HOA Community Portal.
Inspired by exposure to several subpar community platforms in my day, I present you a production HOA community platform built on a private cloud infrastructure. Built this to test an end to end AI workflow to build a production-ready, scalable HOA community platform, starting with a small community in New Hampshire.
This is a full-stack community platform I'm building for a small homeowners association in rural New Hampshire. It is also a deliberately ambitious proving ground for agentic development: every phase ships through a planning agent that decomposes a single source-of-truth spec into ordered tasks, every phase ends with a formal security review, and a written definition of done gates every release.
What it does
The platform exposes three distinct surfaces from one backend. A public site helps prospective buyers and visitors discover the community and the surrounding region, with an AI concierge grounded in local context. A resident portal behind member authentication gives current homeowners access to governing documents, announcements, events, a neighbor directory, a service-referral library, a read-only lot map, and an AI search experience that ranks across the entire portal corpus and summarizes the top matches. A private admin surface at a separate hostname — gated by a second factor on top of role-based auth — gives the board the operational tooling they need to run the community: household management, audience-targeted announcements with email digests, events with RSVPs, document uploads, a finance view, and an audit trail.
How it runs
Everything lives on owned infrastructure. There is no inbound surface exposed to the public internet; all traffic arrives through an outbound-dialed tunnel that terminates inside the cluster and is host-routed to the appropriate frontend or service. TLS is fully managed at the edge. The tunnel pattern itself is generalized into a reusable toolkit that can be pointed at any new domain and ships the routing templates new applications need to plug in.
Security is treated as a first-class concern, not a checklist. Authentication uses modern password hashing with history checks, progressive lockout, and single-use tokens. The admin surface is double-gated. Outbound email is rendered at build time so the template-compiler toolchain is never present in the runtime image, with a pre-commit hook enforcing the discipline. Inbound mail is handled at the edge.
What makes it interesting
Two things, beyond the breadth.
First, the AI fabric. A scheduled pipeline pulls from a curated set of regional sources, extracts and scores the content, and either auto-publishes or routes the result to a human review queue. The same model surface also backs the public concierge and the in-portal search, with seams designed so the system can graduate from light summarization to richer answers as the corpus grows — without any frontend change.
Second, the methodology. The build is decomposed into formally scoped phases, each with a single planning prompt, explicit risks, and a written definition of done. The planning agent reads the spec as the source of truth; the spec is updated before any code on every change. Phases run on a CI-then-staging-then-cluster cadence. Test coverage targets are aggressive on anything security-relevant. Every AI-dependent path has documented usage policies and cost telemetry. Third-party licenses are vendored with provenance.
It is, in the end, a website for a small HOA in rural New Hampshire — but built like a product team would build a product, on infrastructure that costs nothing per month, with an AI development loop that I'm increasingly convinced is the actual interesting artifact here.