Skip to content

Vouch

Vouch is a compiler for release contracts.

The release gate is the first runtime target, not the whole project.

human-owned intent YAML
  -> typed AST
  -> spec JSON
  -> obligation IR
  -> verification plan and runner artifacts
  -> evidence and policy input
  -> block | human_escalation | canary | auto_merge

Use Vouch when a risky AI-authored change needs more than "CI passed." A contract says what a repo area owns; the compiler gives those requirements stable obligation IDs; the gate checks whether evidence covers those IDs.

Quick Start

Preview a repo without writing files:

vouch try --repo /path/to/repo

Write the draft .vouch/ layout when the preview is useful:

vouch try --repo /path/to/repo --write

Compile contracts and run the current gate:

cd /path/to/repo
vouch compile
pytest --junitxml .vouch/artifacts/pytest.xml
vouch evidence import junit .vouch/artifacts/pytest.xml
vouch gate

JUnit covers required-test obligations only. security_check artifacts can use SARIF 2.1.0 when scanner rules or results reference exact obligation IDs. Behavior, runtime, and rollback obligations need their own evidence.

Status

Vouch is beta infrastructure. It is ready for shadow-mode pilots, not blind production enforcement.

The local VouchBench harness proves the current compiler/evidence/policy path is deterministic over fixture scenarios. It does not prove arbitrary code is correct or that real teams will adopt the workflow.

scripts/vouchbench.sh