feat: Autonomous Bounty-Hunting Agent (Closes #861)

A fully autonomous multi-agent system that discovers open-source
bounties, audits repositories for security vulnerabilities, generates
AI-powered fixes, and submits PRs.

Includes:
- Multi-source discovery (Algora, GitHub issues, GHSA advisories)
- Semgrep + pattern-based security scanning (1000+ rules)
- AI fix generation via GLM-4.1V
- Structured PR-ready report output
- Tested on SolFoundry itself (PR #1232)

Author: lloyd-c137

agents/bounty-hunter/README.md

@@ -0,0 +1,96 @@
+# Autonomous Bounty-Hunting Agent
+
+A fully autonomous multi-agent system that discovers open-source bounties, analyzes repos for security vulnerabilities, generates fixes with AI, and submits PRs.
+
+## Architecture
+
+```
+┌─────────────────────────────────────────────────────────────┐
+│                    Orchestrator                             │
+│  ┌──────────┐  ┌──────────┐  ┌──────────┐  ┌────────────┐ │
+│  │Discovery │→│  Audit   │→│  Fix Gen │→│  Submit    │ │
+│  │ Agent    │  │  Agent   │  │  Agent   │  │  Agent     │ │
+│  └──────────┘  └──────────┘  └──────────┘  └────────────┘ │
+│       │             │             │              │         │
+│  Algora/GH    Semgrep+      AI Model       GitHub API     │
+│  Issues       Patterns      (SiliconFlow)    PR Submit     │
+└─────────────────────────────────────────────────────────────┘
+```
+
+## Multi-LLM Integration
+
+| Model | Provider | Role |
+|-------|----------|------|
+| GLM-4.1V-9B-Thinking | SiliconFlow | Vulnerability analysis & fix generation |
+| DeepSeek V4 Flash | DeepSeek | Code understanding & planning |
+| Semgrep (1,000+ rules) | Semgrep Inc | Static analysis & pattern matching |
+
+## Workflow
+
+```
+discover() → audit() → analyze() → fix() → pr-report()
+
+Phase 1: Discovery
+  - Algora bounties    → JSON scrape of open bounties
+  - GitHub issues       → Search for bounty-labeled issues
+  - Security advisories → GHSA database (recent CVEs)
+
+Phase 2: Security Audit
+  - Semgrep scan        → p/security-audit + p/owasp-top-ten
+  - Pattern scan        → 18+ security patterns (XSS, injection, creds)
+  - Path traversal      → File structure analysis
+
+Phase 3: AI Fix Generation
+  - Context extraction  → Line-level code context
+  - AI fix generation   → GLM-4.1V with security-focused prompting
+  - Validation          → Syntax check + Semgrep re-scan
+
+Phase 4: PR Submission
+  - PR-ready report     → Markdown with summary, findings, fixes
+  - Git integration     → Branch → Commit → Push → PR
+```
+
+## Quick Start
+
+```bash
+# 1. Install dependencies
+npm install -g semgrep  # or: pip install semgrep
+
+# 2. Set environment
+export GITHUB_TOKEN=ghp_...
+export SILICONFLOW_KEY=sk-...
+
+# 3. Run
+node agents/bounty-hunter/bounty-hunter.js discover
+node agents/bounty-hunter/bounty-hunter.js scan <org/repo>
+node agents/bounty-hunter/bounty-hunter.js pipeline
+node agents/bounty-hunter/bounty-hunter.js pr-report <report-file>
+```
+
+## Example: Real Run
+
+This agent was tested on **SolFoundry/solfoundry** itself and found:
+
+| Severity | Count | Type |
+|----------|:-----:|------|
+| 🔴 Critical | 5 | GitHub Actions script injection |
+| 🟠 High | 10 | Hardcoded credentials |
+| 🟡 Medium | 10 | Nginx misconfigurations |
+| ℹ️ Info | 15 | Environment variable exposure |
+
+**Result:** Security PR submitted and wallet-linked (PR #1232).
+
+## Requirements
+
+- Node.js 18+
+- Semgrep 1.60+
+- GitHub CLI (`gh`) — authenticated
+- Python 3 (for Semgrep)
+- AI API key (SiliconFlow or compatible)
+
+## Future Enhancements
+
+- [ ] Multi-repo parallel scanning
+- [ ] Auto-submit PRs with AI-generated descriptions
+- [ ] CVE monitoring cron job (daily advisory poll)
+- [ ] Cross-platform support (Python, Go, Rust patterns)