Social trust

Trust specific builders directly, scoped and revocable, and get a personalized cache that serves only what your own trust graph resolves.

Beyond the globally-trusted shared tier, Vega lets you trust individual builders. It is opt-in and scoped: you decide whose builds you accept and for which packages, and Vega serves you a personalized view signed with a key only you trust.

Trust a builder

With the vega CLI (after vega login):

vega trust add alice                  # trust alice for all her builds
vega trust add bob --package hello    # limit bob to the 'hello' package
vega trust add carol --flake carol/app # only builds from the carol/app flake
vega trust add carol --org carol      # any repo under the carol org
vega trust list
vega trust remove alice

The subject is a GitHub login (or numeric id). Trust edges are revocable and do not propagate: trusting alice does not trust whoever alice trusts. The scopes differ in what they match. --package matches the build's store-path name, which the builder chooses, so it is a blast-radius limit, not a hard barrier. --flake (owner/repo) and --org (owner) are stronger: they match only a build that carries verified provenance from that flake or org, that is, the builder's own github-hosted CI attestation for that exact output. A build without such an attestation is simply not covered by a flake or org scope, so these never rest on a builder-chosen name.

Requesting a build you trust but Vega has not yet reproduced also signals demand: it moves that output up Vega's reproduction queue (for builds with verified provenance), so the things people actually use get independently reproduced sooner. This only affects scheduling; promotion to the shared tier still requires the reproduction quorum.

One safety default: if Vega's own reproducer rebuilt an output and got a different hash than the builder, your view withholds that binding rather than serve something Vega's evidence contradicts; and if the trusted builders for a path disagree at all, it is withheld regardless. For a build you know is nondeterministic and still want from a specific builder, vega trust add <login> --accept-unreproducible opts that one edge into accepting it, at your own risk.

Your personalized substituter

vega view prints a nix.conf snippet for your own view:

vega view --format nix-conf
extra-substituters = https://vega-cache.dev/u/<token>
extra-trusted-public-keys = <your-view-key> <shared-key>

The /u/<token> substituter serves the globally-trusted shared cache, plus any binding your trust graph resolves. For a path not in the shared tier, Vega checks the builders you trust; if a trusted builder (in scope) attested it, and the trusted builders for that path do not disagree among themselves, Vega re-signs that one binding with your own per-consumer view key. That key signs only your view, so a binding resolved for you is never trusted by anyone else, and a builder you do not trust can never reach you. The token is opaque; rotate it any time from the dashboard (rotation instantly revokes the old one).

Finding builders to trust

You trust a GitHub identity, so trusting starts from a builder you can name. To discover and evaluate who built something you care about, Vega's public surfaces show who attested what:

Evaluate a builder by corroboration, not volume: standing in Vega is earned by independent agreement on outputs, never by how many builds someone pushes, which is what keeps the social layer spam-resistant. Once you decide, vega trust add <login> records the edge and your /u/<token> view begins resolving their in-scope builds for you.

The dashboard

vega dashboard opens your private dashboard in the browser. It exchanges the credential you already hold from vega login for a 60-second login code, so the long-lived credential never enters the browser, and the browser redeems the code for a 1-hour session. The dashboard shows your standing (outputs attested, independently corroborated, diverged), your trust edges, and your view-token substituter, with a button to rotate the token. Pass --no-open to print the sign-in URL instead of opening a browser.