diff --git a/docs/research/landscape-containerized-claude.md b/docs/research/landscape-containerized-claude.md index 6a317ab..f8d773a 100644 --- a/docs/research/landscape-containerized-claude.md +++ b/docs/research/landscape-containerized-claude.md @@ -103,7 +103,19 @@ manifest merge. has no equivalent. (3) *Trust posture:* OneCLI's managed tier reintroduces a third-party credential custodian, whereas bot-bottle's OSS-runtime + paid-control-plane split keeps custody inside the operator's own boundary — - the stronger story for the security-minded self-hoster. **Tactical read:** + the stronger story for the security-minded self-hoster. (4) *Runs inside your + network boundary — local/internal reach.* Because bot-bottle executes the + agent on your own host (homelab, corporate LAN, a Tailnet) and egress is a + manifest field, giving an agent *scoped* access to **internal** resources — a + private Gitea, a LAN database, a Tailscale node — is just another egress-route + line, not a networking project (the same move an operator already makes to + reach their Tailscale services). OneCLI's OSS core can self-host too, but it's + a credential *broker* for outbound API calls, not an agent runtime, and its + managed tier + 50+ integrations are oriented at public SaaS — it doesn't put + the agent behind your firewall for you. This is a reach advantage, distinct + from the isolation ones above, and it's a wedge cloud-first agent products + (Devin, Copilot Workspace, OneCLI Cloud) structurally can't match. **Tactical + read:** adopt OneCLI's OSS core for the credential slice if building is undesirable (it's mature now); don't build atop its managed tier (competitor, not dependency); re-position bot-bottle on isolation + fleet + self-hosted custody