GhostBounties

GhostBounties is a trustless, privacy-preserving bounty automation platform that pays developers instantly for completing GitHub micro-tasks. Using ZK-TLS proofs, users can cryptographically prove actions like starring a repo or merging a PR without ever sharing credentials. A decentralized Fluence agent verifies proofs and triggers smart-contract payouts on Polygon/Base, while XMTP provides a simple chat interface—no dashboard, no login. SQD indexes all activity to build an on-chain reputation graph. GhostBounties enables a fully autonomous, verifiable, and scalable micro-task economy for open-source and Web3 communities

GhostBounties is built as a fully autonomous system stitched together from decentralized compute, ZK verification, smart-contract automation, and decentralized messaging. We built the core logic as a Fluence (Rust/Marine) agent, which acts as the “brain” that receives proof IDs, verifies them, and triggers contract calls without relying on any centralized backend. vlayer’s ZK-TLS prover is used on the client side to generate zero-knowledge proofs of GitHub actions—this lets users prove actions like stars or PR merges without exposing tokens, cookies, or OAuth credentials. These proofs are then passed to the Fluence agent for off-chain verification.

We integrated XMTP as the user interface, letting the entire platform run through encrypted wallet-to-wallet chat instead of a dashboard. The XMTP bot (Node.js) handles commands like jobs, claim, and submit, and forwards proof metadata to Fluence. On-chain settlement happens through two smart contracts on Base/Polygon: GhostVault (escrow) and GhostBounties (payout manager). Once the Fluence agent validates a proof, it calls the payout contract to release funds instantly. We use SQD to index contract events and compute a decentralized reputation score.

One of the hackiest parts was bridging the ZK-TLS prover output into a format our Rust/Marine Fluence module could parse deterministically across distributed nodes. We also hacked together an alternative verification path using Vouch’s GitHub proof system for PR-based tasks, letting us combine both ZK-TLS proofing and authenticated GitHub API verification. The entire system is intentionally UI-less, stitched together from messaging, agents, and cryptography to create a genuinely autonomous bounty robot.