skridlevsky

Interesting chaos vector, but heads up on the research impact:

TU Delft is using our voting data for trust/governance research. The feed (feed.openchaos.dev ↗) records every reaction with a fixed vote interpretation (+1 = upvote, -1 = downvote).

If emoji meanings shuffle daily, historical vote data becomes uninterpretable - a 👍 from last week might mean something different than today. The research dataset would need the daily seed history to reconstruct what any vote actually meant.

Not saying don't merge - just flagging the tradeoff. Democracy decides.

Eight days later, some thoughts.

@ro0NL nailed it - we can change the rules. This is by design. (There's a name for this: https://en.wikipedia.org/wiki/Nomic ↗)

Three proposals emerged here:

1. Commit-tied voting (@henryivesjones, @mario-donnarumma) Votes count for a specific commit SHA. Code changes = votes reset. Pro: Prevents bait-and-switch. Con: Typo fixes invalidate legitimate votes.

2. Reputation tracking (@md-weber, @addshore) Track author behavior across PRs. Repeat offenders face penalties. Pro: Self-correcting over time. Con: Needs a trust algorithm. Which one?

3. Self-correction (@matthewmayer) The system naturally punishes bad actors through revert PRs and reputation damage. No formal mechanism needed. Pro: Simple. Con: Relies on community vigilance.

Update: A TU Delft distributed systems lab is interested in our voting data for Sybil resistance research (https://github.com/Tribler/tribler/issues/8667). Some of these ideas - especially reputation tracking - align directly with their work.

Also building feed.openchaos.dev - a full event log with content hashes. Should help with 1 (tracking vote state per commit) and 2 (reputation over time).

No decisions yet. If you feel strongly, submit a PR to README.md.

This PR has merge conflicts that prevent it from being merged. The author hasn't been active to resolve them.

@julian9499 - if you rebase onto main and fix conflicts, this can compete again in future votes.

Architecture suggestion: Embed into existing CI workflow.

For rhyme detection - LLM call via OpenRouter, fractions of a cent per PR.

Prompt: "Does this PR title rhyme? Yes or no."

If no -> CI fails with cryptic error.

Secret added in repo settings, referenced in workflow. Code obfuscated - not obvious on first read. No docs. No README. No announcement.

Those who fail will dig.

Doesn't harm anyone. Doesn't gatekeep. Learning is free.

@hpinsley, cool concept! The preview shows just the placeholder though - RSS fetch is hitting CORS since it's client-side:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://rss.nytimes.com/services/xml/rss/nyt/World.xml. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

Moving it to an API route would fix it.

Approved! First-time contributors need manual workflow approval for security. CI should be running now.

We have a Discord now: https://discord.gg/6S5T5DyzZq ↗

It's going to be quiet for a while. That's fine.

Come say hey if you want.

Hey @Loeffeldude, thanks for tackling this - automation is definitely the right direction.

A few things we need to get right before merging, since the voting integrity is core to what we're doing here:

Vote calculation - Currently this only counts :+1:, but our frontend uses :+1: - :-1: (see lib/github.ts:156). Without this, downvotes are meaningless and the displayed rankings won't match what actually gets merged.

Merge safety - The script should skip PRs that:

• Have merge conflicts (check mergeable status)
• Have failing CI checks
• If top PR can't merge, try the next eligible one

Schedule - The cron runs weekly at 12:00 UTC Sunday, but our countdown shows daily at 19:00 UTC. Should be 0 19 * * *.

Pagination - Only fetches first 100 reactions per PR. We have PRs with a 1000+ reactions, so this would miss 90% of votes. See lib/github.ts:127-154 for how we handle this.

You mentioned wanting a single source of truth - agreed. Happy to discuss approaches if you want to pair on this.

One more thing - the GPL concern in the PR is about doomgeneric (the engine), not Freedoom. External hosting keeps GPL code out of the repo entirely.

cc @ArnaudValette @amanbabuhemant

Doom in IE6. This is why the repo exists.

On the hosting question:

External - Simpler, but if that server goes down or serves different files, the feature breaks. Could add hash verification (SRI), but adds complexity.

Bundled - Reliable, but +33MB. Freedoom WADs are BSD-licensed ↗, so no license conflict - just need to include their copyright statement and credit.

Either way works.

Well played. You found a real vulnerability.

GitHub Actions runs workflows from the merge commit. So deleting constitution.yml meant the protection never ran.

Fixed in main. Constitution protection now lives in ci.yml with pull_request_target, so it runs from main and can't be bypassed.

Your PR will fail CI when you update the branch. Thanks for stress-testing democracy.

[Jan 25, 2026] r/programming: "I let the community vote on what code gets merged. Someone snuck in self-boosting code." https://www.reddit.com/r/programming/s/1i0kEm3tep ↗

OpenChaos now has a constitution.

After the PR #8 debate - where I tried to reject a PR and the community correctly pointed out my rules didn't support that - I realized we needed a foundation that can't be voted away.

RULES.md establishes:

1. How PRs win - ranked by community vote, ties go to newest
2. What I can block - code designed to harm users or systems
3. What can't be deleted - this file and its CI protections

Everything else remains chaos.

Also: merge time is now 19:00 UTC (starting full-time work).

Shipped. Bot now says "Vibe" instead of "Impact" and generates playful one-liners instead of corporate ratings. Next PR will show the new format.

@Saturate previews are tricky - running untrusted PR code on my Vercel is a security risk. Exploring GitHub Actions screenshots as a safer option.

@matthewmayer edit-on-commit is on the list.

Thanks for the push.

A $CHAOS token was created on Solana using the OpenChaos name and branding.

To be clear:

• I did not create this token
• I have no control over it

If you're trading $CHAOS, know that I'm not involved.

Any official initiative would be announced here.

🎉 Merged

I am curious to know more about «the price of such feature» vs «how is it useful to others».

Here's the cost so far:

$0.03 total across all PRs. Running on Gemini 2.0 Flash via OpenRouter.

So the cost is effectively zero. The question is whether the summaries are actually useful to voters, or just noise.

As for merge conflict notifications (question 2) - that wouldn't use AI at all, just a scheduled cron job that checks GitHub's mergeable status on open PRs and comments if conflicts are detected. Zero additional cost.

The bot currently posts AI summaries on new PRs. Want to check if it's useful or annoying.

Questions:

1. Are the AI summaries on new PRs helpful or just noise?
2. Should the bot notify authors when their PR has merge conflicts?
3. Any other bot features you'd want?

Current features:

• AI summary on new PRs (files changed, impact level)
• Skips drafts and PRs with 0 files

The bot is open source if anyone wants to contribute: https://github.com/skridlevsky/openchaos-bot

React or comment with feedback.

@matthewmayer, good catch. Root cause identified - getPRMergeStatus() and getCommitStatus() were missing auth headers. GitHub returns null without auth, which defaults to false.

Fix PR submitted: #119

Problem

The health indicators merged in #8 are showing conflicts on PRs that don't have conflicts.

Root cause: getPRMergeStatus() and getCommitStatus() were missing auth headers. Without authentication, GitHub API returns null for mergeable, which defaults to false via ?? false.

Fix

Use getHeaders() instead of hardcoded headers - same pattern as all other API calls in this file.

Testing

Verified against GitHub API:

• PR #13: mergeable: false (actual conflicts) ✅
• PR #52: mergeable: true (no conflicts) ✅
• PR #11: mergeable: true (no conflicts) ✅

cc @matthewmayer @FelixLttks

🎉 Merged.

This one sparked a real governance debate - thanks to @hbmartin and @henryivesjones for pushing back, @marcaddeo for catching the hidden code, @matthewmayer for the perspective, and @FelixLttks for removing it and shipping a clean feature.

The discussion exposed gaps in our rules - disclosure requirements and last-minute modifications. See #116.

The PR #8 debate exposed two gaps in our rules:

1. Disclosure - Should PRs that affect voting/display require explicit disclosure in the description?

2. Last-minute modifications - What happens if code changes after receiving votes? Current mitigation: daily merges limit the window. Is that enough, or do we need more?

Are there other gaps in governance the community sees?

No proposed solutions yet - open for discussion. Submit a PR to update the README if you have a concrete proposal.

@henryivesjones You've convinced me. The written rules don't ban this - and "not right" isn't a rule.

Merging at 09:00 UTC as scheduled.

I'll open an issue after to define explicit rules about disclosure as a community. If anyone disagrees with this merge, submit a revert PR.

Clarifying my earlier comment - calling this "malware" was imprecise. This is not malware.

The issue is undisclosed manipulation of how PRs are displayed and prioritized.

OpenChaos only works if voters can see and understand what they're voting on. This PR adds useful health indicators, but also reorders PRs based on authorship and visually boosts the author's own PRs. That behavior was intentionally hidden (base64 + obfuscation), which breaks the transparency a democratic system depends on.

To be clear: if a PR openly said "health indicators + my PRs sort first," and people voted for it, I would merge it. Democracy chose it. The problem here is not what the code does - it's that it does it without disclosure.

I do have veto power, and I'm using it to preserve the conditions that make voting meaningful, not to override votes. Letting undisclosed manipulation ship would signal that visibility can be shaped as long as it's hidden well enough.

@FelixLttks - the health indicator feature is genuinely useful. Remove the sorting/styling manipulation and obfuscation, resubmit, and it will merge.

After this, I'll open an issue so the community can more formally define rules around undisclosed governance-affecting code.

Not merging this PR.

@marcaddeo caught hidden code that manipulates the ranking - PRs by @FelixLttks sort to top regardless of votes, plus a featured visual style.

The health indicator feature is legit and welcome. The sorting/styling manipulation is not. This falls under "No malware: Maintainer can reject obviously malicious content."

Remove the btoa hacks and this ships. Until then, skipping to next eligible PR.

Heads up - this is next in queue after #13 resolves conflicts. You have merge conflicts to fix before tomorrow's merge.

🎉 Merged.

#13 (Rust rewrite) had the most votes but couldn't merge due to conflicts. As per the rules, PRs must be mergeable to win. #47 was next in line.

Welcome to 1999. Best viewed at 800x600.

Thanks @bpottle!

As per the rules, a PR must have no merge conflicts to be eligible for merge. #13 is being skipped until conflicts are resolved. Next eligible PR wins.

🎉 Merged. Week 2 winner.

Democracy accelerates itself. Chaos every day starts now.

Thanks @BetonZM - you just changed the rules of the game.

Premature.

TL;DR: Fake internet points for voting and submitting PRs. Leaderboard. Badges. Bounties. No crypto, just vibes. Scroll down or touch grass.

OpenChaos hit #1 on Hacker News ↗. 600+ stars. Pure democratic chaos.

And now the real question emerges: what happens when the novelty fades?

Every viral project faces this. The tourists leave. The believers remain. The question is: what makes them come back?

I think fake internet points might be the answer.

But I could be wrong. Let's figure it out together.

The Real Problem

Right now, OpenChaos is consequence-free chaos. You vote, stuff happens, the tab closes, you move on.

That's pure. That's elegant. That's also why you don't return.

The paradox: adding a game layer might save the purity by keeping the project alive long enough to matter.

How It Works

Earn $CHAOS

Spend $CHAOS

No points? Your PR stays on GitHub but won't show on openchaos.dev.

• Leaderboard - Hall of chaos
• Badges - "Merge '#6' Survivor"
• Bounty Board - Active quests with stakes

Technical details: PostgreSQL, GitHub OAuth, basic API. Happy to discuss in comments.

The Honest Tradeoff

This could kill what makes OpenChaos special. But doing nothing might kill it slower.

Questions I Don't Have Answers For

1. Does tracking change behavior? With points, everything is recorded. Does accountability help or hurt?

2. What happens to whales? If someone accumulates 10,000 points, do we cap it? Add decay? Let it ride?

3. What bounties will people post? Useful features or just memes? Both? Neither?

The Endgame (Maybe)

Honestly? I don't know where this goes.

Maybe points are enough forever. Maybe the community wants more someday. Maybe this whole thing dies in two weeks.

Future OpenChaos can figure out Future OpenChaos's problems.

The Meta Move

Someone should submit a PR that implements the points system. Then we vote whether to merge it.

OpenChaos deciding whether OpenChaos should gamify itself.

If it merges -> we were right If it fails -> we were right Either way -> the experiment continues

Vote

👍 - Into it. Build the economy. 👎 - You're ruining it. Keep it pure. 🚀 - I'll code this. Let me cook.

Points might keep people here. Or points might kill the vibe. But doing nothing definitely kills the project.

The goal isn't points. The goal is survival.

[Jan 10, 2026] LavX News: "The Chaotic Allure of OpenChaos.dev: When GitHub Pull Requests Become Performance Art" https://news.lavx.hu/article/the-chaotic-allure-of-openchaos-dev-when-github-pull-requests-become-performance-art ↗

[Jan 12, 2026] Open Source Projects: "OpenChaos: Democracy Meets Software Development" https://www.opensourceprojects.dev/post/ba298697-4dd3-4eaa-9f8e-9b10cd5a683a ↗

I prefer 09:00 UTC - it gets me out of bed. But if this wins, I'll merge around midnight UTC, give or take.

Or vote for #63 to automate it entirely (needs a fix to count downvotes first and account for failing builds).

[Jan 12, 2026] WebProNews: "OpenChaos.dev: Democratic Open-Source Evolves Code via Community Votes" https://www.webpronews.com/openchaos-dev-democratic-open-source-evolves-code-via-community-votes/ ↗

Maintenance Override: Immediate Merge

This PR fixes a critical infrastructure bug, not content.

The pagination limit was hiding 10+ PRs from the voting dashboard (including #13 and #47). Users couldn't vote on what they couldn't see. That's not chaos - that's broken.

Policy: Content PRs = Sunday votes only. Infrastructure fixes that restore fair voting = immediate merge.

This PR appears to have disappeared from the main ranking list, not sure why.

Good catch! GitHub API was only returning 30 PRs. Fix is up in #86, waiting on votes.

[Jan 7, 2026] CodeSacure blog: "OpenChaos: Where Code Evolves by Community Vote" https://blog.codesacure.com/openchaos-where-code-evolves-by-community-vote/ ↗

[Jan 12, 2026] Japanese blog: "From Twitch Plays Pokemon to Open Chaos" (群衆開発10年史) https://blog.tumf.dev/posts/diary/2026/1/12/open-chaos-crowd-development-history/ ↗

[Jan 10, 2026] Lobste.rs https://lobste.rs/s/j5poff/openchaos_dev ↗

[Jan 10, 2026] Hacker News - #1 front page https://news.ycombinator.com/item?id=46566812 ↗

Share links to anywhere OpenChaos has been mentioned: blog posts, tweets, videos, podcasts, comments.

One link per comment.

Credit to @Kl0ven who spotted this issue first on Day 4.

GitHub API defaults to 30 results per page. With 37+ open PRs, older ones like #13 were being hidden. This implements proper pagination to fetch all PRs.

Changes

• Modified getOpenPRs() in src/lib/github.ts to loop through all pages
• Uses per_page=100 and increments page number until no more results
• Matches the pagination pattern already used in getPRVotes()

Wrote up the Week 1 story: blog.openchaos.dev/posts/week-1-the-first-merge ↗

🎉 First community merge. Congrats @yokeTH!

Withdrew to keep the first merge community-driven. Didn't feel right winning my own game.

Chaos will scale with contributions. Week 1 is just the foundation.

Build still failing on Vercel. Here's the error:

Module not found: Can't resolve '@/wasm/pkg/openchaos_wasm'

Looks like src/wasm/pkg/ isn't being generated during the build. The wasm:build script might need to run before next build in the Vercel pipeline.

Withdrawing to keep the first merge purely community-driven. Let the chaos decide

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Closing duplicate spam PRs

Vercel build fails - WASM file not found during copy step. Logs:

20:30:41.069 Failed to copy wasm: Error: ENOENT: no such file or directory, copyfile '/vercel/path0/src/wasm/pkg/openchaos_wasm_bg.wasm' -> '/vercel/path0/public/wasm/openchaos_wasm_bg.wasm'
20:30:41.069     at Object.copyFileSync (node:fs:3105:11)
20:30:41.069     at Object.<anonymous> (/vercel/path0/scripts/copy-wasm.js:17:6)
20:30:41.069     at Module._compile (node:internal/modules/cjs/loader:1761:14)
20:30:41.070     at Object..js (node:internal/modules/cjs/loader:1893:10)
20:30:41.070     at Module.load (node:internal/modules/cjs/loader:1481:32)
20:30:41.070     at Module._load (node:internal/modules/cjs/loader:1300:12)
20:30:41.070     at TracingChannel.traceSync (node:diagnostics_channel:328:14)
20:30:41.070     at wrapModuleLoad (node:internal/modules/cjs/loader:245:24)
20:30:41.070     at Module.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:154:5)
20:30:41.070     at node:internal/main/run_main_module:33:47 {
20:30:41.071   errno: -2,
20:30:41.071   code: 'ENOENT',
20:30:41.071   syscall: 'copyfile',
20:30:41.071   path: '/vercel/path0/src/wasm/pkg/openchaos_wasm_bg.wasm',
20:30:41.071   dest: '/vercel/path0/public/wasm/openchaos_wasm_bg.wasm'
20:30:41.071 }
20:30:41.075 npm error code 1
20:30:41.076 npm error path /vercel/path0
20:30:41.076 npm error command failed
20:30:41.076 npm error command sh -c node ./scripts/copy-wasm.js
20:30:41.077 npm error A complete log of this run can be found in: /vercel/.npm/_logs/2026-01-06T19_30_40_226Z-debug-0.log
20:30:41.109 Error: Command "npm install" exited with 1

Heads up: merged a bug fix for vote counting. Rebase needed.

Smart improvement - makes the voting more nuanced.

Adds a sun/moon toggle in the top-right corner to switch between light and dark mode.

• Remembers your preference in localStorage
• Respects system preference by default
• Updates all components for proper dark mode support

Because every project needs a dark mode debate.