Zain Dana Harper

Systems engineer · AI accountability · compilers · real-time graphics · security

Independent · Seattle · since 2023/ harperz9.github.io/ github.com/HarperZ9/ zaindharper@gmail.com

Profile

A self-taught systems engineer working across an unusually wide stack — compiler internals, real-time graphics, color science, AI accountability, and offensive/defensive security — held together by a single discipline: everything proves itself. No claim ships without a test, a witnessed byte, or an inspectable artifact beside it; maturity is labeled, never inflated. The breadth isn’t scatter — it’s one conviction worked out in security and in creation at once, two trades that rarely sit at the same table.

The current work is the accountability layer the agentic era requires: making a machine's perception and action answerable to evidence instead of asserted. It is built on years of the opposite discipline — understanding how systems are attacked and evaded, red-teamed to where they break — because you build an honest system best when you know every way one lies. That arc, adversary to accountability, is the through-line. Underneath the breadth is one operation I designed and named — the reconcile: perceive any artifact, check it against a criterion it did not author, carry a re-runnable proof, say UNVERIFIABLE when you can’t. Security and creativity are that same operation with a different criterion, so one architecture serves every domain — and I architected and shipped all of it solo, directing AI as a coordinated engineering teammate, the integration and every verified claim kept first-party.

Areas of expertise

Accountability: Witnessed perception · default-deny authorization gates · bilateral provenance · cryptographic witnessing · content-addressed state
AI safety & classifier research: Deep, hands-on classifier-behavior expertise · adversarial robustness & failure-mode analysis · safety-mechanism research from both sides · advanced proprietary adversarial tooling, held private · the moving frontier, worked deeply
Compilers: Lexing · parsing · type & effect systems · interprocedural lifetime analysis · native codegen
Real-time graphics: D3D11 / HLSL real-time rendering · screen-space GI / AO / reflections · temporal anti-aliasing & reprojection · spatiotemporal denoising (SVGF / à-trous) · physically-based lens optics, bloom & atmospherics · film color science & LUT pipelines · HDR tone mapping · proxy-DLL pipeline injection
Color science: Perceptual color spaces · CIECAM02 / CAM16 · ΔE · ICC · HDR tone mapping
Reverse engineering: Binary analysis & decompilation · proxy-DLL interception & vtable hooking · live memory / state re-derivation · game-engine & proprietary-engine RE · instrumentation · systems-level integrity (build-and-break, in service of defense)
Offensive security & adversarial AI: AI red-teaming · jailbreak & adversarial-robustness research · social engineering & human-factors · C2 / offensive tooling & red-team infrastructure · prompt-injection & model-failure analysis — security and safety infrastructure, built by understanding how systems break
Native & systems: Native driver development (DDC/CI display control, standalone of ArgyllCMS) · signal & information theory (entropy, mutual information, Granger, PELT, FFT) · CMake / C++ build · SKSE / plugin architecture
Agent systems & orchestration: Scoped / expiring authority · witnessed action · capability platforms · multi-agent orchestration — directing AI as a coordinated engineering teammate (parallel discovery · review · build)
Design & front-end: Hand-built design systems · semantic HTML / CSS · WebGL / Canvas · generative & algorithmic visual work · responsive, accessible, zero-dependency UI · typographic & visual design
Architecture & program: Cross-domain systems abstraction (the reconcile) · multi-repo superproject coordination across ~100 logical projects · spec → plan → build · proof-first release engineering

The body of work

Integrative architecture & delivery — the rare combination systems · program · design

One abstraction proved by instances; a multi-repo program; AI directed as a coordinated teammate; and the design to present it all.

Abstract systems design — unified the whole stack under one operation (the reconcile), demonstrated across 15+ organs: the same loop is accountability’s spine, security’s gate, provenance’s witness, and creativity’s novelty-criterion — cross-domain abstraction rarely arrived at, and harder to ship.
Program management — a multi-repo superproject under spec → plan → build: an ecosystem map and registry across ~100 logical projects, release engineering across many packages, every claim tracked to its receipt.
AI as a coordinated engineering teammate — architected and built solo by directing multi-agent systems (parallel agents for discovery, review, construction) at a scale and breadth one person could not otherwise reach — architecture, integration, and every verified claim kept first-party. Directing AI at this level is itself a discipline.
Design & front-end — designed and hand-built the portfolio itself: a zero-dependency design system (semantic HTML / CSS / JS, WebGL, a live in-browser generative engine), proof-carrying and accessible — the presentation is a worked artifact, not a template.

The accountability spine — flagship public · tested

A composable stack that runs one loop — perceive → gate → act → verify → witness.

EMET — the witness. Re-derives a file's bytes and answers MATCH / DRIFT / UNVERIFIABLE, never trusted. 19/19 conformance across three independent language implementations (Python · Rust · Node).
coherence-membrane — the read-gate. Turns a model's state-blindness into witnessed, re-derivable observations across an organ family (visual · raw · region · structured · audio · caption). Zero dependencies; 868 tests; PyPI.
proof-surface — the write-gate. A default-deny, fail-closed authorization contract: expiring least-privilege grants, work-record receipts, delegation chains rooted in a real human with monotonic scope attenuation. Stdlib-only; 258 tests; PyPI.
accountable-surface — the loop. A model perceives natively, acts only on an allow, and re-perceives to confirm. MCP server + filesystem/web/command effectors, inert until authorized; 201 tests, including a 39-test adversarial integrity suite (forge a digest, manufacture a grant, escape a bound — each refused).
accountable-engine — the bilateral critic: the same evidentiary standard turned on the operator, not only the machine.

Compilers & languages

QuantaLang / quantac — a typed-effects language. A function's signature names the effects it may perform and the lifetimes of the references it returns; the compiler checks both and lowers to native code through a C backend. 1002 passed / 11 ignored; C backend end-to-end, other targets experimental.

Systems & graphics

signal-kernels — header-only C++23: entropy, mutual information, divergences, Granger causality, PELT changepoint, FFT.
anomaly-kernels — C++23 anomaly detection: baselines, z-score/IQR, temporal correlation.
RAW (Rendering Advancement Workshop) — a public real-time D3D11 rendering platform: a proxy DLL owning the pipeline with mid-frame dispatch of screen-space GI, AO, and reflections (GTAO · SSGI · SSR · skylighting). The reverse-engineering/graphics origin, maturing toward the foundation's spatial, live-state visual engine. → project page
gpu-trace-validator — a focused public tool: validate GPU-trace JSON against a schema and emit bounded receipts.

Color science

quanta-color — 15+ color spaces, CIECAM02/CAM16, perceptual ΔE, ICC, HDR tone mapping; GUI and CLI; PyPI v1.0.1.
calibrate-pro — Windows display calibration; DDC/CI, ICC / 3D-LUT output.

Release & agent toolkit — shipping discipline

6 packages published to PyPI — proof-surface, public-surface-sweeper, repo-proof-index, model-provenance-validator, workspace-repo-map, quanta-color — with a wider ring of release-safety and agent tools public on GitHub (secret-redact-io, release-surface-scanner, provenance-sensorium, proof-surface-report, agent-routing-kit, context-curator-lite, workflow-harness-lite, gpu-trace-validator, and more). → the toolkit page says exactly which is which.

Security & platform — private; by capability

A C++23 integrity / anti-cheat framework (~3,000 tests across ~59 modules) — detecting tampering, evasion, and manipulation by understanding exactly how they are done.
An agent-orchestration / capability platform — scoped, expiring, witnessed authority at scale; the production foundation the public accountability organs were extracted from.
Binary reverse-engineering, instrumentation, and red-team research across the stack — repurposed inward, to make the accountability platform self-accountable by adversarial construction.

Research & writing

The Accountability Conjecture — a falsifiable theory of intrinsic, bilateral accountability, with a working proof-of-concept; states its own epistemic status (pre-proof) and the path to a law. MIT, dated, authored.
Senses and Sensibility — the concise statement of the four principles and the accountable loop.
Conferred Existence — a long-form philosophical corpus (an argument that nothing grants itself its own existence, and what that implies for accountability) from which the accountability thesis is extracted; published at senses-and-sensibility (MIT, dated). See the research page →

Selected receipts

19/19 EMET conformance 868 coherence-membrane 258 proof-surface 201 accountable-surface (39 adversarial) 1002 QuantaLang (11 ignored) ~3,000 integrity framework 6 on PyPI (+ GitHub)

Approach

Curious to a fault — ideas from biology, geometry, and color perception routinely end up in the software (the portfolio's imagery is real mathematics rendered from macro photography by iamBeTa). Honest about limits, public with receipts, and tested against the attacks each guarantee claims to survive.

No computer-science degree. Independent since 2023. Architected and shipped solo, in the open; the work is the credential. Updated 2026-06-23.