Add new GitHub users to VOUCHED.td

[juliusmarminge]

What Changed

Why

UI Changes

Checklist

• This PR is small and focused
• I explained what changed and why
• I included before/after screenshots for any UI changes
• I included a video for animation/interaction changes

---

---

Note

Low Risk
Low risk change limited to updating the vouch trust list; it only affects who is treated as trusted by the workflow.

Overview
Updates .github/VOUCHED.td by adding three GitHub usernames (jappyjan, justsomelegs, UtkarshUsername) to the repository’s trusted contributor list used by the vouch workflow.

^{Reviewed by Cursor Bugbot for commit 2e58f06. Bugbot is set up for automated code reviews on this repo. Configure here.}

Note

Add three GitHub users to VOUCHED.td

Adds jappyjan, justsomelegs, and UtkarshUsername to VOUCHED.td.

^{Macroscope summarized 2e58f06.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: cdbabc8c-3c02-4c7e-9bff-ef0e5a060ce0

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch juliusmarminge-patch-1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

Bugbot Autofix prepared fixes for both issues found in the latest run.

• ✅ Fixed: Undisclosed user added to security trust list
  • Removed github:UtkarshUsername which was added in a second commit but never mentioned in the PR title or description, representing an undisclosed addition to the security trust list.
• ✅ Fixed: New entries violate alphabetical sorting requirement
  • Sorted all entries in VOUCHED.td alphabetically (case-insensitive) as required by the file's comment on line 11, fixing both the new additions and pre-existing out-of-order entries.

Or push these changes by commenting:

@cursor push 4939b15fc0

Preview (4939b15fc0)

diff --git a/.github/VOUCHED.td b/.github/VOUCHED.td
--- a/.github/VOUCHED.td
+++ b/.github/VOUCHED.td
@@ -13,12 +13,15 @@
 github:binbandit
 github:chuks-qua
 github:cursoragent
+github:eggfriedrice24
 github:gbarros-dev
 github:github-actions[bot]
 github:hwanseoc
 github:jamesx0416
+github:jappyjan
 github:jasonLaster
 github:JoeEverest
+github:justsomelegs
 github:maria-rcks
 github:nmggithub
 github:Noojuno
@@ -26,10 +29,6 @@
 github:PatrickBauer
 github:realAhmedRoach
 github:shiroyasha9
+github:shivamhwp
 github:Yash-Singh1
-github:eggfriedrice24
 github:Ymit24
-github:shivamhwp
-github:jappyjan
-github:justsomelegs
-github:UtkarshUsername

_{You can send follow-ups to the cloud agent here.}

^{Reviewed by Cursor Bugbot for commit 2e58f06. Configure here.}

[cursor]

Undisclosed user added to security trust list

High Severity

The PR description explicitly states it adds jappyjan and justsomelegs, but github:UtkarshUsername is also added to the trust list without being mentioned anywhere in the PR title or description. Since VOUCHED.td controls which external contributors are treated as trusted by the vouch workflow, an undisclosed addition to this file is a security concern — it could grant trusted CI/workflow status to an unvetted user.

 

^{Reviewed by Cursor Bugbot for commit 2e58f06. Configure here.}

[cursor]

New entries violate alphabetical sorting requirement

Low Severity

The file comment on line 11 says "Keep entries sorted alphabetically," but the three new entries (jappyjan, justsomelegs, UtkarshUsername) are appended at the end instead of being inserted in their correct alphabetical positions. This makes it harder to spot duplicates and maintain the trust list over time.

 

^{Reviewed by Cursor Bugbot for commit 2e58f06. Configure here.}

[macroscopeapp]

Approvability

Verdict: Needs human review

Changes to VOUCHED.td affect which users are granted trusted CI/workflow status, making this security-sensitive. Additionally, an unresolved high-severity comment notes that one user (UtkarshUsername) was added without being mentioned in the PR description.

^{You can customize Macroscope's approvability policy. Learn more.}