Skip to content

Positioning: sharpen vs-context7 security-by-construction + free/unmetered advantages (#52)#53

Merged
kiki830621 merged 4 commits into
mainfrom
idd/52-positioning-vs-context7-security-cost
Jul 5, 2026
Merged

Positioning: sharpen vs-context7 security-by-construction + free/unmetered advantages (#52)#53
kiki830621 merged 4 commits into
mainfrom
idd/52-positioning-vs-context7-security-cost

Conversation

@kiki830621

Copy link
Copy Markdown
Member

Refs #52

Summary

Sharpen two vs-context7 advantages in docs/positioning.md (the external-messaging source of truth) with context7's own marketing as evidence, and honesty-correct an over-asserted line.

  • Security = structural absence. context7's default is a hosted SaaS ("Built by Upstash"); vendor-free = paid self-host. LiveDocs has no vendor server at all, by construction. Concede: context7's SOC-2 + self-host + local-processing claims are real (so the old bare "queries hit their servers" line was over-asserted → corrected).
  • Cost = unmetered by construction. context7 pricing (dated 2026-07-05): Free 1k calls/public-only, Pro $10/seat + $25/1M-tok private repos, Enterprise custom. LiveDocs is unmetered, seatless, private-repos-included (never a metered API). Concede: context7's free tier is real.

Changes (docs/positioning.md only)

Honesty (#27/#29)

These axes are structural + citable, not harness-measured (unlike freshness) — so the guard is dated citation + concession, not a drift-guarded number. No claim that context7 is "insecure" or "paywalled"; the differentiators are no-vendor-by-construction and unmetered.

Scope / conflict

docs/positioning.md only — zero overlap with in-flight #50 (which owns the README sentinel block). Both merge in any order. README blurb + wiki Home mirror deferred as follow-ups.

Checklist

  • Diagnose (Plan tier) + implementation plan
  • Implement (1 commit, Refs #52)
  • Verify (opus ensemble — honesty framing) → then /idd-close

🤖 /idd-all · no close trailer — manual /idd-close after merge.

…ee/unmetered (#52)

positioning.md already carried these axes but understated + un-cited, and line 52
over-asserted "queries hit their servers" — context7's Enterprise page contests it
(local processing + SOC-2 + self-host). Sharpened + honesty-corrected:

- Differentiator #2 → "Private and free, by construction" with inline concession.
- Head-to-head: honest Architecture ("hosted SaaS by default") + Privacy ("default
  routes through their cloud") rows; Access → Cost (unmetered vs metered + paid).
- Prose: context7-cited evidence + concessions + dated pricing capture (2026-07-05)
  + "cite the structure, not the rotting figure" caveat.

Both axes are STRUCTURAL, not harness-measured like freshness — so the honesty
mechanism is dated citation + concession. Scope: positioning.md only (zero #50 overlap).
…", not "never leaves your machine" (#52)

Self-caught honesty fix (#27/#29): LiveDocs DOES fetch from npm/PyPI/docs hosts, so
the library name in a query reaches the origin host. The literal "queries never leave
your machine" over-claimed. Precise + defensible: no third-party INDEX/vendor sees the
query (context7's exact role), and version reconciliation reads the local install offline.
R1 opus ensemble: delivery confirmed, but the framing counted what LiveDocs
REMOVES (vendor / index / meter) without what it ADDS. Closed:

- "nothing to trust or breach" over-claimed → trust doesn't vanish, it SHIFTS to
  the local signed binary + its GitHub-Release / --self-update distribution (a
  compromised release / signing key is arguably a larger blast radius).
- Reconcile context7's own "queries processed locally" claim → even client-side
  processing sends the index lookup to their hosted per-org DB; that hosted index
  is exactly what LiveDocs structurally lacks (pre-empts the strongest rebuttal).
- "no third-party index sees your query" narrowed → the origin host still sees it;
  the win is removing one observer (context7's index), not "nobody sees it".
- Cost: "unmetered" isn't "costless" (you bear origin-host rate limits + bandwidth);
  "private repos" is a different mechanism (local installed copy vs cloud parse),
  not a free superset.
- Symmetric conclusion: a DIFFERENT trust surface, not a strictly smaller one.
- Accuracy: drop unverified "/mo" on Free ("1,000 included calls"); SOC-2 Type II
  uniformly; source's word "private" DB; self-host = the (custom-priced) Enterprise tier.

Scope: positioning.md only (zero #50 overlap).
…R2 (#52)

R2 found a HIGH consistency straggler: #2/table/bullets were sharpened to "origin
host still sees it / different trust surface", but the WEDGE (the lead) still asserted
flat "private" — a direct contradiction. Propagated the verified register to the lead:
- wedge "it is private" → "no third-party doc index in the query path"; lead outcome
  "(latest, private, keyless)" → "(latest, keyless, no index in the middle)".
- "context7 can't become local, private, keyless without giving up its model" → states
  the reconciliation: centralized SaaS by default; local+keyless = its Enterprise
  self-host tier (aligns with the self-host concession, drops the absolutist "can't").
- factual hedge: "client-side processing still sends the index lookup" → "a hosted SaaS
  with a per-org database must still route the index lookup" (architectural inference,
  not a claim of context7 internals).

The anti-positioning "lost privacy" (line ~119) is left as-is — it refers to the
third-party index a central cache would add, the one privacy LiveDocs retains.
@kiki830621
kiki830621 merged commit 7f9692b into main Jul 5, 2026
1 check passed
@kiki830621
kiki830621 deleted the idd/52-positioning-vs-context7-security-cost branch July 5, 2026 10:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant