canna-br — OSS for Cannabis Patient Associations

Why canna-br

Three pillars that don't exist together in any other system

LGPD-by-design

Technical control of health data (LGPD-by-design) — mitigates technical risk (full elimination still requires more than software: designated DPO, pharmaceutical technical officer, documented RIPD, contracts). Per-member AES-256-GCM cryptographic envelope. Crypto-deletion guaranteed (Art. 18 IV LGPD). Optional self-host. Each association owns its own data.

Per-member crypto · Self-hosted · LGPD Art. 18 IV

SNGPC in development

Architecture ready for RDC 1.014 (SNGPC homologation pending). XML conforming to the regulation implemented in mock — the specific XSD schema for associations has not yet been published by ANVISA (Jun/2026). Durable retry with BullMQ. Immutable audit log via event sourcing. Complete seed-to-dispensation traceability.

SNGPC mock — ready to integrate when ANVISA publishes XSD

RDC 1.014 · SNGPC mock · 7 ANVISA KPIs

Auditable OSS

Immutable and audit-proof traceability. AGPL-3.0 — open source, no lock-in, forks permitted. Any association lawyer can review every line that processes member data. 100% verifiable ledger.

AGPL-3.0 · Event Sourcing · Audit trail

AI and government automation ready — every business operation exposed as an MCP tool before any UI. Integrates with agents, external automations, and ANVISA pipelines without scraping or workarounds.

How it works

From onboarding to audit in 4 steps.

Built for small teams: you don't need dedicated IT. Operations happen in chat.

01

Diagnosis

Onboarding call (1h). We map your current legal structure (habeas corpus vs. RDC), dispensation workflow, SNGPC integration status (or absence).

Output: current-state dossier + RDC 1.014 adoption roadmap.

02

Secure setup

We provision your instance (self-host or canna-br.fonsecagabriel.com.br). Import member registry, batches, prescriptions. Crypto keys generated locally.

Output: isolated environment + migrated data + trained technical officer.

03

Operations in chat

Pharmacist dispenses via Open WebUI: "Record dispensation 5g patient X batch Y". System validates quota, deducts inventory, generates SNGPC, records immutable event.

Output: dispensation without parallel spreadsheets, zero-friction SNGPC.

04

Automatic audit

ANVISA inspector arrives? Board opens dashboard, generates signed quarterly report, exports immutable seed-to-dispensation trail. No spreadsheet treasure hunt.

Output: auditable dossier in minutes, not days.

Recorded demo

Walkthrough: pharmacist + auditor + RDC report — recording scheduled for Q3 2026.

Walkthrough of pharmacist dispensing + auditor tracing a batch + board generating RDC report. Will be recorded on the first pilot association's instance after onboarding.

Recorded demo · Q3 2026

Product in practice

Not a deck. Here's the system running in smoke validation.

Real captures of Open WebUI v0.9.6 + canna-br MCP server on 2026-06-08. There is no separate Next.js admin — operations happen inside the chat with inline MCP Apps. What you see below is what your team uses.

MCP App · Member

Member quota and history

Dispenser asks "what's João's quota?" — inline app shows active prescription, monthly quota, used dispensations. Zero CRUD screen.

MCP App · Dispensation

Inline dispensation recording

Form rendered in chat with approval gate. Commit generates atomic DispensationRecorded + LotQuantityDeducted events in the ledger.

MCP App · Traceability

Seed-to-dispensation chain of custody

Auditor asks "trace batch LT-001" — timeline with cultivation, harvest, approved COA report, dispensations. Immutable trail.

Admin · Integrations

canna-br MCP server connected

Open WebUI Admin → Settings → Integrations. canna-br MCP server registered, tools enumerated, healthcheck green.

Operations · Chat

Your team uses the OWUI chat

Open WebUI v0.9.6 — chat with AI model + canna-br tools available. Same UX as ChatGPT/Claude, with the full operational power of the association.

Smoke 2026-06-08

3 MCP Apps validated end-to-end

Stack: Postgres 16 + Redis 7 + OWUI v0.9.6 + canna-br MCP. Cold start 44s, 3 GB RAM steady. postMessage contract OK.

Alpha honesty: these are real MCP Apps running against the domain kernel. Not Figma mockups. But it is alpha — aesthetics and internal copy will be polished by v1.0 (gate: "awesome UX polished"). See the technical write-up in release v0.2.1.

Main circle · open invitations

The team being built.

This is not an institutional team page. These are people being invited — one by one, with real names, proposed roles, and the why. Each card is a live invitation. If you're here and want to propose a different framing, write to Gabriel .

Círculo Principal · Convite Pessoal

Associação Casa da Mata · São Vicente SPDiv3rso · UNIFESP/Baixada SantistaOAB Santos · Human Rights Commission [to confirm]

Adriany Eizo

Legal Guardian Angel legal defender of the circle

Lawyer and speaker specializing in Human Rights and Social Responsibility — focusing on harm reduction, mental health, and cannabis legalization. Collaborator at Associação Casa da Mata in São Vicente, SP (founded by Thiago Félix), where she acts as lawyer and educator in the context of cannabis activism. Member of Div3rso group (UNIFESP/Baixada Santista).

Por que você

Legal defense of cannabis associations requires someone who has lived the regulatory tension from the inside — not from a corporate law office.
"Legal Guardian Angel" because the role is to protect the OSS+auditable thesis against pressure from boards spooked by RDC 1.014.
Casa da Mata = confirmed grassroots legitimacy. Adriany is not a SaaS lawyer; she is an association lawyer with history in the movement.
Calibrates the regulatory tone of canna-br: every public release passes through her filter before going out.
Opens the network with other association lawyers — OAB Santos, Baixada Santista and beyond. [network to confirm with Adriany]

Accept the invitation · reply to Gabriel Read first — what this means

— Gabriel

Este é um convite, não um cargo. canna-br é organização orgânica (O2) — papéis emergem por tensão. Você pode aceitar, recusar, ou propor outro recorte.

Círculo Principal · Convite Pessoal

Project Management [to confirm]

Ana Júlia Bravo

Manager Humans human coordinator of the circle

Project manager and coordinator with experience in operations that depend on people more than systems. Knows that technical products stall when human dynamics stall — and acts before that happens. [experiences to detail with Ana Júlia]

Por que você

The circle needs someone who takes care of rhythm, not just deliverables — Ana Júlia makes that distinction.
Project coordination is the role most easily underdeveloped in technical teams. Having someone with explicit focus on this is a differentiator.
Interpersonal tensions between members are usually the first silent failure point in organic organizations — 'Manager Humans' exists to prevent buildup.
While Gabriel handles technical operations, Ana Júlia holds human operations — complementary roles, not overlapping.
Legitimacy comes from having already coordinated projects with multiple stakeholders and finishing with the whole team intact. [experiences to detail with Ana Júlia]

Accept the invitation · reply to Gabriel Read first — what this means

— Gabriel

Este é um convite, não um cargo. canna-br é organização orgânica (O2) — papéis emergem por tensão. Você pode aceitar, recusar, ou propor outro recorte.

Círculo Principal · Convite Pessoal

Digital Product [to confirm]

Luiz Ribeiro

Product Cartographer vision compass of the circle

Product-minded professional — the ability to see what the product should be before anyone can articulate the problem. Navigates between what users ask for, what the business needs, and what is technically possible, and comes back with a map. [details to confirm with Luiz]

Por que você

Every mission-driven software carries the risk of building the right thing the wrong way. Luiz is the antidote.
'Cartographer' because the role is not just to prioritize the backlog — it's to map the territory before the team gets lost in it.
Product vision without a technical anchor becomes PowerPoint; with a technical anchor it becomes a roadmap. Luiz understands both sides.
canna-br will have hard fork moments — regulatory vs. growth, OSS vs. commercial. We need someone who thinks product clearly in those moments.
Complements the circle: Adriany holds legal, Ana Júlia holds people, Gabriel holds tech — Luiz holds direction. [to confirm with Luiz]

Accept the invitation · reply to Gabriel Read first — what this means

— Gabriel

Este é um convite, não um cargo. canna-br é organização orgânica (O2) — papéis emergem por tensão. Você pode aceitar, recusar, ou propor outro recorte.

Círculo Principal · Convite Pessoal

Nodex Consulting · Cybersecurity & GRCAssociação Cannábica de Jundiaí · ACM Jundiaí

Eduardo Yoshimura

Security Guardian data and infrastructure sentinel

Security specialist with experience at Creditas, Itaú Unibanco, and Módulo Security Solutions, currently at Nodex Consulting — specialized in Cybersecurity, GRC, and AI-driven automation. Activist at the Associação Cannábica de Jundiaí (ACM Jundiaí), where public utility was recognized by the City Council in 2026.

Por que você

Cannabis associations are real targets for data leaks, surveillance, and institutional pressure — having a security specialist inside the circle is non-negotiable.
Eduardo lives both realities: the technical rigor of protecting critical infrastructure (pentest, GRC, LGPD) and the grassroots activism that gives context to what is being protected.
Nodex = 15+ years in enterprise cybersecurity. This is not a junior profile with a certification; it's market-validated seniority.
LGPD in cannabis associations is one of the most tensioned compliance zones in Brazil. Eduardo already navigates this terrain.
The Jundiaí–canna-br bridge opens the network to one of the associations that just gained formal recognition — geographic expansion and regional legitimacy.

Accept the invitation · reply to Gabriel Read first — what this means

— Gabriel

Este é um convite, não um cargo. canna-br é organização orgânica (O2) — papéis emergem por tensão. Você pode aceitar, recusar, ou propor outro recorte.

Círculo Principal · Convite Pessoal

Associação Casa da Mata · São Vicente SP · Founder & President

Thiago Félix

Bridge Director · Pilot Front voice of associations in the circle

Founder and President of Associação Casa da Mata (São Vicente, SP) — one of the pioneers in medical cannabis activism in the Baixada Santista region. Created Casa da Mata with a focus on art, sustainability, and healing, integrating therapeutic cultivation with harm reduction and community education. He is the living memory of how a real association is born, operates, and survives.

Por que você

canna-br cannot be built by someone who has never operated an association. Thiago founded, directs, and survives the operational reality that the system resolves.
Casa da Mata is a grassroots reference: real multidisciplinary structure (pharmacist, doctor, psychiatrist, biologist, lawyer) — not a PowerPoint.
As 'Bridge Director', Thiago does not represent canna-br to associations — he represents associations to canna-br. That direction matters.
Baixada Santista concentrates some of the most active associations in the state of São Paulo interior. Thiago's network is the product's network.
Legitimacy that cannot be hired: whoever founded an association with real recognition knows where the system will fail before any beta tester does.

Accept the invitation · reply to Gabriel Read first — what this means

— Gabriel

Este é um convite, não um cargo. canna-br é organização orgânica (O2) — papéis emergem por tensão. Você pode aceitar, recusar, ou propor outro recorte.

Círculo Principal · Convite Pessoal

AME-C · Associação Medicinal Canábica · Bertioga SP · PresidentPlantando Conhecimento · DirectorCFMV · GT Cannabinoids in Veterinary MedicineCannaderno · Creator

Caroline Campagnone

Bridge Director · Pilot Front voice of associations in the circle

Veterinary doctor, President of AME-C (Associação Medicinal Canábica, Bertioga/SP), and Director of Plantando Conhecimento. Creator of Cannaderno — a treatment control app for cannabis patients. Member of the CFMV (Brazil's Federal Council of Veterinary Medicine) Working Group on cannabinoid regulation in veterinary medicine. Judicial habeas corpus for home cultivation of cannabis for her husband's neurological treatment.

Por que você

Caroline does not study medical cannabis — she operates an association, creates patient tools, and sits on the group that will regulate the veterinary sector.
AME-C Bertioga covers humans AND animals: it is one of the few associations with dual habeas corpus — regulatory complexity that stress-tests any management system.
Cannaderno = she already attempted to solve the treatment control problem with software. She knows exactly where a management solution loosens and where it tightens.
CFMV + CFMV cannabinoid GT: Caroline is at the table where veterinary regulation is being written. Regulatory anticipation in the circle.
Bertioga → São Paulo coast: diversifies the geographic network beyond Baixada Santista, opening access to another cluster of associations.

Accept the invitation · reply to Gabriel Read first — what this means

— Gabriel

Este é um convite, não um cargo. canna-br é organização orgânica (O2) — papéis emergem por tensão. Você pode aceitar, recusar, ou propor outro recorte.

Círculo Principal · Convite Pessoal

Vanhall · Santos SP · CEO & FounderStartup Studio Brasil [to confirm]Novos Fundadores [to confirm]

Ricardo Caspirro

Strategic Antenna Gabriel's first startup mentor

CEO and founder of Vanhall (Santos/SP), with stints at Startup Studio Brasil and Novos Fundadores — two of the rare Brazilian projects focused on founder formation before the product exists. Ricardo was Gabriel's first startup mentor: the person who taught how to think about market, timing, and category before any line of code. Not an association manager, not a lawyer, not a product manager — he is the macro eye. The bet on canna-br makes sense to him because he recognizes the mechanics of an emerging category before the market notices it exists. [passage through the Santos and Baixada Santista ecosystem to confirm with Ricardo]

Por que você

Category timing: RDC 1.014/2026 opens an 18–24-month window where the first solution to consolidate compliance + OSS sets the standard. Ricardo recognizes this pattern before any pitch deck.
Confirmed mentor track record — Startup Studio Brasil + Novos Fundadores are founder formation projects, not product projects. Those who came through there know where founders break before they break. [details to confirm with Ricardo]
The circle does not need another operational person — it needs someone who looks from the outside and asks 'are you focused on the right thing?' Ricardo is that interlocutor.

Accept the invitation · reply to Gabriel Read first — what this means

— Gabriel

Este é um convite, não um cargo. canna-br é organização orgânica (O2) — papéis emergem por tensão. Você pode aceitar, recusar, ou propor outro recorte.

Current state · v0.1.0 → v1.0

What's ready, in progress, and planned — by area.

No opacity. See exactly where we are in v0.1.0, what ships in v0.2 (multi-tenant), v0.3 (pilot hardening), and v1.0. Red line = external blocker (sandbox, RDC, partner).

Area	Capability	v0.1.0 today	v0.2 multi-tenant	v0.3 pilot	v1.0 GA
LGPD	AES-256-GCM envelope per member	✓ ready	✓	✓	✓
	Crypto-deletion (Art. 18 IV)	✓ ready	✓	✓	✓
	Versioned consent + RIPD	partial	partial	✓ ready	✓
SNGPC	XML schema + mock submit	✓ ready	✓	✓	✓
	BullMQ retry/DLQ worker	scaffold	scaffold	✓ ready	✓
	ANVISA production homologation (awaiting ANVISA XSD schema)	—	—	tracking	✓ planned
AI / MCP	MCP server + tools (levels 1-3)	L1/L2 ✓ · L3 operational (pilot validation)	✓	✓	✓
	Inline MCP Apps (3 → 12)	3 apps	5 apps	7 apps	12 apps
	Open WebUI sidecar + OAuth 2.1 auth	smoke	smoke	✓ ready	✓
Gov. O2	RBAC + TOTP (segregation of duties)	partial	partial	✓ ready	✓
	Versioned O2 roles (agreements as code)	scaffold	scaffold	partial	✓ planned
		Quarterly BSPO signed by technical officer + RIPD via MCP App	—	—	partial	✓ planned

✓ ready

Covered by tests; in production/demo.

partial / scaffold

Structure exists; missing hardening or coverage.

tracking

Blocked by external actor (ANVISA/partner).

— planned

Declared roadmap; not started.

Detailed quarterly roadmap at /roadmap. Releases at /releases.

Start as

Each role has a direct path.

Identify your pain, see what canna-br solves, go straight to the documentation that matters.

Board of Directors

Pain

Personal criminal liability from health data in a closed SaaS (LGPD Art. 5 II).

Outcome

Immutable trail + crypto-deletion + self-host reduce the technical risk vector (final legal exposure remains the board's + designated DPO's responsibility).

See liability risk →

Legal Counsel

Pain

Mapping RDC 1.014 + LGPD + SNGPC obligations in a system not designed for this.

Outcome

Legal framework mapped article by article + signed ADRs + unquestionable audit log.

See legal framework →

Technical Pharmacist (RT)

Pain

Manual dispensation + out-of-band SNGPC + parallel spreadsheets = inspection impossible.

Outcome

MCP chat records dispensation, deducts quota, generates SNGPC without leaving the workflow.

See dispensation flow →

Association IT

Pain

Proprietary SaaS = lock-in, no code audit, no self-host for sensitive data.

Outcome

Auditable OSS stack, docker-compose in 10 min, versioned ADRs, forks permitted.

See stack + setup →

Organic Governance · O2

Organic Organization: explicit roles, living circles, tensions as fuel.

canna-br adopts O2 (Organic Organization) from Target Teal — Brazilian OSS social technology for self-management. No command chain, no fixed titles. Structure is a map of agreements that evolves through real tensions.

01

Distributed Authority

Individual autocratic operational decisions by default. Everything is permitted unless explicitly prohibited.

02

Roles and Circles

Structure by purpose and granular accountabilities. No "CTO" or "CEO" title — only explicit roles.

03

Evolution through Tensions

Real problems and opportunities feed structural adaptations. Agreements versioned as code.

04

5 Interaction Modes

Review · Sync · Adapt · Select · Care. Meetings with a clear objective, not a loose agenda.

05

Tribal Space

Care Mode isolates human relationships from work. Empathy and vulnerability have their own space.

Differentiator: O2 avoids the proprietary density of Holacracy (includes Care Mode) and the slowness of excessive consent in Sociocracy 3.0 (individual autocracy default). Adopted by Tera, eduK, Take, More Than Real, Kanpai BH, and more.

Initiator · circle lead

Gabriel Fonseca

Founder Via Corretor · Senior AI Engineer (Mukutu) · Software Zen Kanban

Engineer with 12+ years in regulated systems (event sourcing, compliance, operational kanban). Medical cannabis patient — experienced firsthand the operational friction that canna-br resolves. Conceived the project after mapping the OSS gap in the Brazilian sector ahead of the RDC 1.014 window.

gabriel@devmagic.com.br

WhatsApp +55 13 98803-2053

/about

Current accountabilities

Circle purpose — carries the aim until new roles anchor
Domain modeling — Emmett-pure, Event Sourcing, versioned ADRs
Infra ops — VPS, Kamal, hosted canna-br.fonsecagabriel.com.br
MCP-first surface — gate for awesome UX production polish
Pilot on-call — WhatsApp direct during seed
Seed recruiter — 5 association slots, curation + onboarding
Compliance liaison — RDC 1.014, LGPD, SNGPC tracking
Caretaker (O2 Mode) — tribal space of the circle

Explicit roles derived from active premises in the /manager ledger (governance + infra + ops + product + hard_rule). Structure evolves through tensions — roles will be partitioned when RT compliance, infra-owner, and association-relations roles anchor.

Current team

One founder, open source, nascent community. No hired staff, no incorporated entity yet. canna-br is a serious project in pre-commercial-MVP stage — the ambition is to hire 2 roles (technical + legal) when the pilot validates PMF. Full transparency: /about/ + /trust/.

RDC 1.014 compliance with immutable traceability — and open-source code your board can audit.

August 4, 2026 — the window closes. Associations without a compliant system are increasing their regulatory exposure.

Three pillars that don't exist together in any other system

LGPD-by-design

SNGPC in development

Auditable OSS

From onboarding to audit in 4 steps.

Diagnosis

Secure setup

Operations in chat

Automatic audit

Not a deck. Here's the system running in smoke validation.

The team being built.

Adriany Eizo

Ana Júlia Bravo

Luiz Ribeiro

Eduardo Yoshimura

Thiago Félix

Caroline Campagnone

Ricardo Caspirro

What's ready, in progress, and planned — by area.

Each role has a direct path.

Board of Directors

Legal Counsel

Technical Pharmacist (RT)

Association IT

Everything that backs the thesis, in public links.

Organic Organization: explicit roles, living circles, tensions as fuel.

Distributed Authority

Roles and Circles

Evolution through Tensions

5 Interaction Modes

Tribal Space

TAM R$130M (~US$26M) by 2030. SOM R$27M (~US$5.4M). Comparable: Cannanas DE (€7.2M ARR).

Get in before the public call. Influence the roadmap. Receive the ANVISA dossier template ready to go.

Grave seu vídeo de até 3 minutos