Before / After · Case Study
P.L. 119-37 (federal hemp ban, Nov 12 2026) removes roughly 86% of Big Moose Hemp's current catalog from legal sale on day one. Wix can't support the platform-level work needed to survive that pivot — V1 catalog, deprecated blog API, locked-in schema. Rebuilt on Medusa 2.x + Next 15 with a three-phase strategy (liquidate → sunset → post-ban) baked into the architecture so the cutoff is driven by per-SKU total-THC data, not a content edit. What started as a survival migration became the operating spine for the whole brand: a live Medusa-backed admin, a consent-stratified retention engine, a verified transactional email + SMS chain, and a 24/7 Slack-fed AI approval queue where agents draft and only the owner ships.
“When the legal catalog shrinks 86% on a fixed date, the platform has to know which SKU is on which side of the line.”
Receipts — measured
The pixel diff
Left: everything the legacy site shipped — frozen in place. Right: an auto-scrolling tour of the rebuild, from hero to booking. No slider to fight with.
This is everything the legacy site had to offer above the fold. No pricing, no calendar, no booking — the funnel ended at a mailto.
Auto-scrolls through the modern site so you can see the booking surface, the package grid, the pricing table, and the calendar inline — without leaving this page.
The four beats
Scroll past the legacy frame. The four beats land in order. At the end, the modern site fades into the same window.
Wix's V1 catalog couldn't support the structural work needed to survive the November 12 2026 federal hemp ban. The platform also couldn't expose the payment-policy controls the rebuild needed (see Global Merchant Processing case study).
Total-THC per SKU is the bright line. Compute it once at migration, store it on the product, query it at runtime. The Phase 2 cutoff becomes a flag flip, not a 43-SKU hand sweep at midnight on Nov 11.
Headless rebuild: Medusa 2.x backend (Postgres 16 + Redis), Next 15 storefront. Migration script computes total-THC for every Wix SKU before it lands in Medusa. AlpineIQ + Klaviyo + Bland keep the messaging surfaces running. Two-rail payment abstraction (see Global Merchant Processing).
On Nov 12 2026, the database query that drives storefront visibility flips one threshold and the non-compliant SKUs go invisible at the same moment. The payment rail swaps in parallel (Clover → Stripe via the module abstraction). No content emergency.
Once the catalog lived in Medusa, every adjacent surface got to share it. Retention reads the customer table; transactional comms fire off order events; an AI approval queue lets staff and agents propose content and design changes around the clock while the owner keeps the only key that ships anything live. Each agent runs a narrow, named job on real data and hands edge cases to a human queue — so the system gets more capable without the agents losing the plot.
Wix's V1 catalog couldn't support the structural work needed to survive the November 12 2026 federal hemp ban. The platform also couldn't expose the payment-policy controls the rebuild needed (see Global Merchant Processing case study).
Total-THC per SKU is the bright line. Compute it once at migration, store it on the product, query it at runtime. The Phase 2 cutoff becomes a flag flip, not a 43-SKU hand sweep at midnight on Nov 11.
Headless rebuild: Medusa 2.x backend (Postgres 16 + Redis), Next 15 storefront. Migration script computes total-THC for every Wix SKU before it lands in Medusa. AlpineIQ + Klaviyo + Bland keep the messaging surfaces running. Two-rail payment abstraction (see Global Merchant Processing).
On Nov 12 2026, the database query that drives storefront visibility flips one threshold and the non-compliant SKUs go invisible at the same moment. The payment rail swaps in parallel (Clover → Stripe via the module abstraction). No content emergency.
Once the catalog lived in Medusa, every adjacent surface got to share it. Retention reads the customer table; transactional comms fire off order events; an AI approval queue lets staff and agents propose content and design changes around the clock while the owner keeps the only key that ships anything live. Each agent runs a narrow, named job on real data and hands edge cases to a human queue — so the system gets more capable without the agents losing the plot.
Architecture
What changed
Each claim ships with concrete evidence — env vars, table names, cadence chips. No marketing fluff.
Each SKU's total-THC fraction is computed once at Wix → Medusa migration time and stored alongside the product. The Phase 2 Sunset cutoff (Nov 11 2026) is a database query — `WHERE total_thc <= 0.003` — not a hand-curated SKU list. No room for a missed delisting on Nov 12.
Phase 1 (Liquidation, Apr 19 → Oct 31): full catalog on current rails. Phase 2 (Sunset, Nov 1-11): only compliant SKUs visible, Stripe + Aeropay rails. Phase 3 (Post-ban, Nov 12 →): adaptogen coffee + CBD wellness + compliant smokable hemp. The phase is a runtime flag; product visibility, payment rail, and compliance copy all consult it.
SMS (AlpineIQ, cannabis-compliant), email (Klaviyo), and outbound wholesale voice (Bland) all read from the Medusa customer table, not from the Wix subscriber list. When the catalog shrinks, the messaging surface keeps running — same audience, different SKUs.
The easy move is to dump every Wix contact into the marketing list. The honest one is to audit them. 23,924 contacts pulled from the old store, classified into five legal tiers (subscribed / past-purchaser / site-member / bulk-import / unsubscribed). Only 116 cleared as marketable; 16,712 bulk-import leads were written CRM-only with metadata.crm_only=true so no Klaviyo/AIQ sync ever touches them. CAN-SPAM and TCPA compliance is a column, not a promise — and the suppression list for the red tier is written before a single send.
Shop workers and superusers queue content and design work into Slack; a 5-minute cron ingests it, an AI classifier routes it into one of eight action kinds, and nothing reaches a customer or production without a human tap. Two lanes: content drafts (SMS / email / blog) wait on the brand owner; site-design changes assemble a Vercel preview and wait on the account owner to promote. The agents operate on real store data and surface edge cases to a review queue instead of guessing — the discipline that keeps them from drifting.
The transactional spine isn't a stub. An order fires a confirmation email, a shipping email with carrier tracking, and a delivery email — each rendered, sent, and confirmed landing in a real IMAP inbox. The send path is Resend → AWS SES → a self-hosted Stalwart mail server, all on verified domains. Customer SMS rides AlpineIQ's v2 transactional endpoint, consent-gated against AIQ's own opt-out suppression so it never texts a stranger.
The old store had a Wix dashboard. The rebuild has an admin that reads live from Medusa over a Bearer-JWT bridge: orders with payment + fulfillment status pills, a per-order activity timeline (placed / paid / shipped / delivered), search and filters, and an iOS-style bottom nav so it runs as an installable PWA from a phone. A customer preferences page round-trips consent to the cross-brand OG.Life identity layer so a shopper never opts in four times.
The agent backbone keeps the brand earning between gigs. Jackie approves; the system runs.
Per-SKU total-THC is computed during the Wix → Medusa migration and stored on the product. Phase visibility is a single query at runtime.
AlpineIQ (SMS), Klaviyo (email), and Bland (outbound voice) all read from the Medusa customer table. The audience survives the catalog pivot.
Staff and superusers post content/design work into Slack; a cron pulls new messages, an AI classifier sorts them into eight action kinds and two review lanes, and the items wait for a human approval — content for the brand owner, design for the account owner.
An order event fans out: confirmation/shipping/delivery email (Resend → SES → Stalwart), consent-gated AIQ SMS, and a retention tag write (bmh_customer, order_placed_YYYY_MM) so segmentation builds itself.
SES bounce/complaint events route to an identity-suppression handler that fails closed — a hard-bounced or complaining address can never be re-marketed, no human in the loop required.