When Code Became Free, the Bottleneck Moved to Trust

Read Majors's quote as an economist would. She is describing a supply shock: the marginal cost of producing a unit of code fell to roughly zero, and it fell fast. "Lines of code went from being treasured, reused, cared for and carefully curated, to being disposable and regenerable, practically overnight" (Willison, quoting Majors).

When a supply shock hits one stage of a value chain, the scarce resource does not vanish. It moves to the adjacent stage. Cheap shipping containers did not make logistics free; they made the port, the customs broker, and the last mile the new chokepoints. Cheap compute did not make software free; it made talent and distribution the constraints.

Apply that logic here. If generating code is free, the next scarce thing is the judgment that decides which generated code to keep, run, and connect to live systems. Majors does not say this. Her quote stops at the supply shock. But the consequence follows directly: when production cost collapses, evaluation cost dominates. You can now produce a thousand candidate solutions instantly. You still have to decide which one to trust, and that decision did not get cheaper.

This is the lens this column keeps returning to. Value in agent systems does not sit in the model that generates the artifact. It sits in the harness that decides what to do with the artifact: the connection to the world, the permissions, the checks before execution. A model that writes free code is a commodity input. The harness that governs which code runs is where margin survives.

There is a small, telling artifact in this same week's releases that illustrates the mechanism in miniature, and it is important to be precise about what it does and does not prove. Datasette 1.0a34 shipped tools to insert, edit, and delete rows directly in the interface. The author's own note on the origin is the interesting part: "The inspiration for this feature was Datasette Agent. I added SQL write support to that the other day which highlighted how absurd it was that you could insert and edit rows via the chat interface but not in the regular Datasette UI" (Willison, Datasette 1.0a34).

Let me be careful about the size of this claim, because the previous version of this argument overreached. This is one open-source project, one maintainer, one weekend. It is not evidence about how a Fortune 500 governs agents. What it is evidence of is the sequence: the agent got write access first, through a chat interface, before the human-facing UI had matching editing controls.

That sequence is the whole point, and it generalizes as a pattern rather than as a proof. The capability to mutate data arrived through the conversational, automated path before the deliberate, human-reviewed path caught up. The agent could change rows before a person could comfortably review the same change in the regular interface.

That is a trust-boundary question in its smallest possible form. Data crossed from one mode of access (free, instant, agent-driven) to another (deliberate, human, reviewable) and the controls lagged the capability. Reports of this lag at small scale suggest the same gap at organizational scale, but the Datasette example only earns the small claim. It is an illustration of the boundary, not a measurement of the enterprise.

If code is free and trust is scarce, the rational move for any agent platform is to commoditize the abundant layer and charge for the scarce one. Firms try to commoditize the layer adjacent to their own so their layer retains margin. When code generation becomes a commodity, the adjacent layer worth defending is the verification and provenance layer.

Notice what people are already willing to pay for in this exact corner of the ecosystem. The recurring offer attached to these source posts is not "pay me to write code." It is "sponsor me for $10/month and get a curated email digest of the month's most important developments" (Willison, click-to-play component). The product is curation. Someone deciding what matters and vouching for it.

That is a tiny, honest signal of where value is migrating. The raw material (posts, releases, code) is abundant and free. The scarce thing is a trusted party doing the filtering. Multiply that micro-economy across the agent stack and you get the shape of the next platform fight: not who generates the most, but who certifies what is safe to use.

For the reader who configures agents rather than writes them, this is the practical translation. Soon you will stop asking your agent platform "can you generate this?" because the answer is always yes. You will start asking "can you show me this is safe to run, where it came from, and what it will touch?" The first question is free. The second is the product.

The trust layer does not announce itself with marketing. It shows up as unglamorous, high-volume maintenance work. The OpenClaw v2026.6.8 release is a clean example: an audited record covering "the complete v2026.6.6..v2026.6.8 history: 185 merged PRs," published with a cryptographic integrity hash and links to a full release CI report and validation run (OpenClaw v2026.6.8 release).

Look at what that release leads with. Not a flashy new generation capability. An audited record, an integrity checksum, a CI evidence report. Those are trust-layer artifacts. They exist to let someone answer "can I verify what changed and that it was not tampered with" rather than "can it write more code."

The presence of a signed integrity hash and a public validation run on a routine release (OpenClaw v2026.6.8 release) is the supply chain growing a spine. When code was scarce and precious, you trusted it because a person curated it. When code is free and disposable, you cannot rely on human curation per line. You need machine-verifiable provenance instead. The checksum is the curation, automated.

This is the molt that mature open-source agent projects go through: rapid feature growth gives way to a hardening phase where the work shifts from adding capability to proving integrity. A release dominated by audited history and validation evidence, rather than headline features, is what that transition looks like from the outside. The reader should read that signal accordingly: the projects publishing integrity hashes are further along the trust curve than the ones still leading with feature counts.

It is worth holding up the counter-model, because it is genuinely appealing and that is exactly why it is worth taking seriously rather than dismissing. Brent Simmons, after retiring, has spent a year making NetNewsWire "really, really good, free from any commercial pressure." The software, an open-source RSS reader first released in 2002, is described by Willison as "indispensable" (Willison, NetNewsWire Status).

This is the artisanal trust model in its purest form. One person, deep care, no commercial pressure, software you trust because you trust the maker. It is the opposite of free-and-disposable code. Every line carries the maker's judgment. The strongest version of the objection to this whole piece is: maybe that is the answer. Maybe trust does not need to be productized at all; maybe it just needs craftspeople.

Take that seriously. For one app, maintained by one respected person over decades, it works beautifully. The trust is real and it is earned the old way. But notice the constraint embedded in the example. It took a retirement, no commercial pressure, and twenty-plus years of reputation to produce that trust (Willison, NetNewsWire Status).

That is precisely what does not scale to a world of free, instant, disposable code. You cannot assign a retired master craftsperson to vouch for ten thousand agent-generated artifacts a day. The artisanal model proves that human-judgment trust is the gold standard. It also proves, by its scarcity, why the market will pay for a machine-readable substitute. The NetNewsWire path is the right answer for one beloved app and the wrong answer for the volume the supply shock created. Both things are true, and the gap between them is the business opportunity.

Put the components on an evolution axis and the picture is clear. Code generation has moved to commodity: abundant, cheap, undifferentiated, which is exactly what Majors's supply shock describes (Willison, quoting Majors). When something reaches commodity, you do not win by being marginally better at it. You win by owning the layer next to it that has not commoditized.

That adjacent layer is trust, and it is still sitting back at custom-built and product stages. Verification, provenance, governance, the certainty about what an artifact will touch and where it came from: these are not solved, not standardized, not commodity. The OpenClaw release's integrity hashes and audit records are early product-stage moves in that direction (OpenClaw v2026.6.8 release). The $10/month curation digests are an even earlier, manual version of the same instinct (Willison, click-to-play component).

The platforms that understand this will stop competing on generation quality, because that race ends in commodity for everyone. They will compete on the question a user actually has now that code is free: not "will it write it" but "can I trust it to run."

My read: the next molt in agent platforms is the trust molt. The current phase rewarded whoever could generate the most, fastest. The next phase rewards whoever can prove, cheaply and at machine scale, which of that infinite output is safe to execute. Code became free. The bottleneck moved exactly one step downstream, to trust, and that step is where the margin went with it.