Show HN: Good Egg: Trust Scoring for GitHub PR Authors
3 points
1 hour ago
| 0 comments
| github.com
| HN
I'm Jeff Smith. I've been contributing to AI in open source for a long time, across the Spark, Elixir, and PyTorch ecosystems. I've seen firsthand how open source can be a great place for people to collaborate and build AI together. I even wrote a book about it: https://www.manning.com/books/machine-learning-systems with all open source code: https://github.com/jeffreyksmithjr/reactive-machine-learning...

But the challenges are real. AI-generated code slop and low-quality submissions are flooding projects. Contribution volume is up; signal-to-noise is down. Maintainers can no longer assume a PR represents genuine investment.

Good Egg is a tool I built to help. It mines a contributor's merged PR history across the GitHub ecosystem and computes a trust score relative to your project. The core idea: good contributors are already exhibiting good behavior -- merged PRs in established repos, sustained contributions over time, work across multiple projects. That track record is a strong signal, and it already exists in the GitHub API.

How it works:

- Builds a bipartite contribution graph (users ↔ repositories) from merged PRs

- Applies personalized graph scoring biased toward your project and language ecosystem

- Accounts for recency decay, repository quality (stars, language normalization), and anti-gaming measures (self-contribution penalties, per-repo caps)

- Classifies contributors as HIGH / MEDIUM / LOW / UNKNOWN / BOT

The methodology doc goes into the full detail: https://github.com/2ndSetAI/good-egg/blob/main/docs/methodol...

Runs four ways:

- GitHub Action: drop it into any PR workflow and get a comment with the score - CLI: good-egg score <user> --repo <owner/repo> - Python library: await score_pr_author(login, repo_owner, repo_name, token) - MCP server: plug it into Claude or other AI assistants

On Vouch and the circle-of-trust approach:

Mitchell Hashimoto's Vouch takes a different angle: maintainers manually vouch for contributors they trust, building a web-of-trust. I think that's a valid approach and have seen circles of trust work well (on PyTorch specifically, where contributors came from all over, including major corporate partners). But I've also seen gaps that could easily be filled by a bit of data that already exists. Vouch requires active maintainer participation in a separate system and has a cold-start problem. Good Egg is complementary. It's automated, doesn't ask maintainers to do extra work, and works from day one on any repo.

What it doesn't do:

Good Egg doesn't send data to any remote service. It reads from the GitHub API, computes locally, and that's it. I'm not building a training set or a contributor database. This is just a tool for the community.

Configuration and extensibility:

Scoring parameters (thresholds, graph weights, recency decay, language multipliers) are all configurable via YAML or environment variables. More extensibility is planned, particularly around additional data sources (e.g., GitLab) and methodology variations like graph-based project relatedness and incorporating review/issue activity alongside PRs.

Code: https://github.com/2ndSetAI/good-egg PyPI: pip install good-egg Docs: https://github.com/2ndSetAI/good-egg/tree/main/docs

No one has commented on this post.