BOUNTY

Autonomous HackerOne / Bugcrowd filer. Wraps DRAGNET red dots + FINGERPRINT deltas + MOLE verdicts into subpoena-quality evidence packets, then dispatches to the platform with the operator's auth token (read from env, never logged, never in the body).

Auth tokens stay LOCAL — signing keys never leave the operator

The platform auth token is read from an env var at submission time. It is never embedded in the EvidencePacket body, the BountySubmission record, or the adapter's logged output. Adapters strip Bearer/Token strings from upstream error responses before returning them.

The operator's Pluck signing key plays no role in adapter dispatch. The packet body lists Rekor uuids + a cosign verify command that anyone can run independently of the operator.

CLI

pluck bureau bounty file <rekor-uuid> --target hackerone --program openai --auth-env H1_TOKEN --subpoena <uuid> --vendor openai --model gpt-4o --accept-public
pluck bureau bounty track <submission-id>
pluck bureau bounty claim <bounty-id>

Predicate URIs

https://pluck.run/EvidencePacket/v1 – the subpoena-quality body
https://pluck.run/BountySubmission/v1 – post-submission record

Rate limits

HackerOne: 600 submissions / hour
Bugcrowd: 300 submissions / hour

Submissions over the local rate limit are refused with status 429 BEFORE a request is sent. Cross-process limits are the operator's responsibility.