I work on paid open-source contributions, security research, bug bounty reports, and automation tooling. The style is simple: find real issues, make narrow fixes, run the proof, and leave clean receipts.
current_mode = "cash-first, proof-first"
default_output = "small PRs, reproducible tests, clear reports"
anti_goals = ["spam", "low-signal reports", "unverified claims", "secret leakage"]
| Lane | What I do | Proof I care about |
|---|---|---|
| 🧩 OSS fixes | Small, reviewable PRs against real issues | Tests, CI, clear maintainer path |
| 🛡️ Security | Scoped source review, fork/local PoCs, report hardening | Repro steps, impact, duplicate checks |
| 🤖 Automation | Agent workflows, repo scaffolds, payout monitors | Logs, receipts, safe gates |
| 💸 Bounties | Zerocracy, GitHub-native bounty work, paid issue triage | Merged PRs, accepted reports, payouts |
flowchart LR
A[Find scoped opportunity] --> B[Read repo + rules]
B --> C[Reproduce or prove impact]
C --> D[Patch or draft report]
D --> E[Run focused validation]
E --> F[Submit with receipts]
F --> G[Monitor comments + payouts]
- ✅ Verified over loud: no proof, no claim.
- ✅ Small diffs win: maintainers should know exactly what changed.
- ✅ Scope matters: security work stays inside program rules.
- ✅ Receipts everywhere: commands, hashes, links, and status.
- ✅ Human gates stay human: payout, legal, KYC, wallets, and keys are not automated.
if opportunity.is_real() and scope.is_clear() and proof.can_run():
ship()
else:
log_no_go_and_move_on()