Webiny is an open-source, enterprise-grade CMS platform designed for developers at large organizations who need full control over their content infrastructure. It runs entirely on AWS serverless services — Lambda, DynamoDB, S3, and CloudFront — with infrastructure provisioned via Pulumi IaC. Unlike traditional CMS tools, Webiny is not configured through UIs but extended with real code, making it ideal for complex, multi-tenant, white-labeled, or compliance-sensitive deployments. It’s used by Amazon, Emirates, Fortune 500s, and government agencies managing millions of content records and petabytes of assets.
Built as a TypeScript framework with explicit extension points, Webiny provides a programmable foundation where AI agents (via MCP server) can generate code that integrates natively with its architecture. The platform includes a headless CMS, visual website builder, file manager, and publishing workflows — all extensible via React, GraphQL, and Pulumi. Deployment is automated, scaling is automatic, and no servers are managed — making it a true serverless CMS for teams that need control without operational overhead.
What You Get
- Headless CMS - Define custom content models via UI or TypeScript code, with GraphQL API, field-level permissions, localization, and versioning built-in.
- Website Builder - Drag-and-drop page editor with Next.js SDK to render pages on your own frontend (Vercel, CloudFront, etc.) using custom React components.
- File Manager - Digital asset management with CDN delivery, folder hierarchies, tagging, and search, fully integrated with CMS and Website Builder.
- Publishing Workflows - Multi-step content approval with draft states, reviewer assignments, scheduled publishing, and full audit trails.
- Multi-Tenancy - Native tenant isolation for data, users, assets, and permissions from a single deployment; supports hierarchical structures like Root → Brand → Market.
- Webiny Framework - TypeScript framework with lifecycle hooks, dependency injection, GraphQL schema extensions, admin UI extensions, and infrastructure extensions via Pulumi.
- AI-Assisted Development via MCP - AI coding agents (Claude Code, Cursor, etc.) can generate valid Webiny extensions using real platform patterns, type-safe APIs, and context-aware code generation.
- Infrastructure Extensions - Modify AWS resources (Lambda, S3, CloudWatch) directly via Pulumi in TypeScript, with full control over VPC, alarms, and custom resources.
Common Use Cases
- Running a global multi-brand content platform - A multinational corporation uses Webiny to manage 70+ country-specific sites with shared content models, localized assets, and tenant-isolated permissions.
- Embedding a CMS inside a SaaS product - Kibo, a commerce SaaS provider, white-labels Webiny’s Website Builder to let customers build their own pages without touching the core platform.
- Managing high-volume, compliance-sensitive content - A global pharmaceutical company stores and searches thousands of multilingual research datasets securely using Webiny’s scalable, self-hosted infrastructure.
- Powering national-scale digital government services - An EU electoral office runs a secure, audited, self-hosted Webiny instance to handle millions of visitors during elections with zero downtime.
Under The Hood
Architecture
- Monorepo structure using Lerna to organize 50+ scoped packages with clear separation between API layers, UI components, and tooling
- Dependency injection via custom service registries using factory functions to decouple interfaces from implementations
- React UI components built with composition patterns, higher-order components, and strict TypeScript typing for reusability and type safety
- GraphQL schema-first development with auto-generated resolvers and type-safe clients ensuring consistent data contracts
- Modular build system with TypeScript strict mode, path aliases, and isolated compilation to prevent cross-package pollution
- Babel and Webpack configured for ES modules, JSX, and dynamic imports across frontend and server-side code, with pre-commit hooks for quality enforcement
Tech Stack
- React 18 and TypeScript 5 as the core frontend stack, enhanced with Lexical for rich text and Radix UI for accessibility
- Node.js backend powered by GraphQL and custom monorepo packages, managed through a distributed package ecosystem
- Next.js serving as the SSR/SPA framework, integrated with Babel and Webpack for optimized bundling
- Vitest and ESLint with TypeScript plugins for comprehensive testing and code quality, paired with Prettier for consistent formatting
- Verdaccio configured as a private npm registry with npm proxy to enable isolated package publishing
- Infrastructure managed via Pulumi for IaC, GitHub Actions for CI/CD, and Yarn with node-modules linker for workspace efficiency
Code Quality
- Extensive test coverage across UI components, API handlers, and data converters using descriptive test cases and structured mocking
- Strong type safety enforced through comprehensive interfaces and type aliases that define clear data contracts between layers
- Domain-driven naming and separation of concerns between presenters, converters, and handlers, with test files mirroring production structure
- Standardized error handling patterns in GraphQL responses with reusable utilities for consistent validation of permissions and failures
- Well-organized monorepo with shared type definitions and utilities that minimize duplication and promote cross-module reuse
- Strict linting, type-checking, and import patterns ensuring code consistency and maintainability across the codebase
What Makes It Unique
- Dynamic form decorators that inject real-time locking logic into CMS forms without modifying core components
- Context-based theming providers that automatically cascade and invert visual states across nested UI layers
- Headless CMS entry locking synchronized across clients via model-aware lock records to eliminate race conditions
- Unified component configuration patterns enabling behavior reuse across admin UI, website builder, and CMS modules through config-driven composition
- Extensible form hook decorators that allow plugins to augment form behavior without overriding core logic
- Shared UI primitives implemented as composable hooks rather than monolithic components, enabling deep customization while preserving UX consistency