Vouch, a system to maintain open source quality against the surge in AI users generating low-quality code
In recent years, the number of AI users who use AI to generate code instead of writing it themselves has increased. However, much of the code generated by AI is of low quality. As a result, the increasing cost of eliminating low-quality AI-generated code has become a problem for open source development projects that rely on the cooperation of many users. To address this issue, software developer
AI eliminated the natural barrier to entry that let OSS projects trust by default. People told me to do something rather than just complain. So I did. Introducing Vouch: explicit trust management for open source. Trusted people vouch for others. https://t.co/Ift5qOnani
— Mitchell Hashimoto (@mitchellh) February 7, 2026
The idea…
GitHub - mitchellh/vouch: A community trust management system based on explicit vouchers to participate.
https://github.com/mitchellh/vouch
'Open source has always operated on a system of trust and verification. Historically, the effort required to understand a codebase, implement changes, and submit those changes for review was high enough to naturally filter out low-quality contributions from unqualified people. For over 20 years, this barrier to entry has been sufficient for most projects, mine and others',' Hashimoto said in a GitHub document.
However, the recent development of code-generation AI has dramatically changed the situation, making it easy for people to post 'extremely low-quality code that looks plausible but has little real understanding of the project.'
So, Hashimoto argued, 'Open source is still built on trust! And every project has a group of clearly trustworthy individuals, the maintainers, and a larger group of individuals who are likely to be trustworthy, that is, active members of the community in all forms.' He announced 'Vouch' as a verification system for new open source projects.
Vouch provides three GitHub Actions: 'check-pr ', which checks whether the creator of a pull request is a vouched person (contributor); 'manage -by-discussion', which decides whether to add a user to the contributor list through a comment on a discussion; and 'manage- by-issue ', which decides whether to add a user to the contributor list through a comment on an issue.
GitHub repository administrators can implement these features through GitHub Actions to verify whether or not to contribute to open source projects. Hashimoto explained that he will not be involved in the decisions of projects that use Vouch, saying, 'Who is vouched for or criticized and how is up to the project. I'm not the world's values police. You decide for yourself what works for your project and your community.'
All data related to Vouch is stored in a single text file within the repository, making it easy to analyze. Vouch also allows projects to share 'guarantee lists.' Hashimoto claims that projects with common values can share lists and build a comprehensive 'network of trust' that determines which users to allow and which to block.
Hashimoto has already implemented Vouch on a trial basis in the GitHub repository of his terminal emulator, Ghostty .
Introduce the Vouch/Denouncement Contribution Model by mitchellh · Pull Request #10559 · ghostty-org/ghostty · GitHub
https://github.com/ghostty-org/ghostty/pull/10559
Related Posts:
