stratumiops/docs/en/ia/ia-stratumiops-projects-positioning.md

# AI Portfolio: Strategic Positioning

## Target Market

### Primary Segments

| Segment | Size | Key Need | Solution |
| --------- | ------ | ---------- | ---------- |
| **Development teams (10-50 devs)** | Mid-market | Manage LLM costs without losing quality | Vapora with budgets and intelligent routing |
| **Multi-project organizations** | Enterprise | Preserve knowledge across teams | Kogral with guideline inheritance |
| **DevOps with multi-cloud** | SMB/Enterprise | Typed IaC with AI assistance | Provisioning + MCP Server |
| **Teams using Claude Code** | Individual/Team | Project context for agents | Kogral + 7 native MCP tools |
| **Post-quantum adopters** | Enterprise/Gov | Production-ready PQC today | SecretumVault with ML-KEM-768/ML-DSA-65 |

### Market Trends (2025-2026)

- **LLM spending growth**: 340% year-over-year in development teams
- **Quantum threat timeline**: NIST recommends PQC adoption by 2030
- **Agent adoption**: 67% of teams using 3+ LLM providers
- **Multi-cloud**: 89% of enterprises using 2+ cloud providers

---

## Competitive Analysis

### Vapora vs LangChain/LlamaIndex

| Aspect | Vapora | LangChain | LlamaIndex |
| -------- | -------- | ----------- | ------------ |
| **Agent learning** | Execution profile with recency bias | Static chains | Static workflows |
| **Budget control** | Per-role budgets with automatic fallback | Manual | Manual |
| **Multi-provider** | 4 LLM providers with intelligent routing | Yes (via adapters) | Yes (via adapters) |
| **Cost tracking** | Real-time per agent/task/project | No native support | No native support |
| **Persistence** | SurrealDB with multi-tenant scopes | DIY | DIY |
| **Language** | Rust (performance, type-safe) | Python (GIL, optional typing) | Python |

**Vapora differentiator**: **Agents that learn which provider is best for each task** based on historical performance.

### Vapora vs CrewAI/AutoGen

| Aspect | Vapora | CrewAI | AutoGen |
| -------- | -------- | -------- | --------- |
| **Orchestration** | NATS JetStream with retries | Sequential/hierarchical | Graph-based |
| **Agent roles** | 12 specialized (Architect, Developer, Reviewer...) | Generic roles | Generic agents |
| **Approval gates** | Configurable checkpoints in pipelines | No | No |
| **Multi-tenancy** | Native (SurrealDB scopes) | DIY | No |
| **Cost visibility** | Budget dashboard per role | No | No |
| **Language** | Rust | Python | Python |

**Vapora differentiator**: **Production-grade orchestration** with NATS, not just sequential execution.

---

### Kogral vs Obsidian/Notion

| Aspect | Kogral | Obsidian | Notion |
| -------- | -------- | ---------- | -------- |
| **Node types** | 6 specialized (Note, Decision, Guideline, Pattern, Journal, Execution) | Generic markdown | Generic blocks |
| **Version control** | Git-native (everything in markdown) | Vault-based (no native git) | SaaS (no git) |
| **Guideline inheritance** | Organization → Project → Developer | No | No |
| **MCP integration** | 7 native tools for Claude Code | No | No |
| **Query language** | Cypher-like for knowledge graph | Dataview plugin (limited) | Database queries |
| **AI context** | Agents query guidelines before generating code | Manual copy-paste | Manual copy-paste |

**Kogral differentiator**: **Knowledge that AI agents can query** before generating code, not just human-readable docs.

### Kogral vs Confluence/Wiki.js

| Aspect | Kogral | Confluence | Wiki.js |
| -------- | -------- | ------------ | --------- |
| **Storage** | Git-native markdown | Database/SaaS | Database |
| **Structured nodes** | 6 types with relationships | Pages with labels | Pages with tags |
| **ADR support** | Native (Decision node type) | Template-based | Template-based |
| **AI integration** | MCP Server for Claude Code | No | No |
| **Multi-tenancy** | Organization/Project isolation | Spaces | Spaces |
| **Backup** | Git clone | Database export | Database export |

**Kogral differentiator**: **Git-native knowledge graph** with first-class AI integration.

---

### TypeDialog vs Multiple Tools

| Aspect | TypeDialog | Alternatives |
| -------- | ------------ | -------------- |
| **Backends** | 6 (CLI, TUI, Web, AI, Agent, Prov-gen) | 1 per tool |
| **Single definition** | TOML → all backends | Duplicate logic |
| **Type validation** | Nickel contracts (pre-runtime) | Runtime errors (Pydantic, Joi) |
| **Agent execution** | .agent.mdx files with 4 LLM providers | Separate tools |
| **IaC generation** | Forms → Nickel IaC → 6 clouds | Manual |
| **i18n** | Fluent (Mozilla) | Per-backend |

**TypeDialog differentiator**: **One definition, execute anywhere** including AI agents.

### TypeDialog vs Streamlit/Gradio

| Aspect | TypeDialog | Streamlit | Gradio |
| -------- | ------------ | ----------- | -------- |
| **Target** | Forms for automation + UI | Dashboards | ML demos |
| **Backends** | 6 (including CLI, Agent) | Web only | Web only |
| **Validation** | Nickel (pre-runtime) | Python (runtime) | Python (runtime) |
| **Language** | Rust | Python | Python |
| **Deployment** | CLI/TUI/Web/Agent | Web server | Web server |

**TypeDialog differentiator**: **Configuration wizards** that work in terminal, web, and AI agents.

---

### Provisioning vs Terraform/Pulumi

| Aspect | Provisioning | Terraform | Pulumi |
| -------- | -------------- | ----------- | -------- |
| **Configuration** | Nickel (typed, lazy) | HCL (runtime errors) | Python/TypeScript/Go |
| **Validation** | Compile-time | Plan-time | Runtime |
| **Rollback** | Automatic on failure | Manual | Manual |
| **Checkpoints** | Built-in with recovery | No | No |
| **MCP Server** | Native (NLP queries) | No | No |
| **RAG integration** | 1,200+ docs for context | No | No |
| **Multi-cloud** | AWS, UpCloud, Local (LXD) | 300+ providers | 100+ providers |
| **Language** | Rust | Go | Go/Node |

**Provisioning differentiator**: **Typed IaC with AI-assisted generation** and automatic rollback.

### Provisioning vs Ansible/Chef

| Aspect | Provisioning | Ansible | Chef |
| -------- | -------------- | --------- | ------ |
| **Paradigm** | Declarative IaC | Imperative playbooks | Declarative recipes |
| **Validation** | Nickel type system | YAML linting | Ruby syntax |
| **State** | Explicit (SurrealDB) | Implicit (no state) | Explicit (Chef Server) |
| **Orchestration** | Dependency graph with parallelism | Sequential tasks | Dependency graph |
| **Agent** | Agentless | Agentless | Agent-based |
| **AI integration** | MCP Server + RAG | No | No |

**Provisioning differentiator**: **Declarative IaC** with validation before execution, not imperative scripts.

---

### SecretumVault vs HashiCorp Vault

| Aspect | SecretumVault | HashiCorp Vault |
| -------- | --------------- | ----------------- |
| **Post-quantum** | **Production (ML-KEM-768, ML-DSA-65)** | Experimental |
| **Crypto backends** | 4 (OpenSSL, OQS, AWS-LC, RustCrypto) | 1 (Go crypto) |
| **Storage backends** | 4 (Filesystem, etcd, SurrealDB, PostgreSQL) | 10+ |
| **Secrets engines** | 4 (KV, Transit, PKI, Database) | 10+ |
| **Language** | Rust (memory-safe) | Go |
| **License** | Proprietary/TBD | BSL 1.1 (non-commercial) |
| **Cedar policies** | Native ABAC | Sentinel (enterprise) |

**SecretumVault differentiator**: **Production-ready post-quantum cryptography** today, not experimental.

### SecretumVault vs AWS Secrets Manager/Azure Key Vault

| Aspect | SecretumVault | AWS Secrets Manager | Azure Key Vault |
| -------- | --------------- | --------------------- | ----------------- |
| **Self-hosted** | Yes | No (SaaS only) | No (SaaS only) |
| **Post-quantum** | ML-KEM-768, ML-DSA-65 | No | No |
| **Multi-cloud** | Yes (portable) | AWS only | Azure only |
| **Crypto agility** | 4 backends | Fixed | Fixed |
| **Pricing** | Self-hosted (no per-secret cost) | $0.40/secret/month | $0.03/10K operations |

**SecretumVault differentiator**: **Self-hosted with PQC**, no vendor lock-in.

---

## Use Cases by Persona

### AI Engineer

**Problem**: Using Claude, OpenAI, and Gemini for different tasks. No visibility of which model is best for what. Monthly bill growing uncontrollably.

**Solution**:
1. **Vapora** coordinates agents with budget per role
2. **Kogral** provides patterns and decisions to agents via MCP
3. **TypeDialog** captures agent configurations in .agent.mdx files
4. **SecretumVault** stores API keys securely

**Result**: 40% cost reduction through intelligent routing. Agents query guidelines before generating code.

---

### Tech Lead (Multi-Project)

**Problem**: 5 projects with different conventions. New developers ask "how do we do X here?" repeatedly. Knowledge in Slack threads.

**Solution**:
1. **Kogral** with guideline inheritance (Organization → Project)
2. Capture decisions as ADRs in Decision nodes
3. **MCP integration** so Claude Code respects conventions
4. Git-native: all knowledge versioned and auditable

**Result**: Onboarding time reduced from 3 weeks to 5 days. AI-generated code follows project conventions.

---

### DevOps Engineer (Multi-Cloud)

**Problem**: AWS + UpCloud infrastructure. YAML everywhere. Configuration errors discovered at runtime. No automatic rollback.

**Solution**:
1. **Provisioning** with Nickel IaC (typed, validated)
2. **MCP Server** for NLP queries: "What's the VPC configuration for production?"
3. Orchestrator with checkpoints and automatic rollback
4. **SecretumVault** for credentials and cloud API keys

**Result**: 80% reduction in runtime errors. Infrastructure changes with automatic rollback on failure.

---

### Security Engineer

**Problem**: Preparing for post-quantum threats. NIST recommends migration by 2030. Current vault (HashiCorp) without production-ready PQC.

**Solution**:
1. **SecretumVault** with OQS backend (ML-KEM-768, ML-DSA-65)
2. Crypto agility: switch between OpenSSL/OQS without code changes
3. Multi-backend storage (etcd for HA, PostgreSQL for audit)
4. Cedar policies for fine-grained ABAC

**Result**: PQC in production today. Gradual migration without downtime.

---

## Integration Scenarios

### Scenario 1: Feature Development with AI

```text
Developer starts task "Add OAuth2 authentication"
                    ↓
    Kogral (MCP) → "Are there auth guidelines?"
                    ↓
         Returns: "Use oauth2-rs crate + Cedar policies"
                    ↓
    Vapora assigns Architect agent → Designs architecture
                    ↓
         Developer agent implements → Queries Kogral for patterns
                    ↓
         Reviewer agent validates → Checks Cedar policies
                    ↓
    TypeDialog captures OAuth2 config (client_id, scopes)
                    ↓
    SecretumVault stores client_secret with TTL
                    ↓
    Kogral records ADR: "Why OAuth2 over SAML"
```

**Benefit**: Agent-generated code respects conventions. Decisions documented. Secrets secured.

---

### Scenario 2: Multi-Cloud Infrastructure

```text
"Need a K8s cluster on AWS with 3 nodes and RDS PostgreSQL"
                    ↓
         Provisioning MCP Server (NLP query)
                    ↓
         RAG searches similar configurations
                    ↓
         Generates Nickel IaC + validates types
                    ↓
    TypeDialog wizard for cluster parameters (region, instance_type)
                    ↓
         Orchestrator deploys with checkpoints
                    ↓
    SecretumVault generates DB credentials with 30d TTL
                    ↓
         Kogral records infrastructure ADR
                    ↓
    Vapora Monitor agent tracks cluster health
```

**Benefit**: Infrastructure from NLP. Typed validation. Automatic rollback. Dynamic secrets.

---

### Scenario 3: Team Onboarding

```text
New developer joins project
                    ↓
    Kogral exports knowledge graph (Guidelines + Patterns + ADRs)
                    ↓
    TypeDialog interactive quiz on architecture
                    ↓
    Vapora assigns onboarding tasks (read ADRs → small fix → review code)
                    ↓
    Provisioning configures dev environment (local K8s + databases)
                    ↓
    SecretumVault provides temporary credentials (7d TTL)
```

**Benefit**: Structured onboarding. Knowledge accessible. Environment automated.

---

## Ecosystem Synergies

### Synergy 1: Kogral + Vapora

- **Kogral** provides guidelines to agents via MCP
- **Vapora** records agent executions as Execution nodes in Kogral
- **Result**: Continuous learning loop (agents query → execute → record → improve)

### Synergy 2: TypeDialog + Provisioning

- **TypeDialog** prov-gen backend generates Nickel IaC
- **Provisioning** executes and validates with MCP Server
- **Result**: Forms → Infrastructure without manual config

### Synergy 3: SecretumVault + All

- **Vapora**: Stores LLM API keys
- **Kogral**: Encrypts sensitive ADRs
- **Provisioning**: Cloud credentials with rotation
- **Result**: Centralized secrets with PQC across ecosystem

### Synergy 4: MCP Ecosystem

| Project | MCP Tools | Purpose |
| --------- | ----------- | --------- |
| **Kogral** | 7 tools | Query guidelines, create ADRs, search patterns |
| **Provisioning** | 1 server | NLP queries, RAG over IaC docs |
| **SecretumVault** | Planned | Dynamic secret requests |

**Result**: Claude Code with full project context.

---

## Pricing Strategy (Future)

### Kogral

- **Free**: Single project, unlimited nodes
- **Team ($49/month)**: 10 projects, guideline inheritance
- **Enterprise**: Unlimited projects + audit + SSO

### Vapora

- **Free**: 100 agent executions/month, 1 LLM provider
- **Pro ($99/month)**: Unlimited executions, 4 providers, budget dashboard
- **Enterprise**: Multi-tenant + SLA + priority support

### Provisioning

- **Free**: Local provider (LXD), 50 resources
- **Team ($149/month)**: AWS + UpCloud, 500 resources, MCP Server
- **Enterprise**: Multi-cloud + audit + break-glass

### SecretumVault

- **Free**: Filesystem backend, KV engine
- **Pro ($79/month)**: etcd/PostgreSQL backend, all engines, PQC
- **Enterprise**: HA + HSM + compliance reports

### TypeDialog

- **Free**: CLI + TUI backends
- **Pro ($29/month)**: Web + Agent backends, 4 LLM providers
- **Enterprise**: Custom backends + white-label

---

## Adoption Roadmap

### Phase 1: Knowledge Foundation (Week 1-2)

1. Deploy **Kogral** in one project
2. Migrate existing ADRs to Decision nodes
3. Define organization-level Guidelines
4. Configure MCP for Claude Code

**Success criteria**: Agents query guidelines before generating code.

---

### Phase 2: Agent Orchestration (Week 3-4)

1. Deploy **Vapora** with 3 agent roles (Architect, Developer, Reviewer)
2. Configure budgets per role
3. Connect Kogral for context
4. Run first pipeline (design → implement → review)

**Success criteria**: 30% cost reduction through intelligent routing.

---

### Phase 3: Infrastructure Automation (Week 5-6)

1. Deploy **Provisioning** with one cloud (AWS or UpCloud)
2. Migrate one service to Nickel IaC
3. Enable MCP Server for NLP queries
4. Configure **SecretumVault** for cloud credentials

**Success criteria**: Infrastructure changes with automatic rollback.

---

### Phase 4: Multi-Interface (Week 7-8)

1. Deploy **TypeDialog** for configuration wizards
2. Create forms for common tasks (deploy service, create user, configure monitoring)
3. Enable prov-gen backend for IaC generation
4. Integrate with Vapora for agent-driven forms

**Success criteria**: Single form definition for CLI, TUI, Web, Agent.

---

### Phase 5: Post-Quantum Security (Week 9-10)

1. Migrate to **SecretumVault** with OQS backend
2. Generate PQC certificates (ML-DSA-65)
3. Configure dynamic secrets with TTL
4. Enable audit logging with 7-year retention

**Success criteria**: PQC in production without downtime.

---

## Success Metrics

### Cost Efficiency

- **Baseline**: $2,400/month LLM costs (uncontrolled)
- **With Vapora**: $1,440/month (40% reduction through intelligent routing)
- **ROI**: 5 months

### Development Velocity

- **Baseline**: 3 weeks onboarding new developer
- **With Kogral**: 5 days (knowledge graph + Claude Code integration)
- **Baseline**: 2 days to deploy infrastructure change
- **With Provisioning**: 2 hours (Nickel IaC + automatic rollback)

### Security Posture

- **Baseline**: No PQC, manual secret rotation
- **With SecretumVault**: PQC in production, dynamic secrets with 30d TTL
- **Compliance**: 7-year audit log retention

### Code Quality

- **Baseline**: 30% of AI-generated code violates project conventions
- **With Kogral + Vapora**: 5% (agents query guidelines before generating)

---

## Frequently Asked Questions

### Can I use only one project

**Yes**. Each project works independently:
- Only Kogral → Knowledge graph with git
- Only TypeDialog → Multi-backend forms
- Only SecretumVault → PQC vault
- Only Vapora → Agent orchestration
- Only Provisioning → Typed IaC

Synergies emerge when combining them.

---

### How is this different from LangChain + Terraform

| Aspect | stratumiops | LangChain + Terraform |
| -------- | ------------- | ------------------------ |
| **Agent learning** | Execution profiles | Static chains |
| **Budget control** | Per-role automatic fallback | Manual |
| **IaC validation** | Nickel (compile-time) | HCL (plan-time) |
| **Knowledge** | Git-native graph with MCP | Separate wiki |
| **Integration** | Native (same stack) | DIY glue code |
| **Language** | Rust end-to-end | Python + Go |

**Main difference**: **Integrated ecosystem** vs disconnected tools.

---

### Is post-quantum cryptography really necessary today

**NIST recommendation**: Migrate by 2030. "Store now, decrypt later" attacks are already happening.

**SecretumVault approach**:
- **Crypto agility**: Switch between OpenSSL/OQS without code changes
- **Production-ready**: ML-KEM-768 and ML-DSA-65 (NIST FIPS 203/204)
- **Gradual migration**: Run classic and PQC in parallel

**Benefit**: Prepare today, avoid rushed migration in 2029.

---

### What if I already use HashiCorp Vault

**Migration path**:
1. Deploy SecretumVault in parallel
2. Migrate non-critical secrets first
3. Enable OQS backend for new secrets
4. Gradually migrate critical secrets
5. Decommission HashiCorp Vault

**Benefit**: Zero downtime. Gradual PQC adoption.

---

### How does guideline inheritance work in Kogral

```text
Organization guidelines:
  - Use Rust for services
  - Cedar for authorization
  - SurrealDB for persistence

         ↓ (inherited by)

Project "API Gateway" overrides:
  - Use Axum for HTTP
  - Use JWT for auth

         ↓ (inherited by)

Developer sees effective guidelines:
  - Use Rust for services (from org)
  - Cedar for authorization (from org)
  - SurrealDB for persistence (from org)
  - Use Axum for HTTP (from project)
  - Use JWT for auth (from project)
```

**Benefit**: Organization standards + project flexibility.

---

## Contact and Next Steps

### Try the Ecosystem

1. **Kogral**: Clone and run locally (git-native, no dependencies)
2. **TypeDialog**: Try CLI backend with example forms
3. **SecretumVault**: Deploy with filesystem backend (development mode)
4. **Provisioning**: Generate Nickel IaC from TypeDialog forms
5. **Vapora**: Run first agent pipeline (Architect → Developer → Reviewer)

### Commercial Inquiries

- **License**: Proprietary / To be defined
- **Support**: Enterprise SLA available
- **Custom integrations**: Additional LLM providers, cloud providers, storage backends

---

*AI-assisted development shouldn't require 10 disconnected tools.*
*One ecosystem. Five projects. Real integration.*