AMODX Sprint 3 - Added Commerce, Teams, and "God Mode"

By Andrei Roman

Principal Architect, The Foundry

You can build a static site in an afternoon. You can deploy a blog in an hour. But the moment you need payments, team permissions, or gated content, the 'Frankenstein Stack' returns.

On WordPress, this means installing WooCommerce (bloat), MemberPress (cost), and a Role Editor plugin (security risk). Sprint 3 was about crossing the chasm from 'Tech Demo' to 'Commercial Grade Agency OS.' We didn't just add features - we architected systems.

What is AMODX?

AMODX is a serverless CMS / agency OS built on AWS Lambda, DynamoDB, and Next.js. It allows one architect to manage hundreds of client sites, generate content via AI, and monetize assets without managing servers.

Sprint 2 gave us the foundation: multi-tenant architecture, ISR rendering, and MCP integration. Sprint 3 made it commercially viable.

1. Native Digital Commerce (No Plugins)

I built a webhook-driven fulfillment engine.

WordPress Way: Install WooCommerce. Database grows by 50 tables. Site slows down by 400ms.

AMODX Way:

Upload: You upload a file (PDF/Zip) to the Private S3 Bucket. Link: You attach that Resource ID to a Product. Sell: We use Paddle for the checkout UI. Fulfill: A Lambda listens for the payment_succeeded webhook, generates a time-limited presigned URL, and emails it via SES.

Zero database bloat. Zero impact on page load speed. Added resourceId to Products schema. Implemented backend/webhooks/paddle.ts to handle Paddle webhooks. User buys Product → Webhook triggers Lambda → Lambda generates S3 Presigned URL → SES emails link to user.

Result: You can sell digital assets without a membership plugin. No MySQL tables storing payment history. No PHP queries blocking page render.

2. The 'Vibe Coding' Theme Engine

I needed a way to style client sites instantly without touching code.

Database-Backed Themes: We added a THEME# entity to DynamoDB. You can now save your current color/font configuration as 'Medical Blue' or 'Cyberpunk' and apply it to any other client site in one click.

Dark Mode: Full support for system-preference overrides via CSS variables. The ThemeInjector component handles runtime theme switching without page reload.

Presets: Included polished defaults (Midnight, Editorial, Corporate, Vibrant) so you don't have to be a designer. Updated Admin Settings.tsx to include a Theme Preset selector and a 'Save Current as Theme' tool.

This is what I call 'Vibe Coding' - using AI to generate aesthetic configurations rather than writing CSS manually. You describe the vibe. Claude generates the theme. You apply it globally.

3. Security Hardening & RBAC

An AI security audit revealed that our tenant isolation relied too heavily on 'good behavior.' We locked it down.

Strict Isolation: Removed all 'DEMO' fallbacks. If a request lacks a valid Tenant ID token, it is rejected at the API Gateway level. No guessing. No fallback logic. Authentication or rejection.

Role-Based Access Control (RBAC): Implemented requireRole policy engine. Three tiers:

Global Admin: You (God Mode). Can access everything across all tenants. Tenant Admin: Your Client. Can only edit their settings and invite their staff. Cannot see other clients. Editor: Your Staff. Can write content but cannot nuke site configuration or invite users.

PII Sanitization: The Comments API now strips email addresses from the JSON response unless the requester is an Admin. Public viewers see comments without exposing user contact info.

Teams: Added Admin Users Page to invite staff via Cognito API. Each user gets role assignment. Invitations sent via SES with temporary password.

4. The Blogging Engine

A CMS isn't useful if it can't group content.

Tagging System: Added tags array to Content Schema. Every page can now have multiple categories.

PostGrid Plugin: A client-side component that queries the Renderer Proxy for posts matching a specific tag. Architecture: Client-side plugin calls GET /api/posts (Renderer Proxy) → Queries DynamoDB. This allows dynamic filtering without complex routing.

Result: You can build a dynamic 'News' page just by dropping a PostGrid block and typing 'news' into the filter field. No custom code. No database queries in your templates.

Extras: Added FAQ Plugin (Accordion-style Q&A blocks) and Social Share component (Twitter, LinkedIn, Facebook share buttons with Open Graph metadata).

5. The Developer Experience (DX)

I wanted low-friction deployment for new users.

Zero-Config Installer: Refactored setup.ts to interactively bootstrap AWS credentials, deploy CDK, and create the Admin User in one command. Run 'npm run setup' and answer prompts. Script handles: AWS CLI verification, CDK bootstrap (if needed), Stack deployment, Cognito user creation, Admin credentials output.

Testing: Fixed E2E Playwright tests by injecting real API Keys into the CI environment. Tests now run against actual AWS infrastructure, not mocks.

The AI Upgrade (MCP)

I updated the Model Context Protocol (MCP) server. Claude Desktop is now fully aware of these new capabilities.

You can now say: 'Create a new Product called SEO Guide, price it at $49, and link it to the PDF we just uploaded. Then create a Landing Page with a Dark theme override selling it.'

Claude executes this by orchestrating the backend APIs directly. No clicking required. The MCP server calls: create_product (with resourceId), create_page (with slug /seo-guide), update_page (adds pricing block, sets theme override to 'dark').

This is the endgame: conversational infrastructure management. You describe outcomes. Claude handles implementation.

What's Next: Sprint 4

Sprint 3 made AMODX commercially viable. Sprint 4 will make it collaborative.

Planned features: Suspend tenants, Migrate tenants between stacks, Version control (page history and rollback), fix the Audit Logs (they exist now but were left in a basic state), AI in the admin cockpit (right now the MCP server is only available to the agency owner), orphaned content detection and linking graph, multi language support. And of course more extensive end-to-end testing.

How to Upgrade

If you are following the repo, pull the latest changes and run the new Zero-Config Installer:

• git pull origin main

• npm install

• npm run setup

This interactive script will verify your AWS identity, deploy the updated CloudFormation stack, and provision your Global Admin user automatically.

Get the code: github.com/andreirx/amodx

Join the discussion: r/amodx

Read the admin guide: amodx.net/admin-guide