The thread went straight to cost/ROI but the article's actual argument is about security architecture: 'sandbox around the whole agent' vs. 'enforce at the tool layer.' OpenClaw/NemoClaw's setup — binding Ollama to 0.0.0.0 across a network namespace, pairing through the chat channel, approving connections at the netns boundary — are each workarounds for a foundation that didn't separate concerns early. The Unix principle wasn't 'wrap your DOS program in a safer shell' — it was address space and identity separation built in from below. Whether local inference is worth $180/mo is a separate question from whether the permission model belongs at the network boundary or at the tool dispatch layer.