AI coding tools are changing how open source software gets built. At Zcash Foundation, we’ve seen this firsthand: AI-assisted contributions have helped us ship features faster, enabled contributors who are new to Rust or to the Zcash protocol to make meaningful contributions, and accelerated our development velocity across four major releases—in the last three months alone.
We’re embracing this shift. And we’re being intentional about it.
Why This Is Important For Zcash
Zebra is Zcash Foundation’s consensus node implementation; the software that validates every transaction on the Zcash network and enforces the protocol rules that protect users’ financial privacy. Following the zcashd deprecation and Network Upgrade 7, Zebra will become the primary consensus implementation for the entire Zcash network.
This is privacy-critical infrastructure. Every line of code in Zebra can affect the privacy of millions of people. A bug in consensus validation could reject valid shielded transactions or accept invalid ones. A flaw in cryptographic verification could compromise zero-knowledge proof security. An error in state management could lead to network forks or financial loss.
This is why every change to Zebra (whether written by a human, assisted by AI, or anything in between) goes through rigorous human review by our engineering team. That hasn’t changed.
What Has Changed
What has changed is the volume. Like many open source projects, we’ve seen a significant increase in external pull requests. Some are excellent contributions from developers using AI tools to work more effectively. Others lack context, prior coordination, or evidence that the contributor understands the change they’re proposing.
The challenge isn’t AI itself, it’s that opening a pull request comes with a real cost. Every PR requires a maintainer to read the code, understand the intent, evaluate correctness against Zcash’s consensus rules, and verify that nothing compromises the privacy or security guarantees our users depend on. That takes time, and our team’s review capacity is finite.
We’re not alone in navigating this. Projects across the ecosystem — Reth, Lodestar, Ghostty, and many others, have been developing approaches to maintain quality while welcoming AI-assisted work. GitHub itself is exploring new tools to help maintainers manage this shift. We’ve drawn from these examples to build an approach that fits Zebra’s specific needs as privacy-critical infrastructure.
Our Approach
We’ve introduced three things: clear guidelines for contributors, machine-readable guidance for AI agents, and transparent criteria for when we close PRs.
For Contributors
Our updated CONTRIBUTING.md now asks contributors to:
- Start with an issue. Describe what you want to change and why, and wait for a team member to respond before writing code. An issue with no team acknowledgment doesn’t count as prior discussion.
- Disclose AI usage. If you used AI tools, tell us what tool and how you used it. This isn’t punitive, it helps reviewers calibrate their review. You are the sole responsible author of your code regardless of how it was written.
- Be ready to explain your work. If we ask during review, you should be able to explain the logic and design trade-offs of every change.
We’ve also made our PR closure criteria explicit. PRs may be closed if there’s no prior team discussion, if the change wasn’t requested, or if the contributor can’t explain their work. This is not personal; it’s about respecting everyone’s time, including the contributor’s.
For AI Agents
We’ve adopted the AGENTS.md standard: A universal format for providing AI coding agents with project-specific context. When a contributor uses Claude Code, GitHub Copilot, Cursor, or any of 20+ other tools inside the Zebra repository, the agent automatically reads our guidelines before generating code.
Our AGENTS.md provides agents with:
- A contribution gate that prompts the agent to verify the contributor has discussed the change with our team before opening a PR
- Zebra’s crate architecture and dependency rules, so generated code respects our layered design
- Code patterns specific to Zebra: Tower service bounds, error handling conventions, numeric safety requirements, async patterns
- Security constraints critical for a privacy-preserving node: bounded allocations, input validation at system boundaries, cryptographic verification patterns
The goal is straightforward: if an AI agent understands Zebra’s architecture and policies, it produces better code and—just as importantly—warns its user when a PR would likely be closed.
We’ve also added custom instructions for GitHub Copilot Code Review, adapted from analysis of over 18,000 historical review comments on the Zebra repository. This gives Copilot Zebra-specific review checks so it flags the issues our maintainers actually care about.
AI Is Making Zebra Better
We want to be clear about something: AI-assisted contributions have been a net positive for Zebra; our recent development velocity speaks for itself. In the last three months, we’ve shipped four releases: Zebra 3.0.0, 3.1.0, 4.0.0, and 4.1.0.
Contributors using AI tools have helped make this possible. AI lowers the barrier for developers who may not have deep experience with Rust’s ownership model or Zcash’s consensus rules to contribute meaningfully. That’s a good thing; the Zcash ecosystem now benefits from a broader contributor base.
But every one of these features was deeply reviewed by our engineering team. Our maintainers understood the implications, verified correctness against the Zcash protocol specifications, and ensured nothing compromised the privacy guarantees our users depend on. AI accelerates the writing; the understanding and accountability remain human.
What We’re Asking of the Community
If you want to contribute to Zebra:
- Start a conversation. Open an issue or reach out on Discord. Tell us what you want to work on. We’ll help you understand the scope, and guide you toward the right approach.
- Use AI tools if they help you. We welcome it. Just disclose it (your agent will surely do it for you) and make sure you understand what you’re submitting.
- Respect the process. Our review exists to protect Zcash users’ privacy and financial security. Working with us, not around us, means your effort is more likely to count.
If you’re building tools on top of Zebra, check out Zaino for indexer/lightwalletd functionality, Zallet for wallet features, or librustzcash for Zcash Rust libraries—many features that don’t belong in the consensus node have a natural home in the broader Z3 stack.
Looking Forward
We’ll be monitoring how these guidelines work in practice over the coming weeks: tracking whether they reduce review burden, whether contributors find them helpful, and whether we need to adjust. We’re committed to iterating based on what we learn.
The broader open source community is navigating this same transition. We’re learning from others, and we hope our approach—especially the use of AGENTS.md for machine-readable contribution policies—is useful to other projects in the Zcash ecosystem and beyond.
AI is making software development faster and more accessible. For privacy-critical infrastructure like Zebra, that velocity needs to be paired with intentionality. We believe we can have both.
The contribution guidelines, AGENTS.md, and Copilot review instructions referenced in this post are available in the Zebra repository. We welcome feedback on our approach—reach out via GitHub Issues, Discord, or the Zcash Community Forum.
