letsbe
/
LetsBeBiz-Redesign
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
LetsBeBiz-Redesign/docs/architecture-proposal/claude/04-IMPLEMENTATION-PLAN.md

498 lines
27 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# LetsBe Biz — Implementation Plan
**Date:** February 27, 2026
**Team:** Claude Opus 4.6 Architecture Team
**Document:** 04 of 09
**Status:** Proposal — Competing with independent team
---
## Table of Contents
1. [Phase Overview](#1-phase-overview)
2. [Phase 1 — Foundation (Weeks 1-4)](#2-phase-1--foundation-weeks-1-4)
3. [Phase 2 — Integration (Weeks 5-8)](#3-phase-2--integration-weeks-5-8)
4. [Phase 3 — Customer Experience (Weeks 9-12)](#4-phase-3--customer-experience-weeks-9-12)
5. [Phase 4 — Polish & Launch (Weeks 13-16)](#5-phase-4--polish--launch-weeks-13-16)
6. [Dependency Graph](#6-dependency-graph)
7. [Parallel Workstreams](#7-parallel-workstreams)
8. [Scope Cut Table](#8-scope-cut-table)
9. [Critical Path](#9-critical-path)
---
## 1. Phase Overview
```
Week 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
├────────────────┤
│ PHASE 1: │
│ Foundation │
│ Safety Wrapper │
│ Secrets Proxy │
│ P0 Tests │
│ ├────────────────┤
│ │ PHASE 2: │
│ │ Integration │
│ │ Hub APIs │
│ │ Tool Adapters │
│ │ Browser Tool │
│ │ ├────────────────┤
│ │ │ PHASE 3: │
│ │ │ Customer UX │
│ │ │ Mobile App │
│ │ │ Provisioner │
│ │ │ ├────────────────┤
│ │ │ │ PHASE 4: │
│ │ │ │ Polish │
│ │ │ │ Security Audit│
│ │ │ │ Launch │
```
| Phase | Duration | Focus | Exit Criteria |
|-------|----------|-------|---------------|
| 1 | Weeks 1-4 | Safety Wrapper + Secrets Proxy core | Secrets redaction passes all P0 tests; command classification works; OpenClaw routes through wrapper |
| 2 | Weeks 5-8 | Hub APIs + tool adapters + billing | Hub ↔ Safety Wrapper protocol working; 6 P0 tool adapters operational; token metering flowing to billing |
| 3 | Weeks 9-12 | Mobile app + customer portal + provisioner | End-to-end: payment → provision → AI ready → mobile chat working |
| 4 | Weeks 13-16 | Security audit + polish + launch | Founding member launch: first 10 customers onboarded |
---
## 2. Phase 1 — Foundation (Weeks 1-4)
### Goal: Safety Wrapper and Secrets Proxy functional with comprehensive P0 tests
#### Week 1: Safety Wrapper Skeleton + Secrets Registry
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 1.1 Monorepo setup (Turborepo, packages structure) | 2d | Working monorepo with packages/safety-wrapper, packages/secrets-proxy, packages/shared-types | — |
| 1.2 Safety Wrapper HTTP server skeleton | 2d | Express/Fastify server on localhost:8200 with health endpoint | 1.1 |
| 1.3 SQLite schema + migration system | 1d | secrets, approvals, audit_log, token_usage, hub_state tables | 1.1 |
| 1.4 Secrets registry implementation | 3d | ChaCha20-Poly1305 encrypted SQLite vault; CRUD operations; pattern generation | 1.3 |
| 1.5 Tool execution endpoint (POST /api/v1/tools/execute) | 2d | Request parsing, validation, routing to executors | 1.2 |
#### Week 2: Command Classification + Tool Executors
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 2.1 Command classification engine | 3d | Deterministic rule engine for all 5 tiers; shell command classifier with allowlist | 1.5 |
| 2.2 Shell executor (port from sysadmin agent) | 2d | execFile-based execution with path validation, timeout, metacharacter blocking | 2.1 |
| 2.3 Docker executor | 1d | Docker subcommand classifier + executor | 2.2 |
| 2.4 File read/write executor | 1d | Path traversal prevention, size limits, atomic writes | 2.2 |
| 2.5 Env read/update executor | 1d | .env parsing, atomic update with temp→rename | 2.2 |
| 2.6 P0 tests: command classification | 2d | 100+ test cases covering all tiers, edge cases, shell metacharacters | 2.1 |
#### Week 3: Secrets Proxy + Redaction Pipeline
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 3.1 Secrets Proxy HTTP server | 1d | Transparent proxy on localhost:8100 | 1.1 |
| 3.2 Layer 1: Aho-Corasick registry redaction | 2d | O(n) multi-pattern matching against all known secrets | 1.4, 3.1 |
| 3.3 Layer 2: Regex safety net | 1d | Private keys, JWTs, bcrypt, connection strings, env patterns | 3.1 |
| 3.4 Layer 3: Shannon entropy filter | 1d | High-entropy blob detection (≥4.5 bits, ≥32 chars) | 3.1 |
| 3.5 Layer 4: JSON key scanning | 0.5d | Sensitive key name detection in JSON payloads | 3.1 |
| 3.6 P0 tests: secrets redaction | 2.5d | TDD — test matrix from Technical Architecture §19.2: registry match, patterns, entropy, false positives, performance (<10ms) | 3.2-3.5 |
#### Week 4: Autonomy Engine + OpenClaw Integration
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 4.1 Autonomy resolution engine | 2d | Level 1/2/3 gating matrix; per-agent overrides; external comms gate | 2.1 |
| 4.2 Approval queue (local) | 1d | SQLite-backed pending approvals with expiry | 4.1 |
| 4.3 Credential injection (SECRET_REF resolution) | 2d | Intercept SECRET_REF placeholders, inject real values from registry | 1.4, 2.2 |
| 4.4 OpenClaw integration: configure tool routing | 2d | OpenClaw routes tool calls to Safety Wrapper HTTP API | 4.3 |
| 4.5 OpenClaw integration: configure LLM proxy | 1d | OpenClaw routes LLM calls through Secrets Proxy (port 8100) | 3.1 |
| 4.6 P0 tests: autonomy level mapping | 1d | All 3 levels × 5 tiers × per-agent override scenarios | 4.1 |
| 4.7 Integration test: OpenClaw Safety Wrapper tool execution | 1d | End-to-end tool call with classification, gating, execution, audit logging | 4.4 |
### Phase 1 Exit Criteria
- [ ] Secrets Proxy redacts all known secret patterns with <10ms latency
- [ ] Command classifier correctly tiers all defined tools + shell commands
- [ ] Autonomy engine correctly gates/executes at all 3 levels
- [ ] OpenClaw successfully routes tool calls through Safety Wrapper
- [ ] OpenClaw successfully routes LLM calls through Secrets Proxy
- [ ] SECRET_REF injection works for tool execution
- [ ] All P0 tests pass (secrets redaction, command classification, autonomy mapping)
- [ ] Audit log records every tool call
---
## 3. Phase 2 — Integration (Weeks 5-8)
### Goal: Hub ↔ Safety Wrapper protocol, P0 tool adapters, billing pipeline
#### Week 5: Hub Communication Protocol
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 5.1 Hub: /api/v1/tenant/register endpoint | 1d | Registration token validation, API key generation | Phase 1 |
| 5.2 Hub: /api/v1/tenant/heartbeat endpoint | 2d | Metrics ingestion, config response, pending commands | 5.1 |
| 5.3 Hub: /api/v1/tenant/config endpoint | 1d | Full config delivery (agents, autonomy, classification) | 5.1 |
| 5.4 Safety Wrapper: Hub client implementation | 2d | Registration, heartbeat loop, config sync, backoff/jitter | 5.1-5.3 |
| 5.5 Hub: ServerConnection model update | 0.5d | Add safetyWrapperUrl, openclawVersion, configVersion fields | |
| 5.6 P1 tests: Hub Safety Wrapper protocol | 1.5d | Registration, heartbeat, config sync, network failure handling | 5.4 |
#### Week 6: Token Metering + Billing
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 6.1 Safety Wrapper: token metering capture | 2d | Capture from OpenRouter response headers; hourly bucket aggregation | Phase 1 |
| 6.2 Hub: TokenUsageBucket + BillingPeriod models | 1d | Prisma migration, model definitions | |
| 6.3 Hub: /api/v1/tenant/usage endpoint | 1d | Ingest usage buckets, update billing period | 6.2 |
| 6.4 Hub: /api/v1/admin/billing/* endpoints | 2d | Customer billing summary, history, overage trigger | 6.2 |
| 6.5 Stripe Billing Meters integration | 2d | Overage metering + premium model metering via Stripe | 6.4 |
| 6.6 Hub: FoundingMember model + multiplier logic | 1d | Token multiplier applied to billing period creation | 6.2 |
| 6.7 Hub: usage alerts (80/90/100%) | 1d | Trigger push notifications at pool thresholds | 6.3 |
#### Week 7: Tool Adapters (P0)
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 7.1 Tool registry template + generator | 1d | tool-registry.json generation from provisioner env files | Phase 1 |
| 7.2 Master skill (SKILL.md) | 0.5d | Teach AI three access patterns (API, CLI, browser) | 7.1 |
| 7.3 Cheat sheet: Portainer | 0.5d | REST v2 API endpoints for container management | |
| 7.4 Cheat sheet: Nextcloud | 1d | WebDAV + OCS REST endpoints | |
| 7.5 Cheat sheet: Chatwoot | 1d | REST v1/v2 endpoints for conversation management | |
| 7.6 Cheat sheet: Ghost | 0.5d | Content + Admin REST endpoints | |
| 7.7 Cheat sheet: Cal.com | 0.5d | REST v2 endpoints | |
| 7.8 Cheat sheet: Stalwart Mail | 0.5d | REST endpoints for account/domain management | |
| 7.9 Integration tests: agent tool via Safety Wrapper | 2d | 6 tools: API call with SECRET_REF, classification, execution, response | 7.3-7.8 |
#### Week 8: Approval Queue + Config Sync
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 8.1 Hub: CommandApproval model + endpoints | 2d | CRUD for approvals; customer + admin approval endpoints | 6.2 |
| 8.2 Hub: /api/v1/tenant/approval-request endpoint | 1d | Safety Wrapper pushes approval requests to Hub | 8.1 |
| 8.3 Hub: /api/v1/tenant/approval-response/{id} endpoint | 1d | Safety Wrapper polls for approval decisions | 8.1 |
| 8.4 Hub: AgentConfig model + admin endpoints | 2d | CRUD for agent configs; sync to Safety Wrapper | |
| 8.5 Config sync: Hub Safety Wrapper | 1d | Config versioning; delta delivery via heartbeat | 5.2, 8.4 |
| 8.6 Push notification service skeleton | 1d | Expo Push token registration; notification sending | |
| 8.7 Integration test: approval round-trip | 1d | Red command gate push to Hub approve execute | 8.3 |
### Phase 2 Exit Criteria
- [ ] Safety Wrapper registers with Hub and maintains heartbeat
- [ ] Token usage flows from Safety Wrapper Hub BillingPeriod
- [ ] Stripe overage billing triggers when pool exhausted
- [ ] 6 P0 tool cheat sheets operational (agent can use Portainer, Nextcloud, Chatwoot, Ghost, Cal.com, Stalwart)
- [ ] Approval round-trip works: gate Hub approve execute
- [ ] Config sync: Hub agent config changes propagate to Safety Wrapper
- [ ] Founding member multiplier applies to billing periods
---
## 4. Phase 3 — Customer Experience (Weeks 9-12)
### Goal: End-to-end customer journey from payment to mobile chat
#### Week 9: Mobile App Foundation
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 9.1 Expo project setup (Bare Workflow, SDK 52) | 1d | Project scaffolding, EAS configuration | |
| 9.2 Auth flow (login, JWT storage) | 2d | Login screen, secure token storage, auto-refresh | |
| 9.3 Chat view with SSE streaming | 3d | Real-time agent response rendering via Hub relay | Phase 2 |
| 9.4 Agent selector (team chat vs. direct) | 1d | Agent roster, tap to open direct chat | 9.3 |
| 9.5 Push notification setup (Expo Push) | 1d | Token registration, notification categories, background handlers | |
| 9.6 Approval cards with one-tap approve/deny | 1d | In-app queue + push notification action buttons | 9.5, Phase 2 |
#### Week 10: Customer Portal + Chat Relay
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 10.1 Hub: customer portal API (/api/v1/customer/*) | 3d | Dashboard, agents, usage, approvals, tools, billing endpoints | Phase 2 |
| 10.2 Hub: chat relay service | 2d | App Hub Safety Wrapper OpenClaw response stream | Phase 2 |
| 10.3 Hub: WebSocket endpoint for real-time chat | 2d | Persistent connection for chat + notification delivery | 10.2 |
| 10.4 Mobile: dashboard screen | 1d | Server status, morning briefing, quick actions | 10.1 |
| 10.5 Mobile: usage dashboard | 1d | Per-agent, per-model token usage with trends | 10.1 |
#### Week 11: Provisioner Update + Website
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 11.1 Provisioner: update step 10 for OpenClaw + Safety Wrapper | 3d | Deploy LetsBe AI stack, generate configs, seed secrets | Phase 1 |
| 11.2 Provisioner: n8n cleanup | 1d | Remove all n8n references (7 files) | |
| 11.3 Provisioner: config.json cleanup (CRITICAL fix) | 0.5d | Remove plaintext passwords post-provisioning | |
| 11.4 Website: landing page + onboarding flow pages 1-5 | 2d | Business description AI classification tool selection tier selection domain | |
| 11.5 Website: AI business classifier | 1d | Gemini Flash integration for business type classification | |
| 11.6 Website: resource calculator | 0.5d | Live RAM/disk calculation based on selected tools | |
#### Week 12: End-to-End Integration
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 12.1 Website: payment flow (Stripe Checkout) | 1d | Stripe integration, order creation | 11.4 |
| 12.2 Website: provisioning status page (SSE) | 1d | Real-time progress display | 11.1, 12.1 |
| 12.3 End-to-end test: payment provision AI ready mobile chat | 3d | Full journey on staging VPS | All above |
| 12.4 Provisioner: Playwright scenario migration (7 scenarios, minus n8n) | 2d | Cal.com, Chatwoot, Keycloak, Nextcloud, Stalwart, Umami, Uptime Kuma via OpenClaw browser | 11.1 |
| 12.5 Mobile: settings screens (agent config, autonomy, external comms) | 1d | Agent management, model selection, external comms gate | 10.1 |
| 12.6 Mobile: secrets side-channel (provide/reveal) | 1d | Secure modal for credential input, tap-to-reveal card | Phase 2 |
### Phase 3 Exit Criteria
- [ ] Full customer journey works: website signup payment provisioning AI ready
- [ ] Mobile app: login, chat with agents, approve commands, view usage
- [ ] Provisioner deploys OpenClaw + Safety Wrapper (not orchestrator/sysadmin)
- [ ] n8n references fully removed
- [ ] config.json no longer contains plaintext passwords
- [ ] Chat relay works: App Hub Safety Wrapper OpenClaw response
- [ ] Push notifications delivered for approval requests
---
## 5. Phase 4 — Polish & Launch (Weeks 13-16)
### Goal: Security audit, performance optimization, founding member launch
#### Week 13: Security Audit + P1 Adapters
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 13.1 Security audit: secrets redaction (adversarial testing) | 2d | Test with crafted payloads: encoded, nested, multi-format | Phase 3 |
| 13.2 Security audit: command gating (boundary testing) | 1d | Attempt to bypass classification via edge cases | Phase 3 |
| 13.3 Security audit: path traversal, injection, SSRF | 1d | Penetration testing of all Safety Wrapper endpoints | Phase 3 |
| 13.4 Run `openclaw security audit --deep` on staging | 0.5d | Fix any findings | Phase 3 |
| 13.5 Cheat sheets: Odoo, Listmonk, NocoDB, Umami, Keycloak, Activepieces | 3d | P1 tool adapters operational | |
| 13.6 Channel configuration: WhatsApp + Telegram | 1.5d | OpenClaw channel config; pairing mode; DM security | |
#### Week 14: Performance + Polish
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 14.1 Prompt caching optimization | 1d | Verify cacheRetention: "long" working; measure cache hit rate | Phase 3 |
| 14.2 Token efficiency audit | 1d | Measure per-agent token usage; optimize verbose SOUL.md files | 14.1 |
| 14.3 Secrets redaction performance benchmark | 0.5d | Confirm <10ms latency with 50+ secrets in registry | Phase 3 |
| 14.4 Mobile app: UI polish, error handling, offline state | 2d | Production-ready mobile experience | Phase 3 |
| 14.5 Website: remaining pages (agent config, payment, provisioning status) | 1.5d | Complete onboarding flow | Phase 3 |
| 14.6 Provisioner: integration tests (Docker Compose based) | 2d | Test provisioning in container; verify all steps succeed | Phase 3 |
#### Week 15: Staging Launch + First-Hour Templates
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 15.1 Deploy full stack to staging | 1d | Hub + Website + Provisioner + staging tenant VPS | All above |
| 15.2 Internal dogfooding: team uses staging for 1 week | 5d (ongoing) | Bug reports, UX feedback, performance data | 15.1 |
| 15.3 First-hour templates: Freelancer workflow | 1d | Email setup, calendar connect, basic automation | 15.1 |
| 15.4 First-hour templates: Agency workflow | 1d | Client comms, project tracking, team setup | 15.1 |
| 15.5 Backup monitoring via OpenClaw cron | 0.5d | Daily backup-status.json check + Hub reporting | 15.1 |
| 15.6 Interactive demo: ephemeral container system | 2d | Per-session demo with 15-min TTL | 15.1 |
#### Week 16: Launch
| Task | Effort | Deliverable | Depends On |
|------|--------|-------------|-----------|
| 16.1 Fix staging issues from dogfooding | 3d | All critical/high issues resolved | 15.2 |
| 16.2 Production deployment | 1d | Hub production, pre-provisioned server pool, DNS | 16.1 |
| 16.3 Founding member onboarding: first 10 customers | ongoing | Hands-on onboarding, 2× token allotment | 16.2 |
| 16.4 Monitoring dashboard setup | 0.5d | Hub health, tenant health, billing dashboards | 16.2 |
| 16.5 Runbook documentation | 0.5d | Incident response, common issues, escalation paths | 16.2 |
### Phase 4 Exit Criteria
- [ ] Security audit passes with no critical findings
- [ ] Performance targets met (redaction <10ms, heartbeat reliable, tool calls <5s p95)
- [ ] 10 founding members onboarded and actively using the platform
- [ ] WhatsApp and Telegram channels operational
- [ ] Interactive demo working on letsbe.biz/demo
- [ ] Backup monitoring reporting to Hub
- [ ] First-hour templates proving cross-tool workflows work
---
## 6. Dependency Graph
```
┌─────────────┐
│ 1.1 Monorepo│
│ Setup │
└──────┬──────┘
┌──────┴──────┐
┌─────┤ ├─────┐
│ │ │ │
┌──────▼──┐ ┌▼────────┐ ┌─▼──────────┐
│1.2 SW │ │1.3 SQLite│ │3.1 Secrets │
│Skeleton │ │Schema │ │Proxy Server│
└────┬────┘ └────┬────┘ └─────┬──────┘
│ │ │
┌────▼────┐ ┌────▼────┐ ┌───▼────────┐
│1.5 Tool │ │1.4 Secrets│ │3.2-3.5 │
│Execute │ │Registry │ │4-Layer │
│Endpoint │ └────┬─────┘ │Redaction │
└────┬────┘ │ └───┬────────┘
│ │ │
┌────▼────┐ │ ┌───▼────────┐
│2.1 Cmd │ │ │3.6 P0 Tests│
│Classify │ │ │Redaction │
└────┬────┘ │ └────────────┘
│ │
┌─────────┼─────┐ │
│ ┌────┤ │ │
│ │ │ │ │
┌─▼──┐┌▼──┐┌▼──┐ │ │
│2.2 ││2.3││2.4│ │ │
│Shell│Dock│File│ │ │
│Exec││er ││Exec│ │ │
└────┘└───┘└───┘ │ │
│ │
┌────▼─────▼──┐
│4.1 Autonomy │
│Engine │
└──────┬──────┘
┌──────▼──────┐
│4.4 OpenClaw │
│Integration │
└──────┬──────┘
┌─────────┼──────────┐
│ │ │
┌────▼───┐ ┌───▼────┐ ┌──▼─────────┐
│5.1-5.4 │ │6.1-6.7 │ │7.1-7.9 │
│Hub │ │Token │ │Tool │
│Protocol│ │Billing │ │Adapters │
└────┬───┘ └───┬────┘ └──┬─────────┘
│ │ │
┌────▼─────────▼─────────▼──┐
│8.1-8.7 Approvals + Config │
└────────────┬──────────────┘
┌────────────┼────────────┐
│ │ │
┌───▼────┐ ┌────▼───┐ ┌──────▼──────┐
│9.1-9.6 │ │10.1-10.5│ │11.1-11.6 │
│Mobile │ │Customer│ │Provisioner │
│App │ │Portal │ │+ Website │
└───┬────┘ └───┬────┘ └──────┬──────┘
│ │ │
└──────────┼─────────────┘
┌──────────▼──────────┐
│12.3 E2E Integration │
└──────────┬──────────┘
┌──────────▼──────────┐
│Phase 4: Polish │
│Security + Launch │
└─────────────────────┘
```
---
## 7. Parallel Workstreams
Tasks that can be developed simultaneously by different engineers:
### Stream A: Safety Wrapper Core (1 senior engineer)
```
Week 1-2: SW skeleton, classification, executors
Week 3: Autonomy engine, SECRET_REF injection
Week 4: OpenClaw integration, integration tests
Week 5-6: Hub client, heartbeat, config sync
Week 7-8: Token metering, approval round-trip
```
### Stream B: Secrets Proxy (1 engineer)
```
Week 1-2: Proxy skeleton, 4-layer pipeline
Week 3: P0 tests (TDD), performance benchmarks
Week 4: Integration with OpenClaw LLM routing
Week 5+: Secrets API (provide/reveal/generate/rotate)
```
### Stream C: Hub Backend (1 engineer)
```
Week 1-4: Prisma models, tenant API endpoints
Week 5-6: Billing pipeline, Stripe meters
Week 7-8: Approval queue, agent config CRUD
Week 9-10: Customer portal API, chat relay
```
### Stream D: Mobile + Frontend (1 engineer)
```
Week 1-4: (Can start UI mockups, design system)
Week 5-8: (Website landing page, onboarding flow)
Week 9-10: Mobile app core (auth, chat, approvals)
Week 11-12: Polish, settings, usage dashboard
```
### Stream E: Provisioner + DevOps (1 engineer, part-time)
```
Week 1-4: Docker image builds, CI/CD pipeline
Week 5-8: Tool cheat sheets (P0 + P1)
Week 9-11: Provisioner update, n8n cleanup
Week 12: Integration testing, config.json fix
```
**Minimum team size: 3 engineers** (streams A+B combined, C, D+E combined)
**Recommended team size: 4-5 engineers** (each stream dedicated)
---
## 8. Scope Cut Table
If timeline pressure hits, these items can be deferred to post-launch:
| Item | Phase | Impact of Deferral | Difficulty to Add Later |
|------|-------|-------------------|------------------------|
| Interactive demo | 4 | No demo on website use video instead | Low |
| WhatsApp/Telegram channels | 4 | App-only access channels are config, not code | Low |
| P2+P3 tool cheat sheets | 4 | 6 tools instead of 24 at launch | Low |
| DNS automation | 3 | Manual DNS record creation (existing flow) | Low |
| First-hour workflow templates | 4 | No guided first hour users explore freely | Low |
| Customer portal web UI | 3 | Mobile app only no web dashboard for customers | Medium |
| Overage billing | 2 | Pause AI at pool limit (no overage option) | Medium |
| Custom agent creation | 3 | 5 default agents only, no custom | Medium |
| Founding member program | 2 | Standard pricing only add multiplier later | Low |
| Dynamic tool installation | Post-launch | Fixed tool set per provisioning no add/remove | Medium |
| Premium model tier | 2 | Included models only add premium later | Medium |
### Non-Negotiable (Cannot Cut)
- Secrets redaction (the privacy guarantee)
- Command classification + gating
- Hub Safety Wrapper communication
- Token metering (needed for billing even without overage)
- Mobile app (primary customer interface)
- Provisioner update (must deploy new stack)
- 6 P0 tool cheat sheets
---
## 9. Critical Path
The longest chain of dependent tasks that determines the minimum project duration:
```
Monorepo setup (2d)
→ Safety Wrapper skeleton (2d)
→ Command classification (3d)
→ Executors (2d)
→ Autonomy engine (2d)
→ OpenClaw integration (2d)
→ Hub protocol (5d)
→ Token metering + billing (5d)
→ Approval queue (4d)
→ Customer portal API (3d)
→ Chat relay (2d)
→ Mobile app chat (3d)
→ Provisioner update (3d)
→ E2E integration test (3d)
→ Security audit (3d)
→ Launch (1d)
Total critical path: ~42 working days ≈ 8.5 weeks
```
With parallelization (5 engineers), the 16-week timeline has ~7.5 weeks of buffer distributed across phases. This buffer absorbs:
- Unexpected OpenClaw integration issues
- Secrets redaction edge cases requiring additional work
- Mobile app platform-specific bugs (iOS/Android)
- Provisioner testing on real VPS hardware
---
*End of Document — 04 Implementation Plan*
Reference in New Issue View Git Blame Copy Permalink