Vouch¶
Vouch is a compiler for release contracts.
The release gate is the first runtime target, not the whole project.
human-owned intent YAML
-> typed AST
-> spec JSON
-> obligation IR
-> verification plan and runner artifacts
-> evidence and policy input
-> block | human_escalation | canary | auto_merge
Use Vouch when a risky AI-authored change needs more than "CI passed." A contract says what a repo area owns; the compiler gives those requirements stable obligation IDs; the gate checks whether evidence covers those IDs.
Quick Start¶
Preview a repo without writing files:
vouch try --repo /path/to/repo
Write the draft .vouch/ layout when the preview is useful:
vouch try --repo /path/to/repo --write
Compile contracts and run the current gate:
cd /path/to/repo
vouch compile
pytest --junitxml .vouch/artifacts/pytest.xml
vouch evidence import junit .vouch/artifacts/pytest.xml
vouch gate
JUnit covers required-test obligations only. security_check artifacts can use
SARIF 2.1.0 when scanner rules or results reference exact obligation IDs.
Behavior, runtime, and rollback obligations need their own evidence.
Status¶
Vouch is beta infrastructure. It is ready for shadow-mode pilots, not blind production enforcement.
The local VouchBench harness proves the current compiler/evidence/policy path is deterministic over fixture scenarios. It does not prove arbitrary code is correct or that real teams will adopt the workflow.
scripts/vouchbench.sh