
MUH
The headless hub that normalises your CMS content into clean APIs any front end can consume.
MUH (Unified Headless Middleware) permanently decouples the front end from the CMS: WordPress Bedrock on the editorial side, a NestJS middleware at the centre, one or more Next.js front ends as consumers. Each layer evolves independently - swapping the CMS does not require rewriting the front end, and vice versa.
Decoupling
The front end never talks to the CMS directly. MUH exposes stable, normalised REST/GraphQL APIs regardless of the WordPress version or plugin configuration. The CMS becomes an implementation detail.
Built-in quality
SEO and GEO (generative-AI optimisation), RGAA accessibility, Cloudflare edge cache with targeted URL invalidation, OAuth2/Keycloak auth - quality is wired into the foundation, not bolted on per project.
Reversibility
The @muh/* packages (adapters, forms, fixtures, CLI) are semantically versioned and published to the private GitLab registry. Replacing WordPress with another CMS tomorrow will not break a single line of front-end code.
Headless hub architecture
MUH is built around three layers:
WordPress Bedrock (CMS) - WordPress managed with Bedrock (Composer structure, .env, mu-plugins). Editors create and organise content through a familiar interface. The CMS is deployed on BSO Kubernetes as a stateless container, with S3/MinIO for media storage and Redis for object caching.
NestJS Middleware - The core of MUH. It queries WordPress via REST or GraphQL, normalises and enriches the data (ACF resolution, Polylang translations, multilingual formats), then exposes clean, documented APIs. Cross-cutting business rules live here: cache management, Next.js revalidation, secure contact forms, Meilisearch integration.
Next.js front end (and apps) - Consumers talk exclusively to the MUH API. They can be replaced, duplicated or extended without touching the CMS or middleware. A single middleware can power a website, a mobile app and an internal tool simultaneously.
What this means for your CIO
- Normalised REST/GraphQL APIs: a stable, versioned, documented contract between the front end and the CMS - independent of WordPress updates.
- OAuth2/Keycloak auth: centralised authentication - tokens are validated by the middleware and WordPress is never directly exposed on the public network.
- Cloudflare cache and targeted invalidation: pages are served from the edge cache in milliseconds. On every publish, only the affected URLs are purged - no global cache wipe.
- Versioned
@muh/*packages: adapters, forms, fixtures, CLI - every reusable component is published to the private GitLab registry with a semantic changelog. - Observability: Loki/Grafana on the BSO cluster, structured logs, alerts on 5xx errors and revalidation failures.
- Stateless and scalable: WordPress and NestJS pods are stateless (media on S3, sessions on Redis). Horizontal autoscaling requires no special configuration.