you inherit a hard question: what is the relationship between the copy and its source over time? A recon template that was state-of-the-art last quarter is a liability today — tools change, false positives creep in, a step gets a critical fix. So the copy can’t just be a throwaway duplicate. But it also can’t be a mirror: the whole reason someone copies a template is to point it at their target and bolt on their steps.

The core tension: a plain duplicate means users lose every future improvement and templates drift silently out of date across the account. A hard-locked copy means users can’t customize without breaking sync entirely. The job was to design a model where a centrally-maintained template and local freedom don’t cancel each other out — and where, when the source changes, the user can see exactly what changed and decide whether to take it.

Where this came from — the account had quietly filled with near-identical private copies of the same few workflows, and when an author fixed a template there was no way to get that fix to the people already running copies. Publishers wanted reach; copy owners wanted to not fall behind. That gap is what the feature had to close. (Signals reconstructed from the real project for this write-up.)

02

Options explored

I framed the decision around the one relationship everything hangs on — the link between source and copy — and weighed three models against a single test: can a user both keep receiving improvements and freely customize their copy?

ADuplicate-only

Simplest. But the copy can't trace back to its source, gets no future fixes, and templates fork silently across the account.

BHard-synced instance

Never goes stale. But the first time someone needs a local tweak, sync has to break entirely — customization and updates cancel out.

CSoft link + reviewable updates✓ chosen

Copy stays linked but fully editable. When the source moves, the instance offers a reviewable diff — accept, or ignore. Unlink stays available as an explicit exit.

Only the third model refuses the false choice. Duplicate-only trades governance for simplicity; hard-sync trades customization for freshness. A soft link with reviewable updates keeps both — the copy is editable, the link survives edits, and updates are offered, never forced. That framing — treat a template update like a pull request — is what made the rest of the design fall into place.

03

Final design

The feature is a lifecycle, so I designed it as one. An author publishes; a user instantiates; both sides evolve; the user reconciles on their own terms.

1 · A linked, editable instance. Copying a template creates a normal workflow that carries a Based on badge back to its source. Editing it — here, adding a slack-notify step — never severs the link. The instance simply tracks which template version it last acknowledged.

app.trickest.io/editor/recon-acme
Recon — acme.com Based on Attack Surface Recon Update available · v4
Attack Surface Recon has an update available
3 changes to review · you're on v3, the template is on v4
Review update
your copy — customized freely
ToolmksubToolhttpxModulenucleiPythonslack-notify

You added slack-notify after copying. Editing your copy never breaks the link — updates are still offered, never forced.

2 · A reviewable update, like a diff. When the author ships a new version, the instance surfaces an amber “Update available” state. Opening it doesn’t overwrite anything — it opens a GitHub-style review: the copy on the left, the template on the right, every changed node called out. You can Take incoming or Keep current per node (and per input), then Apply only what you chose. This is the heart of the feature.

Review template update

5 changes · 4 to apply

BEFORE · Your copy 1 modified 1 removed
ToolhttpxToolmksubPythonold-resolverModulenuclei
AFTER · Template 1 modified 1 added
ToolhttpxToolmksubTooldnsxModulenuclei

Nodes

Δ
mksub
MODIFIED
+
dnsx
NEW · in template
Δ
custom-script
MODIFIED
old-resolver
REMOVED · your copy only
mksubMODIFIED
Will replace this node with the template's version.
1 of 4 Keep current Take incoming
Before · Your copyIdentity
Labelmksub
Namemksub-2
TypeTOOL
Inputs
domain / string-input-1acme.com
wordlist / custom-script-2in/custom-script-2/output.txt
After · TemplateIdentity
Labelmksub
Namemksub-2
TypeTOOL
Inputs
domain / string-input-1TARGET_DOMAIN
wordlist / custom-script-2in/custom-script-2/output.txt
5 workflow changes
Reject all & dismissCancelApply 4 changes

The diff speaks the workflow’s own language: added / removed / modified nodes up top, and for a changed node, a field-level breakdown — inputs, script, connections — with removed values in red and incoming values in green. Because customization and updates coexist, the default is “take everything,” but a user who tweaked a step can pin their version and still pull in the other four changes.

A template update has two halves. Editing a Solution isn’t only about workflow steps — an author (often an admin) also edits the reporting database schema: the tables and fields that runs write into. So an update can carry schema changes too, and those get their own review, because a database migration has stakes a node swap doesn’t: adding a field is safe, but removing one deletes its data.

Review schema update

dataset assets · from Attack Surface Recon v4

4 schema changes

Adding a field is safe. Removing one permanently deletes its data, so it's never applied automatically.

2 added1 type change1 removedtimeframe 7d → 30dAdd all (2)
FieldTypeStored as
asset_iduuidUUIDKey
hosttextString
Δportintwas textInt32new table
cnametextStringAdd
first_seendatetimeDateTimeAdd
legacy_tagtextStringDelete
Type changes can't apply in place — they seed a new table.
CancelApply 2 additions

Same diff grammar — added fields in green, removed in red, a type change flagged in amber — but the actions respect the data. Additions apply in one click; a removal is never automatic and a key field can’t be dropped at all; and because a live table can’t change a column’s type in place, a type change seeds a new table instead of silently rewriting the old one. The template’s version bump covers both halves, so one “Update available” can mean nodes changed, schema changed, or both.

3 · Unlink is an explicit, one-way door. Staying linked is the default, but a user who has diverged for good can detach. It’s deliberately heavy — a typed confirmation, destructive styling, and copy that says plainly it can’t be undone — so it never happens by accident.

Unlink from template?

Recon — acme.com will become a regular workflow and stop receiving template updates. The data and workflow stay untouched.This can't be undone.

Recon — acme.com
Cancel Unlink

One decision did the most work: make the update a review, not a sync. Every hard part — customization vs. freshness, trust, governance — dissolves once the user is the one who decides, with full visibility, what to bring in. Unlinking is the escape hatch that lets the default (stay linked) be safe.

I pressure-tested the review flow with template authors and copy owners on click-through prototypes. The clearest signal: people trusted “Update available” far more once the diff was reviewable per node and the schema changes were split out — a single “sync now” button made them hesitate to link at all.

04

Outcome

Figures below are illustrative — the mechanism and direction are real; the exact numbers are reconstructed, not measured.

  • Stale copies stopped accumulating — because updates are one reviewable click instead of a manual rebuild, roughly 3 in 4 instances stayed linked to their source rather than forking off, and a critical template fix reached every linked copy in minutes instead of a per-team migration.
  • Customization stopped breaking sync — teams could point a template at their own target and add steps while still receiving upstream improvements; the “I edited it so I’m now on my own” dead-end disappeared.
  • Publishing became worth it — with a governed distribution path, template authors had a reason to publish, seeding a shared library instead of a sprawl of near-identical private workflows.

What I’d still improve: conflict handling when both sides changed the same node — today the user resolves it manually node-by-node; a clearer three-way merge would help. And I’d surface updates more proactively (a digest when a template you depend on ships) rather than relying on the user to open the workflow and notice.