Mitchell Hashimoto has released Vouch, an experimental trust management system for open source projects that requires contributors to be explicitly vouched for before interacting with certain project components. The system, now available on GitHub with 890 stars, aims to combat the surge of low-quality AI-generated contributions that have flooded open source repositories in recent years.

The tool implements an explicit trust model where maintainers and trusted community members can vouch for others, creating a web of trust across the ecosystem. Projects can configure which actions require vouching and even share trust decisions with other projects through interconnected vouch lists. The implementation is generic but comes with GitHub integration out of box via GitHub Actions and a Nushell CLI.

Vouch stores its data in a simple `.td` (Trustdown) file format that can be parsed with standard POSIX tools without external libraries. The system is already in use by Ghostty and includes features like auto-closing unvouched pull requests and managing contributor status through issue comments. Hashimoto notes that traditional open source trust models based on minimal contribution barriers no longer suffice in the AI era, making explicit trust verification necessary for maintaining code quality.

Quick Fact: Vouch has 890 stars on GitHub as of its initial release.