Dosu Logo
Home
Documents
opnDossier Pro Product Requirements
opnDossier Pro Product Requirements
Type
External
Status
Published
Created
Apr 19, 2026
Updated
Apr 19, 2026
Source
View
Product overview
πŸ“… Target datePhase D (commercial launch) β€” Q3 2026 target, gated on demo feedback and solo-operator bandwidth
🟑 Document statusDRAFT
πŸ‘Ÿ Team membersKen Melton β€” solo operator (engineering, pricing, sales ops, community, gov/IC inbound, all Pro-tier functions)
Quick links
πŸ—‚ Work trackerJira NATS project, opnDossier-pro GitHub issues
πŸ“¦ Repo (private, source-available from Phase B)https://github.com/EvilBit-Labs/opnDossier-pro
πŸ”— Open-source baseEvilBit-Labs/opnDossier (Apache 2.0)
πŸ“ Source planning docsopndossier-product-hierarchy.md, opndossier-launch-sequence.md, opndossier-pro-issue-plan.md, jira-migration-plan.md
🎨 DesignsLanding page on evilbitlabs.io (Astro) β€” Ken owns
πŸŽ₯ Loom demoTBD (Phase C β€” screen recording of real assessment workflow)
🌐 Community PRDopnDossier Product Requirements (parent OSS product)

🎯 Objective#

opnDossier Pro is the proprietary, commercial edition of opnDossier β€” the same practitioner-focused offline firewall analysis tool, with a license-gated feature set aimed at security consultants, enterprise security teams, and government/IC buyers. Pro exists to make the project financially sustainable without VC funding, advertising, or user-data monetization.
Strategic positioning: open core done right. The community edition gets stronger during this transition, not weaker β€” only the STIG compliance plugin moves from free to paid. Everything else added to the Pro tier (PDF reports, SARIF/SIEM export, structured remediation, eventually topology mapping and a desktop app) is net-new engineering investment, not community teardown.
Three target audiences, priced and supported differently: homelabbers (free community edition, evangelists), consultancies (Professional tier at individual-expense-account price; Year 1 revenue focus), gov/IC (Enterprise and Gov/IC tiers, inbound-only, no outbound solicitation).
The product is built as a thin license-gated layer on top of the open-source core Go module. Same codebase, same CLI UX, same airgap guarantees β€” Pro features register conditionally at build time based on a valid Ed25519-signed license file.
Operating model: EvilBit Labs is a solo operation as of Q2 2026. All Pro-tier functions β€” engineering, product, pricing, sales infrastructure, community, and inbound customer handling β€” sit with Ken. Scope decisions, timeline decisions, and role-expansion decisions all assume this constraint until revenue or growth justifies otherwise.

πŸ“Š Success metrics#

GoalMetric
Ship the open-core separation without damaging community trustPhase B blog post receives net-positive response; waitlist reaches β‰₯ 50 signups within 4 weeks; no Reddit/HN credibility crisis
Reach first paying customer (Phase D)β‰₯ 1 paid Professional license sold in 2026; "contact us" form receives β‰₯ 1 Enterprise or Gov/IC inquiry
Validate the MVP feature set via demo programDemo conversion β‰₯ 20% (demo users who indicate willingness to pay); β‰₯ 5 concrete feature-request inputs from demo users
Sustain the engineering burden as a solo operatorPro-specific features add < 20% LOC overhead vs base; same just ci-check gate; no divergence of parser/model code; no more than 10 hours/week of non-engineering ops time
Protect airgap posture under commercial pressureZero network calls in Pro binary verified by CI; license validation is offline-only (no phone-home); SBOM published per release
Keep the community edition compellingOSS repo adds more capabilities than it loses during the transition; parser count grows; pfSense + β‰₯1 additional platform shipped before Phase D
Revenue target Year 110–50 Professional licenses in first 12 months at $99–299/year; final price TBD before Phase D

πŸ€” Assumptions#

  • The open-source core is the moat, not the commercial features. Customers pay for professionally packaged compliance and reporting capabilities, but they'd never look at Pro without the credibility built by the OSS tool. The OSS investment is non-negotiable.
  • Airgap compatibility applies to Pro too. License validation happens offline via Ed25519 signature verification. No activation servers, no phone-home, no "online license check." A hostile environment buyer (gov/IC, regulated finance) must be able to install Pro on a disconnected host.
  • Solo operation is sustainable through MVP. Ken handles engineering, pricing, sales ops, community, and inbound. Automation (Stripe webhooks, license generation on purchase, contact-form routing) substitutes for staff. Scale hiring waits until revenue justifies it.
  • Non-engineering ops must be automated or deferrable. Anything that requires Ken to respond in real time (gov/IC inbound, Pro support, demo-license requests) is a liability on the engineering schedule. Sales infrastructure must be "fire and forget" once set up.
  • Timeline is driven by quality gates, not arbitrary dates. Phase A β†’ B β†’ C β†’ D has explicit exit criteria. Skipping a gate to hit a date is a red flag, not an option β€” especially as a solo operator where shipping broken work has no one to catch it.
  • STIG is the only subtraction. Every other community feature stays community. Moving more capabilities from free to paid later would damage trust permanently; the line has to hold.
  • CIS licensing is a real cost (~$6K/yr Product Vendor Membership). Until licensing is resolved, checks ship as "Cybersecurity Best Practices" in the OSS tier. CIS-branded checks may ship in Pro later if the membership investment is justified.
  • Consultancies will pay expense-account prices. A solo security consultant can expense $99–299/yr out of a single billable hour. Enterprise and Gov/IC tiers route to custom pricing; no published number.

🌟 Milestones#

Aligned with opndossier-launch-sequence.md. Each phase has explicit gate criteria. All phases assume Ken-solo execution.

PhaseGate criteriaTargetInitiative / Projects
Phase A: Ship v1.3.0 OSS (no Pro mention)Open-repo critical-path issues closed (parser registry, FindingType unification, public schemas, shared analysis); pfSense parser ideally inQ2 2026Init. 1 (Multi-Platform Architecture Foundation)
Phase B: Announce open corev1.3.0 stable; pro repo scaffold functional (license validation working in test); blog post drafted; waitlist form live+1-2 weeks post Phase AInit. 4 (License/Payment), Init. 5 (GTM)
Phase C: Soft launch with demo licensesPhase 3 MVP features functional (pfSense, STIG-in-Pro, structured remediation); Pro binary runs and degrades correctly without license; demo-license generation semi-automated+4-8 weeks post Phase BInit. 2 (Compliance), Init. 3 (Reporting), Init. 4
Phase D: Commercial launchPhase C feedback net-positive; sales infra (Stripe, fully automated license generation on purchase, pricing page, docs); critical bugs fixed+2-4 weeks post Phase C demo periodInit. 4 (sales infra), Init. 5 (announcement push)
Post-launch: ExpansionTopology mapping, red/blue dual-output reports, NIST 800-53/CMMC cross-references, pfSense↔OPNsense config converter2027Init. 3, Init. 7, Init. 8
Revenue critical path: open#302 (parser registry) β†’ pro#28 (multi-platform foundation) β†’ pro#31 (compliance scanning) β†’ pro#32 (STIG to Pro) β†’ pro#38 (license + payment) β†’ first dollar.
Solo-operator constraint: calendar estimates above assume Phase B GTM deliverables (blog post, landing-page updates, waitlist form) are completed inside the engineering schedule, not in parallel. If these slip, Phase B delays proportionally.

πŸ“ Requirements#

Curated from opndossier-product-hierarchy.md (9 initiatives, 30+ projects). Cross-repo issue keys use open# for EvilBit-Labs/opnDossier and pro# for EvilBit-Labs/opnDossier-pro.

RequirementUser StoryImportanceJira IssueNotes
License key system: Ed25519-signed offline license files, CLI activation via file placement / flag / env var, graceful degradation to no-op on missing/expired licenseConsultant installs Pro on airgapped laptop; gov/IC buyer activates without network accessHIGHNATS-101 (pro#38); tasks pro#2–pro#8Phase 2 scaffold. Binary must build, run, and degrade correctly without a license before announcing Pro. Private signing key held by Ken; evaluate moving to HSM/cloud KMS before first sale.
STIG compliance plugin migrated from open repo to pro repo, with conditional feature registrationGov/IC/defense auditor needs DISA STIG compliance checksHIGHNATS-82, NATS-90 (open#389, pro#9)Cross-repo coordination: STIG removal from open repo only after Pro binary can run STIG checks. Only feature moving from free to paid.
Structured remediation guidance attached to every audit finding: concrete fix-it instructions, not just "this is wrong"Blue-team consultant hands client a report they can act on without additional researchHIGHNATS-22 (open#206); pro#31Ships in Phase 3 MVP. Differentiator vs raw findings-only scanners.
Professional PDF report generation: executive-ready, branded, client-deliverableSecurity consultant delivers final audit report to customer; enterprise security team archives compliance evidenceHIGHNATS-98 (open#207); pro#35Layout, typography, redaction by default.
SARIF export format for CI/CD pipelines and code-scanning dashboardsDevSecOps team integrates findings into GitHub Advanced Security or GitLab code scanningMEDIUM(open#209); pro#35Opens door for CI-based firewall scanning market.
SIEM export formats: CEF, LEEF, JSONLEnterprise SOC ingests findings into Splunk/Sentinel/Elastic for correlationMEDIUM(open#208); pro#37Enterprise tier.
Red/blue dual-output reports: same analysis, two templates (exploitable paths vs remediation priorities)Consultancy delivers both views to client in one engagementMEDIUMpro#36No open issue yet; blocked on audit mode stabilization.
Custom compliance rules engine for organization-specific policiesLarge enterprise with internal firewall standards needs to codify checksMEDIUMNATS-96 (open#205); pro#33Enterprise tier. Rule DSL or plugin API, TBD.
Cross-framework compliance mapping: NIST 800-53, NIST CSF, NIST 800-171/CMMC, PCI-DSS cross-referenceGov/IC/regulated-industry auditor needs control-mapping evidence across multiple frameworksMEDIUMpro#34; NATS-4 (open#204)Layer-2 cross-reference, not direct-check duplication. PCI Req 1 ships first as standalone.
Topology mapping from config files: Mermaid, Graphviz, JSON/YAML graphsConsultant visualizes client network from config inputs without running tracerouteMEDIUMpro#52Professional tier (point-in-time). Enterprise tier adds persistent history.
Config converter pfSense ↔ OPNsense: bidirectional translation of firewall rules, NAT, aliasesNetwork operator migrating platforms; 461 Reddit upvotes of validated demandMEDIUMpro#47, pro#48Unique capability. Depends on pfSense parser (Init. 1).
Desktop application (Wails): native GUI for interactive config exploration, SQLite historyBuyer wants GUI for less CLI-savvy team membersLOWpro#50Enterprise tier. 2027 target.
Enterprise server: multi-user HTMX app, shared analysis history, audit trail, APILarge organization needs centralized firewall analysis with access controlLOWpro#53Enterprise tier. 2027+ target.
Sales infrastructure: Stripe integration, fully automated license generation on purchase (no manual step), pricing page, demo license request form, enterprise contact formCustomer purchases license and receives activation within minutes without operator interventionHIGHNATS-93 (pro#12, pro#38)Ken owns. Must be fully self-service β€” no solo-operator bottleneck on purchase flow. Gates Phase D.
Pro documentation: license activation guide, tier comparison, migration guide for STIG users, MkDocs/Zensical site extensionExisting community STIG user understands what changed and what to do; new Pro user activates without support ticketMEDIUMpro#13Ships with Phase D launch. Heavy documentation reduces solo-operator support burden.
Inbound customer routing: "contact us" forms for Enterprise and Gov/IC route to Ken's email with SLA expectations set on the landing pageGov/IC buyer inquires and gets a timely response without outbound solicitationHIGHpro#12 (sales infra)Auto-responder acknowledges within 1 hour; Ken replies within 3 business days. Forms collect enough context to qualify the lead without requiring a call.

⚠️ Out of Scope#

  • Feature reductions in the community edition. Only STIG moves. Every other community capability stays community. Adding more subtractions later would permanently damage trust; this line must hold.
  • Marketing or announcement ahead of working product. "Ship substance before announcements." No pre-announcing Pro before v1.3.0 ships and the scaffold is functional. No vaporware.
  • Outbound solicitation of gov/IC buyers. Inbound-only. Ken handles all inquiries. No cold outreach, no RFP hunting. "Contact us" forms on the landing page are the only intake.
  • VC funding, advertising, or user-data monetization. The open-core model exists specifically to avoid these. If revenue doesn't sustain the project, the failure mode is "Ken keeps doing it as a weekend project," not "Ken sells user data."
  • Online license activation / phone-home license checks / SaaS telemetry. Violates airgap posture for the Gov/IC market. Licenses are Ed25519-signed files validated locally.
  • Feature parity with community. Pro is not a superset β€” the community edition gets new parsers, new platforms, and analysis improvements that never see a Pro-only version. Pro is compliance + reporting + enterprise plumbing on top.
  • Same repo for OSS and Pro. Separate repos: opnDossier (Apache 2.0, public) and opnDossier-pro (proprietary, source-available from Phase B onward). Pro imports OSS as a Go module dependency.
  • Competing with opnDossier OSS for mindshare. The community edition's README, landing page, and discussions remain the front door. Pro is a conversion destination, not a replacement narrative.
  • Manual sales ops in the purchase path. Anything that requires Ken to respond in real time to complete a purchase is unacceptable β€” a single solo-operator holiday breaks the sales funnel. Purchase β†’ license delivery is fully automated via Stripe webhooks.
  • Hiring for MVP. Solo operation through Phase D. Revisit post-launch if revenue supports it or if specific functions (sales, support, content) become clear bottlenecks.

🎨 Design#

  • Repo topology: opnDossier-pro imports github.com/EvilBit-Labs/opnDossier as a Go module dependency. Same base parser, same model, same CLI framework. Pro-specific packages live under opnDossier-pro/internal/ (license, plugins that are Pro-exclusive, PDF renderer, SARIF/SIEM exporters).
  • License flow: at startup, Pro binary reads license file from --license, OPNDOSSIER_PRO_LICENSE, or ~/.config/opndossier-pro/license. Validates Ed25519 signature against embedded public key. Registers gated features only when license is valid and not expired. Degrades to community-equivalent behavior on missing/expired license with a clear notice (not an error).
  • Feature gating: conditional plugin registration at init() time, not runtime checks. A Pro binary running without a license == the OSS binary's behavior, minus the opndossier-pro branding banner.
  • Distribution: GoReleaser config for opnDossier-pro produces signed binaries for Linux / macOS / Windows (amd64 + arm64), .deb / .rpm / .apk / archlinux packages, SBOM attached. Download delivered post-purchase alongside license file.
  • Signing key custody: Ed25519 private key held by Ken. Initial implementation: encrypted file on Ken's primary workstation with offline backup. Before Phase D, evaluate migration to cloud KMS (AWS KMS, GCP KMS) or hardware token (YubiKey) β€” solo-operator risk of key loss is existential to the Pro business.
  • Sales flow (fully automated, no human in the loop): Stripe webhook β†’ server-side license generation (Ed25519 sign with private key accessible to the webhook handler) β†’ email delivery to customer with license file + binary download link. Ken receives notification; no action required for a successful purchase to complete.
  • Pricing page: Astro site at evilbitlabs.io/products/opndossier. Tier comparison, feature matrix, purchase CTA (Professional) or contact form (Enterprise, Gov/IC).
  • Inbound routing: "Contact us" forms route to Ken's email. Auto-responder sets expectations (acknowledge within 1 hour, reply within 3 business days). Forms collect enough context to qualify the lead without a call.

❓ Open questions#

QuestionAnswerDate Answered
What is the committed Phase D (first-dollar) target date?Depends on Phase C demo feedback velocity and solo-operator bandwidth. Rough estimate: 2–4 months from v1.3.0 ship, so Q3 2026 if v1.3.0 ships in Q2.
What is the published Professional-tier price?Target "expense-account range" for solo consultants: $99–299/year individual. Ken sets final number before Phase D prep.
Does CIS Benchmark licensing justify the $6K/yr Product Vendor Membership?Open. Ships as "Cybersecurity Best Practices" until decided. Revisit post-launch once real customer demand is visible.
Does the OSS STIG plugin get frozen at its last free version, deleted immediately post-migration, or kept in a legacy branch?Leaning toward "remove immediately post-Pro-release with a clear changelog entry explaining where it moved." Final decision before Phase C.
How are demo licenses generated and distributed during Phase C?Semi-automated: waitlist subscriber requests demo β†’ webhook triggers demo-license generation (14-day expiry) β†’ emailed automatically. No manual Ken step on a successful request. Automation quality gates Phase C start.
Where does the Ed25519 private key live long-term?Open. Initial: encrypted file on Ken's workstation with offline backup. Before Phase D: cloud KMS or hardware token. Solo-operator key-loss is existential.
Is there a free tier of Pro (e.g., for homelabbers)?Not currently. Community edition is the free path. Revisit if community feedback strongly requests a "free-for-personal-use" Pro license.
What happens if Phase C demo conversion is zero?Validate whether the MVP feature set is wrong before cutting price. Topology mapping may need to ship before Pro is sellable. Covered in opndossier-launch-sequence.md risk scenarios.
How is community backlash about STIG-to-Pro managed if it happens?Mitigation in launch sequence doc: emphasize SANS/NSA stay free, Cybersecurity Best Practices stay free, STIG move funds sustainability. Fallback option: reduced STIG check set stays in community, full suite in Pro.
Does content/GTM work (blog, r/OPNsense seeding, email nurture) get contracted out or stay in-house?Currently in-house (Ken). Revisit if engineering velocity visibly suffers in Phase B/C.

πŸ—‚ Reference Links#

**Planning documents (in **opnDossier-pro repo)