This pull request addresses some of the remaining issues when matching
`~`, `$VAR`, `.directory/`, and embedded commas. It does not address
issues with embedded line breaks.
The PR is split in multiple commits carefully applying a set of changes
to
1. make the big regex more composable / readable
2. update some doc strings
3. add more test cases for the issues mentioned
4. two simple commits, each fixing the issues
Changes:
- **url: refactor regex into documented branches**
Break up the big monolithic URL and path regex into named sub-pattern
constants and compose the final expression from three commented
branches:
- URLs with a scheme
- absolute or dot-relative paths
- bare relative paths
This commit only breaks up the regex. It keeps the existing matching
behavior unchanged.
- **url: update top-level comment**
- **url: carefully extend test cases**
Extend existing test cases with `~`, `$VAR`, and bare .-prefixed paths
and embedded `,` comma handling.
See following issue comments:
-
https://github.com/ghostty-org/ghostty/pull/10570#issuecomment-3853842036
-
https://github.com/ghostty-org/ghostty/issues/1972#issuecomment-3859329233
-
https://github.com/ghostty-org/ghostty/issues/1972#issuecomment-3857881196
- **url: remove `,` from path_chars**
Related to #1972
Fixes an issue when paths have embedded comma, e.g.:
shared/src/foo/SomeItem.m:12, shared/src/
with path_chars greedily consuming the rest of the string.
Now file path matching stops at comma. Scheme URLs are unchanged and
still using the comma.
- **url: fix matching `~`, `$VAR`, `.directory/`**
Related to #1972
This commit adds three new alternatives for
`rooted_or_relative_path_prefix`:
- `~/`
- `$VAR` and
- `.local/`, `.config/` etc. for dot-prefixed directory names
Remaining commits fix edge cases one by one:
- **url: fix mid-string dot partial matches**
`"foo.local/share"` (was partial match) → now matches fully
- **url: fix $-numeric character matches**
`"$10/$20"` → no match
- **url: fix partial match of mid string $-variable**
`"foo/$BAR/baz"` (was partial match) → matches fully now
- **url: fix incomplete $-numeric behavior**
`"$10/bar.txt"` (was partial match) → but should not match at all
Closes#10718
## Summary
- Populates the `symbols` field on `CommandOption` by looking up
keybindings via the existing `keyboardShortcut(for:)` API
- All the UI rendering (`ShortcutSymbolsView`) and the keybinding lookup
were already in place, this just wires them together
## AI Disclosure
Claude Code was used to assist with codebase exploration and drafting
the change. The implementation was manually verified by building and
testing locally on macOS with Xcode 26.2.
## Test plan
- [x] Built with `xcodebuild` on Xcode 26.1 and 26.2
- [x] Launched app, opened command palette, confirmed shortcuts appear
next to commands that have keybindings
- [x] Confirmed commands without keybindings show no shortcuts
<img width="912" height="744" alt="Screenshot 2026-02-14 at 12 55 42 PM"
src="https://github.com/user-attachments/assets/b988015c-21b6-4a17-9883-e23c87c6934b"
/>
This moves Ghostty to a vouch-based contribution system. The high-level
idea is that only vouched users can participate in contributing to
Ghostty. Users are vouched by maintainers commenting "lgtm" on an issue
they opened.
The system also supports explicit **denouncement**: bad actors can be
added to the denounced list which blocks them from contributing
entirely. We maintain this as a public record so other projects can
adopt our prior knowledge about bad actors if they choose. In this PR,
only maintainers can denounce by responding `denounce`, `denounce [user]
[reason]` to any issue or PR.
This also updates our contribution guidelines and templates to fit this
new model.
This system is inspired very heavily by
[Pi](https://github.com/badlogic/pi-mono). The original commits were
based directly on their work.
> [!IMPORTANT]
>
> This is experimental. We're going to continue testing and refining
this. It isn't a perfect system [yet]. This PR just adds the basics so
we can start proving it out.
## Why?
Open source has always worked on a system of _trust and verify_.
Historically, the effort required to understand a codebase, implement a
change, and submit that change for review was high enough that it
naturally filtered out many low quality contributions from unqualified
people. For over 20 years of my life, this was enough for my projects as
well as enough for most others.
Unfortunately, the landscape has changed particularly with the advent of
AI tools that allow people to trivially create plausible-looking but
extremely low-quality contributions with little to no true
understanding. Contributors can no longer be trusted based on the
minimal barrier to entry to simply submit a change.
But, open source still works on trust! And every project has a definite
group of trusted individuals (maintainers) and a larger group of
probably trusted individuals (active members of the community in any
form). So, let's move to an explicit trust model where trusted
individuals can vouch for others, and those vouched individuals can then
contribute.
## Web of Trust
The `VOUCHED` file is purposely a basic, single, flat-file system that
is easy to manipulate with any standard POSIX-tooling or mainstream
languages without any external libraries.
I hope that eventually projects can form a web of trust and share and
ingest VOUCH files from other projects they trust in order to get a
better default trust model across projects in the age of relentless AI
attack.
The file also specifically is relaxed on the exact policy for being
vouched or denounced. If/when another project decides to trust an
upstream vouch file, they're expected to do the diligence to understand
if they also trust the upstream projects _reasoning_ for
vouching/denouncing. For example, if someone decides to create a vouch
file promoting their friends or denouncing their own personal shitlist,
that's fine, but downstreams can be aware of that and not trust it.
## A Generic System
The vouch system is implemented as a standalone project currently in
`.github/vouch`. **It is forge-agnostic** but includes GitHub
integration to start. I plan on expanding this. My goal is that if this
works for us, other projects can quickly adopt it. I don't want to
extract this out to its own repo or generalize it more until we prove
out the edge cases with our usage. But, I will welcome contributions
here to improve this system.
### Usage
Local files only:
- `vouch.nu check <user>` - check if a user is vouched/denounced
- `vouch.nu add <user>` - add a user to the vouched list
- `vouch.nu denounce <user>` - denounce a user
GitHub integration:
- `vouch.nu gh-check-pr <pr>` - check PR author status, optionally
auto-close
- `vouch.nu gh-manage-by-issue <issue> <comment>` - vouch/denounce via
issue comments
We were previously overwriting PS0 on every PROMPT_COMMAND. We now
append to PS0, but only if it doesn't already contain our hook.
This is also more consistent with the bash-preexec behavior we maintain
for older bash versions.
