HoneyBun · AI Orchestration Platform

I built the factory before I scaled the sales. The factory came first. Sales followed.

5 live paying clients 13 vertical templates 10,100 pages indexed $297/mo all-in stack

13 pre-built vertical templates. A clone-and-deploy pipeline. Five live paying customers proving it runs. Customer #50 ships as fast as customer #6.

Andrew Cruz · Founder, HoneyBun · U.S. Marine Corps Recruiter (Ret.) · Chino Hills, CA
Book a Strategy Call →
5
Live Paying Clients
13
Vertical Templates
59
CF Workers (Runtime)
39
Sub-Agents (Build Tooling)
10,100
Pages Indexed
$297
/mo Stack Cost
Context Hierarchy

Four context layers. Conflict-resolution baked in.

Context files load bottom-up. Project specificity wins. When ambiguous, the more restrictive constraint applies. The pattern most enterprise AI programs build by year three — designed in on day one.

LAYER 1 / GLOBAL
Always-On Instincts
Non-negotiable behavior rules. Verify-first. No claim without source read. Stakes-asymmetry beats speed.
LAYER 2 / ECOSYSTEM
Projects-Wide Standards
Quality bar, security, testing, performance, git workflow, ship-gate, CI/CD discipline.
LAYER 3 / PLATFORM
HoneyBun Platform Rules
Multi-tenant patterns, vertical theme system, worker conventions, deploy rules, operator vs. internal split.
LAYER 4 / PROJECT
Per-Repo Context
Workers, dashboard, PWA, themes, clients — each surface gets its own CLAUDE.md with deploy commands and gotchas.
PROTOCOL
Task Board API · Single Source of Truth
Every task, every agent, every session writes to one board. Status flow, orphan sweep, parallel-session race protection.
MEMORY
MemStack · Cross-Session Knowledge
SQLite + semantic vector search. Sessions, decisions, lessons, project context. Karpathy-style LLM vault for institutional memory.
HoneyBun Runtime · System Architecture

59 Cloudflare Workers. Six layers. End-to-end request flow.

HoneyBun's production runtime is 59 Cloudflare Workers (4 core + 55 specialist) — distinct from the Claude Code sub-agent tooling used to build it. Every page view travels through six layers: client → WordPress theme → core workers → specialist workers → storage → output surfaces. The mu-plugin bridges WordPress and Cloudflare Workers invisibly. The diagram below is the actual production topology.

Client
Browser
Visitor lands on operator site
WordPress
template-*.php
Per-vertical theme templates
mu-plugins/
hb-heartbeat · hb-hero-preview · DCC bridge
wp-app-root/
hb-deployer.php · hb-theme-sync.php
GET /render/:clientId/:pageType/:slug
Core Workers
hb-provisioning
Clone WP · assign subdomain
hb-content
Sonnet research → Opus copy
hb-render
HTML + CSS + JSON-LD schema
hb-agent
SEO audit · intake · content
Orchestrated by
Specialist
Orchestration
orchestrator · task-dispatcher · watchdog · ci-receiver
Monitoring
health-monitor · drift-remediation · cert-probe · status-page
SEO / Audit
seo · seo-playbook · rank-tracker · interlink · schema-validator
Funnel / Leads
funnel · leads · checkout · prospect-intel · density-pricing
Platform
verticals · clients · deploy · auth · session · analytics · og · image
Reads / Writes
Storage
KV · HB_CLIENTS
Client registry · DCC configs · cache
R2 · hb-assets
Static assets · theme bundles · artifacts
Supabase
Tasks · lessons · drift events · analytics
Returns { html, css, schema }
Output
Operator Site
SEO HTML · schema in <head> · injected DOM
Operator + Internal PWAs
Cloudflare Pages · dual app from one codebase
app.gethoneybun.com
Dashboard · Vercel · analytics · workflows
Build Tooling · The AI Operating System I Use to Build Software

HoneyBun was built by 39 sub-agents. Not engineered by humans.

This is the personal AI operating system I built to direct software work — separate from HoneyBun's production runtime. 39 specialist Claude Code sub-agents, 6 binary quality gates (Plan · Code · Security · Test · Build · Business), and 6 executive-persona reviewers route every task through a custom 270-line dispatch protocol. No gate is skippable. A RED verdict from a relevant persona blocks execution. The platform that runs on AI was itself built by AI orchestration.

plan-checker
Goal-backward plan validation. Max 3 loops.
code-reviewer
No CRITICAL/HIGH lands. Fires on every code change.
security-reviewer
Auth, input, secrets, API. Rotates exposed keys.
tdd-guide
Tests-first enforcement. 80% coverage minimum.
planner
Standard + complex implementation plans.
assumptions-analyzer
Hidden assumptions surfaced with evidence.
advisor-researcher
Gray-area decisions. Parallel × N.
research-synthesizer
Merges parallel research into one brief.
architect
System design, multi-system decisions.
debugger
Root-cause analysis. Stack-trace triage.
api-detective
Failed calls, missing data, OAuth breaks.
database-reviewer
SQL, schema, migrations, performance.
build-error-resolver
Build green with minimal diff.
e2e-runner
Critical-flow verification via browser.
refactor-cleaner
Dead code, knip, depcheck, ts-prune.
doc-updater
Codemaps, READMEs, change docs.
exec-ceo · Bezos
Customer obsession. Day 1. Flywheel.
exec-coo · Cook
Operational precision. Single-thread owner.
exec-cfo · Munger
Inversion. Moats. Unit economics.
exec-cto · Vogels
Failure modes. API-first. Scale-under-load.
exec-cmo · Godin
Tribe. Smallest viable market. Purple cow.
exec-caio · Karpathy
Software 2.0. AI theater detection. Evals.
skeptic
Destruction-test. Severity-rated problems.
strategist
Market intent. Differentiation. Brief.
Factory Pattern

Marginal cost of a new vertical ≈ zero.

Templates ≠ tenants. The 13 golden apps are the factory; the 5 live customers are forks of the factory line. Each carries its own git SHA and deployment timestamp.

PROSPECT
CLONE GOLDEN
DEPLOY LIVE
photo-booth · LIVE
realtor · LIVE
photo-booth · LIVE
photo-booth · LIVE
photo-booth · LIVE
plumber · golden
medspa · golden
gym · golden
barbershop · golden
nail salon · golden
+ 8 more verticals
tenant #50 → same cost as #6
Mobile Cockpit · Two PWAs, One Codebase

The internal app is the AI operations cockpit F500 programs need.

~41,000 lines of screens sharing 21 cross-app modules. Customer-facing PWA and internal AI ops console deploy from one source. No App Store review cycles.

OPERATOR PWA · CUSTOMER-FACING

operator.gethoneybun.com

  • edit-sections — 8,743 LOC. Self-serve site editing.
  • signal — 2,894 LOC. Inbound lead intelligence.
  • onboarding — 2,162 LOC. Activation flow.
  • conversations · leads · card · dashboard · edit · account
  • Workbox service worker · web push · install prompt · offline.html
INTERNAL PWA · AI OPS COCKPIT

ops.gethoneybun.com

  • leads-platform — 3,325 LOC. Funnel ops surface.
  • pipeline · rank-tracker · errors · intelligence
  • prospect-research · prospect-qualifier · prospect-demo — AI-assisted sales workflow
  • seo-perfector · seo-flywheel · seo-health — autonomous improvement loop
  • aeo-queue · dcc-admin · converter · lead-prefill · verticals · audits · board · assets · inbox · pages
  • 24 internal screens spanning governance, AI workflows, and observability
Reliability Discipline

Silent failure is the cardinal sin.

Every catch block routes through reportFailure(). Auto-remedy attempted first. Triple-channel escalation if it can't self-heal. Named human owner on every alert.

1 · DETECT
reportFailure()
Client-side hook. Severity tagged. Context attached.
2 · CLIENT RETRY
Retry × 2
0s then 5s delay. Toast if still failing.
3 · WORKER
Auto-Remedy
Health check · dedup · auto-fix task created.
4 · VERIFY
Re-check × 2
5s intervals. Confirm fix or escalate.
5 · ESCALATE
Push · Email · SMS
Named human owner. No failure exits silently.
Security Posture

Enterprise-grade isolation. Built in, not bolted on.

Data isolation, deploy integrity, bot protection, and transport security are first-class design constraints — not compliance checkboxes added after the fact.

DATA ISOLATION · AUTH

Scoped operator keys + RBAC

  • Per-operator API keys — each operator's key is scoped to their own data. One operator's credential cannot reach another operator's records.
  • Formal permissions librarycan(), isPrivilegedAdmin(), and role constants gate every sensitive operation. Not ad-hoc if-checks.
  • Master key separation — platform operations require isPrivilegedAdmin(). Operator keys can't self-elevate.
DEPLOY INTEGRITY

SHA-256 ledger on every file deploy

  • Pre-write hash comparison — detects concurrent write conflicts before the write lands. Returns 409 on mismatch; no silent overwrites.
  • Append-only provenance — every deploy records operator, file path, holder, before-hash, after-hash, and timestamp in Supabase.
  • 3-attempt retry on ledger insert before alerting — provenance is never silently lost even under transient DB pressure.
BOT PROTECTION · TRANSPORT

Turnstile + full security header stack

  • Cloudflare Turnstile on all lead capture forms — invisible managed CAPTCHA, blocks bots before form submit. Lazy-loaded; zero pageload impact.
  • HSTS with includeSubDomains — HTTPS enforced across the entire domain tree at the browser level.
  • CSP with explicit allowlist — script-src and connect-src locked to known endpoints. Frame-ancestors blocks clickjacking. base-uri prevents base tag injection.
  • Full header stack — nosniff, X-Frame-Options, Referrer-Policy, Permissions-Policy (camera/mic/geo/payment all off).
RATE LIMITING · RESILIENCE

KV gates + CF WAF + timeout discipline

  • KV-backed throttle gates at the application layer — 429 enforcement on all high-sensitivity endpoints before they touch the database.
  • CF WAF as the upstream volumetric layer — rate limiting, bot score, and threat scoring handled before the request hits the worker.
  • AbortSignal.timeout() on every external call — 3–8s depending on path criticality. No hanging requests, no cascading failures.
  • Read-vs-write retry discrimination — reads retry on 429/502/503/504; writes only retry on 503/504 to prevent double-writes on ambiguous 502s.
Operating Cadence

AI-native ops, not AI features bolted on.

AUTONOMOUS LOOP

Cron-Scheduled Agents

  • Morning briefing on session start — overnight autopilot, failures, stale tasks, today's schedule
  • Orphan sweep — stale tasks from dead sessions reclaimed automatically
  • Pre-flight checks — credentials, upstream reachability, no conflicting in-progress work
  • Health indicators — green / yellow / red per scheduled automation, surfaced at session start until resolved
  • Bounded autonomy — never archives human-claimed work; only meta-stale alert noise
LEARNING LOOP

Lessons → Hooks

  • Every failure produces a per-shard lesson at ~/.claude/lessons/
  • Recurring patterns get promoted from probabilistic rules to deterministic hooks
  • 5+ formal post-incident write-ups in the workers repo (circuit breakers, drift retries, timeout handling)
  • 601 lines of structured institutional lessons in honeybun/lessons.md
  • Verify-before-work protocol — workers check completed_at + existing code state before claiming any task. Prevents parallel-session re-do.
Autonomous Runner · Tiered Execution Pipeline

Task lands. System decides. You approve or ignore.

Every task is classified by risk the moment it hits the board. Low-risk work runs, verifies, and commits without a single human touch. High-risk work builds in an isolated branch, runs an independent verification pass, and surfaces a one-click approve/reject card with the full diff attached. After merge, a health probe watches the live endpoint — two consecutive failures within five minutes trigger an auto-revert.

Tier 0 · Verify-Only
Read-only DONE_WHEN. Single verifier pass. Closes in ~30s. No Researcher, no Fixer, no worktree.
Tier 1 · Reversible Edit
Single-file or small change. Two-pass Researcher → Builder in isolated worktree. Diff guard + sensitive-path check before push.
Tier 2 · Multi-File / Structural
Builder commits in worktree. Independent Verifier runs DONE_WHEN. Task surfaces as approve/reject card with diff + proof attached.
Tier 3 · Blocked
Infra, auth, migrations, secrets, destructive ops. Blocked from autopilot. Requires a human Claude Code session.
Topology B — Tier 2 Pipeline

The four-station mini-line for multi-file structural changes.

1 · RESEARCHER
Read-only analysis
Maps codebase, produces FIX_SPEC + DONE_WHEN. No writes.
2 · BUILDER
Isolated worktree
Implements + commits on autopilot/<taskId>. Never touches live source repo. Diff guard blocks sensitive paths.
3 · VERIFIER
Independent session
Separate read-only Claude session. Runs DONE_WHEN against the worktree. Reports PASS/FAIL with raw output.
4 · HUMAN GATE
One click
Review card: diff + verifier proof. Approve → merge bot pushes. Reject → branch deleted, task reopens.
5 · PROBE
Post-merge watch
DONE_WHEN re-run on live endpoint. Two failures in 5 min → auto-revert pushed to main before anyone notices.
SAFETY PROPERTIES

Limits that can't be bypassed

  • 200-line / 5-file diff cap — exceeded limit escalates to human review, never auto-merges
  • 9 sensitive-path patternswrangler*.toml, .env*, migrations/, auth/, billing/, CI workflows, deploy scripts
  • Worktree isolation — concurrent tasks on the same repo never collide; each runs on its own branch in /tmp/hb-build/<jobId>
  • Verifier independence — the agent that builds never verifies its own work; a fresh session runs DONE_WHEN in the worktree before the branch is ever proposed for merge
METRICS

Before and after

  • Dispatch latency: 900s cron lag → <5s event-driven (task creates/transitions fire dispatcher immediately)
  • AUDIT task cost: 3-min two-pass → ~30s single verifier pass
  • Concurrent tasks: source-repo collisions → zero collisions via isolated worktrees
  • Post-merge visibility: none → health probe every 15 min, auto-revert on 2 failures in 5 min window
  • Human involvement (Tier 1): trigger → nothing. System runs, verifies, pushes.
  • Human involvement (Tier 2): trigger → one approve click with full diff + proof
Stack

Production infrastructure, not a notebook.

Backend

Cloudflare Workers Supabase Postgres + Vector REST APIs MCP Servers

Frontend

Vite 6 Workbox PWA WordPress (vertical-aware) Elementor

AI

Claude Opus/Sonnet/Haiku OpenAI GPT Gemini Workers AI Custom MCP

Deploy

Vercel Cloudflare Pages Cloudways Railway Wrangler
Proven Outcomes · Live Proof Case · GSC Verified

Feb 2025 → Feb 2026. What the autonomous engine produced.

10,100
Pages Indexed
Autonomous content engine; GSC verified.
291%
YoY Click Growth
240% YoY impressions. 110 ranked cities.
#44 → #16
Avg Search Position
Moved up 28 positions YoY.
18.5%
Revenue Lift
Closed-loop attribution: impression → revenue.
$45k
/yr Displaced Ad Spend
Across 4 SoCal counties on proof-case site.
40%
Appointments AI-Generated
Sammy conv. AI · voice/SMS/chat · 9 functions.
40%
Show Rate
Zero human engagement. Auto qualify · book · confirm.
4 → 1
Headcount Compressed
Analyst + writer + schema architect + dev → one operator.
$297
/month Stack
All-in recurring infra for the entire platform.

The hard part of enterprise AI was never the technology. It was always going to be getting people to want to move with you. Eleven years as a Marine Corps career recruiter taught me to operate that way. Three years building HoneyBun proved the operating model holds at machine scale, too.

ANDREW CRUZ · GETHONEYBUN.COM · LINKEDIN.COM/IN/ANDREWCRUZ101
Book a Strategy Call →
Technical Deep-Dive → DCC schema · per-page schema.org injection · worker bindings · storage layer · marketing site topology