Development

Open Source's No-More-Pull-Requests Moment

Ladybird, tldraw, and the whole Jazzband collective have stopped taking public pull requests. It isn't a verdict on AI code quality — it's open source rebuilding its trust model from scratch.

On June 5, Ladybird founder Andreas Kling announced that the independent browser project would no longer accept public pull requests at all: from now on, code changes land only through project maintainers themselves. The reasoning he gave in “Changing How We Develop Ladybird” is not about contributors behaving badly. It’s about arithmetic. “AI tools have changed the economics of [code contributions] very quickly,” Kling wrote, adding that “what has changed is how much faster and cheaper it has become to produce work that looks like a serious contribution” — a particularly uncomfortable risk for software that spends its entire existence parsing untrusted content from the open internet. Ladybird is not alone. tldraw and the entire Jazzband collective, an 84-project umbrella for Python packages, have made similar moves in recent months. Taken together, they describe something more interesting than a complaint about bad code: a governance crisis over what a pull request is even supposed to signal.

The economics that stopped working

For two decades, the pull request functioned as a cheap, legible proxy for effort. Someone spent time understanding a codebase, wrote a fix, and submitted it for review — the very existence of a coherent PR was itself weak evidence that a human had done real work upstream. That proxy has collapsed. As a piece from Signadot puts it, AI coding agents have made producing pull requests dramatically cheaper and faster, but “the review, validation, and integration of that code have not gotten any faster” — an asymmetry that used to be roughly balanced and now runs entirely one way. The scale of that imbalance is documented by danilchenko.dev, which tracked AI-agent-authored pull requests on GitHub rising from roughly 4 million in September 2025 to 17 million by March 2026, a fourfold jump in six months, alongside an estimate that only one in ten of those PRs is legitimate. Reviewing a pull request still takes a maintainer’s full, careful attention whether a human or an agent wrote it; producing one now takes a prompt. When creation is nearly free and verification is not, volume alone becomes an attack surface.

Trust models built for a different worst case

Jazzband’s sunsetting announcement makes the deeper stakes explicit. The collective was built on shared push access among trusted contributors, a cooperative structure designed for a world where the worst realistic failure was “someone accidentally merging the wrong PR.” That assumption — that the pool of people submitting changes was self-selecting toward good faith and rough competence — is precisely what an AI-generated flood erodes, and the group chose to wind down entirely rather than retrofit its norms under pressure. A parallel signal comes from outside pure code review: Daniel Stenberg ended curl’s long-running bug bounty program after the confirmed-vulnerability rate in submissions fell from historically above 15% to below 5%, describing in “The end of the curl bug-bounty” “the mind-numbing AI slop, humans doing worse than ever and the apparent will to poke holes rather than to help.” Different program, same underlying fact: a system calibrated to score submissions on trust stopped working once submitting became nearly costless.

When creation is nearly free and verification is not, volume alone becomes an attack surface.

Governance catches up

GitHub’s own response confirms this is now an infrastructure-level problem rather than a handful of projects overreacting. Product manager Camilla Moraes opened a community discussion, covered by The Register, on “the increasing volume of low-quality contributions… creating significant operational challenges for maintainers,” and the platform is now considering settings that would let maintainers disable pull requests outright or restrict them to known collaborators. That a mainstream platform built its identity around open contribution is even weighing a literal kill switch for that feature says more than any single maintainer’s blog post could.

None of this is an argument that coding agents write bad software, and it would be a mistake to read it that way. It’s an argument that the informal social contract underneath open-source collaboration — where a plausible-looking pull request implied someone had earned the right to be taken seriously — no longer holds, and maintainers are rebuilding the missing verification step by hand: restricting who can submit, retreating to maintainer-only commits, or shutting programs down. The Signadot piece’s warning is worth taking at face value: the same throughput asymmetry is coming for internal enterprise review queues, where, as it puts it, “anyone can point an agent at an open GitHub issue and generate a plausible-looking pull request in seconds.” Deciding what AI-authored code gets to merge is turning into a governance question every team will eventually have to answer, whether or not it maintains anything as public as a browser.