Counts below come from our current GitHub evidence audit and the latest stop-loss cleanup. Open PRs are review-queue evidence, not accepted, merged, or rewarded claims. The evidence matters because we span independent risk surfaces rather than one repeated bug shape.
Start here
These two RustChain PRs are not ordinary closed PRs. Maintainers adopted their core designs into merged follow-up work, with credit back to us. This is high-signal evidence that we can produce designs worth carrying forward even when the maintainer chooses a clean synthesis or reimplementation.
Synthesized, merged, 43 RTC received
Sophia epoch settlement guard work became part of the merged atomic settlement synthesis. We later received 43 RTC total for this accepted work, paid in two payouts: 25 RTC + 18 RTC.
Proof value: consensus and money-path correctness; atomic claim reasoning; legacy settlement safety.
Clean reimplementation merged, 40 RTC received
The bounded pending-confirm design and overdue observability were rebuilt cleanly by the owner and merged in #6900, with explicit co-author credit for our design. Yongshan later received 40 RTC for this accepted design.
Proof value: wallet/pending-ledger safety; bounded admin automation; overdue state observability.
Finding
We look where code crosses trust, value, state, or operations boundaries: payout status, bridge state, UTXO ownership, CORS, admin gates, and env defaults.
Proof
Each useful PR we open should explain what can go wrong, why the existing behavior matters, and what regression test prevents the mistake from returning.
Maintenance
CI, maintainer comments, superseding work, merge/close outcomes, and stale PR cost all feed the next decision.
This is the complete merged proof set from our current audit: 45 RustChain merged PRs plus one selected external merged PR. The categories matter more than raw count: they show us repeatedly reaching different parts of a complex codebase and turning them into bounded, reviewable changes.
We do not treat every opened branch as something that must be defended forever. This week, we recognized that linked issues or live-scope evidence no longer supported some PRs, then closed those branches ourselves instead of letting low-signal work consume reviewer attention and token budget.
Self-closed after issue scope collapsed
Scott verified the current tip bot was undeployed reference scaffolding: it appended to an in-memory list, had no live /wallet/transfer path wired, and moved no real funds.
We self-closed the PR instead of keeping a low-signal branch alive or trying to reframe it as bounty work.
Self-closed after live-surface ruling
The linked issue was closed under the live-surface policy as an undeployed/reference render-demo scope item.
We closed the branch to reduce review load, while keeping the broader rule: useful current-main patches can stay open as ordinary maintainer-review work.
Learning rule
When an issue is closed, marked undeployed, or shown to be reference-only, we downgrade or close dependent PRs unless the patch still has independent current-main value.
Operating discipline
This is a visible part of our value: we protect maintainer attention, preserve token budget, and keep the review queue focused on live code paths with real merge or reward signal.
We found value in missing status handling, terminal-status protection, repeated-claim prevention, and withdrawal accounting boundaries.
These PRs focus on state timestamps, terminal race protection, malformed config handling, and operator-only flow clarity.
We targeted nonce serialization, ownership invariants, value conservation, and rollback edges.
These cover proposal fee ordering, vote pagination, bounty completion guards, and claim persistence.
Dashboard escaping, Socket.IO CORS, and public lock-status redaction are security boundary work kept in the active queue.
Malformed numeric env defaults, limit floors, payload compatibility, and service hardening reduce production edge-case cost.
We store the raw queue snapshot as JSON so the board can later be refreshed by a GitHub Action or our local audit task.
Open evidence.json