MRWK bounty: review open MergeWork PRs with evidence, round 15

[ramimbo]

MRWK Bounty

Reward: 40 MRWK per accepted award
Max awards: 30

Round 14 is #574. This round covers distinct useful PR reviews after #574 fills.

Work Needed

Review open MergeWork PRs with specific evidence. Focus on duplicates, overlap, mergeability, failing checks, stale bounty references, security/public-copy risks, whether the change is actually useful, and whether it might conflict with active maintainer branches.

Accepted review claims must:

• Be by someone other than the PR author.
• Link a GitHub PR review or concise PR comment.
• Include concrete evidence: files inspected, behavior checked, commands run, CI status reviewed, or an actionable finding.
• Be distinct from already paid review claims.
• Help maintain the project rule that PRs need at least two useful reviews before maintainer acceptance.

Duplicate, vague, self-review, rubber-stamp, misleading, or superseded duplicate reviews do not qualify.

How To Submit

Comment here with /claim and the PR review or PR-comment URL. Keep the claim short and evidence-backed.

Evidence or Tests Required

Include the PR number, what you inspected, and the commands or checks you ran. If you request changes, state the blocker clearly and avoid private vulnerability details.

Out of Scope

Do not post private keys, seed material, OAuth tokens, cookies, admin tokens, private vulnerability details, price claims, investment claims, liquidity claims, exchange claims, bridge promises, off-ramp promises, or fabricated payout claims.

Duplicate and Stale Work Rules

The first useful review of a distinct issue is preferred. Repeating the same finding without new evidence may be skipped. Reviews of stale, duplicate, or superseded PRs only qualify when the review identifies a real actionable issue or a clear reason to close, rebase, or hold the PR.

[ramimbo]

Reserved on MergeWork: https://mrwk.ltclab.site/bounties/85

[eliasx45]

/claim #452 (review)

Re-claiming in active round #578 because round #574 filled/closed before the claim comment landed there.

Reviewed PR #452 at current head af43a1e5342ac2d1a7e2dc49973777f8bbd8a668 and approved. Evidence: inspected the public status/docs/hub transfer-path surfaces, verified they expose current MRWK transfer paths and explicitly mark public BTC/USDC/fiat/bridge/exchange/off-ramp paths unsupported while preserving legacy future_path; ran pytest tests\test_status.py tests\test_api_mcp.py::test_public_pages_clarify_current_transfer_paths tests\test_public_routes.py -q -> 4 passed, ruff check/format on touched files -> passed, mypy app/status.py app/public_routes.py -> success, scripts\docs_smoke.py -> docs smoke ok, git diff --check origin/main...HEAD -> clean, and a current-main merge probe auto-merged cleanly then was aborted.

[eliasx45]

/claim #465 (review)

Re-claiming in active round #578 because round #574 filled/closed before the claim comment landed there.

Reviewed PR #465 at current head c6aa8b4e550f1c6ab46e7fa03beece9f7455719c and approved. Evidence: inspected docs/api-examples.md, scripts/docs_smoke.py, and tests/test_docs_public_urls.py; verified the documented treasury:mrwk response matches the internal-ledger account shape with github_login: null, live balance_mrwk, internal-ledger transfer_status, and empty accepted-work summary fields; verified the docs warn treasury/reserve balances are live snapshots. Ran docs smoke -> ok, pytest tests\test_docs_public_urls.py -q -> 22 passed, focused account/API tests -> 3 passed, ruff check/format -> passed, mypy app -> success, git diff --check origin/main...HEAD -> clean, and a current-main merge probe auto-merged cleanly then was aborted.

[akmhatey-ai]

/claim #579 (review)

Reviewed PR #579 at head 8ac2883b814c3ed7ddf96ed75050fe04ba20a1b4 and requested changes. It deletes the project rather than making a scoped UX/functionality improvement: GitHub reports 132 changed files, 23,102 deletions, 46 additions, zero prior reviews, and CodeRabbit still pending. The returned file list already shows core app, CI, docs, migrations, scripts, and tests deleted, with only supa_solution.md added. gh pr diff --name-only also returned HTTP 406 because the diff exceeds GitHub's 20,000-line limit. No private data, wallet material, price/off-ramp claim, production mutation, or secrets were used.

[eliasx45]

/claim #495 (review)

Reviewed PR #495 at current head 2f55311 and approved. Evidence: inspected app/activity.py, app/serializers.py, tests/test_activity.py, docs/api-examples.md, and tests/test_docs_public_urls.py; verified limit is bounded to 1..100 on both API/page routes, totals/contributors remain based on the full matching activity set, and only recent rows are sliced; verified docs and regression assertions cover default/range/recent-only behavior. Ran focused activity/docs tests -> 5 passed, docs smoke -> ok, ruff check/format -> passed, mypy app -> success, git diff --check origin/main...HEAD -> clean, and current-main merge probe auto-merged cleanly then was aborted.

[eliasx45]

/claim #486 (review)

Reviewed PR #486 at current head 720f1f1 and approved. Evidence: inspected app/serializers.py and tests/test_activity.py; verified broad activity search still runs first, digit-only # parsing prevents malformed hash queries from broadening matches, exact matching covers bounty_id and bounty_issue_number, and API/HTML tests preserve displayed # queries while covering valid and invalid cases. Ran activity/serializer tests -> 8 passed, docs smoke -> ok, ruff check/format -> passed, mypy app -> success, git diff --check origin/main...HEAD -> clean, and current-main merge probe auto-merged cleanly then was aborted.

[eliasx45]

/claim #470 (review)

Reviewed PR #470 at current head e99f857 and approved. Evidence: inspected app/bounty_sorting.py, route callers, and tests/test_bounty_pages.py; verified whitespace-only sort now defaults to newest, non-empty invalid sort values still return the existing validation error, and API/page tests cover order plus selected UI state. Ran focused bounty route tests -> 8 passed, docs smoke -> ok, ruff check/format -> passed, mypy app -> success, git diff --check origin/main...HEAD -> clean, and current-main merge probe auto-merged cleanly then was aborted.

[eliasx45]

/claim #579 (review)
Reviewed PR #579 at current head 8ac2883 and requested changes. Evidence: GitHub reports 132 changed files, 46 additions, 23,102 deletions, and mergeStateStatus DIRTY. The branch deletes core application, template/static, webhook, API, docs, migrations, scripts, CI/config, and test files while only adding supa_solution.md. This is not a scoped UX/functionality improvement and cannot be accepted as a bounty PR. I did not run local tests because the branch removes the app and tooling needed for meaningful validation.

[eliasx45]

/claim #478 (review)
Reviewed PR #478 at current head 2708989 and approved. Evidence: inspected scripts/submission_quality_gate.py and tests/test_submission_quality_gate.py; verified the live API bounty loader uses the 200-row cap, rejects malformed API rows, wraps UTF-8/JSON/network failures for bounty and attempts calls, and carries validated API state into payability. Ran submission quality gate tests -> 29 passed, docs smoke -> ok, ruff check/format -> passed, mypy app plus gate script -> success, git diff --check origin/main...HEAD -> clean, and current-main merge probe auto-merged cleanly then was aborted.

[eliasx45]

/claim #481 (review)
Reviewed PR #481 at current head 0cab8e3. Evidence: inspected scripts/submission_quality_gate.py and tests/test_submission_quality_gate.py; verified API state now overrides stale GitHub issue state in live-context payability and the regression covers GitHub CLOSED / API open with awards remaining. Also checked overlap with PR #478 and noted #481 is correct standalone but likely redundant if #478 is accepted first. Ran focused/full submission gate tests -> 24 passed, docs smoke -> ok, ruff check/format -> passed, mypy app plus gate script -> success, git diff --check origin/main...HEAD -> clean, and merge probe vs origin/main auto-merged cleanly then was aborted.

[eliasx45]

/claim #496 (review)
Reviewed PR #496 at current head a80db6e and approved. Evidence: inspected docs/agent-guide.md, docs/api-examples.md, tests/test_docs_public_urls.py, app/mcp.py, and app/mcp_tools.py; verified documented list_bounties filters match implementation for status open/paid/closed, q text or issue-number search, and limit 1..100/default 25. Ran docs/MCP/bounty tests -> 15 passed, docs smoke -> ok, ruff check/format -> passed, mypy app -> success, git diff --check origin/main...HEAD -> clean, and current-main merge probe auto-merged cleanly then was aborted.

[eliasx45]

/claim #544 (review)
Reviewed PR #544 at current head 25483ad and approved. Evidence: verified the treasury direct-proposal bounty-id guard bounds oversized IDs before persistence for both pay_bounty and close_bounty proposal payloads; regression covers 2**63 returning a bounded 400 and no TreasuryProposal row. Validation included treasury proposal tests -> 23 passed, full suite -> 436 passed, docs smoke -> ok, ruff check/format -> passed, mypy app/treasury.py -> success, git diff --check against the governance base -> clean, and hosted checks were green.