docs(research): refine open/paid boundary — orchestrator as paid control plane
Captures the four-turn working-through of the monetization line under the forge-as-orchestrator shape: - The orchestrator IS the control plane and can be closed/private from day one; the runtime stays OSS. - Charge for the moat (see-inside-the-run + cross-run aggregation), not the webhook/orchestration plumbing the forge vendors build free. - Heuristic: single-run/single-node = free; cross-run aggregation + central enforcement + identity/fleet = paid (== individual vs team). - Provenance: emit signed provenance via a free API (tamper-evident offline, BYO-SIEM); sell retention/search/policy. Forge footer is an optional off-by-default consumer, not the audit record. - On-prem priority: self-hosted runners > self-hosted provenance; sell the governed fleet, not a single runner (which is just the free runtime). - Fly = metered capacity line, not the moat; self-host == same closed control plane licensed, not a separate product. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01WL77TgFxKbs3cidGMG9dz7
This commit is contained in:
@@ -309,9 +309,97 @@ The security model *is* the product. This rides the headless launch
|
||||
primitive directly: webhook → `start --headless` into an isolated bottle
|
||||
→ commit as agent identity → PR with provenance.
|
||||
|
||||
Open-core line is unchanged: the webhook/comment trigger stays free
|
||||
(adoption); the sandboxed-execution + provenance + policy layer is the
|
||||
paid governance.
|
||||
Open-core line, refined in the next section: the trigger *convention*
|
||||
(label/assignee) stays open so anyone can adopt it, but the
|
||||
**orchestrator that receives webhooks and governs lifecycle is the paid
|
||||
control plane**; the runtime — and a signed-provenance emission API —
|
||||
stay free.
|
||||
|
||||
## The open/paid boundary, refined: orchestrator as the paid control plane
|
||||
|
||||
The forge-native shape sharpens the open-core line past the rough
|
||||
"trigger free, execution paid" cut above. Working it through four
|
||||
constraints — value capture, provenance integrity, the sovereignty
|
||||
buyer, and what the forge *structurally cannot do* — yields a precise
|
||||
boundary.
|
||||
|
||||
**The orchestrator is the control plane, and the control plane is the
|
||||
paid product.** With the forge supplying identity / state / triggers /
|
||||
review, bot-bottle's orchestrator (`bot-bottle-orchestrator`, already
|
||||
specced as a separate binary in the forge-native PRD) is where webhooks
|
||||
land and bottle lifecycle + governance live. That binary can stay
|
||||
**closed/private from day one** without breaking the open-core contract:
|
||||
the runtime stays OSS; the control plane is how the lights stay on. This
|
||||
is "give away the sandbox, charge for the control plane" made literal —
|
||||
the orchestrator *is* the control plane.
|
||||
|
||||
**Charge for the moat, not the webhook.** Holding webhooks and managing
|
||||
bottle lifecycle is commodity — the forge vendors build it first-party,
|
||||
and it's the "undifferentiated cost" column above (idempotency, queueing,
|
||||
dispatch). If the pitch is "we catch the webhook," they out-build it
|
||||
free. The paid value is the two things the forge *cannot* do:
|
||||
|
||||
1. **See inside the run** — which model / prompt / policy / tools / egress
|
||||
produced the diff, whether a secret nearly left. Runtime-level data
|
||||
only the bottle holds.
|
||||
2. **Aggregate and enforce across runs** — retain / search / export every
|
||||
run across every repo; push one egress/DLP/capability policy
|
||||
fleet-wide and detect drift.
|
||||
|
||||
The explainable heuristic: **anything legible within a single run on a
|
||||
single node is free; anything requiring cross-run aggregation, central
|
||||
enforcement, or identity/fleet management is paid.** That is also the
|
||||
individual-vs-team line — individuals live in single runs, teams need the
|
||||
aggregate.
|
||||
|
||||
**Provenance: emit free (signed), sell the product.** The forge is the
|
||||
wrong system of record for provenance — a markdown footer is mutable by
|
||||
any maintainer, unsigned, per-PR, with no aggregation, so a maintainer
|
||||
could simply edit it. The authoritative record therefore lives in the
|
||||
(paid) control plane. The *runtime* emits **signed** provenance through a
|
||||
**free API** — tamper-evident offline (edit it and the signature breaks;
|
||||
verify with no server), so on-prem teams can route it into their own
|
||||
SIEM. What's paid is the *product* over that stream: retention, search,
|
||||
cross-run, export, policy. Whether a copy also lands in the PR footer is
|
||||
an optional, off-by-default marketing dial — one consumer of the free
|
||||
API, not a free provenance surface, and never the audit record. The
|
||||
mutability "bug" becomes a paid feature: the control plane flags *"PR
|
||||
footer edited / doesn't match the signed run."* (Prometheus model:
|
||||
`/metrics` is free to scrape; managed retention + dashboards are the
|
||||
business.)
|
||||
|
||||
**On-prem priority: self-hosted runners over self-hosted provenance.**
|
||||
The sovereignty buyer's *hard structural constraint* is where the agent
|
||||
**executes** against private code, secrets, and network — that's the
|
||||
runner, and it cannot leave the perimeter. Audit metadata is softer; many
|
||||
regulated orgs ship logs to SaaS while keeping the workload inside. So:
|
||||
|
||||
- Self-hosted **runner** = baseline, always, for that buyer.
|
||||
- Self-hosted **provenance store** = premium tier of the strictest subset
|
||||
(air-gapped, hard data-residency) — and largely covered by the free
|
||||
emission API → their own SIEM, so it may never need to be a product you
|
||||
build.
|
||||
- Precision so you don't trip your own free tier: a single self-hosted
|
||||
runner *is the OSS runtime on their box* — free. What's paid is the
|
||||
**fleet control plane**: enrolling/managing many runners, central
|
||||
policy push, dispatch/identity/quota, health/scaling. You don't sell
|
||||
"a runner," you sell **running a governed fleet**.
|
||||
|
||||
**Resulting tiers:**
|
||||
|
||||
| Layer | What it is | Open/Paid | Deployment |
|
||||
| :-- | :-- | :-- | :-- |
|
||||
| **Runtime** | isolation + ephemeral bottles, cred-proxy, supervise, `start --headless`, signed-provenance emission API | Free / OSS | Always self-host |
|
||||
| **Single runner** | the OSS runtime on a box | Free / OSS | Self-host |
|
||||
| **Control plane** | cross-run audit retention/search/export, central policy push, SSO/RBAC dispatch, fleet management of runners, alerting | **Paid** | Hosted *or* self-host-licensed — same code |
|
||||
| **Capacity** | managed Fly runner pool, metered (agent-hours) | **Paid add-on** | Hosted only |
|
||||
|
||||
Fly stays a **capacity/convenience line, not the moat** — it monetizes
|
||||
even solo hackers (capability, not insurance), but a managed runner pool
|
||||
is reselling compute against Fly/E2B/Northflank on price. It's a bundle
|
||||
attached to the governance, never the thing defended. Self-host is *not*
|
||||
a separate product: on-prem buyers get the same closed control plane,
|
||||
licensed, pointed at their own runners.
|
||||
|
||||
## Risks to the thesis
|
||||
|
||||
|
||||
Reference in New Issue
Block a user