🍯 Platform Overview · Updated May 2026

The SEO Platform
for Local Service Businesses

HoneyBun is a multi-vertical, multi-city SEO website platform. Operators get fully deployed WordPress sites with AI-generated content, schema markup, and a DCC engine that personalizes every page from a single JSON config.

5
Live Operators
15
Verticals Implemented
59
CF Workers
250
Max Pages / Site
4 core workers (provision · content · render · agent) + 55 specialist workers (orchestration, monitoring, audit, SEO, drift remediation, task dispatch, watchdogs, OG/image, converter)
What is HoneyBun

One Platform. Any Local Business.

An operator signs up, their site is provisioned, AI generates content, and the render worker delivers optimized HTML to every visitor — all from a single JSON config.

1

Operator Signs Up

Diagnostic call → Simplex checkout → webhook fires provisioning. Operator picks their vertical (plumber, gym, med spa, etc.) and market.

2

Site Provisioned

hb-provision worker clones the golden WordPress instance on Cloudways, assigns a subdomain, and stores client data in KV.

3

AI Content Generated

hb-content worker runs two passes: Sonnet researches the market, Opus writes high-converting local SEO copy for every page and city.

4

Pages Go Live

The WordPress theme fetches from hb-render on every request. HTML fragments, CSS vars, and JSON-LD schema are injected into the page — no plugin required.

5

SEO Engine Runs

Schema.org markup is injected per page type — LocalBusiness, Service, FAQPage, AggregateRating, BreadcrumbList — all wired to DCC data.

6

Operator Ranks & Retains

Monthly retainer covers ongoing content updates, SEO monitoring via hb-agent, and dashboard access at app.gethoneybun.com.

Request Flow End-to-End

Every page view travels through three systems: WordPress theme → Cloudflare Worker → KV Store. The mu-plugin bridges them invisibly.

Client
🌐
Browser
Visitor visits operator site
WordPress
📄
template-*.php
Per-vertical theme templates
🔌
mu-plugins/
hb-heartbeat · hb-hero-preview · DCC bridge
⚙️
wp-app-root/
hb-deployer.php · hb-theme-sync.php — PHP endpoints
↓ GET /render/:clientId/:pageType/:slug
Core Workers
🏗️
hb-provisioning
Clone WP · assign subdomain
✍️
hb-content
Sonnet research → Opus copy
hb-render
HTML + CSS + JSON-LD schema
🤖
hb-agent
SEO audit · intake · content
↓ Orchestrated by
Specialist
🎼
Orchestration
orchestrator · task-dispatcher · task-watchdog · tasks
🩺
Monitoring
health-monitor · drift-remediation · cert-expiry-probe · watchdog · status-page
🔍
SEO / Audit
seo · seo-playbook · audit · premier-audit · rank-tracker · interlink · schema-validator
💰
Funnel / Leads
funnel · funnel-crawler · leads · checkout · pbg-checkout · prospect-intel
📦
Platform
verticals · clients · deploy · auth · session · analytics · ga-mp-proxy · neighborhoods
↓ Reads / Writes
Storage
🗄️
KV namespaces
HB_CLIENTS · NEIGHBORHOODS · sessions · caches
🪣
R2 · hb-assets
Static assets · theme bundles · deploy artifacts
🐘
Supabase
Tasks · lessons · drift events · analytics · neighborhoods
↓ Returns { html, css, schema }
Output
💻
Operator Site
SEO HTML · schema in <head> · injected DOM
📱
PWA · operations/app/
hb-operator-app · hb-internal-app (Cloudflare Pages)
📊
app.gethoneybun.com
Dashboard · Vercel · analytics · workflows
Cloudflare Workers

4 Core + 55 Specialist Workers

Four core workers carry the request path. Fifty-five specialist workers handle orchestration, monitoring, audit, SEO, funnel, OG/image rendering, and platform plumbing. All deployed via Wrangler from workers/configs/*.toml.

wrangler-provisioning.toml
🏗️ Provision
Receives Simplex webhook on checkout → clones the golden WordPress instance on Cloudways → assigns a subdomain → stores new client record in KV. The entry point for every new operator.
HB_CLIENTS (KV) HB_ASSETS (R2)
wrangler-content.toml
✍️ Content
Two-pass AI content generation pipeline. Pass 1: Sonnet researches the market, competitors, and local signals. Pass 2: Opus writes converting local SEO copy for every page template and city combination.
HB_CLIENTS (KV)
wrangler-render.toml
⚡ Render
Pre-computes HTML fragments, CSS custom properties, and JSON-LD schema from the DCC config. Returns a { html, css, schema } payload to the WordPress mu-plugin on every page load. Fastest path to dynamic, personalized pages.
HB_CLIENTS (KV)
wrangler-agent.toml
🤖 Agent
AI agent skills available on-demand: SEO audit of any operator page, content intake from operator questionnaire, and supplemental content generation. Extends platform capability without touching the main workers.
HB_CLIENTS (KV)
Specialist Workers (55)
🎼 Orchestration
orchestrator · task-dispatcher · task-watchdog · tasks · watchdog · ci-receiver
🩺 Monitoring
health-monitor · drift-remediation · cert-expiry-probe · cloudflared-monitor · outbound-probe · status-page · rollout-monitor · token-audit · post-deploy-smoke · inbox-gc
🔍 SEO / Audit
seo · seo-playbook · seotools · audit · premier-audit · rank-tracker · interlink · schema-validator · record-completeness · cta-scan · booking-link-scan · client-id-parity
💰 Funnel / Leads
funnel · funnel-crawler · leads · checkout · checkout-test · pbg-checkout · prospect-intel · fp-stepup · density-pricing · territory-reconciliation
📦 Platform
verticals · clients · deploy · auth · session · analytics · ga-mp-proxy · mockup · template · link · launch-validator · verify · dcc-migration · converter · image · og · assets
DCC JSONKV (HB_CLIENTS)hb-heartbeat.php
wp_option cacheBBS_Vertical_Loader
bbs_get() / bbs_get_section()Templates
$ wrangler deploy --config wrangler-provision.toml
$ wrangler deploy --config wrangler-content.toml
$ wrangler deploy --config wrangler-render.toml
$ wrangler deploy --config wrangler-agent.toml

15 Implemented · 24 Marketed

Three layers of vertical readiness: 13 golden template apps deployed and ready to clone (from deploy-manifest.json) · 15 verticals with full implementation under workers/verticals/ (DCC schema, slug patterns, schema.org type, voice preset, nav items, trust signals) · 24 verticals with marketing landing pages on gethoneybun.com. The extra 9 are sales-ready but await full build-out. 5 are running in production right now as live operator sites.

Production (live operator on platform)
Implemented (workers/verticals/ exists)
Marketing only (landing page, no vertical build)
📸 Photo Booth
🔧 Plumbers
💆 Med Spas
🏋️ Gyms / Fitness
💈 Barbershops
❄️ HVAC
💅 Nail Salons
🏠 Roofers
🏡 Realtors
🪵 Flooring & Epoxy
Electricians
💉 IV Hydration (Clinic)
🦷 Dentists
🔨 Home Remodelers
🚐 IV Hydration (Mobile)
👁️ Optometrists
😁 Orthodontists
💍 Wedding Coordinators
🏝️ Luxury Real Estate
📷 Photographers
🎬 Videographers
🎵 DJs
🎉 Event Planners
🏛️ Venues
💼 CPA / Tax Accountants
Per-Vertical Full Implementation = 24 PHP Templates
page-home page-about page-contact page-faq page-gallery page-jobs page-services page-venues template-service template-city template-venue template-job template-service-areas vertical.css 4 config JSONs prompt-overrides.js

DCC Schema

Every operator site is configured by a single DCC JSON stored in KV. The BBS_Vertical_Loader reads it and exposes it to all templates via bbs_get().

siteUrl: "plumber.gethoneybun.com"
design: {
  heroH1Layout: "editorial" | "centered" | "split"
}
business: {
  companyName, phone, email,
  address, city, state, zip,
  ownerName, yearEstablished,
  tagline, booking_link,
  guarantee, rating, reviewCount,
  instagramHandle, instagramImages[]
}
primaryCity: "Brea"
serviceCities: ["Brea","Fullerton","Anaheim"...]
hero: { eyebrow, h1, subtitle, bgImage,
  stats: [{ number, label }],
  cta1: { label, url },
  reviewBadges: { google, yelp } }
services: [{ name, slug, image, description }]
reviews: [{ text, name, rating, source }]
faqs: [{ question, answer }]
seo: {
  schema_type: "Plumber",
  rating_value: "4.9",
  service_slug_prefix: "plumbing-",
  indexing: "index" | "noindex"
}
SEO Engine

Schema Injection Per Page Type

seo.php hooks into wp_head at priority 5. Every page type outputs its specific schema.org graph — all driven by DCC data, zero hardcoding.

Home
Organization {VerticalType} Service ×N FAQPage AggregateRating BreadcrumbList Offer
City
LocalBusiness {VerticalType} Service FAQPage BreadcrumbList AggregateRating
Service
Service FAQPage BreadcrumbList Offer
About
Organization Person BreadcrumbList
FAQ
FAQPage (critical) BreadcrumbList
Blog
Article BlogPosting BreadcrumbList
🎯 Voice Presets
bold Dan Kennedy cadence, short punchy sentences
energetic High-energy, exclamation marks, momentum
warm Approachable, conversational, trust-building
elegant Sophisticated, minimal, premium positioning
📐 Copy Methodology
Kennedy Sales Psychology:
Promise → Proof → Offer → Desire → Close

Dan Kennedy Structure:
Problem → Agitate → Solve → Proof → Offer → Close

Headlines: Gary Halbert curiosity-driven

Where Data Lives

Four storage systems, each purpose-built for its domain.

Cloudflare KV
HB_CLIENTS
Client registry, DCC configs, pipeline state, content cache. Primary data store for all workers.
KV namespace
Cloudflare R2
hb-assets
Static assets, images, theme files. Bound to hb-provision for deployment artifacts.
Bucket: hb-assets
Cloudflare KV
NEIGHBORHOODS
Neighborhood intelligence data used for pitch decks and hyper-local content targeting.
KV namespace
Supabase · PostgreSQL
Persistent DB
Persistent data, analytics, neighborhood tables. Long-term storage beyond KV TTLs.
PostgreSQL
gethoneybun.com

Marketing Site

47 PHP page templates. 24 vertical landing pages. 17 resource guides. 5 comparison pages.

📄
24 Vertical Pages
Each vertical gets a full landing page at /vertical-seo/ with industry-specific copy, pricing, demo site link, and calendar embed.
📚
17 Resource Guides
SEO education content at /local-seo-vertical/. Builds organic authority and attracts operators researching SEO solutions.
⚔️
5 Comparison Pages
SEO Agency, Search Atlas, Adaptify, Google Ads, Cost of Not Ranking. Bottom-funnel capture for high-intent buyers.
🏗️
Dispatcher Pattern
Every template is 9 lines — just sets a vertical key and requires the shared template. All layout in vertical-template.php.
📅
Book Page
Simplex calendar embed at /book/. Vertical slug passed as ?v=plumber for personalized booking experience.
🔄
Theme: gethoneybun-theme
Standalone WordPress theme. Git-tracked. honeybun_get_vertical_data() and honeybun_get_resource_data() power all pages.
Repository Layout

operations/ — What Lives Where

All production HoneyBun platform code lives under honeybun/operations/. Each subfolder owns its own deploy target.

⚙️
workers/
59 Cloudflare Workers (4 core + 55 specialist) + verticals/ implementations + plugins canonical source. Deployed via wrangler deploy --config configs/wrangler-*.toml.
📊
dashboard/
Vanilla JS SPA → Vercel → app.gethoneybun.com. Operator tools, intake, analytics, board.
📱
app/
Two Vite-built PWAs → Cloudflare Pages: hb-operator-app (operator-facing) and hb-internal-app (internal ops).
🎨
themes/
WordPress themes: photo-booth (base / golden), realtor, plus verticals/ per-industry themes. Synced to Cloudways.
🔌
mu-plugins/
Must-use plugins for every operator's WP install: hb-heartbeat.php (render bridge), hb-hero-preview.php. Mirrored to Cloudways wp-content/mu-plugins/.
🌐
wp-app-root/
PHP HTTP endpoints called by workers: hb-deployer.php, hb-theme-sync.php. Bridge between Cloudflare Workers and Cloudways WordPress.
📚
pages-catalog/
Local dev tool. Regenerates URL catalog for go.gethoneybun.com via node generate-catalog.js.
🧪
pilots/ · scripts/
Pilot experiments and one-off ops scripts. Not deployed — local execution only.

app.gethoneybun.com

The operator-facing control center. Analytics, integrations, site management — all in one place.

📊
GA4 Integration
Connect Google Analytics 4. Traffic, conversions, and ranking trends displayed in the operator dashboard with HoneyBun attribution.
🔍
GSC Integration
Google Search Console data surfaced in-dashboard. Impressions, clicks, average position — per page and per query.
📍
GBP Integration
Google Business Profile. Local visibility metrics, reviews, and citation health tracked from a single dashboard view.
🔑
Client Portal
Per-operator login. View their site, SEO metrics, and content status. SOP-008 governs the client portal onboarding flow.
⚙️
Workflows Engine
Cloudflare Worker-backed automation (hb-workflows endpoints). SOPs trigger workflows for onboarding, content delivery, review requests, and lead follow-up.
🤖
Agent Orchestration
SOP-010 defines agent orchestration. hb-agent skills fire on demand: SEO audits, content gap analysis, intake processing.
Security

Security Posture

Documented for technical due diligence. Every layer below is verified from source — not inferred from configuration intent.

Security Headers — gethoneybun.com (every front-end response)

Content-Security-Policy
frame-ancestors 'self' · base-uri 'self' · script-src locked to self + GTM + Turnstile · connect-src explicit allowlist of all HoneyBun endpoints + GA4. unsafe-inline required for Breeze full-page cache compatibility; nonce-based CSP evaluated and documented as blocked until Breeze is replaced with edge-level caching.
HSTS + Transport
Strict-Transport-Security: max-age=31536000; includeSubDomains — HTTPS enforced at browser level across the entire domain tree. Referrer-Policy: strict-origin-when-cross-origin — limits referrer leakage on cross-origin navigation.
Additional Headers
X-Content-Type-Options: nosniff — blocks MIME-type sniffing.
X-Frame-Options: SAMEORIGIN — clickjacking prevention.
Permissions-Policy: camera=(), microphone=(), geolocation=(), payment=() — all sensitive browser features explicitly disabled.

Authentication & Authorization — Workers API

RBAC — Formal Permissions Library
lib/permissions.jscan(), isPrivilegedAdmin(), ROLE_AGENCY_ADMIN and role constants. Not ad-hoc if-checks. Privileged operations (cross-tenant reads, admin routes, force-release) require isPrivilegedAdmin() explicitly.
Scoped Operator Keys
Each operator's X-HB-Key is scoped to their own clientId. One operator's key cannot reach another operator's data. Master key and operator keys are separate credential classes; operator keys cannot self-elevate.
CSRF + Bot Protection
CSRF token injection explicitly prevented on per-client key operations. Cloudflare Turnstile (invisible managed CAPTCHA) on all lead capture forms — lazy-loaded on first modal open, zero pageload impact for non-converting visitors.

Rate Limiting & Resilience

Rate Limiting — Two Layers
KV-backed throttle gates at the application layer — 429 enforcement on all high-sensitivity endpoints before DB touch. CF WAF as the upstream volumetric layer — bot score, threat scoring, and request-rate limiting handled before the request reaches the worker.
Timeout Discipline
AbortSignal.timeout() on every external call — 3s for fast paths, 5–8s for Supabase operations. No hanging requests that cascade into worker CPU exhaustion. Timeout errors are classified and logged the same as network errors.
Read-vs-Write Retry Discrimination
Supabase reads retry on 429/502/503/504 (safe to retry). Writes only retry on 503/504 — not on 502, which may indicate a partial write. Prevents double-writes under ambiguous network failures. Exponential backoff with configurable attempt cap.

Deploy Integrity

SHA-256 Ledger — Every File Deploy
Every file deploy records operator, target path, holder, before-hash, after-hash, bytes, and timestamp to an append-only Supabase table. No deploy exits without provenance. Ledger insert retries 3× before alerting — provenance is never silently lost.
Pre-Write Conflict Detection
Before any file write, the caller submits sha256_live (freshly read) and sha256_assumed_base (what it thinks is live). If they don't match, the write returns 409 — no silent overwrites from concurrent sessions. Removes the race condition from parallel deploys.
Known Gaps (on record)
No structured audit log for admin actions inside app.gethoneybun.com (who changed what, when). No secret rotation automation — rotation is manual. unsafe-inline on CSP script-src (Breeze cache constraint — documented above). These are tracked, not unknown.