MarsalaMarsala
Back to articles
GuideNov 25, 2024·7 min read

Guardrails for a Marketing CMS in Production

How I let marketing edit freely without breaking the site or SEO.

Guide for adding guardrails to a headless CMS: roles, previews and automated tests.

By Marina Álvarez·
#Web#CMS

Guardrails for a Marketing CMS in Production

I love when marketing edits without fear because I know the site is protected.

Context

Our marketing team is a powerhouse of creativity and ambition. They constantly need to ship new campaigns, regional landing pages, pricing updates, and product launch hubs to stay competitive. However, our previous workflow was a significant bottleneck. Every single content change, no matter how small, required an engineer to review it, manually deploy it, and then often scramble to fix last-minute hotfixes. This not only slowed down our marketing velocity but also created a constant state of anxiety for the engineering team, who were always on alert for potential site breaks or SEO regressions.

The core problem was a lack of trust and control. Marketing felt constrained, and engineering felt overwhelmed. I recognized that to truly empower our marketing team, we needed to flip the ownership model. But this could only happen if our Content Management System (CMS) could act as a tightly governed platform. My vision was clear: a system that guaranteed zero broken layouts, prevented any rogue scripts from being injected, and provided instant visibility whenever something drifted from our established standards.

Over an intensive eight-week period, we transformed our traditional headless CMS (Sanity) and Next.js marketing site into a truly self-serve environment. This transformation was achieved by implementing a robust system of automation, comprehensive observability, and opinionated playbooks. The result is a marketing site where content changes are no longer a source of drama, but a seamless, protected process that empowers marketing to move fast with confidence.

Stack I leaned on

  • Sanity Studio with granular permissions: Sanity serves as our headless CMS. Its flexible content modeling and granular permission system allow us to define precise roles for different marketing users, ensuring they only have access to edit the content relevant to their responsibilities.
  • Next.js preview mode + Vercel: We leverage Next.js's powerful preview mode, hosted on Vercel, to provide marketers with real-time, accurate previews of their content changes. This ensures that what they see in the preview is exactly what will go live, eliminating surprises.
  • Playwright for visual QA: Playwright is our tool of choice for automated visual regression testing. Before any content is published, Playwright captures full-page screenshots of the previewed content and compares them against approved baselines, flagging any unintended layout shifts or visual discrepancies.
  • Resend notifications on publish: To keep all stakeholders informed, we use Resend to send automated notifications whenever content is published. These notifications include details about the changes, who published them, and links to the live content, ensuring transparency and accountability.

Where Things Broke (Before Guardrails)

  1. Unreviewed embeds: marketers pasted experimental widgets that loaded third-party JS and tanked Core Web Vitals.
  2. 404 forests: regional teams cloned pages but forgot to update internal links, killing organic traffic.
  3. Accessibility regressions: rich text blocks introduced unlabelled CTAs or images missing alt text.
  4. Release whiplash: multiple editors published changes simultaneously, causing race conditions in the CDN cache.

We documented every failure mode and used it as the acceptance criteria for the new system.

Architecture Blueprint

  • Authoring layer (Sanity Studio) sits behind SSO + roles, with custom input components that enforce schema constraints.
  • Preview layer: Next.js preview mode hosts staging builds of every page. Editors click “Open preview” and are routed through a signed URL that reflects their draft exactly.
  • Validation layer: background webhooks run Linting + Playwright + Axe + Broken-link crawlers before a publish event is accepted.
  • Publish layer: only once validations pass does the CMS call a Netlify/Vercel deploy hook, tagging the git commit with the content release ID.
  • Observability layer: Resend pushes a digest of every deployment (what changed, who approved, automated test results) into #marketing-ships.

Permission Model and Workflow

| Role | Capabilities | Approval path | |------|--------------|---------------| | Contributors | Draft sections, upload media, request changes | Needs manager approval before preview | | Publishers | Edit localized variants, schedule releases | Requires automated QA + peer sign-off | | Admins | Modify schemas, feature flags, emergency rollbacks | Auto-notifies engineering + RevOps |

Key additions:

  • Change requests live next to each document. Editors must attach a Jira ticket or campaign brief before publishing.
  • Timeboxed holds: if QA doesn’t finish within 4 hours, the CMS auto-cancels the release so drafts don’t sit half-baked.
  • Audit trail: we store every state transition (draft → ready → previewed → published) in BigQuery for weekly reviews.

Preview + QA Pipeline

  1. Editor clicks “Generate preview”. Sanity triggers a Next.js preview build scoped to that document slug.
  2. A Playwright suite opens the preview URL, captures full-page screenshots, and compares them to the last approved baseline.
  3. Accessibility checks (axe-core) run on the DOM; failures block the publish button and annotate the offending block in Studio.
  4. An internal SEO linter validates meta tags, canonical URLs, hreflang pairs, and checks for missing schema.
  5. Results get posted in Slack with a ✅/❌ summary plus direct links to diffs.

If everything passes, the publish workflow unlocks for 60 minutes. If editors need more changes they restart the pipeline; no manual overrides.

Inline Validators Inside the CMS

  • Link resolver: as marketers type, the component checks whether the internal slug exists and highlights broken references instantly.
  • Image guard: enforces focal points, alt text, and size ratios; rejects files above 500 KB unless tagged as “hero.”
  • Structured snippets: components for pricing tables, testimonials, and hero copy ship with schema + copy guidelines. Editors fill structured forms instead of raw rich text.
  • CTA library: drop-down ensures only approved CTA variants (copy, color, tracking IDs) go live, keeping instrumentation intact.

These validators removed 90% of the “human error” we used to fix in code reviews.

Automation & Alerts

  • Resend digests notify marketing + eng every time a document hits preview, publish, or rollback. Each email contains diff summaries, Lighthouse scores, and reviewer comments.
  • PagerDuty light policy fires if three failed publishes happen in a row—signals systemic issues (schema drift, breaking change in Next.js, etc.).
  • Uptime checks on key landing pages run every 5 minutes; spikes auto-tag the last content release so we know who to ping.

Rollout Playbook

  1. Week 1 – Discovery: map existing content models, collect horror stories, rank failure modes.
  2. Week 2 – Schema hardening: lock down types, add migration scripts, introduce CTA library + structured snippets.
  3. Week 3 – Automation: wire previews, validations, and Slack/Resend notifications; create baseline screenshots.
  4. Week 4 – Pilot: empower one regional marketer to ship end-to-end. Track every error, refine guardrails, document best practices.
  5. Week 5 – Global launch: train rest of marketing via office hours, ship the handbook, turn on PagerDuty policy.

Key Principles of CMS Guardrails

  • Empowerment through constraint: Provide marketers with the freedom to create content while enforcing guardrails that prevent site breakage or SEO regressions.
  • Real-time, accurate previews: Ensure that what marketers see in preview mode is exactly what will go live, eliminating surprises and fostering confidence.
  • Automated quality assurance: Implement automated tests for visual regressions, accessibility, SEO, and broken links to catch errors before publication.
  • Granular permissions and workflows: Define clear roles and approval workflows within the CMS to manage content changes and ensure accountability.
  • Inline validation and education: Provide immediate feedback to marketers within the CMS, guiding them towards best practices and preventing common errors.
  • Comprehensive observability: Monitor content changes, publishing events, and site health to quickly detect and respond to any issues.
  • Blameless culture: Foster an environment where errors are seen as opportunities for system improvement, not individual blame.

Governance Handbook + Checklists

The handbook is a living doc that mirrors the guardrails so editors always know “why” not just “how.” Highlights:

  • Campaign launch checklist (pre-launch copy review, preview link, QA screenshot, SEO lint result, analytics tag verification).
  • Localization playbook covering hreflang rules, translation memory usage, and when to clone vs. extend a document.
  • Emergency rollback SOP with screenshots of the CMS buttons, expected Slack template, and timelines for comms.
  • Glossary of banned patterns (inline scripts, raw iframes, non-responsive tables) plus the approved alternatives.
  • Training labs: 30-minute missions where new marketers intentionally break things in staging and learn how alerts fire.

We require every editor to certify on the handbook annually; completion unlocks publisher permissions. That ritual keeps the guardrails culturally relevant instead of tribal knowledge.

Metrics & Telemetry

  • Zero content-related incidents: We've had zero incidents caused by content changes in the six months post-launch.
  • Faster campaign launches: The time to launch campaigns has been reduced from 8 days to 4 days, thanks to parallel drafting and automated Quality Assurance (QA).
  • Rapid rollback capability: Content rollbacks can now be performed in less than 3 minutes, leveraging git commit tags and a "Revert to prior release" button.
  • High marketing satisfaction: Marketing satisfaction is consistently high at 9.4/10 in quarterly surveys.
  • Improved SEO health: The number of broken internal links detected per month has significantly dropped from 47 to 3.

What Stuck With Me

  • Previews must be identical to prod; “close enough” introduces false confidence and wastes reviewer time.
  • The CMS should educate: every validator error links to the handbook so editors learn instead of escalating.
  • Observability belongs to marketing too—dashboards, alerts, and audits shouldn’t be an engineering-only playground.

What I'm Building Next

Next I'll add AI-powered SEO suggestions in real time (structured data, tone, keyword density) and experiment with automatic hreflang generation. Want a demo? send me a note.

Want me to help you replicate this module? Drop me a note and we’ll build it together.

Previous Article

Experimentation Rituals That Actually Scale

Rituals, tooling, and accountability loops that let our teams ship four experiments every sprint without chaos.

Next Article

AI Sales Desk Notebook with Unified Context

I built an interactive notebook so sales reps get every piece of context in one place.

You might also like

More content from Frameworks & Playbooks

Case Study

Partner Portal in 3 Weeks with Next.js + Supabase

Blueprint for launching a partner portal with auth, shared deals and automatic notifications.

Jan 18, 2025·11 min read
Read more
Guide

Next.js Performance Audits Without the Drama

The checklist I follow to keep Core Web Vitals green across complex Next.js properties.

Dec 20, 2024·7 min read
Read more
Insight

Why I Only Push Headless When It Hurts (and Pays)

Lessons from migrating DTC brands to headless architectures without burning the team.

Jan 28, 2025·7 min read
Read more

Marsala OS

Ready to turn this insight into a live system?

We build brand, web, CRM, AI, and automation modules that plug into your stack.

Talk to our team