← Back

Vouch

Prototype

Signature capability

The upstream system is real and in production use by Ghostty, and Jordan's fork adds a working CLI-only GitNexus quality gate that blast-radius-checks changed critical paths before they can be pushed.

What it is

Vouch enforces an explicit trust model for open-source contribution: people must be vouched for by trusted maintainers before their issues/PRs are actioned, and bad actors can be denounced so downstream projects can slurp in that denouncement list, forming a shared web of trust. The core is Mitchell Hashimoto's project (107 of the commits, used by Ghostty), written in Nushell with GitHub Actions wrappers (check-user, check-issue, manage-by-issue/discussion) that react to maintainer comments like "lgtm" and "denounce". The trust list is a single flat VOUCHED.td file, one handle per line with optional platform prefixes and minus-prefixed denouncements, deliberately parseable by plain POSIX tools. Jordan's layer on top is a code-intelligence CI/pre-push gate: scripts/gitnexus_quality_gate.sh diffs changed files against a .quality-critical-paths manifest and runs GitNexus impact analysis, and verify_before_push.py adds local syntax and risk checks. This is a fork he instrumented and studied, not a system he authored.

Highlights

  • Core trust engine is ~1,900 lines of Nushell across cli.nu, github.nu (973 lines), lib.nu and file.nu, with a parallel test suite (tests/ ~1,000 lines) covering the file format, CLI, and GitHub integration
  • Trust state is a single flat file (VOUCHED.td): one handle per line, optional platform: prefixes, minus-prefix for denouncements, sorted and diffable, no database, parseable with standard POSIX tools
  • Ships GitHub Actions (check-user, check-issue, check-pr, manage-by-issue, manage-by-discussion, setup-vouch) that let maintainers vouch by commenting 'lgtm' and denounce by commenting 'denounce'
  • Web-of-trust design: a project can import another project's vouched/denounced lists to inherit prior knowledge about good and bad actors
  • Jordan's own commit adds a CLI-only GitNexus quality gate that maps a changed-file diff to a critical-paths manifest and runs blast-radius impact analysis before push
  • Honest scope: upstream is Mitchell Hashimoto's (in use by Ghostty); Jordan's contribution is the code-graph quality-gate/verify-before-push tooling, not the trust system itself

Tech · Nushell, Bash, Python, GitHub Actions, GraphQL (GitHub API), Nix flakes, GitNexus code-graph CLI