Built with AI, and how to verify it

Écluse is a supply-chain security tool, and I built much of it leaning on an LLM harder than I ever have. If that makes you nervous, good. Here's the honest version: what's mine, what the AI did, and why you don't have to trust either of us to use it.

What's mine, and what's the AI's

How I keep that honest

Nothing ships until I've audited it

I'm not cutting a release until I've been through the whole codebase line by line, the way you read code you're about to hand someone else to run. Écluse is pre-launch on purpose: don't put it in front of a build yet. The "understand and explain every line" bar that CONTRIBUTING.md sets for contributors is the bar for release.

You don't have to trust me. Check it

If you can verify the output, you don't have to trust how it was made. (More in Release & Supply-Chain Operations.)

Why this is public now

I'm sharing Écluse pre-launch to get the design picked apart while changing it is still cheap; I don't have a budget for an outside security review yet. So please try to break it: the origin model, the upstream merge, the deny-by-default rules, the egress story. Start with MOTIVATION.md and the architecture. The heavy LLM use is a property of bootstrapping and will taper; the design is what I'm not backing off.