Ladybird closes public PRs: the most honest answer to AI-generated code?

On June 5th, Simon Willison shared on his blog a quote from Andreas Kling, founder of the independent Ladybird browser project, which captures quite precisely a dilemma many open source maintainers are beginning to voice openly: AI has broken one of the oldest heuristics in free software.

The decision is straightforward: Ladybird stops accepting public pull requests. From now on, only people explicitly brought on by the team can contribute to the code. It is not a temporary measure nor is it open for debate.

Effort no longer guarantees good faith

For decades, a large patch was an implicit signal that someone had invested real time and had a genuine interest in the project. That correlation has disappeared. As Kling explains in his original post:

> "A substantial patch used to imply substantial effort, and that effort was a reasonable indicator of good faith. That assumption no longer holds."

The problem is not that AI-generated code is necessarily bad. Kling's argument is more nuanced: what matters is not how the code was written, but who takes responsibility once it enters the project. Ladybird is transitioning from an experiment to a browser for real users. In that context, traceability of responsibility outweighs openness of the contribution process.

> "Whether the code was written by hand is irrelevant. What matters is who is responsible for it once it enters the browser."

A recurring symptom

Ladybird is not the first project to react this way. Since 2024 we have seen several maintainers tighten review requirements, add explicit policies about AI-assisted contributions, or simply close issues due to an avalanche of automatically generated reports. What makes Kling's decision striking is its radicality: rather than trying to filter noise case by case, he eliminates the channel through which it arrives.

From a practical perspective, this has real consequences. Ladybird would potentially lose valuable contributions from people outside the core team. But the inverse reasoning also applies: a small team spending time reviewing PRs of uncertain origin is a team not building the browser.

What governance model remains?

The question left open by this decision is how ambitious projects scale if they close the door to unsupervised external contributions. Ladybird is betting on a model more similar to closed corporate development than classical open source: a small, known group of people who take responsibility for every line of code.

It is a legitimate model, and probably more sustainable for a project with Ladybird's technical ambitions than trying to manage a community of massive contribution in a context where verifying the authorship and intent of a patch has become more costly. But it means abandoning one of the foundational promises of free software: that anyone can improve the code.

At ClaudeWave we are closely following these kinds of decisions because they directly affect how the tools surrounding the ecosystem of agents and integrations are built and maintained. If the open source projects that serve as infrastructure begin to close their contribution processes in response to pressure from AI-generated code, the implications for the dependency chain are broad. It is not fearmongering: it is a shift in model worth understanding before it becomes the norm.