Large manufacturers and distributors run many systems of record, each correct on its own. Margin leaks between them. Today this is found by periodic consulting - expensive, point-in-time, unverifiable after the deck. Cloud APIs are now mature enough to read it continuously, and buyers are wary of more rip-and-replace. The scale, from published research:
AssetShop reads the systems, normalizes to one canonical view, surfaces leakage and variance by category, and attaches lineage - the source record behind every figure. Read-only means no write-back and no risk to systems of record, which collapses the buyer's objection to putting intelligence on mission-critical data.
Type-checked, read-only core
A read-only adapter contract, canonical field-mapping with typed transforms, and a lineage model (provenance + raw hash on every value). tsc-clean.
8 connectors on one runtime
Eight first-party connectors built and conformance-tested against the adapter contract, all routed through a shared resilience runtime (retry/backoff, pagination, dedup, lineage enforcement). The framework is built to extend across the broader ERP landscape.
Tests that work
A 12-check conformance model (reference 12/12; scaffolds 0/12 functional - live checks refuse to run offline), 9 failure-mode sims, and harnesses - one caught and drove the fix of a real defect. One-command verify runs green (29 checks), including a calibration-ledger sweep that fails any build where a connector overclaims its status - it caught and forced the correction of exactly one such claim.
The wedge, in code
Read-only ingest -> transparent leakage/variance detectors -> findings with lineage. Verified end to end on synthetic data.
Built to deploy
OpenAPI spec, CycloneDX SBOM, Terraform IaC, CI/CD (workload-identity), observability, and a deploy-day runbook.
20 surfaces + a demo
A full product surface set and a working demo on a synthetic tenant.
The conformance framework proves the mechanism, not live integration. Stated plainly:
- Not deployed to production. Ready to execute (IaC + CI + runbook), not executed.
- No live customer integration. No connector is Proven (12/12) against a real tenant.
- The assessment has never run on real data - synthetic only.
- SOC 2 designed, not attested; no third-party penetration test yet.
- Pre-revenue, no signed LOIs; operating as an LLC, Delaware C-Corp conversion pending.
This calibration is the point. The discipline that says "here is exactly what's built and what isn't" is the same discipline that earns trust with security-conscious enterprise buyers.
- Read-only by principle. Nothing is written back; systems of record stay authoritative.
- Lineage on every figure. Trace any number to its source record.
- No rip-and-replace. The intelligence layer, on top - not middleware.
A fixed-fee, read-only Leakage & Variance Assessment is the wedge - low-risk for the buyer, fast proof, and the natural on-ramp to recurring revenue.
Target supply-chain executives (CPO / CSCO / COO) at large manufacturers and distributors. The full GTM kit is built - scoping guide, prospectus/SOW, extract spec, findings template, pilot order form. The single most important near-term milestone is the first paid assessment.
The relevant budget is the spend large manufacturers already direct at margin and spend analytics, and the consulting engagements that find this leakage today.
No precise TAM figure is asserted here. Credible sizing should be built bottom-up from real assessment and pilot economics once they exist - not reverse-engineered to a target number.
What sets us apart now
Depth across domains, lineage and traceability, a read-only trust posture, and breadth of connector coverage.
The honest part
Defensibility is weak at this stage. It is earned through proprietary cross-system detection tuned on real engagements, integration depth, and compounding trust and compliance.
A solo founder who has built the full product surface and verification to its current state. The first hire is a founding engineer to own deployment and live integration. Single-founder concentration is the top risk, and it is named as such.
Pre-revenue. No signed LOIs. Not deployed. No live customer. What exists is a verified codebase, a working synthetic demo, and a complete go-to-market kit. The milestone that changes this conversation is the first paid assessment.
- Commercial validation unproven - no customer has paid yet.
- Not deployed / not integrated live - production and live conformance remain ahead.
- Single founder - execution and key-person risk.
- Compliance - SOC 2 not yet attested; no pen test yet.
- Defensibility - the moat is early and must be built.
First founding engineer
Own deployment and the first live integration.
Deploy + first live connector
Production, then one connector at 12/12 on a real tenant.
SOC 2 + pen test
Type I to II window; third-party security review.
GTM to first customers
Assessments to first pilots and Enterprise commitments.
Use of funds is qualitative by design at this stage. No fabricated financial projections are presented - projections should be built from actual conversion once it exists.