CLT Code
AI-native web development agency for Charlotte businesses — where the agency itself runs on software we built: a 37-screen internal lead engine, and client automation with production-safety discipline.
- Role
- Pro eMarketing — design, build, ops
- Timeline
- Operating — {{TODO: CLT Code founding date}}
- Stack
- Next.js 14TypeScriptSupabaseStripeClaude APIResendUpstash RedisShopify Admin API
Small businesses buy websites from agencies that hand-assemble everything: discovery by meeting, proposals by template, delivery by hours. The economics force a choice between cheap-and-generic or good-and-unaffordable.
CLT Code is the test of a different model: a lean studio with an AI-native toolchain, selling outcomes at small-business prices because the cost structure underneath is software, not headcount. The agency's own sales pipeline is the first proof — it runs on a lead-intelligence engine we built, not on bought lists.
Two systems make the agency work: the machine that finds and converts clients, and the delivery discipline clients actually experience. Both are code.
Public storefront & productized funnel
Twenty public pages — services, process, work, pricing, local-SEO landers — funneling to one low-friction front door: a $99 AI Leverage Audit with real Stripe checkout. Discovery is a paid product, not a free meeting.
▸ 20 public pages · dynamic local-SEO slugs · Stripe checkout funnel
Internal lead engine
A 37-screen dashboard CRM does the prospecting a sales team would: scrapers pull Charlotte business registrations and permits, AI classifies and briefs each lead, and an outreach studio runs sequenced campaigns with templates and analytics. Six cron jobs keep the pipeline moving daily without me touching it.
▸ 37 dashboard screens · scrape + classify + outreach sequences · 6 Vercel crons
AI-assisted analysis & delivery
The audit product is powered by analyzers that inspect a prospect's actual web presence — pagespeed, software gaps, business signals — and generate the PDF report clients pay for. AI does the inspection; judgment and recommendations stay human.
▸ ai-audit + analyze routes (pagespeed, software-gaps) · PDF report generation
Anchor client: Brownlee Jewelers catalog operations
A Charlotte jeweler's Shopify catalog is run by 145 automation scripts instead of manual admin work: product classification (audience, categories, watches), metafield enrichment, tag pipelines, smart-collection rules, a ranked best-sellers system, and store-wide sale apply/end with clean reversal.
▸ 145 Admin API scripts · classify / enrich / audit / collections / sale ops
Production-safety discipline on client data
Every mutating script defaults to dry-run and requires an explicit --apply. Every change writes a timestamped snapshot first — 83 of them so far — so any operation can be reversed precisely. Scoped flags (--only, --limit) keep blast radius small. A store-wide sale can be ended with a single undo command.
▸ dry-run default · 83 snapshots · --only scoping · undo scripts
Asset pending
{{TODO: cltcode.com homepage (dark/neon brand)}}
Asset pending
{{TODO: Internal lead-engine dashboard (redact client names)}}
Asset pending
{{TODO: Sample AI Leverage Audit report PDF (anonymized)}}
The agency dogfoods its own product category
The lead engine that fills the agency's pipeline is the same class of software the agency sells. Every prospecting scraper, AI classifier, and outreach sequence is both an internal tool and a live demo — the sales motion is proof of capability.
Discovery is a paid product
Cold outreach sells exactly one thing: a $99 audit with a concrete deliverable. It filters for buyers, pays for its own acquisition cost, and the report becomes the scope document for retainer work — no proposal theater.
Client stores get change-control, not cowboy scripts
Standing rules for the Brownlee work: never push a full theme, only changed files; never mutate without a dry-run pass; snapshot before apply; keep an undo path. The 83 snapshot files are the audit trail that a year of catalog operations never had an unrecoverable moment.
Security posture matches the security-critical work
Every dashboard API requires auth, the crawler that fetches prospect websites is SSRF-guarded, public endpoints are rate-limited through Upstash, and Supabase tables carry RLS. An agency asking for clients' trust has to run its own house that way.
Agency work means mutating someone else's revenue-generating store. The standing controls that make that safe, all enforced in the tooling itself:
- Caught:Dry-run by default on every mutating script — 21 scripts carry the flag; --apply is always explicit
- Caught:Timestamped snapshot before any bulk change: 83 point-in-time exports enable precise rollback
- Caught:Store-wide 20% sale applied and ended via paired scripts with an --undo-only reversal path
- Caught:Theme deploys push only changed files (--only) — a full theme push is never allowed
- Caught:Repeat-run scripts carry opt-in Sentry crash capture; GraphQL calls wrapped in retry logic
- 57
- pages on the agency platform (20 public + 37 dashboard)
- 40+
- API routes behind the agency site
- 6
- daily cron jobs running the pipeline
- 145
- automation scripts for the anchor client
- 83
- reversal snapshots on client catalog ops
- 170
- commits on the agency platform
- {{TODO: active retainer count / MRR band}}
- retainer clients
- {{TODO: audits sold to date}}
- $99 audits delivered
- Scale the $99 audit funnel — outreach sequences are built; volume is the current lever
- Deepen the Brownlee engagement pattern into a repeatable jeweler/retailer playbook
- {{TODO: confirm agency roadmap — additional anchor clients vs productizing the audit}}