Canopy

Highlights

• Built a real-time dashboard with WebSocket updates
• Reduced page load time by 60% through SSR and caching
• Integrated third-party payment gateway with 99.9% uptime
• Shipped 0-to-production in 5 months with a team of 4

Challenge

Most CMS platforms are built for solo content editors or simple admin-user role splits. They break down in agency workflows where ownership is delegated, multiple stakeholders collaborate simultaneously, and content cannot go live without explicit approval. The core challenge was designing a system that could model these real-world dynamics: a four-tier role hierarchy (Owner, Admin, Client, Contributor), per-project permission scoping, real-time presence awareness, and an approval gate that prevents premature publishing — all without sacrificing developer ergonomics or performance at scale.

Approach

The architecture was designed around tenant isolation from the ground up. Every resource is scoped to an adminTenantId, enforced at the database level via Prisma schema constraints and composite indexes. A change-request workflow was built on top of the content model, storing before/after JSON diffs and blocking scheduled publishing when unresolved requests exist. Real-time collaboration was handled via Pusher with presence state backed by Upstash Redis (60-second TTL keys), avoiding polling entirely. Security was layered: TOTP two-factor auth with backup codes, bcrypt password hashing with history enforcement, sliding-window rate limiting, account lockout, session revocation, and HMAC-signed webhooks with DNS validation to block SSRF attacks. The public API was kept read-only and API-key authenticated, fully decoupled from the admin session layer.

Outcome

Canopy ships as a production-ready multi-tenant CMS with a fully working four-tier role model, real-time collaborative editing awareness, and an automated health scoring system that grades content completeness, freshness, and schema quality on an A–F scale. The approval workflow prevents content from going live without sign-off. The public API and webhook layer enable third-party integrations — static site generators, portfolio platforms, and external pipelines — while maintaining strict data isolation. The entire system is horizontally scalable: stateless JWT sessions, distributed rate limiting, and Redis-backed presence survive restarts without state loss.