Trust infrastructure for Git workflows with human and AI-generated code.
Vela is a Git-compatible forge control plane for deciding whether a code change can be trusted. It models repositories, pull requests, human and agent actors, readiness signals, merge candidates, policy decisions, and append-only evidence before a change is merged, shipped, or delegated to an agent.
Git stores history. Vela records why a change was trusted, blocked, queued, or cancelled.
- Imports Git provider repository and pull request metadata into a local forge model. Phase 0 ships the GitHub adapter first.
- Tracks human and agent actors separately so authority is visible in workflow state.
- Computes readiness inputs from deterministic analyzers, synced PR metadata, reviews, checks, and changed files.
- Gates merge queue entry before local merge candidates can move to
queued. - Writes hash-chained evidence and pending outbox events for accepted mutations.
- Exposes a small v1 API, protocol schemas, webhook examples, and a minimal JavaScript SDK for integration work.
This repository currently implements the Phase 0 foundation, not a complete hosted forge:
- Phoenix LiveView control-plane app in
apps/web - Postgres/Ecto domain model for organizations, actors, agents, repositories, PRs, readiness scores, merge candidates, policies, runners and evidence events
- Seeded Sardis Labs demo workspace
- Repository overview, PR cockpit, changed-file view, merge queue actions, evidence ledger, chain verifier status, agent profile, launch cockpit and settings surfaces
- Session-backed API auth, RBAC checks, idempotent job mutations, signed analysis callbacks and provider webhook verification
- Mock-backed Git, Merge, Maestro and Runner service contracts for future sidecars
The first milestone does not implement real Git hosting, real merge commits, hosted CI execution, production WorkOS tenant provisioning or enterprise compliance automation.
| Area | Current state | Notes |
|---|---|---|
| Phoenix control plane | Implemented | LiveView app, API routes, seeded demo workspace and Postgres domain model. |
| GitHub repository import | Implemented for metadata | Imports repository, branch and PR metadata through queued jobs; not a Git remote. |
| Pull request cockpit | Implemented | Shows PR state, readiness, reviews, checks, changed files and local actions. |
| Merge queue | Implemented locally | Queues local merge candidates after gates pass; does not create real merge commits yet. |
| Evidence ledger | Implemented | Appends hash-chained events, verifies repository/org chains and exposes API/UI summaries. |
| Provider webhooks | Partial | Verifies provider signatures and ingests integration events; delivery/retry workers are still pending. |
| Analysis/Maestro | Partial | Deterministic local analyzers and signed callback path exist; external analysis service is still a contract boundary. |
| SDK/protocol packages | Early but real | JSON schemas, webhook examples and dependency-free JS client cover the Phase 0 path. |
| Hosted forge/CI/compliance | Not implemented | Future sidecar and deployment work; do not treat this repo as a production GitHub replacement. |
Prerequisites:
- Elixir/OTP compatible with
apps/web/mix.exs - Postgres
- Node.js 22+ for SDK tests
./scripts/setup.sh
./scripts/dev.sh
./scripts/check.shOpen http://localhost:4000.
Run the same check used by CI:
./scripts/check.shapps/webis the Phoenix/Postgres control plane.services/*/contractsdefines future Rust/Python service boundaries.packages/protocolholds shared event and score schema contracts.packages/sdk-jsholds the dependency-free Phase 0 JavaScript API client.docsrecords product, architecture, security, evidence and roadmap decisions.
- API reference: docs/api.md
- Protocol schemas: packages/protocol
- JavaScript SDK: packages/sdk-js
- Webhook examples: packages/protocol/examples/webhooks
- Status audit:
./scripts/status-audit.sh