The Dual-Surface Monorepo: Hardening Enterprise Infrastructure via Retail Chaos
B2B Scenario Brief · Part 5 · Technical due diligence & venture partners
Enterprise buyers rightfully distrust infrastructure that only exists in a sales deck. Open Portfolio runs a dual-surface monorepo: the same ingestion and inference substrate powers Pocket Portfolio (live B2C adversarial harness) and Open Portfolio (B2B procurement, SDK, and partnership surface on www.openportfolio.co.uk).
Procurement gets inspectable code and production chaos data from real broker files—not a fork that never saw a malformed CSV.
Figure 5 — Dual-surface monorepo. One codebase; Pocket stress-tests parsers under production chaos; Open hosts procurement narrative.
Hardening Substrates under Production Chaos
Retail users upload exports vendors never tested: odd date formats, duplicate headers, fractional shares, legacy broker dialects. Each failure modes the MIT importer (packages/importer) and the universal adversarial schema path.
What diligence teams should look for:
- Parser coverage — 19+ broker adapters with shared
NormalizedTradecontract. - Production error signals — automated parser failure collection on the harness (not sanitized demo fixtures only).
- Inference boundary tests — unit specs on
buildPortfolioContextand/api/ai/chatensuring portfolio payload is not persisted server-side.
The B2C surface is not a distraction from enterprise—it is where the substrate breaks first, so B2B deployments inherit hardened adapters.
Pocket Portfolio vs. Open Portfolio: Operational Separation
One Next.js deployment; host-aware routing via middleware.ts and app/open/*.
| Surface | Host | Role |
|---|---|---|
| Open Portfolio | www.openportfolio.co.uk | B2B procurement · SDK licensing · architecture narrative |
| Pocket Portfolio | www.pocketportfolio.app | Live harness — parsers, UX, inference loops under real load |
B2B paths on Pocket hosts 301 to Open canonical URLs where configured. Technical due diligence should trace:
app/lib/ai/contextBuilder.ts— sanitization by construction.app/api/ai/chat/route.ts— stateless inference.lib/surface-host.ts— dual-surface host detection.
Operational honesty: Authenticated harness users may sync trades via Firebase. Enterprise pilots scope your stores. The diligence question is whether raw ledgers are required on the inference path—designed answer: no.
Open-Source Importers as an Inspectable Wedge
@pocket-portfolio/importer ships MIT-licensed on npm. Institutions can read the parse boundary before signing—not trust a black-box ETL pipeline.
Why OSS matters for procurement:
- Subprocessor scope — parse runs client-side; no mandatory CSV warehouse at the vendor.
- Fork risk — low; the moat is operational harness data and enterprise integration velocity, not secret regex.
- Schema contract —
SCHEMA.mdand package tests defineNormalizedTradefor adapter contributions.
npm download counts and MAU on the harness are traction signals, not ARR substitutes. B2B contract velocity still drives the seed mandate; the harness de-risks the technical story.
Frequently asked questions
Is Pocket a separate codebase?
No. Same monorepo, surface-aware routes. Open re-exports B2B pages under app/open/*.
Can we audit only the OSS packages?
Start with packages/importer and contextBuilder.ts. Full diligence should include inference route behavior and host routing.
Does retail traffic pollute enterprise SLAs?
Surfaces share deployment but B2B pilots scope isolated sandboxes. Harness load validates parser robustness—it does not require commingling client data.
What is the formal partnership path?
Tier-1 design partner · Architecture.
Next steps: Architecture · Tier-1 design partner · Sovereign Engineering Serial 01 · Serial 11