Vouch is a GitHub Actions automation that enforces community trust by requiring new contributors to be vouched by existing members before they can interact with a project's issues and pull requests. It maintains a vouched user list in a tracked file, and automatically closes or locks interactions from unvouched or denounced users to reduce spam and abuse.
The system lets collaborators manage trust through issue and discussion comments using specific keywords to vouch, denounce, or unvouch users, with automatic updates to the vouched list and optional pull request merges. It also provides a CLI tool for checking and managing vouch status directly within CI workflows, and can sync CODEOWNERS into the vouch list so maintainers are automatically trusted.
Vouch supports cross-repository configuration lookup, delegates vouching authority to project admins and collaborators with write access, and creates a private GitHub App identity to bypass branch protection for automated commits and pull request merges. The project includes a Nix shell development environment for local testing and development.
