Downloads, guides, and reference materials.
Whitepaper
Silent Failures on the Headless Seam
In one release we fixed three defects on the boundary between a Drupal CMS and its Next.js front end. None of them produced an error. All three were invisible to CI, types, and health checks. This is why that boundary fails quietly, and what we did to make it fail loudly instead.
Article
Your service account's roles are not the roles it uses
We found an OAuth service account carrying the administrator role and expected to find a privilege leak. There wasn't one — simple_oauth had been ignoring that role all along. Then we nearly took the site down proving it.
Article
One missing field takes down every page that asks for it
GraphQL rejects a query in its entirety if a single selected field is gone. Rename one Drupal field and every page running that query goes blank at once — while TypeScript, the build, and CI all stay green. Here is the gate we added.
Article
The draft preview that showed you the published page
Our preview pipeline validated its token, enabled draft mode, and rendered a node — then served the published version. Every layer reported success. The bug was one line that read a flag and did nothing with it.
Article
Config-as-code with Config Split: never cex what a split is hiding
Config Split keeps env-specific configuration out of the canonical sync directory, but running drush cex while a split is active deletes the split-owned files from config/sync. The safe model: hand-edit the split's member lists, verify with cim instead of cex, and route per-environment values through settings.php overrides rather than the split.
Article
The composer.lock that only builds on your machine
A git-ignored path repository that symlinks a registry module to a local checkout writes a path dist into composer.lock. Commit that lock and every CI job and image build fails, because the sibling directory only exists on your machine. Relock with the override set aside, and add a CI guard that rejects a path dist.
Article
The deploy that couldn't recreate its own container
An interrupted docker compose up leaves an orphaned, hash-prefixed container squatting a service name, so every later deploy fails to recreate it until someone removes it by hand. Adding --remove-orphans (or a pre-clean) lets the deploy heal its own stack instead of failing on state left by a previous run.
Article
Field access can't see the incoming value: govern Drupal writes with a validation constraint
On a JSON:API or REST write, Drupal checks field edit-access against the stored value, not the incoming one — so a field-access gate governing what an agent may set sees the wrong value. The right seam is a validation constraint, which runs on the parsed entity and can compare the incoming value against policy across every transport.
Article
A status endpoint that's coarse in public, detailed in private
How to expose a health endpoint that gives the public a coarse up/degraded roll-up while unlocking full per-service detail only to a server-to-server caller holding a shared secret. Covers constant-time comparison, private caching, fail-closed defaults, and a deploy-order-safe rollout.
Article
The redirect loop that only happens behind HTTPS
A locale rewrite forced onto http: is cross-origin behind an HTTPS proxy, so Next re-issues it as an external request that re-enters the proxy and 301-loops the homepage. It passes every local test because the loop only appears when X-Forwarded-Proto: https is set. The fix: mark the internal rewrite with a per-process secret so canonicalization skips it.
Article
The Two-Phase Pattern for Removing a Drupal Module Without Breaking Deploys
Deleting a Drupal module's code is the easy part. Doing it without breaking your next automated deployment takes a two-phase migration — here's the pattern, and the production incident that taught it to us.
Article
The claim you can drop: an HMAC canonicalization lesson
Article
Why a Next.js Middleware Rewrite Returns 500 Behind a Reverse Proxy
A production-only 500, a green staging run, and a one-line fix: how X-Forwarded-Proto turns a Next.js middleware rewrite into a TLS handshake against a plaintext port — and how to reproduce and prevent it.
Whitepaper
Gating Private Files in a Headless CMS
The engineering behind File Gate: how a decoupled Drupal 11 platform withholds a private file until a visitor has earned it — deny at the source, deliver through a short-lived signed route, and never leak the storage path.
Open Source
File Gate
A free, open-source Drupal module that gates private files for any front end: deny the raw download, deliver bytes only through a short-lived, server-minted signed URL, and never leak the storage path.
News
Announcing File Gate
Wilkes & Liberty has open-sourced File Gate, a Drupal module that gates private files for any front end — available now on drupal.org.
News
How we cut our content model from 12 types to 6
We consolidated the content model behind wilkesliberty.com from twelve types to six — in place, preserving every URL. A short take, with a link to the full engineering whitepaper.
News
Announcing Menu Autopilot
A free, open-source Drupal module for hybrid navigation: curate your top-level menu and let each item's children build and maintain themselves from published content, with clean, headless-ready URLs.
Open Source
Menu Autopilot
A free, open-source Drupal module for hybrid navigation: curate your top-level menu and let each item's children build and maintain themselves from published content, with clean, headless-ready URLs.
Whitepaper
Collapsing a Content Model in Place
How we collapsed twelve Drupal content types into six on a live headless site — in place, with no downtime, and without losing a single node id, URL, revision, or SEO value.
Whitepaper
Composing Navigation in a Headless CMS
How we built self-maintaining hybrid navigation for headless Drupal 11 and Next.js: editors curate the top level, children populate themselves from published content, and every URL stays canonical.
Open Source
GraphQL Compose Codegen
An open-source Drupal module that generates typed TypeScript client code from a GraphQL Compose schema — making the schema the single source of truth and keeping a headless frontend's types in lockstep with the backend.
Open Source
MCP Sentinel
An open-source Drupal module that governs the AI-agent write-plane: least-privilege, environment-keyed policy profiles that bound what an agent may create, edit, delete, or publish — with the riskiest actions, like publishing, human-gated by default.
Open Source
Drupal MCP Connector
An open-source Node.js connector that exposes a Drupal site to AI agents over the Model Context Protocol. It bridges MCP clients to Drupal's JSON:API and GraphQL with 119 governed tools — content, media, taxonomy, moderation, and read-only audits — under a least-privilege OAuth model.
Article
Infrastructure-as-Code for Government: Why It Matters and How to Start
Article
What "Sovereignty" Actually Means in Federal IT
Article
Why Federal Agencies Are Moving to Headless Drupal
Case Study
PandemicOversight.gov - Federal Oversight Platform
Case Study
USPS OIG Multi-Agency Drupal Distribution
Case Study
HHS/CMS Web Platform Modernization