Week 4: Never Gonna Give You Up
The constitution lasted seventeen hours.
Last week, a Trojan horse PR taught us a lesson: if you want different behavior, write different rules. So we wrote RULES.md — 66 words, immutable, CI-enforced. Protected by a GitHub Actions workflow.
The commit message: "never gonna give you up."
The experiment: OpenChaos is a repo where anyone submits a PR, the community votes with reactions, and the most-voted PR merges daily. Last week, we wrote a constitution. This week, someone attacked it.
January 24, 2:05 PM UTC: The Attack
@Mognakor submitted PR #137: "Bringing back democracy."
It did one thing: delete .github/workflows/constitution.yml — the workflow that protected RULES.md from modification.
The OpenChaos Bot summary was immediate:
"Removes the workflow that blocked changes to RULES.md, opening the door to constitutional amendments."
Vibe: Let chaos reign, the old gods are dead and we have killed them.
Three minutes later, CI passed. The protection didn't trigger.
The constitution was undefended.
2:08 PM: The Vulnerability
The original protection had a critical flaw:
on:
pull_request: # ← The problem
paths:
- 'RULES.md'
- '.github/workflows/constitution.yml'
GitHub Actions runs pull_request workflows from the PR branch, not the base branch.
The exploit:
- PR deletes
constitution.ymlin its own branch - GitHub looks for workflows to run — in the PR branch
constitution.ymldoesn't exist there- Workflow never runs
- Protection bypassed
The constitution was "protected" by a protection that couldn't protect itself. A self-referential failure. The workflow that was supposed to prevent its own deletion could be deleted by any PR that also deleted the workflow.
2:35 PM: The Fix
Thirty minutes. That's how long the constitution was exposed.
The fix required one change: move the protection into ci.yml using pull_request_target:
on:
pull_request_target: # Runs from main, not PR branch
branches: [main]
With pull_request_target, GitHub runs the workflow from the base branch — main — not the PR branch. Even if a PR deletes or modifies ci.yml, the version from main is what actually executes.
This creates a catch-22 for attackers:
- Modify
ci.ymlto remove protection → Protection (from main) detects the change → Blocked - Delete
constitution.ymland modifyRULES.md→ Protection detects both → Blocked - Don't touch protected files → Nothing to bypass → No attack
The commit message: "never gonna let you down."
2:38 PM: The Response
I commented on PR #137:
"Well played. You found a real vulnerability.
GitHub Actions runs workflows from the merge commit. So deleting constitution.yml meant the protection never ran.
Fixed in main. Constitution protection now lives in ci.yml with
pull_request_target, so it runs from main and can't be bypassed.Your PR will fail CI when you update the branch. Thanks for stress-testing democracy."
2:46 PM: "I Love Democracy"
Eight minutes after being thanked, @Mognakor pushed a new commit. This time, instead of deleting the workflow, they replaced the protection check itself:
- if echo "$CHANGED" | grep -E '^(RULES\.md|\.github/workflows/(constitution|ci)\.yml)$'; then
- echo "::error::Protected files cannot be modified..."
- exit 1
- fi
+ echo "I love democracy"
Swap the entire check with a Star Wars quote. Elegant.
It failed. Because pull_request_target runs the workflow from main, @Mognakor's modified version never executed. The protection logic from main ran, detected ci.yml as changed, and blocked the PR.
The democracy quote became the error log of a failed coup.
PR #137 remains open. A monument to the seventeen-hour vulnerability and the thirty-minute fix.
The Numbers
| Metric | Week 3 | Week 4 | Change |
|---|---|---|---|
| Stars | 758 | 842 | +11% |
| Forks | 62 | 69 | +11% |
| Open PRs | 54 | 58 | +7% |
| Merges this week | 6 | 6 | consistent |
| Constitution attacks | 0 | 1 | ∞ |
The big number: open PRs grew from 54 to 58 despite a week of daily merges. New submissions outpaced closures. The website's broken conflict indicators — showing everything as broken — didn't help voters triage, but contributors kept submitting anyway.
Meanwhile, in the Chaos
While the constitution crisis played out, the repo kept shipping.
The Internet's Two Pillars
PR #14: "Added dickbutt" merged Saturday. PR #71: "cat" merged Sunday. The two foundational elements of internet culture now both present on openchaos.dev.
The prophecy is fulfilled.
The Machines Take Over (Sort Of)
PR #63: "Add Automatic Merge" by @Loeffeldude shipped Monday. A GitHub Actions workflow that runs every Sunday at 12:00 UTC and merges the top-voted PR automatically.
One catch: no conflict checking. If the top PR has conflicts, it fails silently. The first test comes February 1st.
The system to automate chaos is itself chaotic.
Discord
discord.gg/6S5T5DyzZq launched January 26th. Real-time chaos coordination is now possible.
The commit that added the Discord links to the site: "never gonna run around and desert you."
The Infrastructure Wave
Three contributors. One day. Zero coordination.
On January 30th, three PRs were submitted within hours of each other:
@Saturate submitted PR #151: an MCP server. Five API tools that let AI agents query the repo — open PRs, merge history, competition analysis. The Model Context Protocol is how AI tools like Claude and GPT connect to external systems. If this ships, AI agents don't just observe OpenChaos. They understand it.
@Daviey submitted PR #153: OAuth voting. 1,367 lines across 19 files. Log in with GitHub, vote on PRs without leaving openchaos.dev. The pending vote queue is the best detail — vote before logging in, and the system remembers your choice and casts it after the OAuth callback. Also: XP startup sounds and confetti on vote milestones. The Windows 98 simulation now has real authentication underneath.
@henryivesjones submitted PR #152: a visitor counter. Not the "you are visitor #1,000,000" kind. A real counter with an in-memory accumulator and a GitHub Actions pipeline that consolidates counts every six minutes.
None of them knew about each other's PRs. Three people independently decided the project needed real infrastructure on the same day.
The meme PRs aren't stopping. But now they're competing for votes alongside authentication systems and API servers.
The Bug Fix Epilogue
Remember the Trojan horse from last week? The health indicators it shipped showed conflicts on everything. @matthewmayer's verdict:
"I'm pleased we had 219 upvotes and a long discussion about vote rigging and no one actually checked the code worked."
PR #119 — my fix for the missing auth headers — finally merged Wednesday with +58 votes. The website now shows accurate conflict status. It took eleven days for the bug fix to outpace the meme PRs in the vote queue.
Clippy Returns
PR #126: "Add Clippy, the helpful assistant!" by @bigintersmind merged Thursday with 57 net votes. The Microsoft Office paperclip now lives in the IE6 experience. "It looks like you're trying to vote on a PR! Would you like help?" The 1999 simulation deepens.
The Rickroll
Three commits in three days:
| Commit | Date | Message | What It Did |
|---|---|---|---|
2d85554 | Jan 23 | never gonna give you up | Created RULES.md + protection (vulnerable) |
b9f0e76 | Jan 24 | never gonna let you down | Hardened protection after attack |
f9f83f9 | Jan 25 | never gonna run around and desert you | Added Discord links to the site |
And in the workflow file itself:
jobs:
# never gonna run around and desert you
protect-constitution:
The commit history of democracy defending itself is a Rick Astley song.
Commit #4 — "never gonna make you cry" — is unclaimed. Someone will earn it.
What's Emerging
1. Adversarial testing is the healthiest outcome.
@Mognakor found a real vulnerability. The fix took thirty minutes. The attacker was thanked. This is exactly how security should work — not "we hope nobody notices" but "someone stress-tested it and we got stronger."
2. The chaos is building infrastructure.
Week 1: Will this work? Week 2: Can we go faster? Week 3: Who makes the rules? Week 4: Can the rules survive attack? Can we automate? Can we chat?
Automerge. Discord. Constitution hardening. The bug fix from two weeks ago finally shipping. Three infrastructure PRs in one day. These aren't chaos — they're institutions. The experiment is becoming a system.
3. Systems get built on broken systems.
The automerge relies on voting data. The voting display relied on merge status checks. The merge status checks were broken for two weeks. Everyone knew. Nobody could fix it faster than the vote cycle allowed.
This is how real software works. Not clean dependency trees — tangled webs of "good enough" stacked on "we'll fix it later."
4. The machines are getting an interface.
PR #151 gives AI agents structured access to the repo's governance data. A self-governing codebase where AI can query voting patterns, analyze competition, and understand governance outcomes. The loop isn't closed yet — agents can read but can't submit.
What's Next
First automerge: Sunday, February 1, 12:00 UTC. The bot wakes up. Will the top PR have conflicts? Will it merge successfully? Or fail silently while nobody notices?
$100 bounty. The first PR to win the auto-merge earns $100 — USD or crypto, winner's choice. The catch: you need to be #1 by votes. PR #13 "Rewrite it in rust" leads with 483 votes and merge conflicts. The auto-merge only tries the top PR. If Rust can't merge, nobody wins. Bounty rolls until claimed. Full rules.
Someone already submitted a clean Rust rewrite. The community closed it. Nobody actually wants Rust — they just want to vote for it. To claim $100, you have to beat a meme that the community loves but will never ship.
Infrastructure vs. memes. Three infrastructure PRs are now competing for votes alongside joke submissions. OAuth login, visitor analytics, AI agent access — real platform features in a repo that merged dickbutt last Saturday. The vote results will say something about what OpenChaos actually values.
Academic interest. A TU Delft master thesis on Sybil-resistant trust is using OpenChaos as a dataset. Prof. Pouwelse called it "a perfect dataset" for studying voting manipulation. I built feed.openchaos.dev (source) to deliver the data — 3,150+ voters, 8,500+ events, full export API. The chaos is becoming a dataset.
Week 4 of ∞.
The next merge is today at 19:00 UTC.
Follow the chaos
Weekly stories from a repo where the internet decides what ships. No spam, just drama.