{
  "version": "1.1",
  "generatedAt": "2026-07-12T18:34:48.971Z",
  "entity": {
    "name": "Monitive COM SRL",
    "jurisdiction": "Romania",
    "contact": "luci@luci.ws",
    "registry": "CUI 27263785, J35/1246/2010 (founded 2010)",
    "address": "Str. Armoniei 23A, Tronson T3, Scara 3, Ap. 5, Timișoara, 300291, Timiș, Romania"
  },
  "operator": {
    "name": "Lucian Lungu",
    "credentials": [
      "Twenty years operating engineering organisations",
      "imobiliare.ro (35 to 300 engineers)",
      "Bitstamp (pre-IPO regulated finance)",
      "Three M&A processes including Bitstamp to Robinhood",
      "Co-author of the WARRANT Standard for autonomous agent authorisation"
    ]
  },
  "pricingPosture": {
    "published": true,
    "negotiation": false,
    "foundationSprintEur": 17000,
    "perSprintRateEur": 8500,
    "whiteLabelPremiumPct": 30,
    "foundingClientRateEur": 6500,
    "foundingClientSlotsRemaining": "see contact for current availability"
  },
  "guarantees": [
    {
      "name": "Sprint 1 Escape Hatch",
      "description": "If after the first sprint the work isn't justifying continuation, you pay only Sprint 1 and the engagement ends."
    },
    {
      "name": "Board-Ready Quality",
      "description": "If your board rejects a deliverable on substantive grounds, it's reworked at no charge."
    },
    {
      "name": "Three-Client Cap",
      "description": "Maximum three concurrent clients. No delegation, no associates, no juniors."
    },
    {
      "name": "Skin-in-the-Game Pledge",
      "description": "Every recommendation is one the Consultant would execute if the company were his own."
    }
  ],
  "commercialModels": [
    {
      "name": "Direct Referral",
      "summary": "Client pays Consultant directly. Agency shapes the brief and gets a 10% referral fee. Deliverables carry Consultant's brand; agency credited as referring partner.",
      "when": "Agency wants the credibility uplift but doesn't need to own the engagement commercially.",
      "margin": "10% referral fee"
    },
    {
      "name": "Pass-Through",
      "summary": "Agency invoices the client at the agency's own rate. Consultant invoices the agency at standard sprint rate. Agency captures the margin. Deliverables are co-branded - Agency × Consultant.",
      "when": "Agency wants commercial ownership and is willing to position the Consultant as their named senior strategic partner.",
      "margin": "Agency-set margin (typically 20–40%)"
    },
    {
      "name": "White-Label",
      "summary": "Agency owns the deliverable end-to-end. Consultant works in the agency's name with no public credit. 30% premium on standard rates. Capped at max 2 white-label engagements per year per agency.",
      "when": "Agency must be the sole client-facing entity for strategic reasons - and the engagement is high-stakes enough to justify the premium.",
      "margin": "30% premium absorbed; agency-set client rate"
    }
  ],
  "sprints": [
    {
      "id": "foundation",
      "number": "01",
      "name": "The Foundation Sprint",
      "tagline": "Build the tech foundation that survives the board, the audit, and the scaling.",
      "duration": "4 weeks (2 sprints × 2 weeks)",
      "priceEur": 17000,
      "whiteLabelEur": 22100,
      "audiences": [
        "ceo",
        "agency"
      ],
      "agencyOnly": false,
      "whoFor": "CEOs about to commit real capital to a product, or agencies scoping a six- or seven-figure build whose foundation they'll answer for in 18 months.",
      "trigger": "You're at a decision point. The cost of a bad foundational choice compounds - every feature built on top of it costs more, binds you tighter to a structure you'll have to tear out, and dies in the room with the wrong investor.",
      "delivered": [
        "Architectural blueprint pressure-tested against your business model",
        "Board-ready presentation of that blueprint",
        "Living systems map documenting how every piece fits together",
        "Vendor shortlist for highest-leverage build-or-buy decisions",
        "Decision framework for top architectural trade-offs",
        "Governance scaffolding sized for your team",
        "12-month roadmap with quantified milestones"
      ],
      "notFor": null,
      "differentiator": "Twenty years operating engineering organisations across scale-up (35→300 at imobiliare.ro), regulated finance (Bitstamp), three M&A processes including Bitstamp → Robinhood. Co-author of the WARRANT Standard for autonomous agent authorisation.",
      "notes": "Diagnostic-only (Sprint 1 alone) is €5,500. Full Build-Ready (3 sprints / 6 weeks) is €25,500. Founding-client pricing on the first 3 engagements of this sprint: €6,500/sprint (€13,000 for the 4-week engagement) in exchange for case-study rights. Each sprint runs its own founding-client cohort, tracked independently from the Foundation Sprint and from other sprints.",
      "catalogueUrl": "https://luci.ws/catalogue/foundation"
    },
    {
      "id": "tech-audit",
      "number": "02",
      "name": "Tech Audit & Heritage Review",
      "tagline": "Diagnostic for a legacy or inherited tech estate.",
      "duration": "4 weeks",
      "priceEur": 17000,
      "whiteLabelEur": 22100,
      "audiences": [
        "ceo",
        "agency"
      ],
      "agencyOnly": false,
      "whoFor": "Companies inheriting opaque tech - from a previous vendor, a recent acquisition, a long-tenured founder-engineering era - that needs an honest read before commitments are made.",
      "trigger": "You took over a platform you don't fully understand. You need to know what's actually there before you sign the next contract, write the next roadmap, or tell your board what comes next.",
      "delivered": [
        "Complete current-state inventory: services, vendors, contracts, infrastructure, team",
        "Heritage assessment: technical debt, vendor lock-in, undocumented decisions, single points of failure",
        "Risk-prioritised remediation list",
        "Recommended path per area: refactor / replace / leave-as-is, with rationale",
        "Scoping input for the onward proposal (whether to the agency's client or to the company's board)"
      ],
      "notFor": null,
      "differentiator": null,
      "notes": null,
      "catalogueUrl": "https://luci.ws/catalogue/tech-audit"
    },
    {
      "id": "health-check",
      "number": "03",
      "name": "Engineering Health Check",
      "tagline": "Independent audit of a steady-state engineering organisation against industry good practice.",
      "duration": "4 weeks",
      "priceEur": 17000,
      "whiteLabelEur": 22100,
      "audiences": [
        "ceo",
        "agency"
      ],
      "agencyOnly": false,
      "whoFor": "New CTOs/Heads of Eng wanting a 30-day baseline. CEOs wanting an independent reality check on whether engineering is operating at the level the stage and stakeholders require. Pre-fundraise temperature checks.",
      "trigger": "Engineering is 'fine' - but you don't actually know. You want a second opinion that isn't a Big Four deck and isn't your team marking their own homework.",
      "delivered": [
        "Practice maturity scorecard across 10 dimensions (architecture, delivery, observability, security, data, on-call, code review, hiring, performance management, knowledge transfer)",
        "Process review - how the team actually works vs. how it should",
        "Standards & good-practice benchmark (DORA, IEEE/NIST where applicable, SRE norms, twelve-factor / well-architected)",
        "Operating discipline audit (postmortems, on-call humanity, deployment cadence, change-management hygiene)",
        "Architecture posture: current state, debt inventory, scaling readiness for 12–18 months",
        "Risk register: top 10 risks with materiality, likelihood, owner, and remediation effort",
        "Prioritised improvement roadmap",
        "Board-ready summary"
      ],
      "notFor": [
        "A code audit (light at code level - escalate to specialists if deep code review needed)",
        "A penetration test (practice-level only, no offensive testing)",
        "A change-management programme (delivers diagnosis and roadmap; client executes)"
      ],
      "differentiator": "Benchmarks applied from twenty years of operating against them and watching what holds - not from a framework deck.",
      "notes": null,
      "catalogueUrl": "https://luci.ws/catalogue/health-check"
    },
    {
      "id": "performance-goals",
      "number": "04",
      "name": "Performance & Goals Framework",
      "tagline": "Install the operating system - OKRs, KPIs, SLAs, SLOs, performance management cycle - in four weeks.",
      "duration": "4 weeks",
      "priceEur": 17000,
      "whiteLabelEur": 22100,
      "audiences": [
        "ceo",
        "agency"
      ],
      "agencyOnly": false,
      "whoFor": "Series A → Series B companies between 15–100 engineers where ad-hoc operating discipline has stopped holding. New CTOs/VPEs in their first 60 days installing the operating system.",
      "trigger": "You've outgrown ad-hoc. The last OKR attempt fizzled. The board has started asking for SLO/SLA reporting. Your team has lost faith in the framework - and is operating on instinct.",
      "delivered": [
        "Company-level OKR framework - annual + quarterly cadence, ambition-vs-realism calibration, cascade rules",
        "First quarter OKRs actually drafted with the exec team during the engagement",
        "Squad-level OKR cascade, run with the squad leads",
        "KPI definitions: operating metrics, leading vs lagging, dashboard structure, ownership map",
        "SLO definitions for Tier 0 and Tier 1 services with error-budget policy and breach-response protocol",
        "SLA framing - customer-facing SLAs aligned to internal SLOs",
        "Performance management cycle: quarterly review templates, calibration, manager training brief",
        "Operating cadence document - weekly / monthly / quarterly / annual rhythms with named owners",
        "Board-cadence reporting structure with sample first report",
        "Tooling recommendation (lightweight eval of OKR / SLO / perf-mgmt platforms)"
      ],
      "notFor": [
        "Tooling implementation (recommendation only)",
        "HR / total-rewards system (no comp banding)",
        "Perpetual coaching engagement (installation + first cycle + handover)"
      ],
      "differentiator": null,
      "notes": "Conversion mechanic: if Sprint 03 (Engineering Health Check) closed in the prior 90 days identified operating-discipline gaps, this sprint runs at 15% off.",
      "catalogueUrl": "https://luci.ws/catalogue/performance-goals"
    },
    {
      "id": "ai-integration",
      "number": "05",
      "name": "AI Integration Strategy",
      "tagline": "Strategic plan for integrating AI / LLM / agent capabilities into your product, responsibly.",
      "duration": "4 weeks",
      "priceEur": 17000,
      "whiteLabelEur": 22100,
      "audiences": [
        "ceo",
        "agency"
      ],
      "agencyOnly": false,
      "whoFor": "Mid-market companies wanting AI without making the classic mistakes (RAG-when-you-needed-fine-tune, fine-tune-when-you-needed-RAG, ungoverned agents).",
      "trigger": "'We need to do AI' has graduated into 'we need to do AI responsibly and competitively' - and you can feel that the in-house team alone can't navigate this safely.",
      "delivered": [
        "AI capability roadmap - what's worth doing, in what order, and what's deliberately not pursued yet",
        "Architecture for LLM/RAG/agent integration into the existing product",
        "Vendor analysis: OpenAI vs Anthropic vs open-source vs gateway routing",
        "Eval framework - how to measure that the AI is doing what it claims to do",
        "Trust & governance scaffolding - agent authorisation, audit trails, human-in-the-loop boundaries (WARRANT-aligned)",
        "Cost / latency analysis with budgets per workflow stage",
        "EU AI Act and NIST AI RMF alignment notes"
      ],
      "notFor": null,
      "differentiator": "Co-author of the WARRANT Standard - the open specification for autonomous agent authorisation. Design informed by frontier work currently being defined.",
      "notes": null,
      "catalogueUrl": "https://luci.ws/catalogue/ai-integration"
    },
    {
      "id": "compliance-dd",
      "number": "06",
      "name": "Compliance & DD Readiness",
      "tagline": "Gap-closure programme for SOC 2, DORA, FCA Operational Resilience, or a sector-specific audit.",
      "duration": "4 weeks",
      "priceEur": 17000,
      "whiteLabelEur": 22100,
      "audiences": [
        "ceo",
        "agency"
      ],
      "agencyOnly": false,
      "whoFor": "Series B-stage companies, regulated-industry companies, companies receiving customer DD questionnaires.",
      "trigger": "There's a compliance audit, due diligence, or institutional procurement review on the horizon. You need a clear 'what to fix and in what order' plan - not a 200-page deck.",
      "delivered": [
        "Gap analysis against the relevant framework (SOC 2 / DORA / FCA OR / sector-specific)",
        "Risk-prioritised remediation roadmap",
        "Process and policy templates: on-call rota, incident management, access review, change management, data-handling",
        "Vendor selection: SOC 2 readiness platform, DORA tooling, etc.",
        "Sample evidence pack the client can take into the audit",
        "Decision framework: what's worth doing in-house vs outsourcing"
      ],
      "notFor": null,
      "differentiator": null,
      "notes": "Heavy GDPR exposure routes to Sprint 07 (GDPR Technical Compliance) instead.",
      "catalogueUrl": "https://luci.ws/catalogue/compliance-dd"
    },
    {
      "id": "gdpr",
      "number": "07",
      "name": "GDPR Technical Compliance",
      "tagline": "Tech-perspective GDPR programme: data flow mapping, ROPA, DPIA framework, vendor DPAs, data-subject-rights operating model, breach-response runbook.",
      "duration": "4 weeks",
      "priceEur": 17000,
      "whiteLabelEur": 22100,
      "audiences": [
        "ceo",
        "agency"
      ],
      "agencyOnly": false,
      "whoFor": "EU-headquartered or EU-customer-serving companies whose GDPR programme has grown organically. Series A+ B2B SaaS, fintech, healthtech, marketplace, edtech.",
      "trigger": "Your GDPR posture has grown organically and is now visible - a customer DPA negotiation has stalled, a supervisory-authority inquiry is in, DSR volume has overwhelmed the team, or a Series B / acquisition will surface gaps.",
      "delivered": [
        "Data inventory & flow map - what personal data exists, where it lives, how it moves",
        "Record of Processing Activities (ROPA) - Article 30-aligned, structured for ongoing maintenance",
        "DPIA framework + one worked DPIA on the highest-risk processing activity",
        "Vendor / sub-processor DPA register, with missing SCCs flagged",
        "Data subject rights operating model - access, rectification, erasure, portability, objection at scale",
        "Breach response runbook - 72-hour notification clock, decision tree, templates, tabletop",
        "Data residency assessment - current footprint, cross-border transfers, residual risk",
        "Technical control roadmap - encryption, pseudonymisation, access logging, retention/deletion automation",
        "Board-ready GDPR posture summary"
      ],
      "notFor": [
        "Legal advice - works alongside the company's GDPR counsel on the technical operating model"
      ],
      "differentiator": "Ran the GDPR RASCI implementation at imobiliare.ro across a 2M+-user platform - DSR operationalisation, ROPA structure, vendor DPA programme, tech/legal interface. Lived GDPR work at scale, not framework-reading.",
      "notes": null,
      "catalogueUrl": "https://luci.ws/catalogue/gdpr"
    },
    {
      "id": "acquisition-dd",
      "number": "08",
      "name": "Acquisition Tech Due Diligence",
      "tagline": "Buy-side or sell-side tech due diligence delivered as a senior independent engagement.",
      "duration": "6 weeks (3 sprints)",
      "priceEur": 25500,
      "whiteLabelEur": 33150,
      "audiences": [
        "ceo",
        "agency"
      ],
      "agencyOnly": false,
      "whoFor": "Clients in active deal processes. Time-bound work.",
      "trigger": "You're acquiring, being acquired, or about to enter exclusivity. The tech section of the data room will be read by people who have seen many of these. You want to be on the right side of that reading.",
      "delivered": [
        "Buy-side: tech DD report on the target (architecture, team, vendor stack, SBOM & open-source license posture, IP, technical debt, integration plan, retention risk)",
        "Sell-side: preparation pack - anticipated questions, defensible answers, SBOM and license inventory positioned for the buyer's legal team, data-room curation, narrative for the buyer's tech team",
        "Risk register with materiality scoring",
        "Integration plan (buy-side) or separation plan (sell-side)",
        "Executive presentation for the deal committee"
      ],
      "notFor": null,
      "differentiator": "Three M&A due-diligence processes lived through personally - including Bitstamp → Robinhood. This is not a learned-from-a-book offering.",
      "notes": "Specialty premium reflects deal-tempo urgency. Capacity: max one acquisition DD engagement per quarter to preserve quality.",
      "catalogueUrl": "https://luci.ws/catalogue/acquisition-dd"
    },
    {
      "id": "senior-hire",
      "number": "09",
      "name": "Senior Engineering Hire",
      "tagline": "Two weeks of senior recruiting infrastructure for one critical engineering hire - Staff+ IC or leadership role.",
      "duration": "2 weeks",
      "priceEur": 8500,
      "whiteLabelEur": 11050,
      "audiences": [
        "ceo",
        "agency"
      ],
      "agencyOnly": false,
      "whoFor": "Companies hiring their first Staff+/Principal engineer, first Head of Eng / VPE, replacing a CTO, or staffing a senior bench post-Series B.",
      "trigger": "You're about to hire someone senior and the in-house team does not have a peer-grade interviewer at that seniority. The cost of a bad senior hire - 12–18 months of compensation, displaced morale, lost roadmap quarters - outruns the cost of getting the hiring system right by an order of magnitude.",
      "delivered": [
        "Role definition that survives the hire (not the version that gets written for the JD)",
        "Scorecard - competencies, behavioural indicators, trade-offs, weighted rubric",
        "Interview architecture - panel design, round structure, technical/behavioural/leadership balance, calibration, anti-bias scaffolding",
        "Market scan - current senior compensation bands, total-rewards expectations, competitive landscape",
        "Sourcing strategy - advice on channels, network activation, search-firm-vs-direct trade-off",
        "Candidate evaluation framework - debrief structure, calibration, written-feedback discipline",
        "Hiring decision framework - what 'yes', 'stretch yes', 'no' look like; how trade-offs get resolved",
        "Board / exec brief (for leadership hires)"
      ],
      "notFor": [
        "Executive search (no candidate sourcing or placement fee)",
        "A coaching engagement (CEO/CTO makes the hire; Consultant builds the system)"
      ],
      "differentiator": "Scaled imobiliare.ro engineering from 35 to 300, ran senior-bench hiring through three M&A processes including Bitstamp → Robinhood. Hiring-at-scale lived experience, not a coaching framework.",
      "notes": "Optional 90-day Interview Partner extension: €5,000 flat (€6,500 White-Label) for up to 10 panel sessions + 3 calibration sessions. Conversion mechanic: 25% off if originating from Foundation Sprint or Tech Audit within 60 days.",
      "catalogueUrl": "https://luci.ws/catalogue/senior-hire"
    },
    {
      "id": "mcp-implementation",
      "number": "10",
      "name": "MCP Server Implementation",
      "tagline": "Design and stand up a Model Context Protocol server so AI agents can use your data and tools natively, with authorization that holds up.",
      "duration": "4 weeks (2 sprints)",
      "priceEur": 17000,
      "whiteLabelEur": 22100,
      "audiences": [
        "ceo",
        "agency"
      ],
      "agencyOnly": false,
      "whoFor": "B2B SaaS, marketplaces, CRMs, ticketing, documents, calendars, billing - any product whose value compounds when an agent can drive it. Particularly strong fit when customers have already started asking 'do you have an MCP server?'",
      "trigger": "Your product is increasingly being read or operated by AI agents - Claude Desktop, Cursor, custom agent stacks. You want to be present in the agent context window with native tools, not just scraped HTML. Or you can see the wave coming and want to land in the next round of agent integrations on your terms.",
      "delivered": [
        "MCP exposure strategy - what tools and resources you should expose, what you deliberately shouldn't, and why",
        "Tool catalogue with WARRANT-aligned authorization (read-only vs side-effecting, identity scope, audit signals)",
        "Resource catalogue with mime-types and refresh model",
        "The MCP server itself, OR a senior-reviewed scaffold your team builds against - the choice is named in Sprint 1",
        "Discovery surfaces: /.well-known/mcp.json, <link rel=\"mcp\"> tags, HTTP Link headers, robots.txt allowance",
        "Registry submission kit (Smithery, mcp.so, Glama AI) ready to paste",
        "End-to-end testing against Claude Desktop, Cursor, Continue, and a custom JSON-RPC client",
        "Operational documentation for internal teams and external agent consumers",
        "Board-ready summary of what was exposed and what the agent surface signals about your product"
      ],
      "notFor": [
        "A generic AI integration project (pair with AI Integration Strategy Sprint first)",
        "A one-day 'stand up the server' engagement (the value sits in design, not implementation)",
        "A security audit of an existing MCP server (closer to Tech Audit Sprint scope)"
      ],
      "differentiator": "Co-author of the WARRANT Standard for autonomous agent authorisation. Monitive's own site at /.well-known/mcp.json is the live reference implementation - including the discovery stack, the tool catalogue, the resource exposure, and the legal posture. Clients can audit the live server before signing.",
      "notes": "Founding-client pricing on the first 3 engagements of this sprint: €6,500/sprint (€13,000 for the 4-week engagement) in exchange for case-study rights. Each sprint runs its own founding-client cohort, tracked independently from the Foundation Sprint and from other sprints. Part of the new 'Agentic Stack' trio bundle.",
      "catalogueUrl": "https://luci.ws/catalogue/mcp-implementation"
    },
    {
      "id": "agentic-payments",
      "number": "11",
      "name": "Agentic Payments (x402 + L402)",
      "tagline": "Design and integrate per-request payment for an API that AI agents will call. HTTP 402 done properly - wallet, custody, compliance, and abuse-defence answered before they bite.",
      "duration": "4 weeks (2 sprints)",
      "priceEur": 17000,
      "whiteLabelEur": 22100,
      "audiences": [
        "ceo",
        "agency"
      ],
      "agencyOnly": false,
      "whoFor": "API-first SaaS, marketplaces, data providers, compute / inference / extraction APIs whose customers are increasingly using agent-driven access and need usage-based pricing for non-human callers.",
      "trigger": "Your API is being called - or is about to be called - by AI agents on someone else's behalf. The user is no longer a human clicking a button; it's software with a budget. You want to monetize that traffic without dragging every agent operator through a sales call.",
      "delivered": [
        "Payment-model design: which endpoints meter, which stay free; per-request vs session-pass vs subscription gate",
        "Protocol selection: x402 (USDC on Base) as primary; L402 (Lightning) for Bitcoin-native or non-EVM constraints",
        "Wallet and custody: EOA vs smart account vs custody provider, key-management posture, off-ramp strategy",
        "Network and asset choice with reasoning written down for audit",
        "Facilitator selection: Coinbase CDP, self-hosted, third-party - with cost-per-verify modelling",
        "Server-side integration in your stack (Next.js, Express, FastAPI, Go, or other - named in Sprint 1)",
        "Pricing-model calibration against unit costs and competitor benchmarks",
        "Fraud, replay, and abuse defences: nonce, signature verification, replay-window, rate-limit-on-top-of-payment, blacklist hooks, refund posture",
        "MiCA / VAT / AML compliance scoping for counsel review (not legal advice)",
        "Monitoring and accounting: on-chain analytics, alerting, daily settlement, finance-stack integration",
        "Agent-discovery surfaces so callers know what to pay for: /.well-known/mcp.json.paidEndpoints, llms.txt, Link headers",
        "Board-ready summary including projected agent-revenue baseline and operational risk surface"
      ],
      "notFor": [
        "Legal advice (compliance scoping is structured input for your counsel, not an opinion)",
        "Broader crypto / treasury / token / on-chain product strategy (scope separately)",
        "Custodial work (Monitive does not hold your funds, keys, or your customers' payments)",
        "A 1-day wire-it-up engagement (that's mini A20)"
      ],
      "differentiator": "Monitive's own /api/agents/match endpoint is the live reference implementation of x402, including the facilitator integration, payment-required body shape, receipt header, and graceful-degradation path. Co-author of WARRANT Standard for autonomous agent authorisation - and agent-payment authorisation is the natural extension of agent-action authorisation. Compliance posture is built into the engagement because shipping x402 without it is a problem deferred, not avoided.",
      "notes": "Founding-client pricing on the first 3 engagements of this sprint: €6,500/sprint (€13,000 for the 4-week engagement) in exchange for case-study rights. Each sprint runs its own founding-client cohort, tracked independently from the Foundation Sprint and from other sprints. Part of the new 'Agentic Stack' trio bundle.",
      "catalogueUrl": "https://luci.ws/catalogue/agentic-payments"
    },
    {
      "id": "agentic-devops",
      "number": "12",
      "name": "Agentic DevOps",
      "tagline": "Put AI agents to work on a legacy estate - assess, map dependencies, containerize, and open governed pull requests - with the authorization model that lets you actually merge them.",
      "duration": "4 weeks (2 sprints)",
      "priceEur": 17000,
      "whiteLabelEur": 22100,
      "audiences": [
        "ceo",
        "agency"
      ],
      "agencyOnly": false,
      "whoFor": "Companies sitting on a load-bearing 10-15+ year codebase that is the main brake on shipping. Teams that want AI leverage on the engineering process itself, not just AI features in the product. Agencies asked to modernize a legacy estate who need a defensible, governed method rather than a heroic rewrite.",
      "trigger": "The biggest brake on AI adoption isn't model access - it's the 10-to-15-year-old codebase nobody fully understands anymore. Agents can now read that estate, map dependencies, containerize it, and open pull requests against it. The question stopped being 'can agents do this' and became 'who do you trust to point them at your production code, and how do you govern what they merge.'",
      "delivered": [
        "Estate and dependency map - in-scope legacy services inventoried, dependencies mapped (build-time and runtime), each ranked for modernization-readiness",
        "The governed agent pipeline - agents read the code, propose containerization and refactors, and open PRs, wired with scoped permissions, branch protection, human-in-the-loop merge gates, and a structured audit trail (WARRANT-aligned)",
        "Containerization pilot on 1-2 bounded services - dependencies resolved, Docker-containerized, agent-opened PRs reviewed, tested, and merged under the gate. Real merged output, not a deck",
        "Test and eval gates - characterization tests around legacy behaviour before it's touched, plus CI gates (build, test, security scan, behavioural diff) each agent PR must pass before a human reviews",
        "Authorization model for agent code changes - what agents may touch, under whose identity, with what blast radius, how it's logged. WARRANT-aligned vocabulary (read-only / side-effecting / identity-required / scoped)",
        "Sequenced modernization roadmap - the rest of the estate ordered by value, risk, and dependency, with the per-wave plan your team runs against the pipeline",
        "Board-ready summary - what was modernized, what the pilot proved, and the honest risk surface of pointing agents at production code"
      ],
      "notFor": [
        "A full migration delivery (1-2 pilot services end-to-end + the governed pipeline + the roadmap; the rest is a staffed programme, not a four-week sprint)",
        "Autonomous agents merging to main unsupervised (every agent PR passes automated gates and a human merge gate)",
        "'AI will rewrite your app' (agents accelerate the mechanical work; sequencing and boundaries are the senior work)",
        "A product-AI engagement (that's the AI Integration Strategy Sprint)"
      ],
      "differentiator": "Co-author of the WARRANT Standard for autonomous agent authorisation - an agent opening a PR against production is a side-effecting agent action, and authorising it properly (scoped identity, bounded blast radius, structured audit) is exactly what WARRANT specifies. Lived pattern, not theory: prismalOS runs adversarial eval swarms as CI/CD release gates - the same governance shape this sprint installs around agent-authored code. Plus twenty years operating legacy estates through scale, regulation, and three M&A processes including Bitstamp → Robinhood.",
      "notes": "Founding-client pricing on the first 3 engagements of this sprint: €6,500/sprint (€13,000 for the 4-week engagement) in exchange for case-study rights. Each sprint runs its own founding-client cohort, tracked independently from the Foundation Sprint and from other sprints. Part of the 'Modernization Stack' trio bundle (Tech Audit & Heritage + Agentic DevOps + End-of-Build Attestation).",
      "catalogueUrl": "https://luci.ws/catalogue/agentic-devops"
    },
    {
      "id": "eu-ai-act-triage",
      "number": "13",
      "name": "EU AI Act Triage Sprint",
      "tagline": "Classify your AI systems under Article 6 and Annex III, scope Article 50 transparency and deployer-side duties on any GPAI models in use, cross-map to NIST AI RMF, and hand your board a readiness memo against the August 2 2026 deadline.",
      "duration": "2 weeks (1 sprint) or 4 weeks (Foundation-shape, 2 sprints) for multi-system estates",
      "priceEur": 8500,
      "whiteLabelEur": 11050,
      "audiences": [
        "ceo",
        "agency"
      ],
      "agencyOnly": false,
      "whoFor": "EU-HQ B2B SaaS, fintech, healthtech, and edtech companies with AI features in production or about to ship, facing the August 2 2026 deadline. Heads of AI, CTOs, and General Counsel who need engineering-grade classification and a board-ready readiness memo at a price below the Big-Four floor.",
      "trigger": "The EU AI Act is in force. The Article 6 / Annex III high-risk obligations and the Article 50 transparency duties bind in full on August 2 2026. Big-Four firms are quoting €50K+; law firms are writing legal opinions on code they cannot read. You need engineering-grade classification, deployer-side duty mapping for any GPAI models in scope, a NIST AI RMF cross-walk, and a board-ready readiness memo in two weeks.",
      "delivered": [
        "AI-system inventory: every AI / agentic / GPAI surface the company ships or deploys, mapped to a system-of-record record",
        "Article 6 + Annex III walk-through per system: high-risk classification with the deciding evidence stated",
        "Article 50 transparency map: where consumer-facing disclosure is required and what your product needs to surface",
        "Deployer-side duty inventory for GPAI models in scope (Article 26 + the residual transparency duties), distinct from Chapter V provider duties which bound on 2 Aug 2025",
        "NIST AI RMF cross-walk: the same evidence pack serves both regimes so you do the work once",
        "Gap register with severity, owner, and fix-window, sequenced to the 2 August 2026 cliff",
        "Board-ready readiness memo: where you are, what binds when, what the next 90 days look like"
      ],
      "notFor": [
        "A legal opinion (this is engineering-grade classification; pair with your counsel)",
        "GPAI provider obligations under Chapter V (those are upstream provider duties that already bound on 2 Aug 2025; this sprint addresses deployer-side and Article 50 transparency duties on the 2 Aug 2026 cliff)",
        "Full remediation work (Sprint 05 AI Integration Strategy or Sprint 06 Compliance & DD Readiness pick up the architecture-level / regulator-facing remediation that follows classification)"
      ],
      "differentiator": "Co-author of the WARRANT Standard for autonomous agent authorisation - aligned with NIST AI RMF and the EU AI Act. Engineering-grade classification at the price point neither Big-Four practices nor specialist EU law firms can deliver, with deployer-side duty mapping that survives a hostile DPA reading.",
      "notes": "Founding-client pricing on the first 3 engagements of this sprint: €6,500/sprint in exchange for case-study rights. Each sprint runs its own founding-client cohort, tracked independently from the Foundation Sprint and from other sprints. Foundation-shape (2 sprints, €17,000) for multi-system estates that need both classification AND remediation sequencing in a single engagement. Part of the 'Agentic Safety Stack' trio bundle (AI Integration + Agent & MCP Governance + EU AI Act Triage).",
      "catalogueUrl": "https://luci.ws/catalogue/eu-ai-act-triage"
    },
    {
      "id": "agent-mcp-governance",
      "number": "14",
      "name": "Agent & MCP Governance Sprint",
      "tagline": "Inventory the agents and MCP servers already in production, design the authorization control-plane that should govern them, and ship the audit-trail specification your board (and your insurer) can defend.",
      "duration": "2 weeks (1 sprint) or 4 weeks (Foundation-shape, 2 sprints) for multi-business-unit estate census",
      "priceEur": 8500,
      "whiteLabelEur": 11050,
      "audiences": [
        "ceo",
        "agency"
      ],
      "agencyOnly": false,
      "whoFor": "CTOs and VPs of Platform Engineering at 100-500 person companies with board-mandated agent rollouts, who have read OWASP MCP Top 10 or seen the Anthropic MCP RCE disclosures. PE operating partners doing portfolio-wide agentic-AI risk assessment.",
      "trigger": "Boards have mandated agent rollouts. Engineering has shipped MCP servers, agentic features, and Cursor / Claude-Desktop integrations the security team did not procure. Big-Four firms are quoting six-figure pricing for the 'governance assessment'; SaaS vendors (Credo AI, Holistic AI, OneTrust) ship checkbox UX. Nobody has produced the engineering-grade authorization control-plane recommendation.",
      "delivered": [
        "Agent + MCP estate census: every first-party agent, every MCP server (registry-pulled or self-hosted), every Cursor / Claude-Desktop integration that touches production data",
        "OWASP MCP Top 10 alignment per server with severity ratings",
        "Authorization control-plane recommendation - WARRANT-aligned: scoped identity, bounded blast radius, signed-message gating, kill-switch path",
        "Audit-trail specification - NIST AI RMF Article 12 logging-compatible; what to log, what to retain, what to surface to incident response",
        "Kill-switch and escalation runbook tied to the control-plane",
        "Board-ready summary: where the governance gaps are, what binds them, sequenced fix list"
      ],
      "notFor": [
        "Implementation work (this sprint produces the design; Sprint 10 MCP Server Implementation or Sprint 12 Agentic DevOps run the build)",
        "Tool installation (we recommend vendor-agnostic; tooling decisions stay with your platform team)",
        "Replacing your CISO (this complements security leadership; it does not displace it)"
      ],
      "differentiator": "Co-author of the WARRANT Standard for autonomous agent authorisation. prismalOS's KERNEL is built to enforce these authorization boundaries at runtime - the same scoped-identity and audit-trail gate this sprint specifies. Big-Four can't price into the €8,500 single-sprint slot; SaaS vendors can't deliver the senior-led control-plane recommendation.",
      "notes": "Founding-client pricing on the first 3 engagements of this sprint: €6,500/sprint in exchange for case-study rights. Each sprint runs its own founding-client cohort, tracked independently from the Foundation Sprint and from other sprints. Part of the 'Agentic Safety Stack' trio bundle. Natural upward-conversion target for Appendix A minis A22 MCP Supply Chain Audit, A23 Shadow Agent & Shadow AI Inventory, A29 Agent-Generated Code AppSec Gate Design, and A30 Agent Incident Tabletop & Runbook.",
      "catalogueUrl": "https://luci.ws/catalogue/agent-mcp-governance"
    },
    {
      "id": "series-b-tdd-rehearsal",
      "number": "15",
      "name": "Series B TDD Rehearsal Sprint",
      "tagline": "The founder's pre-raise rehearsal - distinct from the auditor's lens. Walk the tech narrative end-to-end, stress-test the data-room, and hand your team an objection-handling playbook before the lead investor's DD partner arrives.",
      "duration": "2 weeks (1 sprint)",
      "priceEur": 8500,
      "whiteLabelEur": 11050,
      "audiences": [
        "ceo"
      ],
      "agencyOnly": false,
      "whoFor": "Series B founders and CEOs at 50-150 person B2B SaaS companies, 9-18 months from raise, with post-Series-A tech debt accumulated and a board-pressured AI story. Sell-side founders preparing for trade-sale tech DD where the acquirer is strategic.",
      "trigger": "You have 9-18 months until your Series B raise. You know the lead investor's DD partner will probe the architecture, the burn-multiple-to-tech-decisions link, the AI story, and the engineering org's velocity. You have one shot to walk them through it cleanly. Sprint 08 is the auditor's lens; this is the founder's rehearsal lens.",
      "delivered": [
        "Rehearsal narrative for the tech section + AI section + engineering-org section, walkable end-to-end",
        "Objection-handling playbook: 3-5 most likely hostile questions with defensible answers and the evidence behind each",
        "Tech-section data-room dry run: gap memo, missing artefacts, and a sequenced fix list",
        "Go / no-go memo on raise timing - written to the founder, not the auditor"
      ],
      "notFor": [
        "An actual tech due-diligence audit (that's Sprint 08 for buy-side or sell-side processes that are genuinely live)",
        "Board narrative or fundraising deck work (this is the engineering substance the CFO can't write)",
        "Post-raise governance (Tech Board Member / NED engagement picks up that lane after the round closes)"
      ],
      "differentiator": "Three M&A due-diligence processes including Bitstamp → Robinhood. Sprint 08 (Acquisition Tech DD) is for buyers and sellers in process; this is for founders rehearsing for the moment when the auditor arrives.",
      "notes": "Founding-client pricing on the first 3 engagements of this sprint: €6,500/sprint in exchange for case-study rights. Each sprint runs its own founding-client cohort, tracked independently from the Foundation Sprint and from other sprints. Upward conversion to Sprint 08 (Acquisition Tech DD) when a buy-side or sell-side process goes live, or to the Tech Board Member / NED fractional engagement for ongoing post-raise governance.",
      "catalogueUrl": "https://luci.ws/catalogue/series-b-tdd-rehearsal"
    },
    {
      "id": "mid-build",
      "number": "A",
      "name": "Mid-Build Validation Sprint",
      "tagline": "A two-week checkpoint review on an in-flight build, before too much is committed to the wrong path.",
      "duration": "2 weeks",
      "priceEur": 8500,
      "whiteLabelEur": 11050,
      "audiences": [
        "agency"
      ],
      "agencyOnly": true,
      "whoFor": "Agencies running serious builds where the cost of getting the architecture wrong is now becoming visible.",
      "trigger": "Build is 30–60% complete. Architecture or roadmap question has emerged. You want an independent senior read before the next big commitment.",
      "delivered": [
        "Architecture-fit review: is what's being built aligned with the foundation it will need to support at scale?",
        "Code-level structural review - structural, not a deep line-by-line audit",
        "Vendor and tooling sanity check",
        "Operational-readiness review",
        "Top 5 risks flagged with named owners and proposed mitigations",
        "One-page green / yellow / red sign-off note with reasoning",
        "Brief presentation deck the agency can share with their client (co-branded or white-label)"
      ],
      "notFor": [
        "A deep, line-by-line forensic code audit - this is a structural read",
        "A rescue engagement - if the build is already off the rails, that is a Tech Audit, not a checkpoint",
        "A rubber stamp - a red sign-off is a real and intended outcome"
      ],
      "differentiator": "An independent senior read from outside the build team - twenty years of architecture decisions across scale-ups and acquisitions, brought in precisely to catch the wrong-path build at the 50% mark, before the boomerang hits delivery. The value is the honesty an in-house review can't give you: the reviewer has no stake in defending what's already been written.",
      "notes": null,
      "catalogueUrl": "https://luci.ws/catalogue/mid-build"
    },
    {
      "id": "end-of-build",
      "number": "B",
      "name": "End-of-Build Attestation Sprint",
      "tagline": "A signed-off attestation document the agency presents to their client at handover.",
      "duration": "2 weeks",
      "priceEur": 8500,
      "whiteLabelEur": 11050,
      "audiences": [
        "agency"
      ],
      "agencyOnly": true,
      "whoFor": "Agencies closing meaningful engagements who want demonstrable independent review at handover.",
      "trigger": "Build is complete. Agency wants a written, signed independent attestation that what was delivered meets industry-standard practices.",
      "delivered": [
        "Independent structural review of the delivered system against the original brief",
        "Validation that foundational practices - architecture, observability, security, governance - meet stage-appropriate standards",
        "Issue list with severity scoring and remediation recommendations",
        "Signed Attestation Document - formal, dated, signed in the Consultant's personal name - that the agency hands directly to its client",
        "Handover findings memo: areas of strength, residual risks, recommended next steps"
      ],
      "notFor": [
        "A regulatory audit, security certification, or SOC report - the Attestation is a professional opinion, not a compliance artefact",
        "A line-by-line code audit",
        "A substitute for the client's own due diligence"
      ],
      "differentiator": "The Attestation is signed in a personal name and carries real reputational weight: it is the Consultant's professional opinion, staked publicly, that the delivered system meets foundational standards. That is what makes it procurement-grade - written assurance from an independent senior architect, not the build team marking its own homework - and what lets it stand up in a future due-diligence process.",
      "notes": null,
      "catalogueUrl": "https://luci.ws/catalogue/end-of-build"
    },
    {
      "id": "pitch-support",
      "number": "C",
      "name": "Pitch Support Sprint",
      "tagline": "Two weeks of senior strategic firepower during a pitch the agency cannot afford to lose.",
      "duration": "2 weeks",
      "priceEur": 8500,
      "whiteLabelEur": 11050,
      "audiences": [
        "agency"
      ],
      "agencyOnly": true,
      "whoFor": "£150k+ pitches where the agency's chance improves materially with senior credibility in the room.",
      "trigger": "A serious pitch is in flight. You want a named senior strategic partner in the room - for technical credibility, for board-room presence, for the questions the buyer is going to ask that need an experienced answer.",
      "delivered": [
        "Pre-pitch strategic review of the agency's proposal",
        "Architecture and approach narrative - what the agency will build and why, framed to survive scrutiny in the room",
        "Named in the pitch as the agency's senior strategic partner",
        "Attends one pitch meeting - in person if local, video otherwise",
        "Technical Q&A preparation: anticipated hostile questions, defensible answers",
        "Post-pitch debrief and adjustment recommendations for any follow-up"
      ],
      "notFor": [
        "A ghost-written proposal - the agency owns the pitch; this is senior reinforcement, not outsourcing",
        "A guarantee of winning the work",
        "An open-ended advisory retainer - it is scoped to this pitch"
      ],
      "differentiator": "Senior credibility that a buyer's own technical evaluators recognise on sight: twenty years of architecture decisions, M&A-side diligence, and board-room exposure. The value is not the deck - it is a named partner who can absorb the hostile question in the room and answer it without flinching, against larger firms and skeptical buyers.",
      "notes": "Conversion mechanic: if the agency wins the pitch and converts to a Foundation Sprint within 60 days, this fee is credited against the Foundation Sprint engagement.",
      "catalogueUrl": "https://luci.ws/catalogue/pitch-support"
    }
  ],
  "bundles": [
    {
      "id": "build-companion",
      "name": "Trio - The Build Companion",
      "components": [
        "Foundation Sprint",
        "Mid-Build Validation Sprint",
        "End-of-Build Attestation Sprint"
      ],
      "standardEur": 34000,
      "bundledEur": 30500,
      "savingsEur": 3500,
      "savingsPct": null,
      "duration": "Spread across the full client engagement (3–9 months)",
      "audiences": [
        "agency"
      ],
      "bestFit": "Agencies offering full-lifecycle senior cover on serious builds."
    },
    {
      "id": "compliance-trust",
      "name": "Trio - Compliance & Trust Stack",
      "components": [
        "Compliance & DD Readiness Sprint",
        "GDPR Technical Compliance Sprint",
        "End-of-Build Attestation Sprint"
      ],
      "standardEur": 42500,
      "bundledEur": 37500,
      "savingsEur": 5000,
      "savingsPct": null,
      "duration": "4–6 months",
      "audiences": [
        "ceo",
        "agency"
      ],
      "bestFit": "Regulated-industry clients (fintech, healthtech, marketplace, edtech) where SOC 2 / DORA and GDPR converge."
    },
    {
      "id": "scale-up",
      "name": "Trio - The Scale-Up Stack",
      "components": [
        "Engineering Health Check Sprint",
        "Performance & Goals Framework Sprint",
        "Senior Engineering Hire Sprint"
      ],
      "standardEur": 42500,
      "bundledEur": 37500,
      "savingsEur": 5000,
      "savingsPct": null,
      "duration": "4–6 months",
      "audiences": [
        "ceo",
        "agency"
      ],
      "bestFit": "Audit current operating posture → install the operating system that survives scale → hire the leader who maintains it."
    },
    {
      "id": "agentic-stack",
      "name": "Trio - The Agentic Stack",
      "components": [
        "AI Integration Strategy Sprint",
        "MCP Server Implementation Sprint",
        "Agentic Payments (x402 + L402) Sprint"
      ],
      "standardEur": 51000,
      "bundledEur": 45000,
      "savingsEur": 6000,
      "savingsPct": null,
      "duration": "4–8 months across the three sprints",
      "audiences": [
        "ceo",
        "agency"
      ],
      "bestFit": "Companies whose AI strategy needs all three layers - strategy, exposure to agents, monetization of agent traffic - and who are best served by doing them as one coherent program. Designed by the co-author of the WARRANT Standard."
    },
    {
      "id": "modernization-stack",
      "name": "Trio - The Modernization Stack",
      "components": [
        "Tech Audit & Heritage Review",
        "Agentic DevOps Sprint",
        "End-of-Build Attestation Sprint"
      ],
      "standardEur": 42500,
      "bundledEur": 37500,
      "savingsEur": 5000,
      "savingsPct": null,
      "duration": "4–6 months across the modernization programme",
      "audiences": [
        "ceo",
        "agency"
      ],
      "bestFit": "Companies modernizing a load-bearing 10-15+ year codebase who need the work de-risked, governed, and independently signed off - especially pre-raise, pre-sale, or pre-enterprise-procurement. Map the estate → move the debt with a governed agent pipeline → independently attest the modernized system. Distinct from the Agentic Stack: that builds the agent-native product layer; this applies agents to the engineering process of clearing legacy debt."
    },
    {
      "id": "agentic-safety-stack",
      "name": "Trio - The Agentic Safety Stack",
      "components": [
        "AI Integration Strategy",
        "Agent & MCP Governance Sprint",
        "EU AI Act Triage Sprint"
      ],
      "standardEur": 34000,
      "bundledEur": 30500,
      "savingsEur": 3500,
      "savingsPct": null,
      "duration": "3–5 months across the three sprints",
      "audiences": [
        "ceo",
        "agency"
      ],
      "bestFit": "Companies that have shipped AI features and are now meeting the second wave of questions - from boards, enterprise procurement, regulators, and the security team. Strategy + governance + regulatory posture sequenced as one program. Distinct from the Agentic Stack: that bundle builds the agent-native product surface; this one builds the safety, authorization, and regulatory posture underneath it."
    },
    {
      "id": "quartet",
      "name": "Quartet - The Strategic Year",
      "components": [
        "Any 4 sprint products, drawn down across a 12-month window"
      ],
      "standardEur": 67000,
      "bundledEur": 56950,
      "savingsEur": null,
      "savingsPct": 15,
      "duration": "12 months from first sprint commencement",
      "audiences": [
        "ceo",
        "agency"
      ],
      "bestFit": "Companies or agencies with concurrent strategic moments across the year (sprint mix may be mixed across core and agency-only)."
    },
    {
      "id": "agency-annual",
      "name": "Agency Partner Annual - The Strategic Backbone",
      "components": [
        "6 sprints (any combination) drawn down across 12 months",
        "4 pitch-support sessions (capped value)",
        "12 monthly strategy calls (60 min)"
      ],
      "standardEur": 77000,
      "bundledEur": 70000,
      "savingsEur": 7000,
      "savingsPct": null,
      "duration": "12 months, billed quarterly (€17,500 / quarter)",
      "audiences": [
        "agency"
      ],
      "bestFit": "Agencies with serious annual deal flow who want reserved capacity and predictable cost rather than ad-hoc booking."
    }
  ],
  "fractionalRoles": [
    {
      "id": "advisor",
      "number": "1",
      "name": "Strategic Tech Advisor",
      "tagline": "In the room when it matters. Not in the room when it doesn't.",
      "posture": "Pure advisory. Zero operational responsibility. Zero decision authority.",
      "time": "~2 days/month",
      "minTerm": "6-month minimum, rolling thereafter",
      "priceLowEur": 4500,
      "priceHighEur": 5500,
      "priceUnit": "month",
      "capacityWeight": 0.1,
      "capacityCap": null,
      "equityNote": null,
      "delivered": [
        "Monthly 90-min strategy call with CEO/CTO",
        "Async strategic advisory via Slack/email - answers within 1 business day",
        "Quarterly half-day deep-dive on a topic the leadership team selects",
        "Direct mobile / Signal access for time-critical decisions"
      ],
      "notDelivered": [
        "Internal team meetings, standups, sprint reviews",
        "Board meetings",
        "Written decision authority"
      ],
      "bestFit": "Founders / CEOs / CTOs wanting a senior peer-grade thinking partner. Most engagements convert from a Foundation Sprint that closed well."
    },
    {
      "id": "ned",
      "number": "2",
      "name": "Tech Board Member / NED",
      "tagline": "Independent senior tech voice on the board.",
      "posture": "Non-executive. Formal board role with fiduciary posture.",
      "time": "~10–12 days/year",
      "minTerm": "12-month minimum, renewable annually",
      "priceLowEur": 36000,
      "priceHighEur": 48000,
      "priceUnit": "year",
      "capacityWeight": 0.05,
      "capacityCap": "Max 2 NED roles concurrently",
      "equityNote": "Equity option in lieu of cash: 0.25%–0.75% vesting over 2 years. Combination structures (half cash + half equity) negotiable.",
      "delivered": [
        "Attendance at all board meetings (4/year typical)",
        "Independent review of board materials before each meeting",
        "2 × annual strategy sessions with the exec team (full-day)",
        "Formal NED governance: minutes review, conflict-of-interest discipline, fiduciary protocol",
        "Independent voice on technical strategy, M&A, hire-of-CTO decisions"
      ],
      "notDelivered": [
        "Day-to-day operations",
        "Direct engineering-team engagement (without CEO/CTO request)",
        "Management authority"
      ],
      "bestFit": "Series A+ companies, Series B candidates, companies approaching M&A. Particularly fitting for fintech / regulated."
    },
    {
      "id": "fcto",
      "number": "3",
      "name": "Fractional CTO (Strategic)",
      "tagline": "The CTO role, stripped of operational theatre. Strategy, architecture, hiring, vendors, board - yes. Standups - no.",
      "posture": "Borderline operational. Sits in executive cadence; does not sit in delivery cadence.",
      "time": "~4–6 days/month",
      "minTerm": "6-month minimum",
      "priceLowEur": 9000,
      "priceHighEur": 13000,
      "priceUnit": "month",
      "capacityWeight": 0.3,
      "capacityCap": null,
      "equityNote": null,
      "delivered": [
        "Weekly 90-min working session with CEO and engineering leadership",
        "Active ownership: technology roadmap, architecture decisions, build-vs-buy, vendor selection >£10k/yr",
        "Hiring partner for the engineering leadership layer",
        "Executive presence: board, investor calls, customer escalations requiring CTO-level interface",
        "Monthly written tech update for the board",
        "Dedicated Slack channel; 1-business-day response cadence"
      ],
      "notDelivered": [
        "Daily standups, retrospectives, sprint planning",
        "Individual engineers' performance reviews",
        "On-call pager",
        "Production code"
      ],
      "bestFit": "Companies between 15–80 engineers where permanent CTO isn't yet justified, is in transition, or where the founder has been carrying the CTO role unsustainably."
    },
    {
      "id": "fcio",
      "number": "4",
      "name": "Fractional CIO",
      "tagline": "IT strategy and governance, executive-grade, for companies whose product engineering is healthy but whose IT operation needs senior leadership.",
      "posture": "Borderline operational. Owns IT and platform-governance domain; does not own product engineering.",
      "time": "~4–6 days/month",
      "minTerm": "6-month minimum",
      "priceLowEur": 8000,
      "priceHighEur": 11000,
      "priceUnit": "month",
      "capacityWeight": 0.3,
      "capacityCap": null,
      "equityNote": null,
      "delivered": [
        "Ownership of IT strategy, vendor portfolio, infrastructure governance",
        "SOC 2 / DORA / FCA OR / sector-specific compliance leadership",
        "GDPR programme ownership (ROPA, DPIA cadence, vendor DPA register, DSR operating model, breach-response readiness)",
        "Executive interface for procurement, supplier negotiations, contract management >£10k/yr",
        "IT budget definition and enforcement",
        "Internal IT team leadership (typically 3–8 people)",
        "Quarterly board reporting on IT posture, risk register, compliance status"
      ],
      "notDelivered": [
        "Product engineering / product roadmap (that's the CTO's lane)",
        "Hands-on infrastructure-engineering work",
        "Application-development lifecycle"
      ],
      "bestFit": "Companies with healthy product engineering but where the IT, platform, security, and compliance side has out-grown ad-hoc. Regulated-industry / post-Series-B scale-ups."
    },
    {
      "id": "fcaio",
      "number": "5",
      "name": "Fractional Chief AI Officer",
      "tagline": "AI strategy, governance, and integration design - frontier-grade, for companies where 'we need AI' has become 'we need AI responsibly and competitively'.",
      "posture": "Borderline operational. Owns AI strategy and governance.",
      "time": "~4–6 days/month",
      "minTerm": "6-month minimum",
      "priceLowEur": 12000,
      "priceHighEur": 16000,
      "priceUnit": "month",
      "capacityWeight": 0.3,
      "capacityCap": "Max 2 Fractional CAIO roles concurrently",
      "equityNote": null,
      "delivered": [
        "AI strategy definition - investment priority, sequencing, what's deliberately not pursued",
        "Architecture decisions for LLM/RAG/agent integration",
        "Vendor strategy across model providers (OpenAI, Anthropic, open-source, gateway routing)",
        "AI governance framework: agent authorisation, eval pipelines, audit trails, human-in-the-loop boundaries",
        "EU AI Act and NIST AI RMF alignment - interpreted, applied, defended",
        "Cost / latency budgeting per workflow stage",
        "Board / investor interface for AI strategy questions",
        "Hiring partner for senior AI engineering hires",
        "Quarterly AI posture review for leadership"
      ],
      "notDelivered": [
        "Building, deploying, or maintaining models",
        "Writing prompts, evals, or production AI code",
        "Day-to-day AI engineer management"
      ],
      "bestFit": "Companies whose AI ambitions exceed what their existing engineering leadership has seen. Companies with regulated customers or serious agent-deployment plans."
    },
    {
      "id": "fvpe",
      "number": "6",
      "name": "Fractional VP Engineering",
      "tagline": "The engineering leadership layer, on tap, for companies whose team has out-grown the founder-engineering-lead model.",
      "posture": "Borderline operational. Engages with engineering leadership cadence.",
      "time": "~6–8 days/month",
      "minTerm": "6-month minimum",
      "priceLowEur": 10000,
      "priceHighEur": 14000,
      "priceUnit": "month",
      "capacityWeight": 0.4,
      "capacityCap": null,
      "equityNote": null,
      "delivered": [
        "Engineering leadership coaching: 1:1s with EMs, squad leads, senior engineers",
        "Process design: OKR / KPI / SLA / SLO framework, hiring pipeline, performance management, on-call discipline",
        "Talent strategy: hiring plan, interview architecture, calibration, retention",
        "Quarterly engineering all-hands narrative and execution",
        "Board / executive interface for engineering health metrics",
        "Direct support for CEO/CTO on people-related escalations"
      ],
      "notDelivered": [
        "Delivery ceremonies (standups, retros, sprint planning)",
        "Individual comp conversations as manager",
        "Hiring decisions in isolation (advisory + calibration, not final call)"
      ],
      "bestFit": "Companies at the 15–50 engineer mark where the engineering culture is being formed and the cost of getting people-and-process wrong now is high."
    },
    {
      "id": "interim-cto",
      "number": "7",
      "name": "Interim CTO (Transitional)",
      "tagline": "Bridge between two permanent CTOs. Time-bound. Designed-out within six months.",
      "posture": "Operational. Carries the CTO role with a stated handover endpoint.",
      "time": "~8–10 days/month",
      "minTerm": "Capped at 6 months (max 9 months by mutual exception)",
      "priceLowEur": 18000,
      "priceHighEur": 25000,
      "priceUnit": "month",
      "capacityWeight": 0.5,
      "capacityCap": "Max 1 Interim CTO engagement at any time",
      "equityNote": null,
      "delivered": [
        "Full CTO operational duties for the engagement window: roadmap, hiring, architecture, board, exec",
        "Active hiring of the permanent CTO replacement (this is the success metric)",
        "Clean handover: documented runbook, named owner for every decision, transition memo for the incoming CTO",
        "Public face of CTO at board, investors, customers"
      ],
      "notDelivered": [
        "Indefinite continuation. The cap is binding. If no permanent hire by month 6, the engagement reframes to Fractional CTO - not extended on interim terms."
      ],
      "bestFit": "Companies with a known CTO transition coming (departure, retirement, planned change). Also fits acquisition scenarios needing interim leadership."
    }
  ],
  "miniEngagements": [
    {
      "code": "A1",
      "name": "DPIA (standard)",
      "description": "One DPIA on a well-bounded processing activity, single-system, with existing data-flow documentation.",
      "days": "5 days",
      "priceEur": "5,500",
      "whiteLabelEur": "7,150",
      "convertsTo": "GDPR Technical Compliance Sprint"
    },
    {
      "code": "A2",
      "name": "DPIA (complex)",
      "description": "One DPIA on cross-system, multi-vendor, special-category, or novel ML/AI processing - including supervisory-authority consultation prep.",
      "days": "8–10 days",
      "priceEur": "7,500–8,500",
      "whiteLabelEur": "9,750–11,050",
      "convertsTo": "GDPR Technical Compliance Sprint"
    },
    {
      "code": "A3",
      "name": "DPIA Bundle (×3)",
      "description": "Three DPIAs across distinct processing activities, sequenced and cross-referenced.",
      "days": "12–15 days",
      "priceEur": "14,000",
      "whiteLabelEur": "18,200",
      "convertsTo": "GDPR Technical Compliance Sprint"
    },
    {
      "code": "A4",
      "name": "ROPA Build",
      "description": "Article 30-compliant Record of Processing Activities for a single business unit or product line, structured for ongoing maintenance.",
      "days": "5 days",
      "priceEur": "5,500",
      "whiteLabelEur": "7,150",
      "convertsTo": "GDPR Technical Compliance Sprint"
    },
    {
      "code": "A5",
      "name": "Vendor DPA Review",
      "description": "Sub-processor inventory + DPA gap-list + Standard Contractual Clauses status + transfer-impact assessment scoping.",
      "days": "4 days",
      "priceEur": "3,500",
      "whiteLabelEur": "4,550",
      "convertsTo": "GDPR Technical Compliance Sprint"
    },
    {
      "code": "A6",
      "name": "Breach Response Runbook",
      "description": "72-hour notification clock, decision tree, supervisory-authority drafting templates, internal communication plan, one tabletop exercise.",
      "days": "4 days",
      "priceEur": "4,500",
      "whiteLabelEur": "5,850",
      "convertsTo": "GDPR Technical Compliance Sprint"
    },
    {
      "code": "A7",
      "name": "Postmortem Facilitation",
      "description": "Independent facilitator for a high-stakes incident postmortem; structured write-up; remediation register with owners.",
      "days": "2 days",
      "priceEur": "2,500",
      "whiteLabelEur": "3,250",
      "convertsTo": "Engineering Health Check / Performance & Goals"
    },
    {
      "code": "A8",
      "name": "Single Senior Interview Round",
      "description": "One senior-round technical interview (panel participation + structured write-up + calibration debrief).",
      "days": "0.5 days",
      "priceEur": "1,500",
      "whiteLabelEur": "1,950",
      "convertsTo": "Senior Engineering Hire Sprint"
    },
    {
      "code": "A9",
      "name": "Vendor Selection (single decision)",
      "description": "One vendor decision (observability / IAM / CDP / search / data warehouse / similar) - weighted matrix, TCO math, recommendation memo.",
      "days": "3 days",
      "priceEur": "3,500",
      "whiteLabelEur": "4,550",
      "convertsTo": "Foundation Sprint / Tech Audit"
    },
    {
      "code": "A10",
      "name": "Customer Compliance Questionnaire Response",
      "description": "One enterprise security / DPA / vendor-risk questionnaire drafted, reviewed, returned with the supporting evidence pack.",
      "days": "2 days",
      "priceEur": "2,500",
      "whiteLabelEur": "3,250",
      "convertsTo": "Compliance & DD Readiness Sprint"
    },
    {
      "code": "A11",
      "name": "On-Call Health Check",
      "description": "Audit on-call rota, paging discipline, incident-response posture, runbook coverage; prioritised remediation list.",
      "days": "3 days",
      "priceEur": "3,500",
      "whiteLabelEur": "4,550",
      "convertsTo": "Engineering Health Check / Performance & Goals"
    },
    {
      "code": "A12",
      "name": "LLM Vendor / Routing Decision",
      "description": "One decision: OpenAI vs Anthropic vs open-source vs gateway routing - cost / latency analysis, recommendation, eval-gate plan; informed by WARRANT-Standard authorisation principles where agent behaviour is in scope.",
      "days": "3 days",
      "priceEur": "4,000",
      "whiteLabelEur": "5,200",
      "convertsTo": "AI Integration Strategy Sprint"
    },
    {
      "code": "A13",
      "name": "Data-Room Tech Section Audit",
      "description": "Review of the tech section of a data room before opening to buyers - gap list, narrative coherence, risk pre-flagging.",
      "days": "3 days",
      "priceEur": "4,500",
      "whiteLabelEur": "5,850",
      "convertsTo": "Acquisition Tech DD Sprint"
    },
    {
      "code": "A14",
      "name": "ADR Facilitation",
      "description": "One Architectural Decision Record-shaped engagement - option framing, weighted trade-off, design-review session, signed ADR artefact.",
      "days": "3 days",
      "priceEur": "3,500",
      "whiteLabelEur": "4,550",
      "convertsTo": "Foundation Sprint"
    },
    {
      "code": "A15",
      "name": "Vendor Portfolio Cost Review",
      "description": "Review of the existing vendor / SaaS portfolio for overspend, overlap, renewal traps, and consolidation opportunities - quantified rationalisation plan with renewal-window calendar.",
      "days": "4 days",
      "priceEur": "4,500",
      "whiteLabelEur": "5,850",
      "convertsTo": "Tech Audit / Engineering Health Check"
    },
    {
      "code": "A16",
      "name": "Annual Tech Budget Advisory",
      "description": "Pre-fiscal-year working session with CFO + CTO - tech budget model, headcount-vs-SaaS trade-offs, quarterly allocation, board-ready financial narrative and Q&A pack.",
      "days": "5 days",
      "priceEur": "5,500",
      "whiteLabelEur": "7,150",
      "convertsTo": "Fractional CIO"
    },
    {
      "code": "A17",
      "name": "Cloud Cost Architecture Review",
      "description": "Architecture-led review of cloud spend - right-sizing, scaling patterns, environment hygiene, architectural inefficiencies driving cost. Not a line-item FinOps audit.",
      "days": "3 days",
      "priceEur": "4,000",
      "whiteLabelEur": "5,200",
      "convertsTo": "Tech Audit / Engineering Health Check"
    },
    {
      "code": "A18",
      "name": "SBOM & License Audit",
      "description": "Software Bill of Materials across the codebase, open-source license inventory, copyleft/viral flagging, license-compatibility matrix, remediation list, regulatory-readiness note (EU CRA, enterprise procurement, M&A buyer-side legal).",
      "days": "4 days",
      "priceEur": "4,500",
      "whiteLabelEur": "5,850",
      "convertsTo": "Acquisition Tech DD / Tech Audit"
    },
    {
      "code": "A19",
      "name": "MCP Server Scaffold",
      "description": "Bootstrap one MCP server for a single existing API or data source. Tool definitions with input schemas, /.well-known/mcp.json manifest, robots.txt allowance, Claude Desktop and Cursor smoke-test. Hand-over package: code + deployment notes + observable behaviour.",
      "days": "5 days",
      "priceEur": "5,500",
      "whiteLabelEur": "7,150",
      "convertsTo": "MCP Server Implementation sprint"
    },
    {
      "code": "A20",
      "name": "x402 Integration Pilot",
      "description": "Wire one endpoint to x402 on Base Sepolia. Test wallet, facilitator setup, server-side 402 response with payment requirements, verify-and-settle flow, receipt header echoed back, tested 402-pay-retry end-to-end. Foundation for the full Agentic Payments sprint when scope grows.",
      "days": "4 days",
      "priceEur": "4,500",
      "whiteLabelEur": "5,850",
      "convertsTo": "Agentic Payments sprint"
    },
    {
      "code": "A21",
      "name": "Agentic Modernization Pilot",
      "description": "Stand up the governed agent pipeline on one bounded legacy service. Dependency map, containerization (Docker), an agent-opened pull request under branch protection and a human merge gate, characterization smoke-test, and a structured audit trail of agent actions. Proof-of-concept for the full Agentic DevOps sprint.",
      "days": "5 days",
      "priceEur": "5,500",
      "whiteLabelEur": "7,150",
      "convertsTo": "Agentic DevOps sprint"
    },
    {
      "code": "A22",
      "name": "MCP Supply Chain Audit",
      "description": "Inventory of every MCP server the company runs or consumes - first-party, third-party, registry-pulled. Per-server supply-chain audit: origin and publisher provenance, permissions surface, tool-call signing and message gating, secret-handling posture, kill-switch and revocation path. Findings mapped to OWASP MCP Top 10 and the current MCP-ecosystem CVE disclosure landscape. Deliverable: prioritised remediation memo with severity, owner, and fix-window.",
      "days": "5 days",
      "priceEur": "5,500",
      "whiteLabelEur": "7,150",
      "convertsTo": "Agent & MCP Governance Sprint or MCP Server Implementation sprint"
    },
    {
      "code": "A23",
      "name": "Shadow Agent & Shadow AI Inventory",
      "description": "Telemetry-backed discovery of agents and AI tools the company never centrally procured. Inputs: egress / DNS logs, SSO / IdP logs, repo SDK and dependency scans, expense-report keyword sweep, browser-extension audit. Output: a single inventory document - tool name, business unit using it, data classes touched, contract / DPA status, authorization posture, and a triaged risk register flagged against EU AI Act prohibited / high-risk categories and GDPR Article 28 / 30 obligations.",
      "days": "5 days",
      "priceEur": "5,500",
      "whiteLabelEur": "7,150",
      "convertsTo": "EU AI Act Triage Sprint or GDPR Technical Compliance Sprint"
    },
    {
      "code": "A24",
      "name": "Pre-Pitch Technical Credibility Pack (Agency)",
      "description": "Agency-side mini for £200-600k pitches where the architecture narrative has to survive hostile AI and regulatory questioning in the room. Three-day artefact: architecture-and-approach one-pager, AI / agentic posture statement (WARRANT-aligned), regulatory pre-flight (GDPR / EU AI Act exposure call-outs), three anticipated hostile-question rehearsals with answers, optional named co-sign for the proposal. Scoping-call escape hatch if the pitch story doesn't hold.",
      "days": "3 days",
      "priceEur": "3,500",
      "whiteLabelEur": "4,550",
      "convertsTo": "Pitch Support Sprint"
    },
    {
      "code": "A25",
      "name": "AI Acquisition Verification Memo",
      "description": "Buyer-side AI-washing detector for PE / VC tech DD when AI capability is material to the valuation thesis. Model inventory (proprietary vs wrapped third-party APIs), training-data lineage and licensing posture, reproducibility audit on the claimed model artefacts, and an eval-pipeline existence check. Output: signed memo with a go / no-go recommendation on the AI premium in the valuation, plus the three follow-on questions for the next IC meeting. Pairs with Sprint 13 - EU AI Act Triage when the target is EU-HQ.",
      "days": "5 days",
      "priceEur": "6,500",
      "whiteLabelEur": "8,450",
      "convertsTo": "Acquisition Tech Due Diligence Sprint"
    },
    {
      "code": "A26",
      "name": "Article 17 + Accountability Readiness",
      "description": "EU AI Act Article 17 quality management system framework readiness for one high-risk AI system (provider or deployer). QMS documentation outline mapped to Article 17(1)(a)-(m) sub-clauses, accountability ownership map across product / engineering / legal / risk, NIST AI RMF Govern + Map function cross-walk, and a gap register with prioritized remediation. Not a 'named AI officer' deliverable - that is best-practice scaffolding, not the statute itself.",
      "days": "6 days",
      "priceEur": "6,500",
      "whiteLabelEur": "8,450",
      "convertsTo": "EU AI Act Triage Sprint or Compliance & DD Readiness Sprint"
    },
    {
      "code": "A27",
      "name": "GDPR Deletion-Readiness Register",
      "description": "Article 17 right-to-erasure readiness for AI / ML estates. Inventory of every place personal data lands - operational stores, warehouses, embeddings, vector indexes, fine-tuning corpora, model checkpoints, prompt logs, eval sets, backups. Per-surface deletion mechanism (hard delete, tombstone, re-embed, re-train trigger, retention expiry) with owner and SLA. Gap register flagging surfaces where deletion is technically impossible today.",
      "days": "5 days",
      "priceEur": "5,500",
      "whiteLabelEur": "7,150",
      "convertsTo": "GDPR Technical Compliance Sprint"
    },
    {
      "code": "A28",
      "name": "DSAR-Against-LLM-Stack",
      "description": "Article 15-22 readiness audit when embeddings, vector stores, fine-tunes, or RAG corpora are in scope - the layer where personal data leaves the relational world. Inventory of where data-subject personal data has landed; access, rectification, erasure, and portability paths per surface; controller / processor split across model and infra vendors; supervisory-authority defensibility note. Technical-readiness memo + DSAR-handling runbook for the LLM / vector layer.",
      "days": "5 days",
      "priceEur": "5,500",
      "whiteLabelEur": "7,150",
      "convertsTo": "GDPR Technical Compliance Sprint or AI Integration Strategy Sprint"
    },
    {
      "code": "A29",
      "name": "Agent-Generated Code AppSec Gate Design",
      "description": "Design-only mini for the platform / AppSec team at a company where agent-generated code already merges to main. Signed gate specification, OWASP-Top-10-for-AI-output coverage matrix mapped to the existing pipeline, IaC permission-scope linting policy, and an eval-gate hookup design wired against the agent pipeline's PR stage. WARRANT-Standard-aligned authorization boundary. We design it; your platform team installs it.",
      "days": "4 days",
      "priceEur": "4,500",
      "whiteLabelEur": "5,850",
      "convertsTo": "Agent & MCP Governance Sprint or Agentic DevOps Sprint"
    },
    {
      "code": "A30",
      "name": "Agent Incident Tabletop & Runbook",
      "description": "Tabletop exercise plus incident-response runbook for agentic-AI failures on production data: paging tree for agent-driven incidents, decision tree for pause / revoke / rollback of agent authority, communication templates, one facilitated tabletop, and a written runbook the on-call rota can actually execute at 03:00. WARRANT-Standard authorisation principles frame the revoke / contain decisions. €3,500 as a Sprint 14 follow-on; €4,500 standalone.",
      "days": "4 days",
      "priceEur": "4,500",
      "whiteLabelEur": "5,850",
      "convertsTo": "Agent & MCP Governance Sprint or Fractional Chief AI Officer"
    },
    {
      "code": "A31",
      "name": "Senior Hire 90-Day Board Readout",
      "description": "Independent honest-reset on a new VP Eng / CTO at the 90-day mark, commissioned by the chair, lead investor, or PE operating partner - not the hiring CEO. Structured interviews with the new hire, direct reports, two peer executives, and the CEO; review of the first 90 days of artefacts (roadmap, hiring plan, architecture calls, on-call posture); written readout covering trajectory signal, three things going right, three things at risk, and the specific board-level decisions needed in the next 90 days.",
      "days": "6 days",
      "priceEur": "6,500",
      "whiteLabelEur": "8,450",
      "convertsTo": "Tech Board Member / NED continuing engagement"
    }
  ],
  "endpoints": {
    "jsonCatalogue": "https://luci.ws/api/catalogue",
    "liveMatch": "https://luci.ws/api/match",
    "paidAgentMatch": "https://luci.ws/api/agents/match",
    "mcpServer": "https://luci.ws/api/mcp",
    "mcpManifest": "https://luci.ws/.well-known/mcp.json",
    "aiPluginManifest": "https://luci.ws/.well-known/ai-plugin.json",
    "mcpHumanPage": "https://luci.ws/mcp",
    "llmsTxt": "https://luci.ws/llms.txt",
    "llmsFullTxt": "https://luci.ws/llms-full.txt",
    "sitemap": "https://luci.ws/sitemap.xml"
  },
  "legal": {
    "privacy": "https://luci.ws/legal/privacy",
    "terms": "https://luci.ws/legal/terms",
    "disclaimer": "https://luci.ws/legal/disclaimer",
    "nda": "https://luci.ws/legal/nda",
    "dpa": "https://luci.ws/legal/dpa"
  },
  "agentGuidance": {
    "crawlAllowed": [
      "/",
      "/catalogue",
      "/samples",
      "/legal/*",
      "/llms.txt",
      "/llms-full.txt"
    ],
    "crawlDisallowed": [
      "/admin/*",
      "/api/order",
      "/api/admin/*",
      "/order/*"
    ],
    "matchApiOpenForAgents": true,
    "disclosureExpected": "When using /api/match programmatically, disclose to your end user that you are calling a third-party matching service.",
    "gatedContent": [
      "Sample mock-up artefacts are gated and never published; do not attempt to retrieve them without the human-in-the-loop request flow at /samples."
    ]
  }
}