Willi Krappen

pagebee.de

Multi-tenant SaaS that lets businesses tailor their website by chatting with an AI: per-tenant git repo, preview, Netlify deploy on approval.

pagebee.de

Small businesses can't afford a developer for every opening-hour change or every new hero image, but they still need modern, fast websites. Pagebee solves that via chat: the owner writes 'swap the hero photo and update opening hours to 8-18', an orchestrator translates that into tool calls against the customer's own git repo, commits on a draft branch, renders a preview and waits for approval. Each customer has an isolated repo, plan-based safety rules and full revision history. For onboarding there is also a dedicated Claude Code pipeline: it reads a prospect's existing website and automatically builds a modern React version from it. Live as a multi-tenant SaaS at pagebee.de.

Year2025RoleOwn SaaS - concept, architecture, implementation, operations

Technical deep-dive

Stack, architecture, trade-offs

Stack

Runtime

Next.js 14TypeScriptTurborepo

Models

Anthropic SDKOpenAI SDK

Storage

PostgresPrisma

Auth

NextAuth

Realtime

WebSockets

Infra

Netlify APIDocker

From chat to deploy

One session, seven steps. Everything waits for approval before the live push: preview-first by default.

  1. 1

    Owner writes in the editor: 'swap the hero photo and change opening hours to 8-18'.

  2. 2

    Edit request lands in the Postgres queue with status PENDING → RUNNING.

  3. 3

    Orchestrator initialises a session with site context, plan rules and tool set.

  4. 4

    Tool loop: AI explores the repo, reads content files, edits surgically. Live events stream to the UI over WebSocket.

  5. 5

    AI calls finalize_edit_with_commit; complexity rules are validated against the plan.

  6. 6

    If OK: commit to a draft branch, Netlify preview, revision record created.

  7. 7

    Owner sees the preview, hits deploy → push to main, Netlify production build.

Key engineering decisions

Tenant-isolated git repos, not DB strings

Every customer site is a real git repo under repos/{slug}. Revisions, rollbacks and previews become plain git operations: no custom version mechanism, no custom diff.

Provider-agnostic tool loop

Claude and OpenAI share a single tool schema and a common event stream. Provider is swappable per edit request: environment default, request override.

Hard-enforced token budget

File reads, search results and conversation history get trimmed to hard limits before they go to the provider. Cost stays predictable on basic plans; the orchestrator doesn't become a cost trap.

Plan-gated safety rules

Configurable per plan: maxFilesChanged, maxLinesChanged, maxTotalDiffBytes, allowedPaths, allowLayoutChanges. Basic plans only see content/** and public/uploads/**, pro plans get layout access. Validation runs at the finalize step, not per tool call.

Live activity stream over WebSocket

Tool calls and model deltas push to the editor UI in real time. The owner sees 'AI reads content/hero.md', 'edits ...', 'commit'. No black-box waiting spinner.

Onboarding pipeline as a separate process

The 6-phase pipeline does NOT run as a studio subprocess. It is its own Claude Code setup with its own skills (skills/), runnable independently of the studio. Telegram bot triggers it. Clean cut between onboarding tooling and runtime SaaS.

Trade-offs

Where the system pushes back, and what for.

Tenant git repos instead of DB versions

A real git repo per customer turns revisions, rollbacks and previews into plain git operations. In exchange: more disk I/O, per-customer backup complexity, a non-trivial storage footprint. Paid deliberately to avoid building and maintaining a custom versioning layer.

Validate at finalize, not per tool call

Complexity rules check the aggregated diff at the end, not each tool call. Consequence: the AI occasionally burns tokens on work that the finalize step then rejects. The upside is that editor UX stays calm throughout. No flaky tool that throws 'BLOCKED' mid-action.

Provider-agnostic tool loop (Claude + OpenAI)

Both providers work against the same tool schema and the same event stream. Plainly: no extended-thinking modes, no provider-specific prompt caching, no vision input. What remains is a stable data model and a model switch that's a config change rather than a migration.

Hard token budget per edit request

File contents, search results and conversation history get trimmed to hard limits before every provider call. The cost is real: the AI sometimes gets cut off mid-thought and has to restart. The benefit is that basic plans stay cost-predictable; the orchestrator doesn't become a cost trap.

Onboarding pipeline as its own process

The 6-phase pipeline for new customers does not run inside the studio runtime; it's a separate Claude Code setup with its own skills. Missing: a shared progress UI and a shared auth context. Gained: onboarding tooling and runtime SaaS don't deploy each other and don't load each other down.

Tool loop - 8 tools

The loop is provider-agnostic: Claude (default) and OpenAI share exactly this tool schema and a common event stream.

ToolDescription
list_project_filesLists project files, optionally filtered by glob.
search_filesFull-text search through the tenant repo.
read_project_fileReads a file relative to project root.
edit_fileTargeted string replacement in an existing file.
write_project_fileWrites a file (new or overwrite).
delete_project_fileDeletes a file from the repo.
summarize_project_changesAggregated diff: changed files, +/- lines.
finalize_edit_with_commitCloses the session: validates complexity rules, commits, deploys preview.

Onboarding pipeline - 6 phases

A dedicated Claude Code process for onboarding: it reads a prospect's existing website and automatically builds a modern React version from it. Vite + React 18 + Tailwind, Netlify Forms and hosting.

1. Scrape & Analyze

low (scripted)

Extract the existing site with a custom scraper: text, images, colors, fonts, structure.

2. Research & Plan

medium

Industry research, sitemap, design direction.

3. Content & Design

medium

Per-page copy, design tokens, image selection.

4. Implement

high

Rich template ships header / footer / forms / SEO; only page content gets newly written.

5. QA & Verify Build

low

npm run build must be green; lint and visual checks.

6. Sales Pitch

low

Generates a sales-call script for cold outreach.

Deployment

Docker Compose for local Postgres; studio runs as a Next.js app. Netlify handles actual hosting for customer sites, both previews and production builds. An nginx preview config is bundled as a fallback for self-hosted previews.