I built the factory before I scaled the sales. The factory came first. Sales followed.
15 pre-built vertical templates. A clone-and-deploy pipeline. Four live paying customers — and four more in staging — proving it runs. Customer #50 ships as fast as customer #6.
Four context layers. Conflict-resolution baked in.
Context files load bottom-up. Project specificity wins. When ambiguous, the more restrictive constraint applies. The pattern most enterprise AI programs build by year three — designed in on day one.
73 Cloudflare Workers. Seven layers. End-to-end request flow.
HoneyBun's production runtime is 73 Cloudflare Workers (4 core + 69 specialist) — distinct from the Claude Code sub-agent tooling used to build it. Every page view travels through seven layers: acquire → client → WordPress theme → core workers → specialist workers → storage → output surfaces. The mu-plugin bridges WordPress and Cloudflare Workers invisibly. The diagram below is the actual production topology.
HoneyBun was built by 39 sub-agents. Not engineered by humans.
This is the personal AI operating system I built to direct software work — separate from HoneyBun's production runtime. 39 specialist Claude Code sub-agents, 6 binary quality gates (Plan · Code · Security · Test · Build · Business), and 6 executive-persona reviewers route every task through a custom 270-line dispatch protocol. No gate is skippable. A RED verdict from a relevant persona blocks execution. The platform that runs on AI was itself built by AI orchestration.
Marginal cost of a new vertical ≈ zero.
Templates ≠ tenants. The 13 golden apps are the factory; live operators are forks of the factory line. Each carries its own git SHA and deployment timestamp.
We already know your business.
Prospecting, the pre-deploy intake, in-app onboarding, the brand & schema generators, and the CRM all read and write a single canonical record per operator. Operators don't fill out forms — they confirm. Every field carries provenance, so operator-confirmed data always wins and a machine re-scrape can never overwrite what a human verified.
One record, every surface
- Single canonical store — every operator-data surface reads and writes the same record. No second source, no drift between tools.
- Field-level provenance — each field is stamped with its source, timestamp, and confidence (human-confirmed vs. machine-derived). This is data provenance, alongside the SHA-256 deploy ledger that governs file integrity.
- Confirmed data wins — a low-confidence scrape can never overwrite a field a human confirmed. Conflicting writes are version-checked, never last-writer-wins.
Pre-seeded, not blank
- Seeded before first touch — research and public-data signals fill the record before the operator ever logs in.
- Confirm, don't type — the intake and onboarding surfaces show what we already know and ask only for what's missing or worth correcting; screens already answered are skipped.
- Less typing, faster launch, fewer errors — the operator's first experience is review, not data entry.
One click → brand & schema
- Generated from the record — one action produces a full brand identity and the complete structured-data stack for an operator, drawn from the canonical record.
- Zero marginal cost, per operator — the same near-zero marginal cost that adds a vertical extends to every operator: no manual rebuild, no re-keying.
- One-way sync outward — confirmed business details flow on to the CRM automatically, while login credentials are never touched.
The internal app is the AI operations cockpit F500 programs need.
~63,000 lines across 46 screens sharing 37 cross-app modules. Customer-facing PWA and internal AI ops console deploy from one source. No App Store review cycles.
operator.gethoneybun.com
- edit-sections — 8,743 LOC. Self-serve site editing.
- signal — 2,894 LOC. Inbound lead intelligence.
- onboarding — 2,162 LOC. Activation flow.
- conversations · leads · card · dashboard · edit · account
- Workbox service worker · web push · install prompt · offline.html
ops.gethoneybun.com
- leads-platform — 3,325 LOC. Funnel ops surface.
- pipeline · rank-tracker · errors · intelligence
- prospect-research · prospect-qualifier · prospect-demo — AI-assisted sales workflow
- seo-perfector · seo-flywheel · seo-health — autonomous improvement loop
- aeo-queue · dcc-admin · converter · lead-prefill · verticals · audits · board · assets · inbox · pages
- 24 internal screens spanning governance, AI workflows, and observability
Silent failure is the cardinal sin.
Every catch block routes through reportFailure(). Auto-remedy attempted first. Triple-channel escalation if it can't self-heal. Named human owner on every alert.
Every message governed, channel-aware, and editable without a deploy.
Seven automated cadences carry a contact from prospect to retained operator — each with a defined trigger, channel, and sender. Emails ship via Resend; SMS via Simplex (white-labeled GoHighLevel); push via the PWA. The copy is config-driven, not hardcoded.
Seven cadences, one fail-safe path
- Prospect: lead reinvite (M2–M5), re-engagement drip, GHL nurture.
- Onboarding & live: post-checkout welcome, site-live drip (day 0/1/7/14/30), monthly performance report.
- Operator: instant new-lead alert (SMS + email + push) with vertical-aware copy — event-shaped for photo-booth, universal for everything else, safe-default universal.
A store the cadence reads at send time
- Override-or-default — every message reads an editable template from the store, falling back to the hardcoded copy if missing or disabled. A blank or broken edit can never blank a live message.
- Branded editor behind a scoped key — edit copy in the browser, live within minutes via a KV cache. Toggle a template off to instantly revert.
- Mapped & auditable — a live visual map documents every message's trigger, channel, sender, and verbatim copy.
One operator, one ~550K cluster — priced by the data, not by hand.
The same factory that makes a new vertical nearly free also makes a new market deterministic: territories are computed from census data, and pricing scales with the geography and page count they generate.
ZIP-adjacency to a population cap
- ~550,000 population per operator per vertical, built by ZIP/ZCTA adjacency from an anchor ZIP — cities are emergent from the ZIP set, not entered by hand.
- Pure-function engine (
polygon-boundary-v1, ACS census) returns the exact ZIP list + population; growth appends ZIPs (extend-cluster) without reshaping shared geography. - Binary ownership — owned or open, per city/ZIP.
Tiered by market density
- Standard < 250K → 1.00× · Growth 250K–1M → 1.25× · Metro > 1M → 1.50×.
- Page-count driven — final price scales with cities × services; Founding-Partner pricing stays decoupled from territory size.
Enterprise-grade isolation. Built in, not bolted on.
Data isolation, deploy integrity, bot protection, and transport security are first-class design constraints — not compliance checkboxes added after the fact.
Scoped operator keys + RBAC
- Per-operator API keys — each operator's key is scoped to their own data. One operator's credential cannot reach another operator's records.
- Formal permissions library —
can(),isPrivilegedAdmin(), and role constants gate every sensitive operation. Not ad-hoc if-checks. - Master key separation — platform operations require
isPrivilegedAdmin(). Operator keys can't self-elevate.
SHA-256 ledger on every file deploy
- Pre-write hash comparison — detects concurrent write conflicts before the write lands. Returns 409 on mismatch; no silent overwrites.
- Append-only provenance — every deploy records operator, file path, holder, before-hash, after-hash, and timestamp in Supabase.
- 3-attempt retry on ledger insert before alerting — provenance is never silently lost even under transient DB pressure.
Turnstile + full security header stack
- Cloudflare Turnstile on all lead capture forms — invisible managed CAPTCHA, blocks bots before form submit. Lazy-loaded; zero pageload impact.
- HSTS with includeSubDomains — HTTPS enforced across the entire domain tree at the browser level.
- CSP with explicit allowlist — script-src and connect-src locked to known endpoints. Frame-ancestors blocks clickjacking. base-uri prevents base tag injection.
- Full header stack — nosniff, X-Frame-Options, Referrer-Policy, Permissions-Policy (camera/mic/geo/payment all off).
KV gates + CF WAF + timeout discipline
- KV-backed throttle gates at the application layer — 429 enforcement on all high-sensitivity endpoints before they touch the database.
- CF WAF as the upstream volumetric layer — rate limiting, bot score, and threat scoring handled before the request hits the worker.
- AbortSignal.timeout() on every external call — 3–8s depending on path criticality. No hanging requests, no cascading failures.
- Read-vs-write retry discrimination — reads retry on 429/502/503/504; writes only retry on 503/504 to prevent double-writes on ambiguous 502s.
AI-native ops, not AI features bolted on.
Cron-Scheduled Agents
- Morning briefing on session start — overnight autopilot, failures, stale tasks, today's schedule
- Orphan sweep — stale tasks from dead sessions reclaimed automatically
- Pre-flight checks — credentials, upstream reachability, no conflicting in-progress work
- Health indicators — green / yellow / red per scheduled automation, surfaced at session start until resolved
- Bounded autonomy — never archives human-claimed work; only meta-stale alert noise
Lessons → Hooks
- Every failure produces a per-shard lesson at
~/.claude/lessons/ - Recurring patterns get promoted from probabilistic rules to deterministic hooks
- 5+ formal post-incident write-ups in the workers repo (circuit breakers, drift retries, timeout handling)
- 143 codified institutional lessons (1,281 lines) in
honeybun/lessons.md - Verify-before-work protocol — workers check
completed_at+ existing code state before claiming any task. Prevents parallel-session re-do.
Task lands. System decides. You approve or ignore.
Every task is classified by risk the moment it hits the board. Low-risk work runs, verifies, and commits without a single human touch. High-risk work builds in an isolated branch, runs an independent verification pass, and surfaces a one-click approve/reject card with the full diff attached. After merge, a health probe watches the live endpoint — two consecutive failures within five minutes trigger an auto-revert.
The four-station mini-line for multi-file structural changes.
autopilot/<taskId>. Never touches live source repo. Diff guard blocks sensitive paths.Limits that can't be bypassed
- 200-line / 5-file diff cap — exceeded limit escalates to human review, never auto-merges
- 9 sensitive-path patterns —
wrangler*.toml,.env*,migrations/,auth/,billing/, CI workflows, deploy scripts - Worktree isolation — concurrent tasks on the same repo never collide; each runs on its own branch in
/tmp/hb-build/<jobId> - Verifier independence — the agent that builds never verifies its own work; a fresh session runs DONE_WHEN in the worktree before the branch is ever proposed for merge
- DONE_WHEN enforced at the API —
POST /tasksreturns422if the description is blank or missing aDONE_WHEN:clause. The verifiable success criterion isn't a convention — it's a hard gate. A task that can't be objectively checked can't enter the queue. - Human-created tasks are never exempt — system-generated notifications (
[ALERT],[REVIEW:*], etc.) are exempt from the gate by design. The moment a human presses a button and converts an alert into a work item, full validation applies — a button press is a work decision, not a notification.
Before and after
- Dispatch latency: 900s cron lag → <5s event-driven (task creates/transitions fire dispatcher immediately)
- AUDIT task cost: 3-min two-pass → ~30s single verifier pass
- Concurrent tasks: source-repo collisions → zero collisions via isolated worktrees
- Post-merge visibility: none → health probe every 15 min, auto-revert on 2 failures in 5 min window
- Human involvement (Tier 1): trigger → nothing. System runs, verifies, pushes.
- Human involvement (Tier 2): trigger → one approve click with full diff + proof
- Code quality enforcement: ad-hoc → auto-review pipeline queues a structured code review on every completed task that touched files
Completed work reviews itself
- On every task completion — if
files_touchedis non-empty, a[REVIEW:level]task is automatically queued: review, review+security, or audit (full 6-pass P0–P5) - Findings → Follow-up — CRITICAL or HIGH findings automatically queue a
[FOLLOW-UP]fix task listing every issue. The loop continues up to 3 cycles - Repeat-finding detection — same finding hash appearing after a fix attempt escalates to
[HUMAN-REVIEW-REQUIRED]instead of looping. The system recognises when it can't self-resolve - Kill switch + daily cap —
auto-review:enabledKV key, 20 tasks/day max, depth cap of 3. Every guard has a documented escalation path; none exit silently
Production infrastructure, not a notebook.
Backend
Frontend
AI
Deploy
Feb 2025 → Feb 2026. What the autonomous engine produced.
The hard part of enterprise AI was never the technology. It was always going to be getting people to want to move with you. Ten years as a Marine Corps career recruiter taught me to operate that way. Three years building HoneyBun proved the operating model holds at machine scale, too.