webiny-js

Automatically generates a fully-typed GraphQL API from content model definitions, with built-in multi-tenancy isolation, DynamoDB/Elasticsearch storage abstraction, and lifecycle hooks for custom business logic. Uses a plugin-based schema builder that compiles TypeScript content models into executable GraphQL resolvers with automatic CRUD operations, filtering, sorting, and pagination without manual resolver code.

Implements tenant isolation at the storage layer using DynamoDB partition keys and query filters, combined with role-based access control (RBAC) evaluated at the GraphQL resolver level. Each tenant's data is logically isolated through automatic query filtering based on authenticated tenant context, with support for custom permission rules via lifecycle hooks that intercept read/write operations before database execution.

Supports multiple authentication backends (AWS Cognito, Auth0, Okta) through pluggable authentication adapters that handle login, token validation, and user provisioning. Each adapter implements a standard interface for extracting user identity and tenant context from authentication tokens, allowing the CMS to work with different identity providers without code changes. Includes built-in admin user management for self-hosted deployments.

Enables local development with watch mode that monitors source file changes, recompiles affected packages, and hot-reloads Lambda functions without full restart. The watch mode uses file system watchers to detect changes, triggers incremental builds, and updates running Lambda instances with new code, allowing developers to iterate quickly without manual deployment steps.

Implements a CI/CD pipeline (GitHub Actions or similar) that runs on each commit, executing unit tests, E2E tests (Cypress), building the monorepo, and deploying to AWS via Pulumi. The pipeline uses branch workflows (feature branches, staging, production) with automated testing gates before deployment, and includes build caching to speed up repeated builds.

Automatically tracks content entry revisions in DynamoDB, storing snapshots of content at each modification with metadata (timestamp, user, change summary). Provides GraphQL API to query revision history, compare versions, and restore previous versions. Revisions are immutable and include full content snapshot, enabling audit trails and recovery from accidental deletions.

Provides a dependency injection container and plugin registry that allows developers to hook into core lifecycle events (beforeCreate, afterUpdate, onDelete, etc.) and extend functionality without modifying core code. Plugins are registered via a centralized configuration, resolved at build time, and injected into resolvers, allowing custom validation, transformation, webhooks, and external service integration at predictable extension points throughout the CMS lifecycle.

Provides a React-based form builder that generates admin UI forms from content model definitions, with support for custom field types via a plugin system. Forms are built using a declarative field configuration that maps to GraphQL mutations, with built-in validation, error handling, and state management. Custom field plugins can extend the form builder with domain-specific inputs (rich text, media picker, relationship selector) without modifying core form logic.

Abstracts AWS infrastructure provisioning through Pulumi TypeScript, allowing developers to define Lambda functions, DynamoDB tables, S3 buckets, and API Gateway endpoints as code. The deployment process compiles TypeScript backend code, bundles it with dependencies, and deploys to AWS Lambda with automatic environment variable injection, IAM role creation, and infrastructure state management through Pulumi's state backend.

Manages content entry state transitions (draft → review → published → archived) with automatic timestamp tracking, version history, and lifecycle hooks at each transition. Implements a state machine pattern where each content entry has explicit status fields, and GraphQL mutations enforce valid state transitions while triggering before/after hooks for custom logic (notifications, webhooks, cache invalidation).

Provides a React-based visual page builder in the admin UI that allows non-technical users to compose pages from pre-built components (hero, grid, form, etc.) without writing code. Pages are stored as JSON component trees in DynamoDB, with a GraphQL API for CRUD operations. The builder supports component property editing, responsive preview, and custom component registration via plugins.

Abstracts file uploads and storage through an S3-backed file manager with a GraphQL API for CRUD operations. Files are stored in S3 with metadata (name, size, MIME type, upload timestamp) tracked in DynamoDB. The file manager supports organizing files into folders, generating signed URLs for secure downloads, and integrating with the page builder for media selection.

Manages a large TypeScript monorepo with 50+ packages using a custom build system that performs incremental compilation, caching, and bundling. The build system detects changed packages, recompiles only affected dependencies, and bundles Lambda functions with tree-shaking to minimize deployment size. Uses Rspack (Rust-based bundler) for fast builds and supports watch mode for local development.

Exposes Webiny's CMS capabilities through an MCP (Model Context Protocol) server, allowing AI assistants (Claude, etc.) to read/write content, query the GraphQL API, and manage files programmatically. The MCP server implements standard tools (list_content, create_entry, update_entry, delete_entry, query_graphql) that map to GraphQL mutations and queries, enabling AI agents to assist with content creation, bulk operations, and CMS administration.