{"id":76,"date":"2025-08-26T16:30:16","date_gmt":"2025-08-26T16:30:16","guid":{"rendered":"https:\/\/www.orangeprotocol.io\/blog\/?p=76"},"modified":"2025-08-26T16:30:18","modified_gmt":"2025-08-26T16:30:18","slug":"github-contribution-proofs-for-privacy%e2%80%91preserving-developer-grants-bounties","status":"publish","type":"post","link":"https:\/\/www.orangeprotocol.io\/blog\/github-contribution-proofs-for-privacy%e2%80%91preserving-developer-grants-bounties\/","title":{"rendered":"GitHub Contribution Proofs for Privacy\u2011Preserving Developer Grants &amp; Bounties"},"content":{"rendered":"\n<p><strong>The Problem<\/strong><strong><br><\/strong>Grants, bounties, and retroactive funding programs want to support real developers\u2014but asking contributors to share public GitHub profiles often means doxxing themselves or revealing sensitive company contributions. Worse, bots or fake accounts can easily spoof activity to farm rewards.<\/p>\n\n\n\n<p><strong>How Orange Pass Solves This<\/strong><strong><br><\/strong>Orange Pass lets developers privately prove things like how many commits, PRs, or stars they\u2019ve earned\u2014without ever revealing their GitHub handle, organization, or actual repositories. The developer runs a zkTLS proof locally through the browser extension. That creates a verifiable attestation, which can be used by any Web3 grant platform or DAO.<\/p>\n\n\n\n<p>Instead of sending in links, devs can now prove:<br><br>&#8220;I\u2019ve pushed 50+ commits in the past 90 days.&#8221;<br><br>&#8220;I\u2019ve had 5+ PRs merged this year.&#8221;<br><br>&#8220;My repos received 100+ stars&#8221;<\/p>\n\n\n\n<p><br>\u2014 all in <strong>zero knowledge<\/strong>, tied to their wallet.<\/p>\n\n\n\n<p><strong>Real-World Example<\/strong><strong><br><\/strong>Let\u2019s say 0xNeko wants to apply for a DevDAO builder grant. The grant portal lets applicants use Orange Pass to verify their GitHub contributions. 0xNeko privately proves she qualifies for the \u201cSilver Builder\u201d tier\u2014commits \u2265 50 or stars \u2265 100\u2014and her wallet gets a verifiable DevRep attestation. The DAO sees only that she passed the threshold, not her employer or personal identity.<\/p>\n\n\n\n<p><strong>Why It\u2019s Better<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Devs stay pseudonymous, no doxxing required<\/li>\n\n\n\n<li>Grants go to real builders, not gamed accounts<\/li>\n\n\n\n<li>One attestation can be reused across multiple funding rounds<\/li>\n<\/ul>\n\n\n\n<p><strong>Try It Out<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Ask devs to install Orange Pass<\/li>\n\n\n\n<li>Set your eligibility criteria: e.g., Bronze (10 commits), Silver (50 commits or 100 stars), Gold (200 commits &amp; 20 PRs)<\/li>\n\n\n\n<li>Use our verifier smart contract to automatically approve eligible wallets<\/li>\n<\/ol>\n\n\n\n<p><strong>Bonus<\/strong>: You can also link these DevRep attestations to a developer\u2019s Orange Humanity Score (OHS) for deeper reputation building.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n","protected":false},"excerpt":{"rendered":"<p>The ProblemGrants, bounties, and retroactive funding programs want to support real developers\u2014but asking contributors to share public GitHub profiles often means doxxing themselves or revealing sensitive company contributions. Worse, bots or fake accounts can easily spoof activity to farm rewards. How Orange Pass Solves ThisOrange Pass lets developers privately prove things like how many commits,<\/p>\n","protected":false},"author":1,"featured_media":77,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-76","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-orange-updates"],"_links":{"self":[{"href":"https:\/\/www.orangeprotocol.io\/blog\/wp-json\/wp\/v2\/posts\/76","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.orangeprotocol.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.orangeprotocol.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.orangeprotocol.io\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.orangeprotocol.io\/blog\/wp-json\/wp\/v2\/comments?post=76"}],"version-history":[{"count":1,"href":"https:\/\/www.orangeprotocol.io\/blog\/wp-json\/wp\/v2\/posts\/76\/revisions"}],"predecessor-version":[{"id":78,"href":"https:\/\/www.orangeprotocol.io\/blog\/wp-json\/wp\/v2\/posts\/76\/revisions\/78"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.orangeprotocol.io\/blog\/wp-json\/wp\/v2\/media\/77"}],"wp:attachment":[{"href":"https:\/\/www.orangeprotocol.io\/blog\/wp-json\/wp\/v2\/media?parent=76"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.orangeprotocol.io\/blog\/wp-json\/wp\/v2\/categories?post=76"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.orangeprotocol.io\/blog\/wp-json\/wp\/v2\/tags?post=76"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}