Executive Case Study
Technology & Consulting — Internal Digital Estate 26–29 min read
Modernizing a Multi-Brand Drupal Estate with AI-Assisted Engineering
How LABUSA used artificial intelligence to remove the constraint on building and discovered that building was never the constraint.
Executive Summary
Many organizations arrive at the same place by accident: a portfolio of websites that grew up independently, one brand at a time. The sites share a lineage, an infrastructure footprint, and a visual identity. They do not share a codebase, a release process, a governance model, or a definition of done. From outside, the estate looks standardized. From inside it is a collection of separate systems that happen to resemble each other.
That was LABUSA’s position in early 2026, across a multi-brand Drupal estate spanning several business units and service lines. The organization did not buy a platform or replace Drupal. It used artificial intelligence as an engineering instrument — a coding agent working directly against the estate, producing analysis, migration tooling, content architecture, accessibility remediation, and documentation. Over four months, the team upgraded four sites to Drupal 11, built a reusable editorial format, ran an estate-wide accessibility and performance pass, adopted a decoupled architecture on part of the estate, and reversed it on another part.
The result is instructive because it is uneven. The engineering accelerated. The ability to release it did not. By mid-year, more than half of the organization’s recorded project states carried the same annotation: “deploy owed.”
This case examines what happens when AI-assisted engineering removes the constraint on producing software inside an organization whose surrounding disciplines release engineering, configuration management, and version control were sized for a slower rate of production. It is not a story about adding AI to a website. The publishing platforms themselves remained deterministic throughout.
The Organization
LABUSA is a U.S.-based technology and consulting organization serving public-sector, nonprofit, education, healthcare, travel, and commercial markets across enterprise architecture, CRM, digital experience, cloud, systems integration, and managed IT. It also operates its own brands and digital properties, among them a travel company focused on international cultural, heritage, educational, and group experiences.
That portfolio is the origin of the estate. Each brand acquired a website; each website acquired a Drupal installation; each installation acquired a copy of the corporate theme and the deployment scripts. Over years, this produced something with the outward appearance of a platform and the internal reality of independently maintained systems that happened to look alike.
The scale of the human organization matters more than the scale of the estate. A comparatively small internal engineering and leadership team carries the entire portfolio. Administrative access is broadly held rather than tightly scoped, and the same few people recur across the whole body of work. This is a very small group operating an estate sized for a much larger one, and that asymmetry, more than any technology decision, explains what follows.
When the Website Became an Operating Constraint
By early 2026 the estate had accumulated a specific set of failures. Each is small; none is a strategy problem. Collectively they had become one.
The theme was copied, not shared
Each site shipped its own duplicate, so a single accessibility fix had to be applied once per copy — and through several different build procedures, because some copies had a working asset pipeline, some had none, and one was simply broken.
Dependency management was fragile
On several sites, the standard command to add a module reliably cascaded into a site-down state; the team’s own documentation instructed staff not to run it and to copy files in by hand instead. Core versions were pinned exactly against a dependency lock that had drifted after years of manual repair, so a clean rebuild was not possible.
The platform took itself down
Every page across affected sites began failing. Drupal’s convenience cron runs maintenance inside a random visitor’s web request; under a web request’s tighter limits, a routing rebuild was killed part-way, leaving the routing table empty — and every subsequent visitor hit the same wall. The platform could not repair itself, and the failure recurred until it was fixed estate-wide.
The defects were systemic, not local
Headings jumped from level one to level five because that was how the shared theme rendered them. No page declared a main landmark. Card links labeled “Learn More” were generated by the view configuration, so no editor could fix them. A brand accent used for small text was measured at 2.76:1, whereas 4.5:1 is required. Each was one defect repeated across the estate. And much of the content was not portable at all, living inside a proprietary page builder.
Individually, the issues were manageable. Collectively, they had begun to shape what the business could deliver.
The Decision Point
The decision was not “should we adopt AI.” It was narrower: given a small team, a growing digital estate, and a fragile toolchain, what was the most practical path to a modern, maintainable platform?
LABUSA chose to modernize the existing Drupal estate using AI-assisted engineering rather than replace the platform, consolidate the brands, or hire to scale the team. The choice preserved accumulated investment in content, integrations, and editorial process, and avoided a disruptive platform replacement.
The rationale was not formally recorded. No evaluation document, business case, or decision memo exists in the project’s record. This is the first of several places where the evidence documents an outcome but not a deliberation: the available evidence supports the result, but not a definitive explanation of leadership intent. What can be established is that the estate represented years of accumulated investment, and that the alternatives each carried costs the organization was evidently unwilling to pay.
The Chosen Platform Strategy
The strategy has a shape worth stating plainly, because it is the opposite of what the market narrative predicts. Drupal remained the content and workflow spine, while AI capabilities operated around the platform rather than inside the publishing core.
The primary publishing platforms remained deterministic and did not depend on AI inference to render or deliver core content. On the evidence, this was deliberate rather than unfinished: neither primary site carries an AI module, a vector database, embeddings, retrieval-augmented generation, or semantic search, and the corporate site’s search runs on a plain keyword index.
Model calls sit at the boundary. Upstream, at build time, an agent generates SEO metadata and image alt text into review files that a human applies. Downstream, outside Drupal, separate operational systems consume submissions and generate marketing drafts. Selectively and experimentally, one customer-facing assistant was built but not broadly activated.
Pushing intelligence to the edges and keeping the publishing core boring is the platform strategy, and it turns out to be why several later choices were cheap.
Designing the Future State
Four layers, each with a distinct governance posture. The reasoning behind the integration layer was written down at the time, which is rarer than it should be: giving each destination its own queue means an outage in one dead-letters independently and is reprocessable, without affecting or duplicating the notification email. Because consumers are environment-agnostic, promoting a form to production is a change to the website only, and if the environment setting is missing, the system fails over to the staging queue.
- Digital experience layer Part of the estate renders through a decoupled JavaScript front end, with Drupal serving read-only structured content over an API. The rest render Drupal directly. Others were built decoupled and later returned to integrated rendering.
- Content layer A custom module migrates page content out of the proprietary page builder into Drupal’s native structured entities. Built to enable the headless architecture — content had to be structured before a JavaScript front end could consume it. Its more important effect arrived later, and by accident.
- AI services layer Inside Drupal, empty by design. It exists at build time as agent tooling, and outside Drupal as separate systems. Nothing in the publishing core infers anything.
- Integration layer Drupal does not integrate with anything. It publishes: a small module hooks form submission, serializes it to JSON, and puts it on a message queue on an isolated private network. Independent consumers feed each business system — each with its own queue and failure boundary. Drupal knows about none of them.
Text description of this diagram
Four architecture layers: digital experience, content, AI services (empty by design inside Drupal), and integration (publish-only to a message queue).
AI as an Engineering Instrument
Three artifacts define the discipline under which the agent worked.
The build script replaced the configuration export
Drupal can export configuration to reviewable files; this estate has never used it. Hundreds of configuration objects exist only in the database, and the export mechanism appears nowhere in the deployment chain. Rather than adopt it mid-flight, the project made the idempotent build script the configuration artifact: a program that creates fields and content types, guarded so that running it twice is safe and running it elsewhere reproduces the first result. The estate now holds a substantial library of such scripts, most of them explicitly idempotent. This was an adaptation to incomplete configuration and release practice — not a claim that it is the ideal long-term state.
The rule file replaced tribal memory
Once a defect was diagnosed, it became a constraint. The result is a growing corpus of rules, most of which document a silent failure: one that produces no error, no log, and a page that looks fine. A file edited by the wrong user becomes unreadable to the web server, and its styles vanish, while the page still returns a success status. Each rule is a defect converted into an instruction that survives the person who found it.
Verification became executable and adversarial
The editorial format ships with an automated verification harness that builds a test page, exercises every component, renders it as a real anonymous visitor, asserts against the result, and then deletes itself.
What AI Proposed, What Humans Decided
The division held throughout, and it is enforced in code rather than by convention: the Drupal 11 upgrade script hard-refuses to run while any migration decision remains unresolved.
AI proposed
- The audit and the architecture options, presented for approval before any build began
- Migration tooling, build scripts, and content architecture
- SEO metadata and image alt text — written to review files, never to the site
- Module dispositions for the Drupal 11 upgrade, from a read-only analyzer
- Accessibility remediation that preserved the existing visual design exactly
Humans decided
- Whether the build proceeded at all — an approval gate before, not a review after
- Every migration disposition; the upgrade refuses to run until each is resolved
- Which AI-suggested titles and alt text were applied to the live site
- The one defect that reached a page: a contrast failure no automated check saw
- Business decisions, security, privacy, and production readiness
What AI Caught, and What It Did Not
The trap AI caught
Drupal’s paragraph permissions are granted per type, so a new type is invisible to anonymous visitors by default — while rendering perfectly for an administrator, because administrators bypass access checks. An entire case study would have shipped as a blank page for every visitor, and an administrator previewing it would have seen nothing wrong. The harness caught it only because it rendered the page as an anonymous visitor rather than as its author.
The defect AI shipped, and a human caught
A callout panel rendered at 1.31:1 contrast where 4.5:1 is required. Not a poor color choice — the intended color measures 13.48:1 — but a cascade defect: a rule written earlier in the same project outranked the callout’s own color, and because the callout is a single paragraph, the rule matched the entire panel. It was reported by a person, not by the automated checks.
The response is the lesson. The team did not write a longer prompt. It built a contrast calculator that computes every color pair in the design system against the compiled stylesheet, and made a passing run a condition of shipping. Not “the AI was wrong,” but: this class of defect needs a different instrument, and the instrument must be built.
Structural tests cannot see a cascade defect.
Two Ways to Know a Customer
The estate runs two opposite philosophies of knowing a customer, on two sites, and no document reconciles them. The site with by far the stronger commercial case for behavioral tracking chose instead to ask, and to pay for the answer.
The corporate site infers
- Method: implicit behavioral inference from page views
- Consent: opt-in through the cookie manager, and fail-safe
- Incentive: none
- Data held: an integer score per visitor and topic, never leaving the server
The travel site asks
- Method: an explicit, structured traveler profile
- Consent: the form is the opt-in
- Incentive: a modest travel credit
- Data held: destinations, travel style, budget band, and passport status
Personalization Without a Model
The corporate site runs recommendation rails and an adaptive hero. A reader would reasonably assume AI. They contain none. When a visitor views a page, each topic on that page has an integer counter incremented for that visitor; the recommendations are the highest-scoring topics. That is the entire mechanism. The component has no HTTP client available to it — it is architecturally incapable of calling a model.
This is a design, not a shortfall: no external dependency, no inference cost, no hallucination surface, no data egress. Interest scores never leave the first-party table. Nothing is recorded until the visitor opts in, and the consent gate fails safe — if consent is missing, unreadable, or denied, no identifier is minted, nothing is written, and the rails fall back to recent content. A visitor who declines sees a working page, not a broken one.
Whether a deterministic counter or a model is the right instrument here is a leadership and governance question rather than a technical one. The deterministic version is cheap, auditable, and privacy-preserving. A model could infer intent that a counter cannot see, at the cost of dependency, expense, and explanation. Neither is inherently superior, and the estate has not documented a position.
The customer-facing capability that is not switched on
The travel brand has an AI travel assistant, backed by a commercial language model, with rate limiting, conversation logging, and a graceful hand-off to a human specialist. It is attached to no page, and its conversation log is empty.
The capability existed, but the record did not establish whether it was intentionally paused, awaiting validation, or deprioritized — and the three imply materially different things about the organization’s posture toward customer-facing AI. This remains a leadership question rather than an analyst’s inference.
Integration with Enterprise Operations
The publish-only pattern produced real strengths and honest weaknesses.
What works
Idempotency is solved per destination rather than generically: the marketing platform keys on email address and adds tags additively; the CRM keys on an identifier scoped by environment, so development and production cannot collide in a shared system; the payment handler skips if a checkout session already exists. Three systems, three different correct answers. And when a customer submits a priced quote, the contract terms are captured into the queue message — so the record reflects what the customer agreed to, even if pricing is edited later. A legal instinct expressed as an architectural one.
What is weak
The documentation asserts the queue component is deployed identically everywhere. In fact multiple implementation variants exist across the estate, the documented form count materially understates the real one, and no authoritative inventory exists. The absence is the finding. If the broker is unavailable, the publish swallows the error: the submission succeeds, the message is silently lost, and neither a lead nor a notification is produced.
And a green log does not mean delivery. Notifications for some brands do not arrive at all — one rejected by a mail tenant, one timing out — while the failure queue sits at zero throughout. The pipeline’s success signal measures processing rather than the outcome it exists to produce.
One piece of latent fragility belongs at board level. A downstream payment step depends on undocumented execution ordering inside a third-party component for the queue message to be published at all. Verification confirms the system is safe today. But nothing documents the dependency and no test asserts it, so a change upstream could break it silently — and only for paying customers.
Implementation Journey
The work moved in a recognizable arc: foundations and reliability work first, a pronounced peak of delivery in the middle, then migration and consolidation. The sequence below is reconstructed from file timestamps, because this program produced no commit history. The dates are approximate.
-
Phase 1 April–May: foundations and reliability remediation Complete
Cloning, backup, and management tooling. The cron outage was diagnosed and fixed estate-wide — maintenance moved out of visitor requests, the underlying data corruption cleaned, web limits raised as defense in depth.
- Estate-wide diagnosis of the routing-table outage
- Backup, clone, and site-management tooling
-
Phase 2 June: the peak Complete
The corporate site’s information architecture was restructured and re-themed; the travel site received a page-scoped design system. Accessibility and performance were addressed at the source. Two performance ideas were tried and rejected, and the rejections are better evidence than the adoptions: stripping unused CSS would have silently broken arbitrary published pages, because the editor exposes every framework class and the classes in use live in the database, invisible to any code scan; compression was deployed to staging and reverted after it double-compressed assets Drupal had already compressed, for a measured benefit of 7%.
- Mobile hero image reduced from roughly 111 KB to 31 KB; JavaScript bundle from 208 KB to 80 KB
- A main landmark added, and heading order repaired across the shared theme templates with the visual design preserved exactly
- Both performance rejections decided on measured numbers, and written down with the numbers
-
Phase 3 Late June: the Drupal 11 toolset — and the reversal Complete
A staged, configuration-driven migration toolset moved three sites in roughly 24 hours. Its most important property is a refusal: the analyzer proposes, a human decides, and the upgrade script hard-refuses to run while any decision remains unresolved. In the same weeks, part of the estate that had been built decoupled — including in production — was returned to integrated Drupal across every environment, within roughly a day. That the organization could reverse a production architecture decision that quickly is a capability, not by itself evidence of failure. The reason for the reversal is not recorded. The plans are meticulous about how and silent on why.
- Four sites now run Drupal 11; three migrated through the toolset in about a day
- A decoupled architecture adopted on part of the estate, and reversed on another part
- The reversal cost a presentation-layer rebuild, not a content migration
-
Phase 4 July: consolidation Complete
A new site, a first-party traveler profile, a ratified AI governance policy, and a reusable editorial format whose second use required zero new components, fields, configuration, or templates — a reusability test, passed.
- AI Governance Policy ratified, owned by the CEO
- Editorial format reused with no configuration change at all
Ownership and Accountability
A conventional case study would describe here how roles changed, how staff were trained, and how adoption was managed. No such evidence exists — no team document, role definition, training record, or adoption measure appears anywhere in the record. Rather than infer an organizational-change story, what follows is the ownership model, which is evidenced.
Accountability is concentrated to an unusual degree. Administrative access is broadly held rather than tightly scoped, a small number of people hold substantial operational knowledge and approval responsibility, and the same name appears at every approval gate — including as the person who reported the defect automated verification could not see.
What is observable is not a redistribution of work among people, but a relocation of work into artifacts. Changes a developer would once have committed to a repository are now made by an idempotent script, and version control has not been the system of record for this program. Knowledge once held by whoever last touched the site now sits in a rules corpus. “Done” has moved from it renders for the person who built it to the verification harness passes, rendering as an anonymous visitor. Review has moved from code review after the fact to an approval gate before the build begins.
AI-assisted engineering did not redistribute work across a team, because there is no team of a size where redistribution is meaningful. It changed what a very small group could attempt, and it moved the scarce resource from building toward deciding and verifying. The approval gates are not ceremony; they are where the remaining human capacity is deliberately spent. That improved repeatability — but it did not eliminate key-person risk.
Whether this concentration is a deliberate operating choice or an accumulated accident is a question for leadership, and it bears directly on that risk.
Governance, Security, and Responsible AI
The picture is genuinely mixed, and the mix is the lesson.
What is strong
An AI Governance Policy was ratified in July 2026, owned by the chief executive, codifying five principles: human precedence over AI output; no secrets shared with models; draft-by-default for outward-facing content; cost-aware, idempotent jobs; and auditability. Critically, it was ratified from practice rather than imposed on it, which is why it is honored. AI-generated SEO copy and alt text go to review files that a human applies; the model never writes to the site. Accessibility governance is the estate’s strongest area: contrast is computed rather than eyeballed, and a passing calculation gates release.
What is weak, and material
Version control is not the system of record. The docroot repository has not tracked this program’s work, and the script library on which reproducibility depends is not under version control at all. The institutional memory is real, but unversioned.
Configuration management is not used. Configuration and content travel together in a database dump, so there is no reviewable diff of a configuration change. Auditability, which the policy requires, does not exist on this path. And the AI policy does not cover the Drupal estate at all: the largest body of AI-assisted work in the organization sits outside the policy governing it.
Secrets management is inconsistent. Some projects do this correctly — payment keys are absent from shipped configuration, and the AI tooling takes its credential from the environment. Elsewhere, credentials are embedded in source or documentation instead of being supplied by the environment. The right pattern exists inside the estate; it is simply not applied uniformly.
Privacy has no artifact. Behavioral interest data and a traveler profile containing budget band and passport status are collected, with no assessment, retention schedule, or subject-access path. And certification and compliance language appears in marketing copy without a documented link to the operating practices that would substantiate it; no externally governed process appears in the operating record.
Results
This section is deliberately modest, and that is a finding rather than a limitation of the research.
-
0
AI modules, vector stores, or retrieval pipelines
Verified by enumerating both primary sites’ full dependency lists and reviewing both codebases. The intelligence is in the workshop, not the product.
-
More than half
Of recorded project states awaiting release
Work accumulated on development servers faster than the deployment chain could absorb it — the clearest measure of where the constraint moved.
-
4
Sites migrated to Drupal 11
Three of them in roughly 24 hours, through a staged toolset with an enforced human decision gate.
-
111 KB → 31 KB
Mobile hero image payload
Page weight addressed at the source, with the visual design preserved exactly. The JavaScript bundle fell from 208 KB to 80 KB in the same pass.
The figures above are engineering measurements, not business outcomes. Alongside them: a contrast defect was corrected from 1.31:1 to 13.48:1, with every color pair in the design system now computing clean as a release gate; the editorial format was reused with zero new components, fields, configuration, or templates; and the verification harness passes every check.
Not measured, and not to be implied: no evidence of revenue impact, conversion improvement, lead volume, traffic growth, engagement, time-to-publish, cost saving, or editor adoption exists anywhere in the record. There is no analytics export, no baseline, and no cost model. The organization has explicitly declined to attribute unverified figures to this work, and that posture is honored here.
The defensible statement is qualitative: the estate is more current, more accessible, more portable, and better documented than it was at the start of the year, and the organization now has a repeatable method for upgrading a site and a repeatable format for publishing an executive narrative. Whether that produced value a CFO would recognize is not currently knowable from the evidence — and closing that gap is cheap, because several of the necessary counters already exist and are simply not being read.
Lessons for Business and Technology Leaders
- When AI Makes Building Cheap, the Constraint Moves
Every artifact of this program points at the same wall, and it is not engineering. It is release. An organization adopting AI-assisted development should instrument its deployment capacity before its development capacity, because that is where the queue will form.
- Architecture Matters More, Not Less
AI generates inconsistency as fast as it generates code. Rules, idempotent scripts, and executable verification are why the acceleration did not produce chaos. The rules corpus is the most transferable asset the program produced.
- Structural Tests Cannot See Every Class of Defect
A harness proving a component renders cannot prove it is readable. The right response to the missed defect was a contrast calculator, not a better prompt. Each class of failure needs its own instrument, built deliberately after the class is discovered.
- Verify as the User, Not as the Author
The highest-value line of test code in this program renders the page as an anonymous visitor. An administrator’s preview is systematically misleading, because privilege hides the failure.
- Portability Investments Pay Off in Unexpected Directions
The module built to enable a headless architecture is what made exiting it cheap. Structuring content is valuable independently of what you planned to do with the structure — and reversing a decision is a competence, not a failure.
- Write Down the Why, Not Just the How
The sharpest lesson, demonstrated by omission. The record is exemplary on what and how, and nearly silent on why: the reversal rationale, the model-vendor split, the two personalization philosophies, and the modernize-versus-replace decision are all absent. An organization that documents mechanism but not reasoning can repeat its solutions but cannot re-derive its judgments.
The Next Decision
A complete Drupal 11 production tier has been built and is parked. Production continues to run Drupal 10. Cutting over is a coordinated release, not a single technical step.
It is presented as a deployment task. It is not.
Cutting over means running production through the release path that the last several months have shown to be the binding constraint: a chain that ships the entire development state at once, moves configuration inside a database dump, has no reviewable configuration history, and sits beside a repository that has not been the system of record for this program. The parked tier improves the hygiene but keeps the identical model.
The choice is a sequencing question with real cost either way. Complete the migration now: bank a supported platform, and accept that release engineering remains the constraint. Improve the release path first: confront configuration management, version control, and deployment controls before adding a migration to the load — and accept that the parked tier idles while the older estate ages. Or take a narrower path: apply the smaller set of changes with the best ratio of risk removed to effort — bring the script library under version control, and bring secrets management to a single standard — then proceed with explicitly accepted residual risk.
There is a cheap prior question. Several indicators that would show whether this program created business value already exist and are simply not being read: consent opt-in rate, traveler-profile completion rate, lead volume by source, time from completed development to production release, deployment backlog size and age, the rate at which editors accept AI-generated recommendations unchanged, content publishing cycle time, and defect escape rate. Leadership should begin measuring the indicators that are already available before making a major platform decision. An organization deciding with no baseline is deciding in the dark by choice.
Questions for Leadership
- When AI removes the constraint on building, what becomes scarce — and would you know where your own constraint moved to?
- Our personalization engine contains no AI. Is that a design or a shortfall? What would have to be true for a model to improve it?
- Part of the estate was moved to a decoupled architecture and then moved back, in production, within weeks. Failure of judgment, success of reversibility, or both — and what is the cost of a reversal whose reasoning was never recorded?
- One brand pays for declared preferences; another infers them silently. Which is more defensible? Should one organization run both?
- Version control is not this estate’s system of record; a database dump is. Indefensible, or a reasonable adaptation to a small team — and what breaks first?
- The AI governance policy was ratified from practice rather than imposed on it. Does that make it more likely to be followed, or does it merely bless what was already happening?
- A human caught the defect the automated checks missed. Where in your delivery process is the equivalent human, and what happens when that person is on leave?
- Should the estate complete the platform migration now, or repair the release path first?