HoneyBun is a multi-vertical, multi-city SEO website platform. Operators get fully deployed WordPress sites with AI-generated content, schema markup, and a DCC engine that personalizes every page from a single JSON config.
An operator signs up, their site is provisioned, AI generates content, and the render worker delivers optimized HTML to every visitor — all from a single JSON config.
Diagnostic call → Simplex checkout → webhook fires provisioning. Operator picks their vertical (plumber, gym, med spa, etc.) and market.
hb-provision worker clones the golden WordPress instance on Cloudways, assigns a subdomain, and stores client data in KV.
hb-content worker runs two passes: Sonnet researches the market, Opus writes high-converting local SEO copy for every page and city.
The WordPress theme fetches from hb-render on every request. HTML fragments, CSS vars, and JSON-LD schema are injected into the page — no plugin required.
Schema.org markup is injected per page type — LocalBusiness, Service, FAQPage, AggregateRating, BreadcrumbList — all wired to DCC data.
Monthly retainer covers ongoing content updates, SEO monitoring via hb-agent, and dashboard access at app.gethoneybun.com.
Every page view travels through three systems: WordPress theme → Cloudflare Worker → KV Store. The mu-plugin bridges them invisibly.
Four core workers carry the request path. Fifty-five specialist workers handle orchestration, monitoring, audit, SEO, funnel, OG/image rendering, and platform plumbing. All deployed via Wrangler from workers/configs/*.toml.
{ html, css, schema } payload to the WordPress mu-plugin on every page load. Fastest path to dynamic, personalized pages.DCC JSON → KV (HB_CLIENTS) → hb-heartbeat.phpwp_option cache → BBS_Vertical_Loaderbbs_get() / bbs_get_section() → Templates
Three layers of vertical readiness: 13 golden template apps deployed and ready to clone (from deploy-manifest.json) · 15 verticals with full implementation under workers/verticals/ (DCC schema, slug patterns, schema.org type, voice preset, nav items, trust signals) · 24 verticals with marketing landing pages on gethoneybun.com. The extra 9 are sales-ready but await full build-out. 5 are running in production right now as live operator sites.
Every operator site is configured by a single DCC JSON stored in KV. The BBS_Vertical_Loader reads it and exposes it to all templates via bbs_get().
seo.php hooks into wp_head at priority 5. Every page type outputs its specific schema.org graph — all driven by DCC data, zero hardcoding.
Four storage systems, each purpose-built for its domain.
47 PHP page templates. 24 vertical landing pages. 17 resource guides. 5 comparison pages.
/vertical-seo/ with industry-specific copy, pricing, demo site link, and calendar embed./local-seo-vertical/. Builds organic authority and attracts operators researching SEO solutions.vertical-template.php./book/. Vertical slug passed as ?v=plumber for personalized booking experience.honeybun_get_vertical_data() and honeybun_get_resource_data() power all pages.All production HoneyBun platform code lives under honeybun/operations/. Each subfolder owns its own deploy target.
wrangler deploy --config configs/wrangler-*.toml.app.gethoneybun.com. Operator tools, intake, analytics, board.hb-operator-app (operator-facing) and hb-internal-app (internal ops).photo-booth (base / golden), realtor, plus verticals/ per-industry themes. Synced to Cloudways.hb-heartbeat.php (render bridge), hb-hero-preview.php. Mirrored to Cloudways wp-content/mu-plugins/.hb-deployer.php, hb-theme-sync.php. Bridge between Cloudflare Workers and Cloudways WordPress.go.gethoneybun.com via node generate-catalog.js.The operator-facing control center. Analytics, integrations, site management — all in one place.
The runner is the execution layer between the task board and the git repos. It runs on the Mac Mini, receives tasks from the dispatcher, and routes each one through the appropriate pipeline based on risk tier. All eight phases of the autopilot migration are live.
DONE_WHEN, zero files_touched, no write verbs in description. Single verifier pass in source repo. No worktree. Closes in ~30s. Examples: [AUDIT] confirm commit X landed on main.critical, infra, recovery, handoff, deploy. Or files_touched contains sensitive paths (wrangler*.toml, .env*, migrations/, auth/, billing/, CI workflows). Requires a human Claude Code session.RESULT: PASS/FAIL. Runner PATCHes task directly: status=completed + verified_at + verification_output + files_touched=['(verified-no-files-changed)']. No Researcher, no Fixer, no worktree.FILES_TO_CHANGE + FIX_SPEC + DONE_WHEN. Pass 2 (Builder): implements in isolated worktree on branch autopilot/<taskId>. Commits only — runner handles push after diff inspection.inspectDiff checks committed-but-not-pushed diff. >200 lines or >5 files or sensitive path hit → escalateDiff (stash diff, reset, PATCH blocked, fire alert). Pass → git merge --ff-only from sourceRepo + push. Worktree torn down./tmp/hb-build/<jobId>.pass3-verifier) runs DONE_WHEN against the worktree. PASS → PATCH status=testing + verified_at + verification_output + files_touched + proposed_diff (≤20KB). FAIL → PATCH failed, teardown. The agent that built never verifies its own work./task-board review lane with full diff + verifier output. Approve: dashboard → POST /tasks/:id/approve-merge → hb-tasks → hb-task-dispatcher → runner POST /merge → git merge --ff-only + push + PATCH completed + teardown. Reject: same chain → runner POST /reject → PATCH pending + teardown.fetch(). Complex shell pipelines are skipped — safer than a false-positive revert.postmerge:fail:<taskId> + postmerge:fail-at:<taskId> with 30-min TTL. 2 consecutive failures within a 5-min window → triggers auto-revert. Window resets on success or TTL expiry.POST /revert: captures HEAD SHA, runs git revert <SHA> --no-edit, pushes to origin main, PATCHes task to blocked with revert details, fires alert. Alert body distinguishes "revert requested" vs "runner unreachable — manual rollback required."hb-tasks.js: POST /tasks (create), PATCH status→pending, PATCH unclaim→pending. Each fires ctx.waitUntil(maybeFireDispatch) — response never blocked. Kill switch checked at event source (defense in depth; dispatcher checks again).POST /dispatch-task on hb-task-dispatcher. dispatchSingleTask() runs full eligibility: kill switch, autopilot-ok tag, DONE_WHEN present, capacity gate, KV dedup. Delegates to dispatchOne(). Cron (*/15 min) stays as safety net for misses.Documented for technical due diligence. Every layer below is verified from source — not inferred from configuration intent.
frame-ancestors 'self' · base-uri 'self' · script-src locked to self + GTM + Turnstile · connect-src explicit allowlist of all HoneyBun endpoints + GA4. unsafe-inline required for Breeze full-page cache compatibility; nonce-based CSP evaluated and documented as blocked until Breeze is replaced with edge-level caching.Strict-Transport-Security: max-age=31536000; includeSubDomains — HTTPS enforced at browser level across the entire domain tree. Referrer-Policy: strict-origin-when-cross-origin — limits referrer leakage on cross-origin navigation.X-Content-Type-Options: nosniff — blocks MIME-type sniffing.X-Frame-Options: SAMEORIGIN — clickjacking prevention.Permissions-Policy: camera=(), microphone=(), geolocation=(), payment=() — all sensitive browser features explicitly disabled.lib/permissions.js — can(), isPrivilegedAdmin(), ROLE_AGENCY_ADMIN and role constants. Not ad-hoc if-checks. Privileged operations (cross-tenant reads, admin routes, force-release) require isPrivilegedAdmin() explicitly.X-HB-Key is scoped to their own clientId. One operator's key cannot reach another operator's data. Master key and operator keys are separate credential classes; operator keys cannot self-elevate.AbortSignal.timeout() on every external call — 3s for fast paths, 5–8s for Supabase operations. No hanging requests that cascade into worker CPU exhaustion. Timeout errors are classified and logged the same as network errors.sha256_live (freshly read) and sha256_assumed_base (what it thinks is live). If they don't match, the write returns 409 — no silent overwrites from concurrent sessions. Removes the race condition from parallel deploys.unsafe-inline on CSP script-src (Breeze cache constraint — documented above). These are tracked, not unknown.