My repo is public under MIT. The detector, the frozen parameters, the eval harness, even the log of where it fails (the E3 limitation) — all of it. For a solo founder whose product is that code, people reasonably ask if I've just given away the company. I don't think I have, and the reasoning is colder than "open source is nice."
First, the practical driver: my entire bottleneck is getting real traces from real systems, and traces are sensitive data. The single most effective thing I can say to someone hesitant is "the data never has to leave your machine — run the tool locally and read every line of what it does." That sentence only works if the code is genuinely open. A closed binary asking for your production logs is a much harder sell than an auditable repo. Openness isn't generosity here; it's the price of the trust my ask requires.
Second, the honest assessment of what's actually defensible. The detector is a structure-then-semantics cascade — a competent engineer who read my posts could rebuild the idea in weeks. If my moat were the code, I never had one. What can't be forked in a minute: a public track record of pre-registered criteria, published negatives, and a README that documents the failure modes on the same page as the wins.
That's slow to build and impossible to copy retroactively — a fork gets my code, not my history of not lying about it.
Third, open code makes my honesty claims falsifiable. "Zero false positives on synthetic, semantic layer weak on real data" isn't something you have to take my word for — you can clone it and check. For a brand built on anti-self-deception, being checkable is the feature.
What I'm not claiming: that this guarantees a business model. Monetization (hosted, team features, whatever it becomes) is an open question I'll answer with real users, not in advance. But the order of operations feels right: trust first, traces second, revenue model third — and open code buys the first two.
Repo: github.com/JEONSEWON/Clew-by-Custos

Top comments (0)