pplate/pi_mcps
1
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

docs(plans): add CannaManage SaaS strategy — cannabis club management for Germany

Browse Source 
- Legal feasibility check vs CanG (Konsumcannabisgesetz): LEGAL as B2B Vereinsverwaltungs-Software
- B2B SaaS for Anbauvereinigungen: member management, distribution tracking, compliance reports
- Tech stack: Spring Boot 3.x (Java 21) + JPA/Hibernate, PrimeFaces MVP, PostgreSQL + Flyway
- Mobile: PWA → Kotlin Android → Kotlin Multiplatform (natural path for Java developer)
- Revenue model: freemium (free ≤30 members), paid tiers €29-€179/month
- Market: 500-3000 clubs forming, zero dedicated tooling exists (first mover window)
- Also adds BIGMIND_HOSTED_MVP.md (BigMind SaaS vision plan)
This commit is contained in:
pplate
2026-04-04 10:52:17 +02:00
parent 8729f541c0
commit 21956f7a42
2 changed files with 723 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plans/BIGMIND_HOSTED_MVP.md
+212
View File
@@ -0,0 +1,212 @@
# BigMind Hosted MVP Plan
> **Created:** 2026-04-04
> **Authors:** Patrick + Lumen
> **Status:** Brainstorm → Planning
---
## Vision
**BigMind as a hosted, multi-tenant, privacy-first AI memory platform.**
Every developer gets their own isolated, persistent brain — a memory layer that lives outside any single IDE or AI provider. Your AI colleague remembers you across sessions, across tools, across machines. Your memory is yours alone. Nobody else's knowledge poisons yours.
Optional: A shared collective layer (MegaMind) where users explicitly contribute facts to a common knowledge pool — think public Stack Overflow threads, but for AI-assistant context.
**Revenue model:** Monthly subscription per user. Freemium tier to drive adoption.
---
## Why we're already closer than it feels
| Component | Status |
|-----------|--------|
| Per-user isolation | ✅ `user_id` in every BigMind table already |
| Memory persistence | ✅ SQLite per user, trivially isolatable |
| Web profile UI | ✅ Flask app on port 7700 already running |
| 30+ MCP tools | ✅ All implemented, tested, production-quality |
| Session lifecycle | ✅ Start/end/close-stale already solid |
| Hypotheses / facts / chunks | ✅ Full Tier 0-3 storage working |
| MegaMind shared layer | 📝 In plans, Phase 3/4 |
| Auth (sign-up / login) | ❌ Not started |
| Hosted deploy (VPS) | ❌ Local only today |
| Billing (Stripe) | ❌ Not started |
| MCP bridge for hosted users | ❌ Not started |
| Frontend beyond profile page | ❌ Not started |
---
## Architecture — What "hosted" looks like
```
User's IDE (VS Code / Cursor / IntelliJ)
│ MCP protocol (stdio or HTTP SSE)
BigMind Hosted MCP Server ◄─── per-user auth token in env
│ SQLite reads/writes
User DB (isolated per account)
/data/users/{user_id}/memory.db
┌────────────────────────────────────┐
│ BigMind Web (Flask on port 443) │
│ - Sign up / Login │
│ - Profile page (existing) │
│ - Account settings │
│ - MegaMind opt-in toggle │
└────────────────────────────────────┘
(Optional, Phase 2+)
┌────────────────────────────────────┐
│ MegaMind Shared Layer │
│ - Public facts from opted-in users│
│ - Read-only collective knowledge │
│ - Poisoning is impossible: users │
│ can only see what they share │
└────────────────────────────────────┘
```
**Privacy guarantee:** Your DB is a file only your process touches. Even if you contribute to MegaMind, you choose exactly which facts go public. Malicious or wrong facts stay in your private brain — they never propagate.
---
## Tech Stack Choices
### Backend
| Layer | Choice | Reason |
|-------|--------|--------|
| MCP server | FastMCP (existing) | Already working, no reason to change |
| Web framework | Flask (existing) | Already in codebase, keeps it simple |
| Auth | Flask-Login + bcrypt | Lightweight, well-understood, no new infra |
| DB | SQLite per user (existing pattern) | Simple, zero ops, trivially backupable |
| Token generation | Python `secrets` module | User gets an API token for MCP bridge |
### Infrastructure
| Layer | Choice | Reason |
|-------|--------|--------|
| VPS | Hetzner CX22 (~€5/mo) | Cheap, EU datacenter, excellent perf/price |
| Deploy tool | Coolify (Docker-based PaaS) | One-command deploys, free, self-hosted |
| Reverse proxy | Caddy (via Coolify) | Auto HTTPS, simple config |
| Domain | TBD (e.g. bigmind.dev) | ~€10/year |
### Payment (Phase 2)
| Layer | Choice | Reason |
|-------|--------|--------|
| Billing | Stripe | Industry standard, dev-friendly, EU-compliant |
| Pricing | €0 free / €9 solo / €19 team | TBD, just a starting point |
---
## Phases
### Phase 0 — Foundation (now, no new infra needed)
**Goal:** Make BigMind deployable as a multi-user service without breaking local usage.
- [ ] Refactor `memory.db` path to be configurable via `BIGMIND_DB_PATH` env var
- [ ] Each user gets `BIGMIND_DB_PATH=/data/users/{token}/memory.db`
- [ ] Confirm all 297 tests still pass with path override
- [ ] Write a `Dockerfile` for BigMind MCP server
- [ ] Write a `docker-compose.yml` for local multi-user testing
**Skill gap:** None — pure Python + Docker. We can do this now.
---
### Phase 1 — Auth + Web Portal (the real first hurdle)
**Goal:** A stranger can sign up, get a token, and connect their IDE to their hosted BigMind.
- [ ] Add `users` table to a separate `app.db` (separate from memory DBs)
- `id`, `email`, `password_hash`, `api_token`, `created_at`, `plan`
- [ ] Flask routes: `/signup`, `/login`, `/logout`, `/dashboard`
- [ ] Dashboard shows: token (copy to clipboard), DB stats, link to profile page
- [ ] Profile page becomes accessible at `/profile?token={token}` (auth-gated)
- [ ] Token is what users paste into their IDE's MCP env config
- [ ] Email verification (optional for MVP — add later)
**Skill gap:** Flask auth is straightforward. `Flask-Login` + `bcrypt`. Nothing here requires React.
---
### Phase 2 — Hosted Deploy (first public user possible)
**Goal:** BigMind runs on a real VPS, accessible to the world.
- [ ] Provision Hetzner VPS (CX22, Ubuntu 24 LTS)
- [ ] Install Coolify on VPS
- [ ] Push Docker image to Gitea registry or Docker Hub
- [ ] Deploy via Coolify: web container + data volume for user DBs
- [ ] Configure Caddy for HTTPS on custom domain
- [ ] Smoke test: sign up → get token → wire into VS Code → memory_start_session works
**Skill gap:** Docker + Coolify + Caddy. All documented, not scary. Hetzner has great guides.
---
### Phase 3 — Billing (first paying customer possible)
**Goal:** Someone can pay €9/month and get their brain.
- [ ] Stripe account set up (business: Patrick as sole proprietor or GbR with Elias/Klaus?)
- [ ] Stripe Checkout: user clicks "Upgrade", redirected to Stripe, comes back with `plan=solo`
- [ ] Webhook: `customer.subscription.created` → update `users.plan` in `app.db`
- [ ] Free tier limit: e.g., 500 facts max, no MegaMind access
- [ ] Paid tier: unlimited facts, MegaMind read access
**Skill gap:** Stripe webhooks are well-documented. Python `stripe` SDK is simple. Need a registered business for VAT compliance in DE — this is a real overhead but manageable.
---
### Phase 4 — MegaMind Shared Layer (differentiation)
**Goal:** Users who opt in contribute to a collective knowledge pool. Read-only for all users.
- [ ] New `megamind.db` — a single shared SQLite (or Postgres if scale demands)
- [ ] Facts table: `fact`, `category`, `contributed_by`, `upvotes`, `created_at`
- [ ] `memory_store_fact(..., public=True)` — contributes to MegaMind
- [ ] `memory_search_facts()` — searches personal brain first, then MegaMind as fallback
- [ ] Profile page shows MegaMind contribution count as a badge
- [ ] Moderation: auto-reject facts with PII patterns (email regex, etc.)
**Skill gap:** SQLite concurrency (WAL mode already in use). No new infra. The hard part is moderation — keep it simple for MVP.
---
## Skill gaps to close — learning roadmap
| Gap | Priority | How to close |
|-----|----------|-------------|
| Flask auth (login/sessions) | 🔴 Blocker for Phase 1 | `Flask-Login` docs are 30 min read. Build it directly. |
| Docker + Coolify deploy | 🔴 Blocker for Phase 2 | Coolify has great tutorials. 1 weekend to learn. |
| Stripe basics | 🟡 Phase 3 | Stripe's Python quickstart is excellent. |
| TypeScript (optional) | 🟢 Nice-to-have | Expands MCP ecosystem reach. Not urgent. |
| React/Next.js | 🟢 Later | Not needed until Phase 4+. Flask HTML is enough for MVP. |
| German business registration | 🟡 Phase 3 | Gewerbeanmeldung + Steuerberater. Do before Stripe. |
---
## What we're NOT building (scope control)
- ❌ Mobile app — not yet
- ❌ Team collaboration features — not yet (Phase 5+)
- ❌ Custom AI model training on memory — this is the "evil training" problem Patrick raised. Architecture answer: personal brains are isolated, so user trains their own brain. We never aggregate across users without explicit consent.
- ❌ Full SPA frontend — Flask server-side HTML is fine for MVP. Don't over-engineer.
---
## The ethical foundation
Patrick put it well: *"if people train evil stuff they only have it for them, which I can live with."*
This is the right architecture and the right mindset. BigMind doesn't curate your memories. It doesn't run your facts through a classifier. Your brain is yours. The only guarantee we make: **nothing leaves your brain unless you explicitly push it to MegaMind.**
This also means we never have a moral liability for what someone stores. We're a memory layer, not a judge.
---
## First concrete next step
**Today's action:** Write the `Dockerfile` for BigMind and confirm it boots cleanly with `BIGMIND_DB_PATH` as an env override. That's Phase 0, item 1. Everything else follows from that.
---
*Last updated: 2026-04-04 by Lumen*