A graphics and lighting preset (an “ENB” preset) for Skyrim Special Edition, built and maintained for about two years, 2024 to 2026, across roughly 280 releases. It evolved through named editions, ENB of the Elders, Cyan Dreams, Moody Blues, Universal, and finally Elder ENB, the same discipline applied to this project: ship, take feedback, iterate, ship again. 908,206 total downloads, 154,164 unique downloaders, and 2,383 endorsements on the public mod page. View on NexusMods.
Zain Dana Harper
Portfolio · writing, analysis, and the flagship engineering work.
Seattle, WA · remote / harperz9.github.io / github.com/HarperZ9 / zaindharper@gmail.com
How to read this index
A working index of writing and analysis samples, plus the engineering work that makes up the flagship line. Every claim links to a public artifact you can open: a crate, a marketplace listing, a repo, a release, or a live page. Maturity is stated plainly (shipped, release candidate, active), never inflated.
Material that could not be made public-safe was left out on purpose. See What is not here at the end.
Flagship engineering work
The current product line: public, inspectable engines that share one discipline, carry a re-checkable proof, never claim trust. Full detail on the flagships page.
- telos · the engine. A person and a model perceive the same thing, shape it, and verify every step. Open the Studio.
- index · the map. Repository-inventory and dependency-graph engine for many-repo workspaces. Public, PyPI index-graph 2.8.0. Open.
- gather · the intake. Accountable research intake with provenance receipts and digest seals. Public, PyPI gather-engine 1.5.0. Open.
- crucible · the judgment. Registers a thesis, steelmans its claims, measures them against a substrate, and refines the weakest axis. 1.1.0 release candidate. Open.
- forum · the orchestrator. Runs a team of agents and records every step in a witnessed causal ledger. v1.12.0, fair-source. Open.
- emet · the witness. Re-derives a file's bytes from scratch and reports MATCH, DRIFT, or UNVERIFIABLE. v1.0.0, four languages, on PyPI. Open.
- buildlang · the compiler. A typed-effects language: functions declare the effects they may perform and the lifetimes of the references they return, checked and lowered through a verified C path. v1.0.0. Open.
Private-line platform: Gate, Vault, Runtime, and Boundary are public where safe; Lab (Seed) and Ledger (Sofer) remain private/proprietary until their public-safe split is complete. The line carries release-gate receipts, MCP and CLI contracts, package checks, and public-safe documentation.
Creative work, shipped
Evidence of shipping, iterating on, and sustaining a widely used creative product over real time, not just a one-off release.
Graphics engines and reverse engineering
Native, from-scratch graphics work and the reverse-engineering practice it grew out of. Elder ENB seeded a line of D3D11/HLSL engines, and that game-systems work is where the binary-analysis and instrumentation skills came from.
A progression of from-scratch D3D11/HLSL frameworks that take ownership of a game's render pipeline through proxy-DLL interception and mid-frame compute dispatch: tens of effects and dozens of HLSL shaders (ACES and AgX, TAA, SSR, SSGI, GTAO, SDSM, volumetrics), an ImGui interface, CMake and vcpkg packaging, and a companion engine that bridges live game state to the GPU over read-only shared-memory IPC. This line was the primary vehicle for hands-on reverse engineering: binary analysis, runtime instrumentation, call-flow and memory mapping, and live game-state extraction.
Reverse-engineered live game state and built real-time scripting and automation frameworks across several titles. Aurora is a multi-language combat-scripting framework (Lua, a custom DSL, and TypeScript-to-Lua) with dozens of SDK modules and production rotations. Its defensive counterpart, Warden, is a C++23 integrity and capability-assessment engine used as a build-and-break substrate for runtime integrity and anti-cheat research. Described by capability; the repositories are private.
Technical writing
Clear documentation for technical readers: setup guides, script references, and admin runbooks.
A full reference for an Active Directory account-hygiene script: synopsis, parameters, usage examples, the annotated script, output format, and operational notes on replication lag and service accounts. Demonstrates writing that explains the why behind a tool, not just the syntax.
A step-by-step getting-started guide for a webhook management product, walking a new user from first endpoint through transformations to going live, with a troubleshooting section. Demonstrates task-first documentation written against a developer workflow.
UX research and case studies
Research-led product writing: how real users move through a system and where it helps or gets in the way.
A UX case study of a regional public-transit fare-card system, examining the rider experience and design decisions. Demonstrates structured UX research writing grounded in a real, public-facing service. Source is a formatted document; the public-safe subject is regional transit, no client or personal data.
Systems analysis
Operational and gap analysis of public infrastructure and large events: where a system is strained, and what would close the gap.
An analysis of a metropolitan public-transit system covering ridership, fleet, and capital-program trends from public data. Demonstrates turning open operational data into a clear read of system health.
A gap analysis of transit capacity against the demand profile of a major international event, with an operational playbook companion. Demonstrates scenario-driven capacity planning on public-interest infrastructure.
Data visualization
Turning public operational data into a readable picture.
An interactive dashboard component built on public ridership, fleet-availability, and capital-program data, with ridership trends, fleet status, and budget-variance views. Demonstrates clean, accessible data visualization driven entirely by open data.
What is not here
Several items from the working portfolio were deliberately excluded to keep this index public-safe. This list is part of the record, not a gap to apologize for.
- Vendor-branded product documentation (endpoint-security platform concept, task, and reference topics; sensor deployment and API guides; a documentation-restructuring proposal). Excluded because they are written as a specific security vendor's product documentation. Public-safe rewrites could be produced on request, with the vendor branding removed.
- Compliance documentation (access-control system security plan, incident-response and acceptable-use policies, ISO 27001 statement of applicability, SOC 2 trust-services documentation). Excluded because compliance documents carry client-specific control language and framework specifics that should not be published.
- Federal grant material (a federal grant application document). Excluded because grant templates and applications carry program- and applicant-specific detail.
- A managed-security RFP response. Excluded because it names a specific responding company, lists named key personnel, and includes business-registration identifiers. A fully anonymized version could be prepared if a proposal-writing sample is needed.
- A security-log regular-expression document and a webhook API-reference document. Excluded as a precaution because their contents could not be verified as free of environment-specific or client-specific detail from their stored format. They can be reviewed and added later if confirmed clean.
If you need a sample in one of the excluded categories, a sanitized, branding-free version can be produced on request. When in doubt, it was left out.
Updated 2026-06-30. Every sample is operator-owned and public-safe; the samples carry the evidence, not the description of them.