Governed Implementation

a16z Named the Shift; Linear and Google Shipped It the Same Week

TV
Thiago Victorino
8 min read
a16z Named the Shift; Linear and Google Shipped It the Same Week

In the second week of May 2026, a16z published an essay arguing that the next durable software franchise sits one layer above the database, not inside it. They called the layer the “System of Intelligence” and pitched it as the orchestration tier that consumes records, reasons over them, and dispatches work. Two days later, Linear shipped Code Intelligence and put repository reasoning into the hands of product managers, support reps, and account executives. The day after that, Google Cloud shipped the Gemini CLI DevOps Extension, an agent that provisions GCP CI/CD pipelines from a chat prompt while staying inside the operator’s IAM permissions.

Three releases. One thesis. The orchestration layer is becoming both the new moat and the new governance surface, and the audit trail you are still attaching to the database is now attached to the wrong floor.

The a16z Frame, Compressed

Gio Ahern, Steph Zhang, and Alex Immerman published From System of Record to System of Intelligence on a16z.news. The argument is short enough to memorize.

Salesforce sits on roughly $140B of market value. HubSpot sits on roughly $9B. They are the canonical Systems of Record for go-to-market work, and they will not be displaced by yet another database with a nicer schema. They will be reframed as substrate. The action moves up.

The math the authors hand you is the part to take seriously. GTM software is 5 to 10 percent of total GTM spend. The remaining 90 to 95 percent is labor: SDRs, AEs, RevOps analysts, support engineers, marketers running campaigns. A System of Intelligence captures value not by replacing the CRM but by compressing the labor that sits on top of it. The CRM stays. CRM usage has actually risen with AI adoption, not fallen, because the orchestrator needs more, cleaner, better-tagged records to reason over. The substrate gets more valuable. The franchise moves elsewhere.

This is the strategic frame. The two product launches the same week are the instantiation.

Linear Code Intelligence: The PM Reasons Over the Repo

Linear’s May 14 changelog launched Code Intelligence in public beta on Business and Enterprise plans. The product does what its name says. It connects Linear to the codebase and lets a non-engineer ask code-grounded questions: which PRs touched this feature, which files implement this flow, what is the blast radius if we change this contract.

The audience is the part to notice. This is not a tool for engineers. Engineers already have IDE-integrated code intelligence. Linear targeted product managers, customer support agents, and sales reps. The promise is that a CSM debugging a customer issue can ask “which deploy broke this” and get a code-grounded answer without flagging an engineer. The PM scoping a feature can ask “what does the current implementation actually do” without booking a 30-minute call.

Linear did the governance work. Admin controls determine which repositories are included and which permission scope applies. Code is not exfiltrated to a generic vector store. The reasoning happens inside the same workspace that already governs project access. The orchestration is per-workspace, per-role, per-repo.

Notice what this does to the org chart. The CRM, the issue tracker, and the codebase used to live in three different operational worlds. The orchestration layer collapses that. The PM, the CSM, and the AE now reason across all three through the same surface. The “system of record” each function owned has become an input to a shared “system of intelligence.”

Gemini CLI DevOps Extension: The Operator Stays Editor-in-Chief

Karl Weinmeister’s post on cloud.google.com launched the Gemini CLI DevOps Extension the same week. The architecture is worth pulling apart, because it is the orchestration thesis built in code.

Three tiers stack on top of each other. A set of Skills defines what the agent can do (provision a Cloud Build trigger, configure an Artifact Registry, set up a deployment to Cloud Run). A Go MCP server wraps the underlying GCP APIs. A local RAG knowledge base teaches the agent the operator’s environment, conventions, and prior decisions, so the same prompt produces the right answer for this team rather than a generic GCP answer.

The governance choices are the part to underline.

Pre-deploy secret scanning runs before any apply. The agent operates inside the operator’s existing Application Default Credentials, so it cannot do anything the operator cannot do. The operator approves every change before execution. Google’s framing is explicit: the human remains “Editor-in-Chief.” The agent drafts; the operator commits.

This is the System of Intelligence pattern in DevOps clothing. The substrate is GCP itself, the System of Record of cloud configuration. The orchestrator does not replace the IAM model, the audit log, or the deployment pipeline. It sits one layer above and turns “I want a CI/CD pipeline for this service” into a draft change set the operator can read, edit, and approve.

Why This Is the New Moat

A System of Record wins on data gravity and switching cost. You do not move 10 years of opportunities, contacts, and pipeline out of Salesforce because the migration cost dwarfs any feature delta a competitor can offer. The moat is the data and the integrations into it.

A System of Intelligence wins on a different physics. The moat is reasoning quality, governed access to the substrate, and the loop that improves both as it runs. The orchestrator that gets better policies, better tool-calling, better grounding, better audit trails, and better trust from the operator wins, even if the underlying records belong to someone else.

This is why the a16z frame matters now and not in 2024. Two years ago, the orchestration layer was a chatbot bolted on top of the CRM. The substrate vendors could absorb it. Today, the orchestration layer is a workspace that governs identity, scope, and policy across multiple substrates at once. Linear’s Code Intelligence reasons across Linear records and the codebase. Gemini CLI reasons across GCP services. The orchestrator is the new perimeter, and the substrate vendors are downstream of it.

The franchise moves to whoever owns the orchestration surface for a given operator. The franchise is not going to be one company. It is going to be one company per operating context: one for engineering, one for go-to-market, one for finance, one for legal, possibly one per function in the larger enterprises. The race is to be the trusted orchestrator for a defined function before the substrate vendors ship their own.

Why This Is the New Governance Surface

Every audit trail you currently have is probably attached to the substrate. You log writes to the database. You log API calls to the cloud provider. You log changes to the issue tracker. The compliance posture you can defend in front of an auditor is built on substrate-level logging.

The orchestration layer breaks that posture in three ways.

First, the orchestrator decides which substrate calls to make. The substrate logs the call faithfully, but the reasoning that produced it lives in the orchestrator. If you cannot prove why an agent issued a SQL query, you cannot defend the query, even if the query itself is logged.

Second, the orchestrator spans substrates. A single orchestrated action might touch the CRM, the codebase, the cloud provider, and the issue tracker. The substrate audit logs cannot reconstruct the action. Only the orchestrator can.

Third, the orchestrator is where the access decisions actually happen. Linear’s Code Intelligence enforces repo scope per workspace, not per database query. Gemini CLI enforces what the agent can do per the operator’s ADC, not per the GCP audit log. The access control surface is now the orchestrator’s policy engine.

The implication is unavoidable. Audit trails and access control must follow the orchestrator. If your governance program assumes the database is the source of truth for “who did what,” your governance program is one floor too low.

Do This Now

If you are running a platform team, three actions are worth scheduling this week.

Pick one substrate where an orchestrator already operates against your data. The CRM with an AI assistant. The cloud provider with an agent extension. The issue tracker with code intelligence. Map what the orchestrator can do and which identity it acts under. If the answer is “the user’s identity, with the user’s full permissions, and we trust the vendor’s audit log,” write that down as your current posture. It is probably not the posture you want for production.

Pull the audit log the orchestrator emits, separately from the substrate’s audit log. Compare them. The substrate log will show the calls. The orchestrator log will show the reasoning. If the orchestrator does not emit a reasoning log you can export, redact, and retain on your terms, you have an audit dependency on the vendor that will become a compliance dependency the first time a regulator asks.

Write a one-page policy that scopes which substrates each orchestrator can touch, which identities it can assume, and which actions require human approval before execution. The Gemini CLI DevOps Extension defaults to operator approval for every change. Treat that as the floor, not the ceiling. The orchestrator that runs unattended is the orchestrator that produces an incident your substrate logs cannot explain.

The same week a16z named the shift, two vendors shipped products that prove the shift is already in production. The substrate vendors are not going away. The franchise is moving up. Your governance has to move with it.

We have written before about how this plays out in adjacent surfaces. Three prices, one agent covered the pricing question of who pays for orchestration. The agent integration tax covered the registry pattern that keeps multi-agent systems coherent. Governed agent infrastructure at scale covered the underlying substrate that makes any of this safe to run. This piece is the strategic frame. The orchestration layer is the moat and the governance surface, and the week of May 11 is when both became impossible to argue with.

This analysis synthesizes From System of Record to System of Intelligence (a16z, May 2026), Linear Code Intelligence (Linear, May 2026), and Ship Code Within Minutes with the Gemini CLI DevOps Extension (Google Cloud, May 2026).

Victorino Group helps platform and product leaders design audit and access control for the orchestration layer their vendors are now building. Let’s talk.

All articles on The Thinking Wire are written with the assistance of Anthropic's Opus LLM. Each piece goes through multi-agent research to verify facts and surface contradictions, followed by human review and approval before publication. If you find any inaccurate information or wish to contact our editorial team, please reach out at editorial@victorinollc.com . About The Thinking Wire →

Part of The Thinking Wire, published by Victorino Group.

If this resonates, let's talk

We help companies implement AI without losing control.

Schedule a Conversation