DOCUMENTATION HUB·LEVEL_2

Ironframe Monetization & Market Blueprint — Q2 2026 (Board Priority Brief)

REF_PATH: stakeholder-deck/ironframe-monetization-market-blueprint-2026-q2SOURCE: APP_DOCUMENTS_DB

Ironframe Monetization & Market Blueprint — Q2 2026 (Board Priority Brief)

Classification: Board / Executive — Strategic Intel Update companion
Version: 2026-06-14
Decision locked: Phase 1 = sales-assisted invite-only (not self-serve multi-subdomain provisioning)


Where the app is today

Ironframe is past prototype and into design-partner / demo-ready territory. Docs baseline: v0.1.0-ga-epic17 (docs/hub.md).

Core (real, shippable):

  • Auth & sessions — Supabase login, middleware, password recovery
  • Multi-tenant GRC dashboard — Command Center, integrity hub, threat pipeline, role-gated views
  • Financial integrity — BigInt ALE baselines, governed liability math (Medshield / Vaultbank / Gridcore)
  • Operational depth — Irongate ingest, Vercel crons, Resend email alerts, exports, substantial test coverage
  • Documentation engine — 3 AM cron; glossary updating from code deltas

Position: Credible technical platform for pilots and demos — not yet commercial SaaS on autopilot.


P0 — Hard stops before taking money

GapWhy it matters
No billing railNo Stripe/PSP, no subscription model in Prisma, no checkout/webhooks. SaaSPricingModel.tsx / useComputeBilling.ts = simulation UI only.
No published pricingdocs/sales/pricing-and-packaging.md is internal; tiers say Contact sales.
No legal surfaceNo /terms, /privacy, DPA in app.
Production quarantineCloud blocks / and /login without bypass — customers cannot sign up on preview/prod.
Invite-only, no admin UIinviteCorporateTenantUserAction exists; nothing in UI calls it. Manual scripts + Supabase dashboard.
No self-serve signupLogin only — no signup → pay → tenant flow.
Ops checklist opendocs/GA_OPEN_ROADMAP.md, docs/TIER_A_VERCEL_STAGING_CHECKLIST.md — PKI keys, cron smoke, Electricity Maps key.

Minimum first dollar: billing + legal pages + customer entry path (self-serve OR sales-assisted invite UI) + narrow production quarantine for public routes.


P1 — Credible paid pilots (design partners)

GapReality
Tenant lifecycleTenants mostly from seed; invites limited to known slugs.
Tier entitlementsNo server-side plan gating (Vault, Sustainability, export quotas).
WORM / Epic 12 (~70%)Do not sell immutable evidence locker as GA until closed.
19-agent story vs codeMarketing says 19; orchestration partial — label stubs or finish Epic 10.
Stub surfacesVendor risk, Ironintel OSINT, some governance pages = demo placeholders.
Compliance marketingSOC 2–aligned, not certified — keep in sales collateral.
Customer-facing docsMany /docs/*-enablement/ = STAGED DRAFT scaffolds.

Phase 1 — First revenue (4–6 weeks) — SALES-ASSISTED INVITE ONLY

Tactical choice: Human-in-the-loop validation + inviteCorporateTenantUserAction + Stripe billing hook. Defer self-serve multi-subdomain automation.

  1. Stripe — Products for proposed tiers; webhook → TenantBilling; gate dashboard on subscription status.
  2. Legal/terms, /privacy; link from marketing + login.
  3. Onboarding — Admin invite UI → inviteCorporateTenantUserActiontenantId for Stripe metadata on manual payment links.
  4. Production access — Quarantine policy: allow /, /login, auth callbacks on production URL.
  5. Pricing page — Approved SKUs (even “starting at $X/mo” for Command tier only).

Database — TenantBilling (Prisma)

model TenantBilling {
  id                   String   @id @default(dbgenerated("gen_random_uuid()")) @db.Uuid
  tenantId             String   @unique @db.Uuid
  stripeCustomerId     String?  @unique
  stripeSubscriptionId String?  @unique
  planTier             String   @default("COMMAND") // COMMAND, GOVERNANCE, ENTERPRISE
  status               String   @default("INACTIVE") // ACTIVE, PAST_DUE, CANCELED, INACTIVE
  createdAt            DateTime @default(now())
  updatedAt            DateTime @updatedAt
  tenant               Tenant   @relation(fields: [tenantId], references: [id], onDelete: Cascade)
}

Stripe webhook — app/api/webhooks/stripe/route.ts

  • Verify stripe-signature with STRIPE_WEBHOOK_SECRET
  • Handle customer.subscription.created|updated|deleted
  • Upsert TenantBilling via subscription.metadata.tenant_id and plan_tier
  • Map activeACTIVE, else PAST_DUE; deletion → CANCELED

Launch sequence

[ Step 1: prisma migrate ] → [ Step 2: Admin invite UI ] → [ Step 3: De-quarantine marketing/auth ]
  • Step 1: npx prisma migrate dev --name init_tenant_billing_rails
  • Step 2: app/(admin)/admin/tenants/page.tsx — GLOBAL_ADMIN gate; provision tenant + invite; attach tenantId to Stripe invoice metadata
  • Step 3: Middleware — public paths: /, /login, /terms, /privacy; maintain dashboard isolation

Phase 2 — Defensible paid pilots

  1. Entitlements by tier (server-side module flags)
  2. Metering — AgentComputeLog → usage billing
  3. Ops green — Tier A checklist + cloud integration gate
  4. Honest product map — hide/badge stubs; ship support guide

Phase 3 — Enterprise / MSSP

  1. Epic 12 WORM GA
  2. Epic 10 full 19-agent orchestration
  3. MSSP multi-tenant ops, DPA pack, optional SOC 2 audit path

Bottom line (board)

  • Strength: Real GRC platform — suitable for paid design partners with manual invoicing today.
  • Not ready: Self-serve SaaS, website checkout, enterprise procurement without billing + legal + onboarding + prod ingress.
  • Fastest move: One tier (Command), one price, Stripe Checkout or invoice links, invite/admin UI, legal pages, open prod login — sell 2–3 design partners while hardening P1.

2026 GRC market landscape (mid-year)

Industry shift: manual point-in-time audits → continuous, telemetry-driven, agentic GRC. Drivers: DORA enforcement, EU AI Act high-risk (Aug 2, 2026), UK CS&R Bill, NYDFS Part 500 MFA (Nov 1, 2026), CMMC 2.0 Phase 2 C3PAO (Nov 10, 2026).

Competitor matrix (selected)

PlatformTargetCore strengthMid-market fit
ServiceNow GRCEnterpriseCMDB workflowLow
MetricStreamRegulated enterpriseUCF mappingLow
Drata / VantaStartupsSOC2 automationHigh basic / low complex GRC
SprintoCloud mid-market35+ frameworksVery high
Risk CognizanceMid-marketGRC + dark webHigh ($6/user/mo)
CompylEnterprise + midSingle-tenant isolationVery high
SureCloudRegulated midCCM + GRACiE AIHigh
Optro (ex-AuditBoard)Enterprise auditMCP server (Apr 2026)Moderate
EnactiaFinTech / healthcareParallel multi-reg mappingHigh

Ironframe differentiation: Built-in continuous telemetry validation (Irongate) vs Optro-style query of existing records; BigInt ALE math vs qualitative heatmaps; self-hosted agent sandbox pattern (Anthropic May 2026) for enterprise containment narrative.


Agentic AI governance risk surface (2026)

  • Privilege drift — agents accumulate excessive permissions
  • Shadow agents — personal no-code agents persist after employee departure
  • MCP bypass — agents route around governance to scrape data

Mitigation blueprint: Self-hosted sandboxes + MCP tunnels (Anthropic May 19, 2026) — orchestration in cloud; tool execution in customer VPC (Cloudflare microVMs, Daytona, Modal, Vercel VPC).


Engineering backlog — regulatory alignment (Epics 8–12)

EpicFocus2026 deadline hookEffort
8 Audit Intelligence & framework mappingRAG readiness, Irontally crosswalkEU AI Act Art. 9–15 (Aug 2, 2026)2 sprints
9 External ingress & zero-trust telemetryIrongate Zod schemas, webhooksAnthropic sandbox pattern; NYDFS MFA (Nov 1, 2026)2 sprints
10 ALE math engineBigInt baselines (Medshield $11.1M, Vaultbank $5.9M, Gridcore $4.7M)CMMC Phase 2 / NIST 800-171 Rev 2 (Nov 10, 2026); FCA liability on false SPRS2–3 sprints
11 Full 19-agent orchestrationLangGraph, MCP control planePrivilege drift / immutable agent logs3 sprints
12 Production hardening & GARLS, Playwright 85%+, VAPTUK CS&R 24h/72h incident reporting; DORA TLPT2–3 sprints

Irongate validation (reference)

All external telemetry must pass Zod schemas at API boundary — UUID alert IDs, BigInt assetValueCents, ISO-8601 timestamps, enum source / telemetryType.

UI/UX state borders (RiskCard)

  • Assigned: border-cyan-400
  • Processing: border-amber-500 animate-pulse
  • Verified: border-emerald-500
  • Quarantine fault: border-red-500 (TTL breach / Ironlock interrupt)

Financial stress

  • 1,000-packet stress accumulator — zero float drift
  • Stryker mutation score ≥ 85% on ALE ordering
  • SHA-256 manifests for agent runtimes post-orchestration stability

Executive value drivers (pitch)

  1. Automation — Up to 80% reduction in manual compliance mapping (Enactia / continuous GRC benchmarks)
  2. Quantitative CRQ — ALE = ARO × SLE; SLE = AV × EF; ROSI justification to CFO (e.g. MFA $200k → ALE $2.3M → $800k)
  3. Immutable GRC chronicle — Continuous auditable ledger vs point-in-time PDFs (~40% audit hour reduction cited industry-wide)
  4. Time-to-value — Vs multi-month legacy GRC implementations; Optro customer refs: PetSmart 1,400h/yr, Lennar 64% control dedup, Edgewell 400h/qtr

Board agent directives

  • CFO / Sales Leader: Phase 1 = Command tier flat annual fee (BigInt cents); reject seat-based pricing in all models.
  • CTO / Engineer: Implement TenantBilling + Stripe webhook before marketing “paid pilot” language.
  • Legal: Terms/privacy/DPA stubs before first design-partner MSA.
  • GRC Evangelist: Never claim SOC 2 certification — aligned only.
  • Ironintel / Ironscribe: Prioritize Aug 2026 EU AI Act and Nov 2026 CMMC/NYDFS hooks in board packets (LP-10 / LP-16).
  • CEO: Fastest revenue = 2–3 design partners on sales-assisted invite + manual Stripe until Phase 2 entitlements ship.

End board brief — ingest via IronBoard docs federation + stakeholder-deck matrix.