Opportunities: What You Could Build
The gaps that nobody is filling
The Big Picture: Define a Standard
Before diving into specific opportunities, recognize the meta-opportunity:
You could define "Spring Boot for Agentic Web Development" - not by building a framework, but by defining the conventions that make any framework AI-composable.
See: AGENTIC-WEB-STANDARD.md for the full specification approach.
The four opportunities below become the building blocks of that standard.
The Four Missing Pieces
You've identified four gaps that remain unfilled:
- Component Registry Specification (UI AI can assemble)
- AI-Composable Primitives Library (Functions AI can compose)
- Property-Based Testing Protocol (Verification AI can run)
- Secure Tool Protocol (Tools AI can invoke safely)
Each represents both a standalone opportunity AND a piece of the larger standard.
Opportunity 1: AI-Composable Primitives Library
The Problem
There's no standard library of functions that AI can reliably compose. Every app reinvents:
- Data validation
- Error handling
- State machines
- API response shapes
- Form handling
LLMs struggle because these patterns vary wildly between codebases.
The Solution
A finite, typed, documented set of primitives designed for AI composition:
// Example: Migration primitive from bc-migration
type MigrationStep<TInput, TOutput> = {
name: string;
description: string; // For AI to understand
input: ZodSchema<TInput>;
output: ZodSchema<TOutput>;
execute: (input: TInput) => Promise<TOutput>;
rollback?: (output: TOutput) => Promise<void>;
validate?: (output: TOutput) => ValidationResult;
};
// AI can compose these reliably:
const migrateCategoriesStep: MigrationStep<WCCategory[], BCCategory[]>;
const migrateProductsStep: MigrationStep<WCProduct[], BCProduct[]>;
const linkProductsStep: MigrationStep<{products: BCProduct[], categories: BCCategory[]}, void>;
Implementation Path
- Extract from bc-migration - You already have migration primitives
- Generalize patterns - Forms, API calls, state machines
- Add AI metadata - Descriptions, constraints, examples
- Publish as package -
@signal-forge/primitives
Market Fit
- Every AI coding tool needs this
- No one has built it yet
- Your e-commerce expertise is differentiator
Opportunity 2: Property-Based Testing for AI Code
The Problem
AI generates code that looks right but has edge cases. Current testing:
- Requires humans to write test cases
- Misses edge cases humans don't imagine
- Doesn't scale with AI code generation speed
The Solution
AI generates property-based tests alongside code:
// AI generates this function:
function calculateDiscount(price: number, percent: number): number {
return price * (1 - percent / 100);
}
// AI also generates these properties:
import { fc } from 'fast-check';
fc.assert(
// Property 1: Discount is always less than or equal to original
fc.property(fc.float({ min: 0 }), fc.float({ min: 0, max: 100 }),
(price, percent) => calculateDiscount(price, percent) <= price
)
);
fc.assert(
// Property 2: 0% discount returns original price
fc.property(fc.float({ min: 0 }),
(price) => calculateDiscount(price, 0) === price
)
);
fc.assert(
// Property 3: 100% discount returns 0
fc.property(fc.float({ min: 0 }),
(price) => calculateDiscount(price, 100) === 0
)
);
Implementation Path
- Create prompt templates for property extraction
- Build integration with fast-check
- Add to Claude Code workflow - Generate tests with code
- Create VS Code extension - Run properties on save
Market Fit
- fast-check has 3M+ weekly downloads
- No AI integration exists
- Addresses the "vibe coding hangover" problem directly
Opportunity 3: Secure Tool Protocol (MCP Alternative)
The Problem
MCP has critical security gaps:
- 2,000 exposed servers with zero auth
- No enterprise certifications (SOC2, PCI-DSS)
- OAuth 2.1 still draft
- Production incidents (Replit database deletion)
The Solution
Enterprise-grade tool protocol with security-first design:
| Feature | MCP | Secure Alternative |
|---|---|---|
| Authentication | Draft OAuth | mTLS + API keys |
| Authorization | None | RBAC per tool |
| Audit logging | None | Every invocation |
| Data residency | None | Configurable |
| Tool sandboxing | None | Container isolation |
Implementation Path
- Define security requirements based on your e-commerce context
- Build reference implementation for bc-migration tools
- Create compliance documentation (SOC2 controls mapping)
- Open source with enterprise tier
Market Fit
- Every enterprise needs this
- MCP won't fix security fast enough
- Your BigCommerce/WooCommerce context = real compliance needs
Opportunity 4: The Component Registry (Near-term)
The Problem
A2UI has the right idea (declarative component catalog) but:
- Only Web + Flutter
- v0.8 preview
- Limited component types
The Solution
React-compatible component registry with AI metadata:
// Registry definition
const registry = createRegistry({
components: {
ProductCard: {
description: "Display a product with image, title, price, and add-to-cart",
props: ProductCardPropsSchema,
variants: ['compact', 'detailed', 'featured'],
examples: [
{ title: "Basic", props: { product: exampleProduct } },
{ title: "On Sale", props: { product: saleProduct, showBadge: true } },
],
},
// ... more components
},
});
// AI can query the registry
const available = registry.findComponents({
capability: 'display-product',
context: 'product-listing-page'
});
// Returns: ['ProductCard', 'ProductGrid', 'ProductCarousel']
Implementation Path
- Audit your existing components across projects
- Extract common patterns (cards, tables, forms, charts)
- Add AI metadata (descriptions, capabilities, examples)
- Build registry package with query API
Market Fit
- Works with your existing Next.js apps
- No migration required
- Immediate productivity gain with Claude Code
Prioritization Matrix
| Opportunity | Effort | Impact | Timing |
|---|---|---|---|
| Component Registry | Low | High | Now |
| AI Primitives Library | Medium | High | Q1 2025 |
| Property-Based Tests | Medium | Medium | Q2 2025 |
| Secure Tool Protocol | High | High | Q3 2025 |
Recommended Sequence
- Component Registry - Immediate value, no migration
- AI Primitives - Extract from bc-migration while fresh
- Property Tests - Add to your workflow first, then package
- Secure Protocol - When MCP limitations block you
How These Connect
┌─────────────────────────────────────────────────────────────┐
│ AI-Native Framework │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ Secure Tool Protocol │ │
│ │ (Tools AI can invoke safely) │ │
│ └─────────────────────────────────────────────────────┘ │
│ │ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ AI Primitives Library │ │
│ │ (Functions AI can compose reliably) │ │
│ └─────────────────────────────────────────────────────┘ │
│ │ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ Component Registry │ │
│ │ (UI AI can assemble predictably) │ │
│ └─────────────────────────────────────────────────────┘ │
│ │ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ Property-Based Test Generator │ │
│ │ (Verification AI can run automatically) │ │
│ └─────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
These four pieces ARE the agentic web standard. Build them as specifications first, then reference implementations, then let the ecosystem adopt.
The Standard Approach
Instead of building four separate libraries, define one cohesive standard with four specifications:
@forge/standard
├── specs/
│ ├── component-registry.schema.json
│ ├── primitive-function.schema.json
│ ├── workflow-state-machine.schema.json
│ └── test-generation.schema.json
├── reference/
│ ├── nextjs/ # Reference implementation
│ ├── sveltekit/ # Future
│ └── phoenix/ # Future
└── docs/
└── THE-FORGE-DOCTRINE.md
Why This Wins
| Approach | Outcome |
|---|---|
| Build 4 libraries | Fragmented adoption, competing with existing tools |
| Define 1 standard | Unified vision, others build implementations, you own the spec |
This is how Rails won (doctrine + conventions), how Spring Boot won (opinionated starters), and how REST/GraphQL became universal (specification + reference implementations).
Competitive Landscape
Who Could Build This (But Hasn't)
| Player | Why They Haven't | Your Advantage |
|---|---|---|
| Vercel | Platform-focused (v0), not convention-focused | You're framework-agnostic |
| Anthropic | Protocol-focused (MCP), not application-focused | You're full-stack |
| Microsoft | Enterprise-focused (Azure AI Foundry) | You're developer-focused |
| Just launched A2UI, still maturing | You can move faster |
Market Timing
The "vibe coding hangover" creates demand NOW:
- 45% of AI-generated code has security vulnerabilities
- Senior engineers burning out on AI-generated spaghetti
- Even Karpathy abandoned vibe coding
Window: 12-18 months before a major player defines this.
Next Steps
Phase 1: Define (Q1 2025)
- Write THE-FORGE-DOCTRINE.md (philosophy document)
- Draft component-registry.schema.json
- Draft primitive-function.schema.json
- Get feedback from 5-10 developers
Phase 2: Implement (Q2 2025)
- Build Next.js reference implementation
- Create
npx create-forge-appscaffold - Extract primitives from bc-migration
- Build component registry from rally-hq/six
Phase 3: Launch (Q3 2025)
- Publish specifications
- Release reference implementation
- Write launch blog post: "The Agentic Web Needs Conventions"
- Submit to Hacker News / dev.to / etc.
Phase 4: Grow (Q4 2025+)
- SvelteKit implementation
- Phoenix LiveView implementation
- VS Code extension
- Claude Code native integration