Verba CMS v2: permissions, performance and shared UI kit
Verba v2 replaces rigid roles with granular policies, cuts CPU load under attack via header/footer caching, standardises UI across firm sites via an npm design system, and powers Content Gen with hybrid OpenSearch search and trend analysis.
Client context
Brandon J. Broderick runs multiple law-firm websites on custom Verba CMS. DDoS bots hitting non-cacheable paths pegged CPU; permissions couldn't scale to many content types; duplicated UI slowed new site launches.
Challenge
Hardcoded roles blocked multisite growth; repeated header/footer rendering was the server bottleneck; Content Gen needed semantic + keyword search and trend scoring without hallucinated sources.
What we did
- Implemented policy/resource/action permission model with revocable tokens (not baked into JWT).
- Cached static header/footer fragments — 3× faster under load testing (wrk/oha); CPU idle ~10% vs 40–45% before.
- Extracted shared UI into versioned npm package with theming; migrated sites incrementally.
- Built Go content-manager (BM25 + k-NN hybrid search) and Trend Analyzer feeding Content Gen.
- Extended EditorJS (multi-block lists, Word paste) with AI-assisted dev workflow.
Process
- Permissions redesign with 100% test coverage on auth paths.
- Cache profiling and load-test before/after.
- Component library extraction and site migration.
- Content Gen search and trend services on shared infra.
Result and impact
Granular multisite access control; server survives heavier load; new firm sites launch faster from shared components; AI content pipeline grounded in real indexed sources.
This is an NDA-protected engagement. Client name and identifying details are withheld; industry, region, challenge, solution and outcome are shared in an approved form.
One CMS, many sites — permissions finally match how we actually work.Platform engineer (quote representative, under NDA)