Trust scoring for GitHub contributors using graph-based ranking on contribution graphs

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for jeffreysmith from gravatar.com jeffreysmith

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Jeff Smith
  • Tags code-review , github , pull-request , security , trust
  • Requires: Python >=3.12
  • Provides-Extra: mcp
Classifiers
Report project as malware

Project description

Good Egg

Trust scoring for GitHub PR authors based on contribution history.

Why

AI has made mass pull requests trivial to generate, eroding the signal that a PR represents genuine investment. Good Egg is a data-driven answer: it mines a contributor's existing track record across the GitHub ecosystem instead of requiring manual vouching. See Methodology for the full approach or read the blog post for a higher-level overview.

Quick Start

Try Good Egg without installing anything (requires uv):

# Requires a GitHub personal access token
GITHUB_TOKEN=<token> uvx good-egg score <username> --repo <owner/repo>

This runs Good Egg in a temporary environment with no install needed.

Installation

pip install good-egg          # Core package
pip install good-egg[mcp]     # With MCP server support

GitHub Action

Add Good Egg to any pull request workflow:

name: Good Egg
on:
  pull_request:
    types: [opened, reopened, synchronize]
permissions:
  pull-requests: write
jobs:
  score:
    runs-on: ubuntu-latest
    steps:
      - uses: 2ndSetAI/good-egg@v0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

Add checks: write to permissions if you enable check-run: true.

Example PR comment
Good Egg PR comment

See docs/github-action.md for inputs, outputs, and advanced configuration.

CLI

good-egg score <username> --repo <owner/repo>
good-egg score octocat --repo octocat/Hello-World --json
good-egg score octocat --repo octocat/Hello-World --verbose
good-egg cache-stats
good-egg cache-clear
good-egg --version
good-egg --help

Python Library

import asyncio
import os

from good_egg import score_pr_author

async def main() -> None:
    result = await score_pr_author(
        login="octocat",
        repo_owner="octocat",
        repo_name="Hello-World",
        token=os.environ["GITHUB_TOKEN"],
    )
    print(f"{result.trust_level}: {result.normalized_score:.2f}")

asyncio.run(main())

See docs/library.md for full API documentation.

MCP Server

pip install good-egg[mcp]
GITHUB_TOKEN=ghp_... good-egg-mcp

Add to Claude Desktop (claude_desktop_config.json):

{
  "mcpServers": {
    "good-egg": {
      "command": "good-egg-mcp",
      "env": { "GITHUB_TOKEN": "ghp_your_token_here" }
    }
  }
}

See docs/mcp-server.md for tool reference.

Scoring Models

Good Egg supports three scoring models:

Model Name Description
v3 Diet Egg (default) Alltime merge rate as sole signal
v2 Better Egg Graph score + merge rate + account age via logistic regression
v1 Good Egg Graph-based scoring from contribution history

v3 is the default. To use an older model, set scoring_model: v1 or scoring_model: v2 in your .good-egg.yml, pass --scoring-model v1 on the CLI, or set scoring-model: v1 in the action input. See Methodology for how each model works.

Fresh Egg Advisory

Accounts less than 365 days old receive a "Fresh Egg" advisory in the output. This is informational only and does not affect the score. Fresh accounts correlate with lower merge rates in the validation data.

How It Works

The default v3 model (Diet Egg) scores contributors by their alltime merge rate: merged PRs divided by total PRs (merged + closed). Older models (v1, v2) build a weighted contribution graph and run personalized graph scoring. See Methodology for details.

Trust Levels

Level Description
HIGH Established contributor with a strong cross-project track record
MEDIUM Some contribution history, but limited breadth or recency
LOW Little to no prior contribution history -- review manually
UNKNOWN Insufficient data to produce a meaningful score
BOT Detected bot account (e.g. dependabot, renovate)
EXISTING_CONTRIBUTOR Author already has merged PRs in this repo -- scoring skipped

Configuration

thresholds:
  high_trust: 0.7
  medium_trust: 0.3
graph_scoring:
  alpha: 0.85

Environment variables with the GOOD_EGG_ prefix can override individual settings. See docs/configuration.md for the full reference and examples/.good-egg.yml for a complete example.

Troubleshooting

See docs/troubleshooting.md for rate limits, required permissions, and common errors.

License

MIT

Egg image CC BY 2.0 (Flickr: renwest)

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for jeffreysmith from gravatar.com jeffreysmith

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Jeff Smith
  • Tags code-review , github , pull-request , security , trust
  • Requires: Python >=3.12
  • Provides-Extra: mcp
Classifiers

Release history Release notifications | RSS feed

This version

2.0.0

1.1.0

1.0.0

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

good_egg-2.0.0.tar.gz (307.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

good_egg-2.0.0-py3-none-any.whl (32.6 kB view details)

Uploaded Python 3

File details

Details for the file good_egg-2.0.0.tar.gz.

File metadata

  • Download URL: good_egg-2.0.0.tar.gz
  • Upload date:
  • Size: 307.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for good_egg-2.0.0.tar.gz
Algorithm Hash digest
SHA256 bd3e37b6e9029406cd64d1515a78cd7f1ab14157b19e820f9ccb1cd44dc99941
MD5 1e528e87f823a3ff896c7187a5ea0a58
BLAKE2b-256 5fd7a6cb24ba5a096d16e8a879fe5c5e15b0f4bad1752ad83bb15a782fda548f

See more details on using hashes here.

Provenance

The following attestation bundles were made for good_egg-2.0.0.tar.gz:

Publisher: release.yml on 2ndSetAI/good-egg

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file good_egg-2.0.0-py3-none-any.whl.

File metadata

  • Download URL: good_egg-2.0.0-py3-none-any.whl
  • Upload date:
  • Size: 32.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for good_egg-2.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 305cea9fb3098f9aa84fac94408b4bdd78e8fb59b4190b60dff9034411989046
MD5 4501dbc7276e0e6a3b847cc854089b3f
BLAKE2b-256 c1cd880f5e5b6a5f56603ed4e5cad82d4a92bdc479b99d321621e91ff5464874

See more details on using hashes here.

Provenance

The following attestation bundles were made for good_egg-2.0.0-py3-none-any.whl:

Publisher: release.yml on 2ndSetAI/good-egg

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page