From 898b6350bc032a84d66b11f1a7594311974baf6d Mon Sep 17 00:00:00 2001 From: didericis Date: Tue, 30 Jun 2026 18:57:04 -0400 Subject: [PATCH] =?UTF-8?q?docs(research):=20refine=20open/paid=20boundary?= =?UTF-8?q?=20=E2=80=94=20orchestrator=20as=20paid=20control=20plane?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Captures the four-turn working-through of the monetization line under the forge-as-orchestrator shape: - The orchestrator IS the control plane and can be closed/private from day one; the runtime stays OSS. - Charge for the moat (see-inside-the-run + cross-run aggregation), not the webhook/orchestration plumbing the forge vendors build free. - Heuristic: single-run/single-node = free; cross-run aggregation + central enforcement + identity/fleet = paid (== individual vs team). - Provenance: emit signed provenance via a free API (tamper-evident offline, BYO-SIEM); sell retention/search/policy. Forge footer is an optional off-by-default consumer, not the audit record. - On-prem priority: self-hosted runners > self-hosted provenance; sell the governed fleet, not a single runner (which is just the free runtime). - Fly = metered capacity line, not the moat; self-host == same closed control plane licensed, not a separate product. Co-Authored-By: Claude Opus 4.8 Claude-Session: https://claude.ai/code/session_01WL77TgFxKbs3cidGMG9dz7 --- docs/research/monetization-positioning.md | 94 ++++++++++++++++++++++- 1 file changed, 91 insertions(+), 3 deletions(-) diff --git a/docs/research/monetization-positioning.md b/docs/research/monetization-positioning.md index efd9f44..e36f1a0 100644 --- a/docs/research/monetization-positioning.md +++ b/docs/research/monetization-positioning.md @@ -309,9 +309,97 @@ The security model *is* the product. This rides the headless launch primitive directly: webhook → `start --headless` into an isolated bottle → commit as agent identity → PR with provenance. -Open-core line is unchanged: the webhook/comment trigger stays free -(adoption); the sandboxed-execution + provenance + policy layer is the -paid governance. +Open-core line, refined in the next section: the trigger *convention* +(label/assignee) stays open so anyone can adopt it, but the +**orchestrator that receives webhooks and governs lifecycle is the paid +control plane**; the runtime — and a signed-provenance emission API — +stay free. + +## The open/paid boundary, refined: orchestrator as the paid control plane + +The forge-native shape sharpens the open-core line past the rough +"trigger free, execution paid" cut above. Working it through four +constraints — value capture, provenance integrity, the sovereignty +buyer, and what the forge *structurally cannot do* — yields a precise +boundary. + +**The orchestrator is the control plane, and the control plane is the +paid product.** With the forge supplying identity / state / triggers / +review, bot-bottle's orchestrator (`bot-bottle-orchestrator`, already +specced as a separate binary in the forge-native PRD) is where webhooks +land and bottle lifecycle + governance live. That binary can stay +**closed/private from day one** without breaking the open-core contract: +the runtime stays OSS; the control plane is how the lights stay on. This +is "give away the sandbox, charge for the control plane" made literal — +the orchestrator *is* the control plane. + +**Charge for the moat, not the webhook.** Holding webhooks and managing +bottle lifecycle is commodity — the forge vendors build it first-party, +and it's the "undifferentiated cost" column above (idempotency, queueing, +dispatch). If the pitch is "we catch the webhook," they out-build it +free. The paid value is the two things the forge *cannot* do: + +1. **See inside the run** — which model / prompt / policy / tools / egress + produced the diff, whether a secret nearly left. Runtime-level data + only the bottle holds. +2. **Aggregate and enforce across runs** — retain / search / export every + run across every repo; push one egress/DLP/capability policy + fleet-wide and detect drift. + +The explainable heuristic: **anything legible within a single run on a +single node is free; anything requiring cross-run aggregation, central +enforcement, or identity/fleet management is paid.** That is also the +individual-vs-team line — individuals live in single runs, teams need the +aggregate. + +**Provenance: emit free (signed), sell the product.** The forge is the +wrong system of record for provenance — a markdown footer is mutable by +any maintainer, unsigned, per-PR, with no aggregation, so a maintainer +could simply edit it. The authoritative record therefore lives in the +(paid) control plane. The *runtime* emits **signed** provenance through a +**free API** — tamper-evident offline (edit it and the signature breaks; +verify with no server), so on-prem teams can route it into their own +SIEM. What's paid is the *product* over that stream: retention, search, +cross-run, export, policy. Whether a copy also lands in the PR footer is +an optional, off-by-default marketing dial — one consumer of the free +API, not a free provenance surface, and never the audit record. The +mutability "bug" becomes a paid feature: the control plane flags *"PR +footer edited / doesn't match the signed run."* (Prometheus model: +`/metrics` is free to scrape; managed retention + dashboards are the +business.) + +**On-prem priority: self-hosted runners over self-hosted provenance.** +The sovereignty buyer's *hard structural constraint* is where the agent +**executes** against private code, secrets, and network — that's the +runner, and it cannot leave the perimeter. Audit metadata is softer; many +regulated orgs ship logs to SaaS while keeping the workload inside. So: + +- Self-hosted **runner** = baseline, always, for that buyer. +- Self-hosted **provenance store** = premium tier of the strictest subset + (air-gapped, hard data-residency) — and largely covered by the free + emission API → their own SIEM, so it may never need to be a product you + build. +- Precision so you don't trip your own free tier: a single self-hosted + runner *is the OSS runtime on their box* — free. What's paid is the + **fleet control plane**: enrolling/managing many runners, central + policy push, dispatch/identity/quota, health/scaling. You don't sell + "a runner," you sell **running a governed fleet**. + +**Resulting tiers:** + +| Layer | What it is | Open/Paid | Deployment | +| :-- | :-- | :-- | :-- | +| **Runtime** | isolation + ephemeral bottles, cred-proxy, supervise, `start --headless`, signed-provenance emission API | Free / OSS | Always self-host | +| **Single runner** | the OSS runtime on a box | Free / OSS | Self-host | +| **Control plane** | cross-run audit retention/search/export, central policy push, SSO/RBAC dispatch, fleet management of runners, alerting | **Paid** | Hosted *or* self-host-licensed — same code | +| **Capacity** | managed Fly runner pool, metered (agent-hours) | **Paid add-on** | Hosted only | + +Fly stays a **capacity/convenience line, not the moat** — it monetizes +even solo hackers (capability, not insurance), but a managed runner pool +is reselling compute against Fly/E2B/Northflank on price. It's a bundle +attached to the governance, never the thing defended. Self-host is *not* +a separate product: on-prem buyers get the same closed control plane, +licensed, pointed at their own runners. ## Risks to the thesis