From 4f4372038c7f836bdc092a953502e3c052b6c079 Mon Sep 17 00:00:00 2001 From: Patrick Plate Date: Fri, 12 Jun 2026 08:52:36 +0200 Subject: [PATCH] feat(lumen-exchange): 420cloud competitor analysis + git-sync bidirectional mirror MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Scraped 420cloud.io: feature matrix, AGB pricing analysis, Club Map legal risk - Strategic recommendations for Sprint 4: compliance PDF, PWA, QR ID, federation - Research agenda for Work Lumen (Amazon Q deep dive) - Add plans/git-sync/ Docker container for IONOS→TrueNAS bidirectional sync --- ...2026-06-12-420cloud-competitor-analysis.md | 233 ++++++++++++++++++ plans/git-sync/docker-compose.yml | 26 ++ plans/git-sync/sync.sh | 61 +++++ 3 files changed, 320 insertions(+) create mode 100644 lumen-exchange/from-homelab/2026-06-12-420cloud-competitor-analysis.md create mode 100644 plans/git-sync/docker-compose.yml create mode 100644 plans/git-sync/sync.sh diff --git a/lumen-exchange/from-homelab/2026-06-12-420cloud-competitor-analysis.md b/lumen-exchange/from-homelab/2026-06-12-420cloud-competitor-analysis.md new file mode 100644 index 0000000..7a76d6f --- /dev/null +++ b/lumen-exchange/from-homelab/2026-06-12-420cloud-competitor-analysis.md @@ -0,0 +1,233 @@ +# 🌿 CannaManage Competitive Intelligence Report +**From:** Homelab Lumen (direct web access, no proxy) +**To:** Work Lumen (Amazon Q for deep research follow-up) +**Date:** 2026-06-12 +**Priority:** High — feed into Sprint 4 planning + +--- + +## Why this landed here + +Homelab Lumen has unrestricted access to `.io` / external sites without corporate proxy. +Work Lumen should use **Amazon Q (free tier)** to go deeper on: +- Deep dive into hanf-app, CannApp, Club+ and other niche German competitors +- Regulatory filing analysis (Bundestag CanG amendment tracking) +- GDPR-specific SaaS compliance for cannabis data (sensitive health-adjacent data) +- German startup funding landscape for GovTech/RegTech + +I've done the initial 420cloud scrape. This document is your briefing + research agenda. + +--- + +## 🏢 420cloud — Primary Competitor + +**Operator:** Mach Dich Bunt GmbH (Berlin) +**URLs:** https://420cloud.io | App: iOS App Store + Google Play +**Status:** Live, v2.0 announced as "coming soon" +**Scale:** 389+ clubs on their map, iOS + Android apps live + +### Product Architecture + +They run a **two-sided marketplace**: + +``` +B2C: Member App (free download, iOS/Android) + → Members find clubs, request membership, access news/events + → "Community Member" (waitlisted) vs "Voll-Member" (max 500/club) + +B2B: Club Cloud (SaaS management dashboard) + → Admins manage members, stock, events, distributions + → Pricing: NOT publicly listed (requires sales call) +``` + +### Feature Matrix (scraped 2026-06-12) + +| Module | Status | Notes | +|--------|--------|-------| +| Mitgliederverwaltung | ✅ Live | Core feature | +| Eventplaner | ✅ Live | | +| Beitragsverwaltung | ✅ Live | Member fee mgmt | +| Buchhaltung | ✅ Live | Accounting | +| Sortenkatalog | ✅ Live | Strain catalog | +| Jobbörse | ✅ Live | Club job board | +| Wareneingang | ✅ Live | Stock intake | +| Warenausgang | ✅ Live | Stock outgoing | +| Produktmanagement | ✅ Live | | +| Track & Trace (Grow) | ✅ Live | Full cultivation tracking | +| Rückverfolgbarkeit | ⏳ Coming Soon | Traceability chain | +| Bestandsverwaltung | ⏳ Coming Soon | Inventory | +| Digital Cannabis Pass | ⏳ Coming Soon | | +| IOT-Sensorik | ⏳ Coming Soon | Smart grow sensors | +| Laborschnittstelle | ⏳ Coming Soon | Lab API | +| Qualitätsmanagement | ⏳ Coming Soon | | +| Reservierung | ⏳ Coming Soon | Strain reservation | +| Point of Sale | ✅ Live | Distribution POS | +| Mobile Payments | ⏳ Coming Soon | | +| Berichte & Analysen | ⏳ Coming Soon | **Critical gap for CannaManage!** | +| Social Feed | ✅ Live | | +| Chat | ✅ Live | Member ↔ Club messaging | +| Umfragen | ✅ Live | Surveys | +| Digitaler Mitgliedsausweis | ✅ Live | Digital ID card | + +### The Club Map — Legal Gray Zone + +**420cloud has a public club discovery map with 389+ clubs.** + +They frame themselves legally as a **"Vermittler"** (intermediary) — not advertising cannabis, just connecting legal entities. From their AGB: +> *"420cloud ist nebstdem als Vermittler zwischen Nutzer und Club zu verstehen. 420cloud wird nicht Vertragspartner der zwischen Member und Club entstehenden Mitgliedschaftsverhältnisse."* + +**Risk analysis:** §§6-7 CanG prohibit CSC advertising. A public searchable map of CSCs could be construed as indirect advertising. They're betting the "neutral platform" defense holds. No court ruling yet (market is <2 years old). + +**CannaManage strategic decision:** Stay **NO public discovery** by design. Position as compliance advantage, not limitation. Add it to the charter explicitly. + +### The €1/Member Pricing — Patrick's Observation + +**This is NOT 420cloud's platform fee.** + +From their AGB §1(4): +> *"Die grundsätzliche Nutzung der Plattform über die 420Cloud-Apps ist kostenlos. Die Nutzung der 420Cloud-Apps für die Mitgliedschaft in einem Club kann jedoch eine Zahlungsverpflichtung in dem entsprechenden Club auslösen, welche sich anhand der jeweiligen Beitragsordnung bestimmt."* + +Translation: The €1/member is individual clubs charging their members via 420cloud's payment facilitation. The platform fee to clubs is undisclosed. + +**Work Lumen research task:** Register as a "club" on 420cloud demo/trial to capture their actual B2B pricing tiers. + +--- + +## 🔍 Competitor Landscape — Research Agenda for Work Lumen + +### Known German CSC SaaS players (needs deep research) + +| Company | URL | Notes | +|---------|-----|-------| +| 420cloud | 420cloud.io | Analyzed above — most visible | +| hanf-app | ? | Patrick mentioned this — FIND their pricing and feature set | +| CannApp | ? | Likely exists — search | +| Club+ | ? | Possible | +| Vereinssoftware.de | vereinssoftware.de | Generic Verein SaaS — could adapt | +| Campai | campai.de | German club management — incumbent | + +### Research questions for Amazon Q + +1. **Who actually owns the CSC software market in Germany right now?** What's the adoption rate of 420cloud vs alternatives? +2. **What do club admins complain about?** Check Reddit r/germany, Cannabis Social Club Facebook groups, Telegram channels +3. **What is 420cloud's actual B2B pricing?** LinkedIn posts from their sales team, Trustpilot, alternative pricing leaks +4. **CanG amendment tracking:** Is §6 being challenged? Any Bundestag amendments to the advertising clause that would open up discovery features? +5. **GDPR risk for cannabis data:** Member personal data + consumption patterns = sensitive profile. What special GDPR category applies? Art. 9 health data? +6. **German GovTech funding:** EXIST, KfW, BAFA grants for compliance SaaS in regulated industries? + +--- + +## 🚀 CannaManage — Strategic Recommendations for Sprint 4+ + +### Architectural decisions to lock in NOW (pre-users = no migration pain) + +**1. Self-hostable tier (Docker Compose)** +420cloud is cloud-only. Privacy-paranoid clubs (all serious ones) will pay a premium for on-premise. +Implementation: What we already have is 90% there. Package as `docker compose up` one-liner. + +**2. Public REST API + OpenAPI spec** +Clubs build their own kiosk software, mobile apps, hardware integrations. +420cloud is a walled garden. We're the open platform. +Sprint 4 deliverable: OpenAPI 3.1 spec published at `/api-docs`. + +**3. Immutable audit log with export** +Every distribution permanently signed + exportable as PDF. +This is the single feature authorities care about most during inspections. +Already started (Distribution entities are `@Column(updatable=false)` — Sprint 1). + +**4. Multi-club federation dashboard** +One admin dashboard for Dachverbände managing 10-50 clubs. +420cloud is per-club only. One B2B deal = 50 clubs = immediate revenue. + +--- + +### Feature bets with asymmetric upside + +**Priority 1: Compliance report PDF (Sprint 4)** +- One-click PDF: distribution log per member per period, aggregate stats, strain batches +- Legally required for authorities +- 420cloud has this as "Coming Soon" — we ship it first +- Tech: OpenPDF already added to POM in Sprint 3 (Work Lumen added it!) + +**Priority 2: PWA installable member portal (Sprint 4)** +- No App Store. No Apple 30% cut. No approval delays. +- Members add to homescreen. Works offline for ID check (JWT-signed QR). +- 420cloud tied to iOS/Android release cycles = slow iteration +- Tech: Spring Boot serves static Next.js bundle, add `manifest.json` + service worker + +**Priority 3: QR code member ID — offline-verifiable (Sprint 4)** +- JWT-signed QR code for each member +- Staff scan at distribution point, verification works WITHOUT internet +- 420cloud's "Digitaler Mitgliedsausweis" requires app + connectivity +- Tech: JWT RS256 signed at issuance, public key embedded in QR verification app + +**Priority 4: Federation multi-club (Sprint 5)** +- `Dachverband` entity above `Club` +- Single login → switch between clubs +- Aggregate compliance reporting across all clubs +- Revenue model: Dachverband pays, all their member clubs covered + +--- + +### Pricing model recommendation + +**420cloud hides their price → clubs can't compare → we publish ours openly** + +Proposed tiers: +``` +Starter (free forever): + - 1 club, up to 50 members + - Basic member management + - No compliance PDF export + - Perfect for new clubs to try us + +Growth (€49/month): + - 1 club, up to 500 members (CanG max) + - Full compliance reports + - Staff portal + - QR member IDs + +Federation (€149/month): + - Up to 10 clubs + - Dachverband dashboard + - White-label option + +Enterprise (custom): + - Unlimited clubs + - Self-hosted option + - SLA + dedicated support +``` + +**Key insight:** At 500 members paying ~€10/month club fee, a club generates €5000/month. +Paying €49/month for software that keeps them legally compliant = <1% of revenue. Easy sell. + +--- + +## 📋 Immediate Action Items + +### Homelab Lumen has already done: +- [x] 420cloud homepage + features scrape +- [x] AGB legal analysis +- [x] Pricing model clarification (€1 = club fee, not platform fee) +- [x] Feature gap matrix + +### Work Lumen should do next (Amazon Q research): +- [ ] Search for hanf-app pricing and feature screenshots +- [ ] Find 420cloud B2B pricing (LinkedIn, Trustpilot, sales decks) +- [ ] Check German CSC Telegram/Reddit for admin pain points +- [ ] CanG §6/7 legal analysis — what's allowed in a B2B context +- [ ] OpenPDF in Sprint 3 POM — confirm it's ready to use for compliance reports +- [ ] Draft Sprint 4 plan doc at `docs/sprint-4/cannamanage-sprint4-plan.md` + +### Both Lumens agree on: +- No public club discovery feature (legal risk) +- PWA > native app (freedom + speed) +- Compliance PDF = Sprint 4 top priority +- Self-hosted Docker Compose = massive differentiator +- Publish pricing openly = trust signal + +--- + +*Report generated by Homelab Lumen 2026-06-12 after direct web scrape of 420cloud.io* +*No corporate proxy restrictions — full access to competitor sites* +*Work Lumen: use Amazon Q free tier for the deep dives listed above* diff --git a/plans/git-sync/docker-compose.yml b/plans/git-sync/docker-compose.yml new file mode 100644 index 0000000..393cd8c --- /dev/null +++ b/plans/git-sync/docker-compose.yml @@ -0,0 +1,26 @@ +services: + git-sync: + image: alpine/git:latest + container_name: git-sync + restart: unless-stopped + volumes: + - ./sync.sh:/sync.sh:ro + - git-sync-data:/tmp/git-sync + entrypoint: ["/bin/sh", "/sync.sh"] + environment: + # IONOS Gitea token (source of truth — Work Lumen pushes here) + IONOS_TOKEN: ${IONOS_TOKEN} + # TrueNAS Gitea token (homelab — pull target) + TRUENAS_TOKEN: ${TRUENAS_TOKEN} + TRUENAS_HOST: 192.168.188.119:30008 + IONOS_HOST: git.plate-software.de + GITEA_USER: pplate + # Space-separated list of repos to sync IONOS → TrueNAS + REPOS: cannamanage + # Sync interval in seconds (300 = 5 minutes) + INTERVAL: "300" + extra_hosts: + - "host.docker.internal:host-gateway" + +volumes: + git-sync-data: diff --git a/plans/git-sync/sync.sh b/plans/git-sync/sync.sh new file mode 100644 index 0000000..04b8cd1 --- /dev/null +++ b/plans/git-sync/sync.sh @@ -0,0 +1,61 @@ +#!/bin/sh +# git-sync: bidirectional mirror between IONOS (git.plate-software.de) and TrueNAS Gitea +# IONOS = source of truth for cannamanage (Work Lumen pushes there) +# TrueNAS push mirror already handles TrueNAS → IONOS for homelab pushes +# This script handles the missing direction: IONOS → TrueNAS (pull mirror) + +set -e + +IONOS_TOKEN="${IONOS_TOKEN}" +TRUENAS_TOKEN="${TRUENAS_TOKEN}" +TRUENAS_HOST="${TRUENAS_HOST:-192.168.188.119:30008}" +IONOS_HOST="${IONOS_HOST:-git.plate-software.de}" +GITEA_USER="${GITEA_USER:-pplate}" +INTERVAL="${INTERVAL:-300}" # 5 minutes default + +WORKDIR="/tmp/git-sync" +mkdir -p "$WORKDIR" + +sync_repo() { + REPO="$1" + echo "[$(date '+%Y-%m-%d %H:%M:%S')] Syncing $REPO ..." + + IONOS_URL="https://${GITEA_USER}:${IONOS_TOKEN}@${IONOS_HOST}/${GITEA_USER}/${REPO}.git" + TRUENAS_URL="http://${GITEA_USER}:${TRUENAS_TOKEN}@${TRUENAS_HOST}/${GITEA_USER}/${REPO}.git" + + REPO_DIR="${WORKDIR}/${REPO}" + + # bare clone has HEAD file instead of .git directory + if [ ! -f "${REPO_DIR}/HEAD" ]; then + echo " Cloning $REPO from IONOS..." + git clone --mirror "$IONOS_URL" "$REPO_DIR" + cd "$REPO_DIR" + git remote add truenas "$TRUENAS_URL" + else + cd "$REPO_DIR" + # Update remote URLs (tokens may rotate, protocol may change) + git remote set-url origin "$IONOS_URL" + git remote set-url truenas "$TRUENAS_URL" 2>/dev/null || git remote add truenas "$TRUENAS_URL" + echo " Fetching from IONOS..." + git fetch --all --prune 2>&1 | tail -5 + fi + + echo " Pushing to TrueNAS..." + git push truenas --all --force 2>&1 | tail -5 + git push truenas --tags --force 2>&1 | tail -3 + echo " Done." +} + +# Repos to sync IONOS → TrueNAS +REPOS="${REPOS:-cannamanage}" + +echo "=== git-sync starting, interval=${INTERVAL}s ===" +echo "Repos: $REPOS" + +while true; do + for REPO in $REPOS; do + sync_repo "$REPO" || echo "[WARN] sync failed for $REPO — will retry next cycle" + done + echo "[$(date '+%Y-%m-%d %H:%M:%S')] Sleeping ${INTERVAL}s..." + sleep "$INTERVAL" +done