local-review

local-review is the purest moat-light, trust-heavy product of the four. Its whole pitch is a refusal: your code never leaves the machine, you pay no one but your existing LLM vendors, and there's nothing to lock you into. That makes it a perfect lens for the concepts about positioning and defensibility — because it deliberately declines several classic moats and bets on others.

Aggregator, at the tool level concept 14

local-review is a miniature aggregator: the LLM CLIs are commoditized, interchangeable suppliers; the user only ever talks to local-review; and adding a sixth model is near-zero cost. The merge step — dedup plus consensus tagging — is where the aggregation value lives, because "three of four models flagged this" is a stronger signal than any single review.

Differentiation focus, not cost leadership concept 19

It can't win on cost (it's free) or on breadth. It wins by being the obviously best tool for one corner: developers who refuse to ship code to a SaaS and already own LLM keys. Multi-LLM merge, a no-dependency Go binary, and fully-offline operation via Ollama are differentiators a SaaS incumbent structurally can't copy without abandoning its model.

Zero switching costs — on purpose concept 22

Most products chase lock-in; local-review throws it away. BYOK, no stored data, no account — you can quit anytime. That's a deliberate trust signal: the bet is that quality and privacy retain better than a cage. The flip side is honest to state: there's little structural stickiness, so it must keep earning the install.

Low barriers — so the moat is trust artifacts concept 20

A capable team could clone the core in weeks; the technical barrier to entry is low and there are no network effects. So the moat is built elsewhere: a public benchmark leaderboard (precision/recall, refreshed each release), the tool run against its own source as a committed audit, and an OWASP-aligned checklist — credibility you can't fake quickly, aimed at an audience that rewards exactly that.

Market timing: riding the LLM-CLI wave concept 18

This product was un-buildable three years ago. It exists because several capable LLM command-line tools shipped and developers already hold keys — the enabling shift that opened the window. The same window has a risk baked in: when the Gemini CLI sunsets, a supplier vanishes overnight, which is the aggregator's eternal dependency problem in miniature.

Infinite runway, no clock concept 27

With open-source code, the user's own keys, and no servers, burn is essentially zero and runway is effectively infinite. There's no funding and none needed; monetization ideas (premium prompt packs, enterprise support) have been explored and deliberately deferred — notably rejecting hosted API keys as a betrayal of the BYOK promise. It can simply refuse to die.

Lens	Where local-review lands
TAM → SOM	TAM "every developer"; SAM devs with an LLM CLI who want pre-commit review; SOM the OSS/privacy crowd reachable via HN, subreddits, and a Homebrew tap.
Beachhead	Privacy-conscious Go & local-LLM developers → expand by language (prompt packs for TS/Python/Rust/Swift/Kotlin) and to org-wide distribution.
JTBD	"Review my diff with AI before I commit — locally, on keys I already pay for, without shipping code to a third party."
GTM	Community- and content-led: Show HN, r/golang & r/LocalLLaMA, a strong README, Homebrew. No ads — the audience distrusts them.
Moat	Not network or lock-in. Trust: public benchmarks, self-audit, brand, and the engineering of the multi-LLM merge.