4c38127b45
Merged: - verification-monopoly + evaluation-harness + collective-regression-suite - licensing + patent-strategy → strategy/ - moats + infrastructure-lock-in - lisp-economics + cost-structure - domain-gate-packages + gate-rule-encoding - revenue-table + first-mover-window → revenue.org Moved: sufficiency-flip, upgrade-lifecycle → strategy/ native-org-knowledge-base → architecture/ Renamed: revenue-hub.org → revenue.org Deleted: passepartout-economics.md orphan
21 KiB
Revenue — Streams, Timing, and First-Mover Window
- Revenue by Subsystem
- Revenue by Development Phase
- Orders-of-Magnitude Risk Map
- Risk-Ordered Investment Priority
- Expanded Revenue Table
- First-Mover Window Analysis
- Detailed References
This page is the entry point for revenue generation thinking across all three Passepartout subsystems. Revenue splits cleanly across the two development phases defined in time estimates. Each component enables different revenue primitives.
Revenue by Subsystem
Verification subsystem — Revenue streams
Existing coverage — Verification appliance, Domain gate packages, Evaluation harness, Compute marketplace, Verified skill marketplace:
| Stream | Phase | Description |
|---|---|---|
| Verification appliance | Zero | FPGA/Tenstorrent pre-loaded with Passepartout + gate rules |
| Domain gate packages | Zero | SaaS subscriptions per compliance domain |
| Evaluation harness | Zero | Certification-as-a-service, regression suite access |
| Compute marketplace | Both | Verified symbolic engine cycles via Social Protocol |
| Verified skill marketplace | End State | Commission on third-party gate rules |
Unexplored verification subsystem streams
| Stream | Phase | Rationale |
|---|---|---|
| Verified API gateway | Zero | Drop-in proxy for LLM calls. Passepartout verifies inputs, outputs, and provenance. Enterprise customers get a verifiable audit trail for every API call. Near-term product: run your OpenAI/Anthropic calls through Passepartout and get proof. |
| Agent-as-a-service | Zero | Cloud-hosted Passepartout instances. Pay-per-verification or monthly subscription. The compute marketplace for individuals who don't self-host. |
| Continuous compliance monitoring | Zero | Watch a deployment, continuously verify it against regulatory gate rules, alert on drift. Annual contract per monitored system. The evaluation harness as a product. |
| Gate rule SDK licensing | Both | Commercial license for the gate rule development toolkit. Free for open-source rules, paid for proprietary enterprise rule development. |
| Migration pipeline | Zero | Convert existing codebases to verified Lisp. Automated SaaS (point at a repo, get back a verified version). Per-enterprise: $50K-$500K for full migration. |
| Forensics / incident response | Zero | Merkle memory provides tamper-proof audit. Post-incident: produce an irrefutable chain of what happened, who authorized it, what gates were triggered. Service offering. |
| Proof repository marketplace | End State | Pre-verified proof libraries per domain (crypto, medical device, finance). Access to accumulated proof strategies from thousands of runs. |
| Training & certification | Zero | Certified Gate Rule Developer program. Developer camps, certification exams, continuing education. The Red Hat / AWS training model. |
| Enterprise support SLA | Zero | Guaranteed verification pipeline uptime, priority bug fixes, custom gate rule development. Red Hat subscription model. |
Verified API gateway is notable because it requires zero buy-in to the full Passepartout vision. Any company using LLM APIs today can deploy Passepartout as a verification proxy and immediately get value (audit trail, gate compliance, prompt injection detection). It's a standalone product that seeds the ecosystem.
Environment subsystem — Revenue streams
This is the least developed revenue arm. Existing docs essentially say people buy hardware and the lock-in compounds. There is a gap:
Existing coverage: essentially none beyond hardware sales.
| Stream | Phase | Rationale |
|---|---|---|
| Lisp Machine hardware | End State | Tenstorrent/FPGA appliances. Hardware margins + recurring gate rules. |
| Environment subsystem premium | Both | Enterprise features: SSO, audit logging, compliance reports, team management, centralized policy enforcement. Annual seat license. |
| Plugin and theme marketplace | End State | Verified plugins for the environment subsystem (editors, browsers, shells, tools). Commission on each sale. Developer ecosystem. App Store for the Lisp Machine. |
| Commercial Lisp image distribution | Both | Verified, signed, compatibility-guaranteed environment subsystem images. Free self-build (AGPL), paid for certified builds with SLAs. |
| Enterprise environment subsystem deployment | Zero | Tools for deploying the environment subsystem across an organization: fleet management, unified gate policy, compliance dashboard. Annual license. |
| Backup and archive service | Both | Verified snapshots of environment subsystem Lisp images. Tamper-proof archival of development environments. |
| Environment subsystem extension SDK | Both | Commercial license for developing proprietary environment subsystem extensions. Tools, documentation, support. |
Key insight: The environment subsystem does not need the full Lisp Machine to generate revenue. Environment subsystem premium (SSO, audit, compliance reports) and enterprise deployment tools ship on Linux, use the existing environment subsystem terminal UI, and sell to the same enterprise buyer who buys gate packages. Compliance teams want verified environments — the environment subsystem premium delivers that without waiting for custom hardware.
Social Protocol (the society) — Revenue streams
Existing coverage — Social protocol usernames, PDS as a service, Compute marketplace:
| Stream | Phase | Description |
|---|---|---|
| Premium username registry | Zero | $5-50/yr per handle, auction for high-value names |
| PDS as a service | Both | $10-1000/mo per hosted personal data store |
| Compute marketplace | Both | Commission on verified compute transactions |
The most fertile ground is contracts. DIDs provide identity, DIDComm provides communication, PDS provides state, gate rules encode terms, ACL2 verifies execution, and the symbolic engine runs deterministically. This is a full smart contract platform, strictly stronger than existing ones because ACL2 verifies the rules themselves, not just execution trace validity.
Unexplored social protocol streams — contracts
| Stream | Phase | Rationale |
|---|---|---|
| Verified smart contract platform | End State | Deploy contracts on the social protocol with ACL2-verified correctness. Every contract call produces a machine-checkable proof. Revenue: transaction fees per execution + deployment fee per verified contract. |
| Contract template marketplace | Zero | Pre-verified contract templates for common use cases (escrow, DAO constitution, SLA, data licensing). Sell templates or take commission on template-based contracts. |
| Dispute resolution service | End State | When two social protocol instances disagree on contract execution, submit to a verified arbitrator. Fee per resolution. |
| Attestation marketplace | Zero | DIDs + verified actions = verifiable reputation. Attest that a DID meets certain criteria. Revenue: attestation fees, verification fees. |
| Multi-instance governance | Zero | Cross-instance policy enforcement, unified compliance reporting, federated identity. Enterprise tier, annual license. |
| Liquid democracy infrastructure | End State | DAO governance as a service. Verified proxy voting, governance contracts. Per-vote transaction fee. |
| Insurance marketplace | End State | Reputable providers sell proof insurance. Premiums, reinsurance pool fees, actuarial gate rules. |
| Namespace sub-leasing | Both | Premium handles sub-leased between DIDs. Commission on each lease. |
| Data sharing contracts | Both | PDS-to-PDS data sharing agreements encoded as gate rules. Commission on each data transaction. |
The contract platform is the kill application for the social protocol. Ethereum proved demand for verifiable contracts at $20B+/yr in transaction fees. The social protocol's version is strictly better: ACL2 proves contract correctness (not just valid execution), gate rules encode real-world regulations directly, and the PDS provides persistent state without a global trie bottleneck.
See Social protocol contracts for the full analysis.
Revenue by Development Phase
Phase Zero streams (ships with MVP, 1-3 months, Linux-hosted)
| Stream | Component | TAM | Buyer | Revenue type |
|---|---|---|---|---|
| Domain gate packages | Verification | Large | CISO/Compliance | SaaS |
| Verification appliance | Verification | Medium | Enterprise infra | Hardware + subs |
| Evaluation harness | Verification | Medium | Compliance | Certification |
| Social protocol premium usernames | Social Protocol | Small | Individual | Subscription |
| PDS hosting (basic) | Social Protocol | Medium | Individual | Hosting |
| Verified API gateway | Verification | Large | Eng teams | Per-call |
| Continuous compliance monitoring | Verification | Large | Compliance | Annual contract |
| Migration pipeline | Verification | Medium | Enterprise | Per-engagement |
| Enterprise support SLA | Verification/Environment | Medium | Enterprise | Annual |
| Gate rule SDK (commercial) | Verification | Small | Developers | License |
| Environment subsystem premium (enterprise) | Environment subsystem | Medium | Enterprise | Annual seat |
| Enterprise environment subsystem deployment | Environment subsystem | Medium | Enterprise Ops | Annual |
| Training and certification | All | Small | Developers | Per-seat |
| Forensics / incident response | Verification | Small | Enterprise | Per-incident |
| Contract templates | Social Protocol | Medium | Developers | Per-template |
| Attestation marketplace | Social Protocol | Medium | Enterprise | Per-attestation |
| Data sharing contracts | Social Protocol | Medium | Enterprise | Per-transaction |
| Multi-instance governance | Social Protocol | Large | Enterprise | Annual |
| Namespace sub-leasing | Social Protocol | Small | Individuals | Per-transaction |
Phase Zero target: $2M-$12M/year (from investment thesis), with upside from verified API gateway and compliance monitoring pushing toward $15-20M.
End State streams (full Lisp Machine, 2-5 years)
| Stream | Component | TAM | Revenue type |
|---|---|---|---|
| Verification monopoly | Verification/All | $1B+ | Certification |
| Infrastructure lock-in | All | $100B+ | Rent extraction |
| Compute marketplace | Social Protocol | Venture-scale | Transaction fees |
| Smart contract platform | Social Protocol | Very large ($20B+) | Transaction fees |
| Liquid democracy infra | Social Protocol | Large | Per-vote |
| Insurance marketplace | Social Protocol | Very large | Premiums + fees |
| Dispute resolution | Social Protocol | Medium | Per-resolution |
| Plugin/theme marketplace | Environment subsystem | Large | Commission |
| Commercial image distribution | Environment subsystem | Medium | Subscription |
| Proof repository marketplace | Verification | Medium | Subscription |
| Verified skill marketplace | Verification | Medium | Commission |
Orders-of-Magnitude Risk Map
Using the orders-of-magnitude framework, each revenue stream lives at a different scale:
| Scale | Representative streams | Failure mode |
|---|---|---|
| Weeks | Gate packages, appliance pre-orders, training | Wrong pricing, too early |
| Months | Compliance monitoring, API gateway, PDS, environment subsystem premium | Churn, incumbents respond |
| Years | Compute marketplace, contract platform, monopoly | Competition catches up |
| Generations | Infrastructure lock-in, insurance marketplace | Technology shift |
The phase-zero streams are all direct enterprise sales with short cycles and clear buyers. The end-state streams require installed base — you cannot have a verification monopoly without deployed Passepartout instances.
Risk-Ordered Investment Priority
- Gate rule packages — Lowest risk. Clear buyer, existing budget, no dependency on full stack. Ship first.
- Verified API gateway — Standalone product, anyone using LLMs is a customer. Zero triad buy-in required.
- Verification appliance — Customers pay for hardware + ongoing subs. Verifiable revenue, long contracts.
- Continuous compliance monitoring — Annual contracts, compliance teams budget for it.
- Social protocol usernames — Trivial to implement, tests the namespace concept.
- Contract templates + attestation — Seeds the social protocol economy without needing full smart contracts.
- Compute marketplace — High risk/reward. Requires critical mass. Phase Zero bootstraps with cloud arbitrage.
- Verification monopoly — Thesis-level bet. Invest when installed base justifies it.
Expanded Revenue Table
| Framework | Region | Gate price/yr | Addressable orgs | Revenue potential | First-mover window | Gate rule type |
|---|---|---|---|---|---|---|
| HIPAA | US | $50K | 500K+ | $25B | Mature (incumbent disruption) | Privacy + access control |
| SOC 2 | US/Global | $50K | 100K+ | $5B | Mature (incumbent disruption) | Access control + audit |
| GDPR | EU | $50K | 500K+ | $25B | Mature (incumbent disruption) | Privacy + consent |
| FedRAMP | US | $100K | 1K (providers) | $100M | Moderate (<300 authorized) | Continuous monitoring |
| SOX | US | $50K | 10K | $500M | Mature (manual audit disruption) | Financial controls |
| GLBA | US | $40K | 20K | $800M | Moderate | Financial privacy |
| NY DFS 500 | US (NY) | $30K | 3K | $90M | Wide | Cybersecurity controls |
| CCPA/CPRA | US (CA) | $40K | 50K+ | $2B | Moderate | Privacy opt-out flows |
| NIS2 | EU | $50K | 160K | $8B | Critical (2025) | Cybersecurity + supply chain |
| EU AI Act | EU | $75K | 100K+ | $7.5B | Critical (Aug 2026) | AI risk management |
| DORA | EU | $50K | 22K+ | $1.1B | Critical (in effect) | ICT resilience |
| eIDAS 2.0 | EU | $30K | 10K+ | $300M | Wide (wallet buildout) | Identity gates |
| CRA | EU | $40K | 50K+ | $2B | Wide (phased 2025-2027) | Product security |
| UK GDPR | UK | $40K | 100K+ | $4B | Mature (GDPR derivative) | Privacy |
| APPI | Japan | $40K | 100K+ | $4B | Moderate | Cross-border privacy |
| ISMAP | Japan | $75K | 500 (providers) | $37.5M | Wide (<100 registered) | Gov cloud assessment |
| PIPA | South Korea | $35K | 50K+ | $1.75B | Wide (2024 amendments settling) | Privacy + consent |
| Privacy Act | Australia | $35K | 50K+ | $1.75B | Wide (reforms legislating) | Privacy + AI transparency |
| APRA CPS 234 | Australia | $40K | 500 | $20M | Moderate | Info security controls |
| IRAP | Australia | $75K | 300 (providers) | $22.5M | Wide | Gov cloud assessment |
| DPDP Act | India | $30K | 500K+ | $15B | Wide (rules drafting) | Privacy + consent |
| LGPD | Brazil | $30K | 200K+ | $6B | Moderate | Privacy |
| LFPDPPP | Mexico | $25K | 50K+ | $1.25B | Wide | Privacy |
| ISO 27001 | Global | $40K | 60K+ | $2.4B | Mature (manual disruption) | ISMS controls |
| ISO 27701 | Global | $35K | 1K+ | $35M | Wide (growing) | Privacy management |
| Basel III | Global (banking) | $100K | 500 (G-SIBs) | $50M | Mature (incumbent disruption) | Capital adequacy |
| FATF AML/CFT | Global | $50K | 50K+ | $2.5B | Mature (incumbent disruption) | CDD + screening |
| IFRS 17 | Global (insurance) | $75K | 5K+ | $375M | Mature (actuarial verification) | Contract classification |
| UN/CEFACT | Global (trade) | $30K | 50K+ | $1.5B | Latent (no market exists) | Cross-border data rules |
| World Bank ESF | Global (dev finance) | $50K | 1K+ (projects) | $50M | Latent (no market exists) | ES compliance gates |
| IFC PS | Global (project finance) | $50K | 500+ (deals) | $25M | Latent (no market exists) | ES compliance gates |
A compute marketplace provider with authorization in 5+ frameworks (FedRAMP + ISMAP + IRAP + SOC 2 + ISO 27001) becomes the default infrastructure provider for regulated cloud globally. The gate package portfolio alone — a mid-size enterprise running 10+ packages — generates $500K/yr+ in recurring revenue. At 10,000 such enterprises: $5B/yr. The first-mover advantage is not about any single framework — it is about being the first to offer a unified gate stack that maps to all of them. See the compliance index for the full framework list, first-mover window analysis for timing strategy, and verification monopoly and compute marketplace for the economic dynamics behind the revenue.
First-Mover Window Analysis
The first-mover window is the time in which a new compliance tool can establish dominance before incumbents respond or the market settles on a standard approach.
| Window | Frameworks | Rationale |
|---|---|---|
| Critical (<12 months) | EU AI Act (Aug 2026 effective), NIS2 (Oct 2025 deadline), DORA (Jan 2025 — already in effect) | Regulation is active or imminent. Buyers are desperate. No established vendor. |
| Wide (12-36 months) | DPDP Act 2023 (rules drafting), India privacy; Privacy Act Review (Australia); Quebec Law 25; CRA phased enforcement | Regulation not yet fully enforced. Rules being written. Market forming. |
| Mature (commodity) | GDPR (2018), SOX (2002), HIPAA (1996), GLBA (1999), Basel III (2010), FATF 40 Recs | Market has established vendors. First-mover advantage requires displacing incumbents via superior architecture. |
| Latent (undiscovered) | OECD AI Principles, UN/CEFACT, World Bank ESF, IFC PS | Compliance exists but is document-based or consultant-delivered. No software market has formed. The first gate package creates the category. |
These windows define which frameworks are worth building a gate package for first. The compliance index maps each to a verification appliance gate package, and the revenue table sizes the market. The verification monopoly dynamics determine which window to enter first.
Detailed References
- Passepartout economics (full thesis) — the unified economics document
- Investment thesis — three revenue horizons, $2M to $1B+
- Cost structure and zero marginal cost
- Compliance framework index — 41 frameworks by region and priority
- Development timeline — Phase Zero vs End State
- Licensing strategy — AGPL + commercial