# LetsBe Biz — Timeline & Milestones **Date:** February 27, 2026 **Team:** Claude Opus 4.6 Architecture Team **Document:** 05 of 09 **Status:** Proposal — Competing with independent team --- ## Table of Contents 1. [Timeline Overview](#1-timeline-overview) 2. [Week-by-Week Gantt Chart](#2-week-by-week-gantt-chart) 3. [Milestone Definitions](#3-milestone-definitions) 4. [Team Sizing & Roles](#4-team-sizing--roles) 5. [Weekly Deliverables](#5-weekly-deliverables) 6. [Buffer Analysis](#6-buffer-analysis) 7. [Go/No-Go Decision Points](#7-gono-go-decision-points) 8. [Post-Launch Roadmap](#8-post-launch-roadmap) --- ## 1. Timeline Overview **Target:** Founding member launch in ~16 weeks (~4 months) **Launch definition:** First 10 paying customers onboarded, using AI workforce via mobile app, with secrets redaction and command gating enforced. ``` MONTH 1 MONTH 2 MONTH 3 MONTH 4 Wk1 Wk2 Wk3 Wk4 Wk5 Wk6 Wk7 Wk8 Wk9 Wk10 Wk11 Wk12 Wk13 Wk14 Wk15 Wk16 ┌────┬────┬────┬────┬────┬────┬────┬────┬────┬────┬────┬────┬────┬────┬────┬────┐ Safety Wrapper │████│████│████│████│ │ │ │ │ │ │ │ │ │ │ │ │ Secrets Proxy │████│████│████│ │ │ │ │ │ │ │ │ │ │ │ │ │ Hub Backend │ │ │██░░│████│████│████│████│████│████│████│ │ │ │ │ │ │ Tool Adapters │ │ │ │ │ │ │████│████│ │ │ │ │████│ │ │ │ Mobile App │ │ │ │ │ │ │ │ │████│████│████│████│ │████│ │ │ Website │ │ │ │ │ │ │ │ │ │ │████│████│ │████│ │ │ Provisioner │ │ │ │ │ │ │ │ │ │ │████│████│ │ │ │ │ Integration │ │ │ │ │ │ │ │ │ │ │ │████│ │ │████│ │ Security Audit │ │ │ │ │ │ │ │ │ │ │ │ │████│ │ │ │ Polish & Launch │ │ │ │ │ │ │ │ │ │ │ │ │ │████│████│████│ └────┴────┴────┴────┴────┴────┴────┴────┴────┴────┴────┴────┴────┴────┴────┴────┘ M1──────────────►M2─────────────────►M3─────────────────►M4──────────────► Legend: ████ = primary work ██░░ = ramp-up/planning ░░░░ = testing/maintenance M1-M4 = Milestones ``` --- ## 2. Week-by-Week Gantt Chart ### Phase 1 — Foundation (Weeks 1-4) | Week | Stream A (Safety Wrapper) | Stream B (Secrets Proxy) | Stream C (Hub) | Stream D (Frontend) | Stream E (DevOps) | |------|--------------------------|--------------------------|----------------|--------------------|--------------------| | **1** | Monorepo setup; SW skeleton; SQLite schema; Secrets registry | Proxy skeleton; Layer 1 Aho-Corasick start | Prisma model planning; ServerConnection updates | Design system selection; wireframes | Turborepo CI; Docker base images | | **2** | Command classification engine; Shell executor; Docker executor; File/Env executors | Layer 1 complete; Layer 2 regex; Layer 3 entropy; Layer 4 JSON keys | Token usage models; Billing period models | Wireframes: mobile chat, approvals, dashboard | Gitea pipeline: lint + test + build | | **3** | P0 tests: classification (100+ cases) | P0 tests: redaction (TDD); Performance benchmarks (<10ms) | Tenant API design; Hub endpoint stubs | Website landing page design | OpenClaw Docker image build; Dev env setup | | **4** | Autonomy engine; Approval queue; SECRET_REF injection; OpenClaw integration | OpenClaw LLM proxy integration; Integration tests | Hub ↔ SW protocol endpoint implementation starts | UI component library setup | Staging server provisioning | **Phase 1 Exit: Milestone M1 — "Core Security Working"** ### Phase 2 — Integration (Weeks 5-8) | Week | Stream A (Safety Wrapper) | Stream B (Secrets + Tools) | Stream C (Hub) | Stream D (Frontend) | Stream E (DevOps) | |------|--------------------------|---------------------------|----------------|--------------------|--------------------| | **5** | Hub client: registration, heartbeat, config sync | Secrets API: provide/reveal/generate/rotate | /tenant/register, /tenant/heartbeat, /tenant/config endpoints | Website: onboarding flow pages 1-5 | Cheat sheet: Portainer | | **6** | Token metering capture; hourly buckets | Secrets integration tests; Side-channel protocol | Token billing pipeline; Stripe Billing Meters; Founding member logic | Website: AI classifier (Gemini Flash); Resource calculator | Cheat sheets: Nextcloud, Chatwoot | | **7** | Approval request routing; Config sync receiver | Tool registry generator; Master skill | Approval queue CRUD; AgentConfig model | Website: payment flow; provisioning status | Cheat sheets: Ghost, Cal.com, Stalwart | | **8** | Integration tests: Hub ↔ SW round-trip | Tool integration tests (6 P0 tools) | Push notification skeleton; Config versioning | Mobile: auth screens (login, token storage) | CI: integration test pipeline | **Phase 2 Exit: Milestone M2 — "Backend Pipeline Working"** ### Phase 3 — Customer Experience (Weeks 9-12) | Week | Stream A (Safety Wrapper) | Stream B (Provisioner) | Stream C (Hub) | Stream D (Mobile + Frontend) | Stream E (DevOps) | |------|--------------------------|------------------------|----------------|-----------------------------|--------------------| | **9** | Monitoring endpoints; Health checks | Provisioner: step 10 rewrite (OpenClaw + SW) | Customer portal API (dashboard, agents, usage) | Mobile: chat with SSE streaming; agent selector | n8n cleanup (7 files) | | **10** | Performance optimization; Caching tuning | Provisioner: config.json cleanup; Secret seeding | Chat relay service; WebSocket endpoint | Mobile: push notifications; approval cards | Provisioner: Playwright migration (7 scenarios) | | **11** | Edge case hardening | Provisioner: Docker Compose for LetsBe stack | Customer portal: billing, tools, settings endpoints | Mobile: dashboard, usage, settings | Staging: full stack deployment | | **12** | Bug fixes from integration | Integration test on real VPS | E2E test: payment → provision → AI ready | Mobile: secrets side-channel; polish | E2E test verification | **Phase 3 Exit: Milestone M3 — "End-to-End Journey Working"** ### Phase 4 — Polish & Launch (Weeks 13-16) | Week | Stream A (Security) | Stream B (Tools + Demo) | Stream C (Hub) | Stream D (Mobile + Frontend) | Stream E (DevOps) | |------|--------------------|-----------------------|----------------|-----------------------------|--------------------| | **13** | Adversarial security audit: secrets, classification, injection, SSRF | P1 cheat sheets (Odoo, Listmonk, NocoDB, Umami, Keycloak, Activepieces) | Security fixes from audit | Mobile: UI polish, error handling, offline | Channel config: WhatsApp + Telegram | | **14** | Prompt caching optimization; Token efficiency audit | First-hour templates: Freelancer, Agency | Performance tuning; Usage alert system | Website: remaining pages, polish | Provisioner integration tests | | **15** | Fix critical/high issues from dogfooding | Interactive demo: ephemeral containers | Deploy to staging; Dogfooding begins | Mobile: beta testing (internal) | Monitoring dashboard; Backup monitoring | | **16** | Final security verification | Demo polish; Fix staging issues | Production deployment | App Store / Play Store prep | Founding member onboarding (10 customers) | **Phase 4 Exit: Milestone M4 — "Founding Member Launch"** --- ## 3. Milestone Definitions ### M1 — Core Security Working (End of Week 4) | Criterion | Verification | |-----------|-------------| | Secrets Proxy redacts all known patterns | P0 test suite: 100% pass | | Redaction latency < 10ms with 50+ secrets | Benchmark test | | Command classifier handles all 5 tiers correctly | P0 test suite: 100+ cases | | Autonomy engine gates correctly at levels 1/2/3 | Test suite: all combinations | | OpenClaw routes tool calls through Safety Wrapper | Integration test: tool call → execution → audit | | OpenClaw routes LLM calls through Secrets Proxy | Integration test: LLM call → redacted outbound | | SECRET_REF injection resolves credentials | Integration test: placeholder → real value | | Audit log captures every tool call | Log verification test | **Decision gate:** If M1 slips by > 1 week, escalate. Safety Wrapper is the critical path — nothing downstream works without it. ### M2 — Backend Pipeline Working (End of Week 8) | Criterion | Verification | |-----------|-------------| | Safety Wrapper registers with Hub | Protocol test: register → receive API key | | Heartbeat maintains connection | 24h soak test: heartbeat + reconnect | | Token usage flows to billing | Pipeline test: usage → bucket → billing period | | Stripe overage billing triggers | Stripe test mode: pool exhaustion → invoice | | 6 P0 tool cheat sheets work | Agent successfully calls each tool's API | | Approval round-trip completes | Test: Red command → Hub → approve → execute | | Config sync propagates | Test: change agent config in Hub → verify on SW | **Decision gate:** If M2 slips, assess whether to cut overage billing and/or founding member logic from launch scope (both in the "scope cut" table). ### M3 — End-to-End Journey Working (End of Week 12) | Criterion | Verification | |-----------|-------------| | Website: signup → payment works | Stripe test mode end-to-end | | Provisioner deploys new stack | Full provisioning on staging VPS | | Mobile: login → chat → approve works | Device testing (iOS + Android) | | Chat relay: App → Hub → SW → OpenClaw → response | Full round-trip with streaming | | Push notifications for approvals | Notification received on test device | | n8n references fully removed | `grep -r "n8n" provisioner/` returns nothing | | config.json cleanup verified | Post-provisioning: no plaintext passwords | **Decision gate:** If M3 slips by > 1 week, defer interactive demo, P1 tool adapters, and WhatsApp/Telegram to post-launch. Focus all effort on core launch requirements. ### M4 — Founding Member Launch (End of Week 16) | Criterion | Verification | |-----------|-------------| | Security audit: no critical findings | Audit report reviewed and signed off | | 10 founding members onboarded | Active users with functional AI workforce | | Performance targets met | Redaction <10ms, tool calls <5s p95, heartbeat stable | | First-hour templates prove cross-tool workflows | At least 2 templates working end-to-end | | Monitoring and alerting operational | Hub health + tenant health dashboards live | --- ## 4. Team Sizing & Roles ### Recommended: 4-5 Engineers | Role | Focus Area | Skills Required | Stream | |------|-----------|-----------------|--------| | **Safety Wrapper Lead** (Senior) | Safety Wrapper + Secrets Proxy + OpenClaw integration | Node.js, security, cryptography, SQLite | A + B | | **Hub Backend Engineer** | Hub API, billing, tenant protocol, chat relay | TypeScript, Next.js, Prisma, Stripe | C | | **Frontend/Mobile Engineer** | Mobile app (Expo), website (Next.js), design system | React Native, Expo, Next.js, Tailwind | D | | **DevOps/Provisioner Engineer** | CI/CD, Docker, provisioning, tool cheat sheets, staging | Bash, Docker, Gitea Actions, Ansible concepts | E | | **QA/Integration Engineer** (part-time or shared) | Testing, security audit, E2E verification | Testing frameworks, security testing | Cross-stream | ### Minimum Viable: 3 Engineers | Role | Covers | Trade-off | |------|--------|-----------| | **Full-Stack Security** (Senior) | Streams A + B | Secrets Proxy work starts week 2 instead of week 1 | | **Hub + Backend** | Stream C | No changes — same workload | | **Frontend + DevOps** | Streams D + E | Website and mobile overlap handled sequentially; DevOps work spread across evenings/gaps | ### Critical Hire: Safety Wrapper Lead The Safety Wrapper Lead is the most critical hire. This person: - Must understand security at a deep level (cryptography, injection prevention, transport security) - Must be comfortable with Node.js internals (HTTP proxy, process management, SQLite) - Owns the core IP of the platform - Is on the critical path for every downstream milestone **Risk mitigation:** If this hire is delayed, the founder (Matt) should write the Safety Wrapper skeleton and P0 tests during week 1-2 while recruiting. --- ## 5. Weekly Deliverables Each week produces demonstrable output. This prevents "dark" periods where progress can't be verified. | Week | Key Deliverable | Demo | |------|----------------|------| | 1 | Monorepo running; SW responds on :8200; SQLite schema created; Secrets registry encrypts/decrypts | `curl localhost:8200/health` returns OK; secrets round-trip test | | 2 | Commands classified correctly; Shell/Docker/File executors work | Run `classify("rm -rf /")` → CRITICAL_RED; execute a read-only command | | 3 | Secrets Proxy redacts all patterns; P0 tests pass | Send payload with JWT embedded → verify redacted output | | 4 | OpenClaw talks to SW; Autonomy gates work; Full Phase 1 integration | OpenClaw agent issues tool call → SW classifies → executes → returns | | 5 | Hub accepts registration; Heartbeat flowing | SW boots → registers → heartbeat shows in Hub admin | | 6 | Token usage tracked; Billing period accumulates | Agent makes LLM calls → usage appears in Hub dashboard | | 7 | 6 tools callable via API; Approval queue populated | Agent uses Portainer API → container list returned | | 8 | Approval round-trip works; Config sync confirmed | Change autonomy level in Hub → verify change on tenant | | 9 | Mobile app renders chat; Agent responds | Open app → type message → see agent response stream | | 10 | Push notifications arrive; Customer portal shows data | Trigger Red command → push notification on phone → approve | | 11 | Provisioner deploys new stack; Website onboarding works | Run provisioner → verify OpenClaw + SW running on VPS | | 12 | Full journey: signup → provision → chat | New account → Stripe test → VPS provisioned → mobile chat | | 13 | Security audit complete; P1 tools available | Audit report; Odoo/Listmonk usable by agents | | 14 | Prompt caching verified; First-hour templates work | Cache hit rate logged; Freelancer template runs end-to-end | | 15 | Staging deployment stable; Internal team using it | Team dogfooding report; Bug list prioritized | | 16 | 10 founding members onboarded | Real customers talking to their AI teams | --- ## 6. Buffer Analysis ### Critical Path Duration The absolute minimum serial dependency chain (from 04-IMPLEMENTATION-PLAN): ``` Monorepo (2d) → SW skeleton (2d) → Classification (3d) → Executors (2d) → Autonomy (2d) → OpenClaw integration (2d) → Hub protocol (5d) → Billing (5d) → Approval queue (4d) → Customer portal (3d) → Chat relay (2d) → Mobile chat (3d) → Provisioner (3d) → E2E test (3d) → Security audit (3d) → Launch (1d) Total: 42 working days = 8.5 weeks ``` ### Available Calendar Time - 16 weeks × 5 working days = 80 working days - Critical path: 42 working days - **Buffer: 38 working days (7.5 weeks)** ### Buffer Distribution | Phase | Calendar | Critical Path | Buffer | Buffer % | |-------|----------|--------------|--------|----------| | Phase 1 (wk 1-4) | 20 days | 13 days | 7 days | 35% | | Phase 2 (wk 5-8) | 20 days | 14 days | 6 days | 30% | | Phase 3 (wk 9-12) | 20 days | 11 days | 9 days | 45% | | Phase 4 (wk 13-16) | 20 days | 4 days | 16 days | 80% | **Phase 4 has the most buffer** because it's mostly polish, which can absorb delays from earlier phases. If Phase 1 or 2 slip, Phase 4 scope is cut first (interactive demo, channels, P2+ tools). ### Risk Scenarios & Buffer Impact | Scenario | Probability | Days Lost | Buffer Remaining | Mitigation | |----------|------------|-----------|-----------------|------------| | OpenClaw integration harder than expected | HIGH | 3-5 days | 33-35 days | Start integration in week 3 instead of week 4; allocate extra time | | Secrets redaction has edge cases requiring extra work | MEDIUM | 2-3 days | 35-36 days | TDD approach; adversarial testing starts in Phase 1, not Phase 4 | | Mobile app iOS/Android platform bugs | MEDIUM | 3-5 days | 33-35 days | Focus on one platform first; use Expo's cross-platform abstractions | | Stripe billing integration complexity | LOW | 2-3 days | 35-36 days | Stripe Billing Meters well-documented; test mode available | | Provisioner testing on real VPS reveals issues | HIGH | 3-5 days | 33-35 days | Allocate staging VPS early (week 4); test incrementally | | Key engineer leaves or is unavailable for 2 weeks | LOW | 10 days | 28 days | Document everything; pair on critical path items | | All of the above simultaneously | VERY LOW | ~20 days | 18 days | Still launchable — cut scope per scope cut table | **Conclusion:** Even in the worst case (all risks materializing), the 16-week timeline has enough buffer to launch with core features. The scope cut table in 04-IMPLEMENTATION-PLAN defines what gets deferred. --- ## 7. Go/No-Go Decision Points ### Week 4 — Phase 1 Review **Go criteria:** - [ ] All M1 criteria met - [ ] P0 test suites pass with >95% coverage of defined scenarios - [ ] OpenClaw integration demonstrated **No-go actions:** - If secrets redaction is incomplete → STOP. Allocate all engineering to this. Delay Phase 2 start. - If classification engine has gaps → document gaps, create follow-up tickets, proceed with caution - If OpenClaw integration fails → investigate alternative integration approaches; consider filing upstream issue ### Week 8 — Phase 2 Review **Go criteria:** - [ ] All M2 criteria met - [ ] Hub ↔ Safety Wrapper protocol stable for 48h - [ ] At least 4 of 6 P0 tools working **No-go actions:** - If billing pipeline broken → defer overage billing; use flat pool with hard stop at limit - If approval queue broken → allow admin-only approvals via Hub dashboard; defer mobile approval cards - If < 4 tools working → focus on the most critical (Portainer, Nextcloud, Chatwoot) and defer rest ### Week 12 — Phase 3 Review (Most Critical Decision) **Go criteria:** - [ ] All M3 criteria met - [ ] Full customer journey demonstrated on staging - [ ] Mobile app functional on both iOS and Android **No-go actions:** - If provisioner fails → CRITICAL. Cannot launch without provisioning. All hands on provisioner until fixed. - If mobile app not ready → launch with web-only customer portal as temporary interface; ship mobile in 2 weeks post-launch - If E2E journey has gaps → identify gaps, create workarounds, defer non-essential features ### Week 14 — Launch Readiness Review **Go criteria:** - [ ] Security audit passed (no critical findings) - [ ] Staging deployment stable for 3+ days - [ ] At least 5 founding member candidates confirmed **No-go actions:** - If security audit finds critical issues → STOP LAUNCH. Fix issues. Re-audit. No exceptions. - If staging unstable → extend dogfooding by 1 week; defer launch to week 17 - If no founding members → marketing push; consider beta invite program; launch with team-internal usage --- ## 8. Post-Launch Roadmap Items deferred from v1 launch, prioritized for the 2 months following launch: ### Month 5 (Weeks 17-20) — Stabilization | Priority | Item | Effort | |----------|------|--------| | P0 | Fix all critical bugs from founding member feedback | Ongoing | | P0 | Performance optimization based on real usage data | 1 week | | P1 | P2 tool cheat sheets (Gitea, Uptime Kuma, MinIO, Documenso, VaultWarden, WordPress) | 1 week | | P1 | Interactive demo system (if deferred) | 1 week | | P1 | WhatsApp + Telegram channels (if deferred) | 1 week | | P2 | Customer portal web UI (if deferred) | 2 weeks | ### Month 6 (Weeks 21-24) — Growth | Priority | Item | Effort | |----------|------|--------| | P0 | Scale to 50 founding members | Ongoing | | P1 | Custom agent creation | 2 weeks | | P1 | Dynamic tool installation from catalog | 2 weeks | | P1 | P3 tool cheat sheets (Activepieces, Windmill, Redash, Penpot, Squidex, Typebot) | 1 week | | P2 | E-commerce and Consulting first-hour templates | 1 week | | P2 | DNS automation via Cloudflare/Entri API | 1 week | ### Month 7-8 (Weeks 25-32) — Scale | Priority | Item | Effort | |----------|------|--------| | P0 | Scale to 100 customers; Hetzner overflow activation | Ongoing | | P1 | Discord + Slack channels | 1 week | | P1 | Cross-region backup (encrypted offsite) | 2 weeks | | P1 | Automated backup restore testing | 1 week | | P2 | Premium model tier (if deferred) | 1 week | | P2 | Advanced analytics dashboard | 2 weeks | | P2 | Multi-language support | 2 weeks | --- ## Calendar Mapping Assuming project start on **Monday, March 3, 2026**: | Milestone | Target Date | Calendar Week | |-----------|------------|---------------| | Project kickoff | March 3, 2026 | Week 1 | | M1 — Core Security Working | March 28, 2026 | End of Week 4 | | M2 — Backend Pipeline Working | April 25, 2026 | End of Week 8 | | M3 — End-to-End Journey Working | May 22, 2026 | End of Week 12 | | Staging deployment | June 5, 2026 | Week 15 | | M4 — Founding Member Launch | June 19, 2026 | End of Week 16 | | Stabilization complete | July 17, 2026 | End of Week 20 | | 50 customers | August 14, 2026 | End of Week 24 | **Holidays to account for (Germany/EU):** - Easter: April 3-6, 2026 (4 days lost in week 5) - May Day: May 1, 2026 (1 day lost in week 9) - Ascension: May 14, 2026 (1 day lost in week 11) - Whit Monday: May 25, 2026 (1 day lost in week 13) **Impact:** ~7 working days lost to holidays. This is absorbed by the 38-day buffer. No milestone dates need to shift, but the buffer effectively reduces to ~31 working days. --- *End of Document — 05 Timeline & Milestones*