VM Vlad Digital Business Operator
Controlled Beta Evidence level: In progress

A safe way for clients to edit their own static websites

The Safe-Editing CMS lets a business update its approved content — text, images, links — while the site's structure stays locked. Every change is validated before it can apply. Currently in controlled beta with one real client site.

Client
Internal product — used for client sites
Sector
Web infrastructure / publishing
Role
Product design, build, and operations
Period
2025–2026 · controlled beta
Services
Safe content editing · Managed publishing · Backups & integrity checks · Client/owner access boundaries
Tools
Node.js · Render (hosted dashboard) · Cloudflare Pages (published sites) · GitHub

The business

Static websites are the fastest and most secure thing a small business can run — but the moment the owner needs to change prices, hours, or photos, they're either waiting on a developer or handed a page builder with enough rope to break the layout. Traditional CMS platforms solve editing by giving up the speed, security, and simplicity that made the static site worth having.

The real problem

Let a non-technical client edit their own content safely — without being able to break the design, take the site down, delete the wrong thing, or get the business hacked through a plugin. And let the operator hand a site over without becoming a permanent helpdesk for every text change.

My responsibility

The whole system: the editing model, the validation layer, the hosted dashboard, the publishing pipeline, backups and recovery, and the operational rules for running it on behalf of clients.

  • Published client sites must stay fully static — the editing system can never become a runtime dependency or a point of failure for the live site.
  • Clients edit; only the owner-operator publishes. No client change goes live without review.
  • Not a public SaaS: a controlled, operator-managed service for sites built to be handed off safely.

What was built

The solution, in modules

01

Locked structure, open content

When a site is taken on, its layout — navigation, footer, branding, critical buttons — is frozen as structural 'chrome'. Only approved content slots (specific texts, images, links) are editable. A client can change the words; they cannot move, delete, or restyle the page.

02

Every edit is checked before it can apply

A deterministic validation layer — not an AI, not a setting — is the only path a change can take. Edits that would inject scripts, empty out required text, or point links somewhere unsafe are rejected with a plain reason. The same rules apply to everyone, including the operator.

03

Owner-only publishing

Clients log in through a private link scoped to their own site — they can't see other sites and can't publish. The operator reviews and publishes; published sites deploy as plain static files to their own hosting.

04

Versioned, backed up, recoverable

Content changes are versioned with rollback. Backups are integrity-verified bundles stored off the host, and restore only accepts bundles that pass verification. An append-only audit history records what changed, when, and by whom.

05

Proven against a real client site

The system was validated end-to-end on a real trilingual school website: all pages ingested, structure locked (112 editable vs 55 locked slots per page), forbidden edits rejected with the right reasons, and the exported site deployed and verified on an isolated pilot project — without touching the client's live site.

System view

How an edit becomes a live change

  1. 01

    Client edits a slot

    Through a private, site-scoped login: text, image, or link in an approved content slot.

  2. 02

    The Guardian validates

    Deterministic checks accept the change or reject it with a plain-language reason. Structure is untouchable either way.

  3. 03

    Owner reviews & publishes

    Versioned change is reviewed; publishing exports the full site as static files.

  4. 04

    Site deploys

    The static build goes to the site's own hosting. The live site never depends on the CMS being up.

Conceptual flow of the editing model — published sites remain plain static files.

Inspectable proof

Proof you can inspect

Sanitized artifacts show the underlying work without exposing client identities, credentials, private dashboards, or customer data.

  • Safe-editing CMS dashboard with editable content controls, locked fields, a live preview, and version history

    Sanitized editor dashboard

    A faithful reconstruction of the verified local editor state. Client identities, URLs, credentials, and production account details are excluded.

    Sanitized reconstruction from local CMS verification · verified June 13, 2026

  • Fresh reliability gates

    The product checks were rerun before publishing these proof numbers.

    Automated tests
    204 passed / 0 failed
    HTTP smoke workflow
    Passed end to end
    Editing loop
    Ingest, Guardian validation, render verified
    Storage integrity
    Passed with no integrity problems

    CMS test, smoke, demo, and integrity commands · verified June 13, 2026

Evidence

What backs this up

  • Production-hardening milestone (v0.7)

    Verified

    Completed and passed: configuration security, error handling, backup safety, and route-validation audits.

  • Operator rehearsal (v0.8 B1)

    Verified

    Completed and passed: full local publishing and recovery rehearsal — production checks, integrity scan, backup, dry-run restore, and edit-rejection behavior.

  • Hosted dashboard beta (v0.8 B2)

    Verified

    Completed: the dashboard runs as a hosted service with persistent storage; owner login, site-scoped client access, owner-only publishing, off-host backups, and per-site deploy targets verified.

  • Real-site pilot validation (June 10, 2026)

    Verified

    Trilingual client site ingested, chrome locked, locked-slot edits rejected, full export deployed to an isolated pilot project and live-verified.

  • First controlled client editing sessions

    Pending

    The next milestone: a real client using the editor on their own site, with observations driving what changes next.

Results & current state

What's true today

  • The complete editing-to-publishing loop exists and has been exercised end-to-end.

    Milestone records: hardening, operator rehearsal, hosted beta, and a real-site pilot all completed and passed.

  • The safety model holds under real content.

    Pilot record: structural chrome stayed locked, forbidden edits were rejected with correct reasons, and exports contained no internal data.

Want a website your team can update — without being able to break it?

Describe your setup in a few sentences — you'll get a plain answer about whether and how I can help.

Start a conversation View case studies

More case studies