Add treasury proposal filters and links

[liangtovi-debug]

Summary

• add proposal_url and executed_ledger_url to treasury proposal responses, plus proposal_url on challenge responses
• support bounded status and action filters on GET /api/v1/treasury/proposals
• document the filters and link fields for admins and agents

Refs #597
/claim #597

Tests

• ./.venv/bin/ruff check app/treasury.py app/treasury_routes.py tests/test_treasury_proposals.py
• ./.venv/bin/python -m pytest tests/test_treasury_proposals.py
• ./.venv/bin/python scripts/docs_smoke.py
• ./.venv/bin/python -m pytest

Summary by CodeRabbit

• New Features
  • Treasury proposals now include proposal_url and executed_ledger_url; list endpoint supports status and action filters with validation and clear 400 errors for invalid values.
• Documentation
  • API and admin docs updated with examples for filtering proposals and noting the new URL fields.
• Tests
  • Added tests validating filter behavior (including control-character rejection) and presence of the new URL fields.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR adds proposal_url and executed_ledger_url to treasury proposal and challenge response dicts, enables validated status and action query filtering on /api/v1/treasury/proposals, and updates tests and documentation to cover the new fields and filters.

Changes

Treasury Proposal URLs and List Filtering

Layer / File(s)	Summary
Response data shape with URL fields app/treasury.py	challenge_to_dict and proposal_to_dict now include proposal_url; proposal_to_dict computes executed_ledger_url from the executed ledger sequence when present.
List endpoint query filtering app/treasury_routes.py	The /api/v1/treasury/proposals endpoint accepts optional status and action query parameters, normalized/validated via _normalized_filter (trim, lowercase, reject empty/control chars, membership check). Valid params add SQLAlchemy WHERE clauses; invalid inputs return HTTP 400 with allowed-values details. A module-level TREASURY_PROPOSAL_STATUSES constant is introduced.
Test coverage for response fields and filtering tests/test_treasury_proposals.py	Tests assert created/delayed proposals include proposal_url and executed_ledger_url=null, executed proposals include executed_ledger_url derived from ledger sequence, challenge responses include proposal_url, and new tests validate list filtering and reject control-character inputs.
Documentation for query parameters and response fields docs/admin-runbook.md, docs/agent-guide.md, docs/api-examples.md	Runbook, agent guide, and API examples add curl examples for filtering by status/action, document accepted values, and note proposal_url and executed_ledger_url fields in proposal rows.

Possibly Related PRs

• ramimbo/mergework#621: Related control-character validation logic for treasury query parameters.
• ramimbo/mergework#458: Earlier changes to the treasury proposals subsystem that this PR extends.

🚥 Pre-merge checks | ✅ 5 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	Description includes summary of changes, referenced issue, and test commands run, but does not follow the provided template structure with Evidence section details.	Restructure description to match template: add Evidence section with confusion/bug addressed, bounty check, intended files, expected size, and out-of-scope notes; list test checkboxes.

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title 'Add treasury proposal filters and links' directly names the two main changed surfaces: new filters and new link fields in treasury proposal responses.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Mergework Public Artifact Hygiene	✅ Passed	PR adds treasury proposal links and filters with no investment, price, cash-out, or fabricated payout claims. Docs include explicit warnings against such claims.
Bounty Pr Focus	✅ Passed	PR changes match Bounty #597 scope: proposal/executed_ledger URLs added, status/action filters with control-char validation implemented, tests and docs updated. No unrelated scope creep.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 282c478b-cf97-4b0e-b9a3-b1247988d0b7

📥 Commits

Reviewing files that changed from the base of the PR and between 1e424d2 and b3c0054.

📒 Files selected for processing (6)

• app/treasury.py
• app/treasury_routes.py
• docs/admin-runbook.md
• docs/agent-guide.md
• docs/api-examples.md
• tests/test_treasury_proposals.py

[coderabbitai]

🧹 Nitpick | 🔵 Trivial | 💤 Low value

Consider moving TREASURY_PROPOSAL_STATUSES to treasury.py for consistency.

TREASURY_ACTIONS is defined in treasury.py and imported here. Colocating both constants in the domain module would make the allowed values easier to maintain and discover.

[ramimbo]

Maintainer triage 2026-05-30T05:55Z: CI is green and this appears within #597 scope, but I am holding it for at least two useful current-head human reviews before merge. CodeRabbit’s current thread is a low-value nit, not a blocker here.

[yui-stingray]

Reviewed current head b3c0054911cb077a9f3c010c34169b320848d82f.

I found one blocker in the new treasury proposal filters. _normalized_filter() strips and lowercases the raw query value before validating membership, so a control-character-padded value can be accepted as valid after normalization, for example status=%09pending or action=%C2%85create_bounty.

That looks inconsistent with the recent control-character hardening pattern in this repository: raw control characters should be rejected before trim/lower normalization, especially on newly introduced public query filters. Please add coverage that these new status and action filters return a bounded 400 for raw control characters before accepting this path.

Evidence checked: public diff for app/treasury_routes.py and tests/test_treasury_proposals.py, current head SHA above, mergeable metadata, and hosted Quality, readiness, docs, and image checks reporting success. I did not run local tests. CodeRabbit’s current inline note is about constant placement and does not cover this input-normalization boundary.

[liangtovi-debug]

Addressed the current-head filter validation review in commit eb86b41.

What changed:

• Reject raw control characters in status / action query values before strip().lower() normalization.
• Added regression coverage for status=%09pending and action=%C2%85create_bounty, both returning bounded 400 responses.

Verification:

• ./.venv/bin/ruff check app/treasury_routes.py tests/test_treasury_proposals.py
• ./.venv/bin/python -m pytest tests/test_treasury_proposals.py -q -> 33 passed
• ./.venv/bin/python -m pytest -q -> 509 passed

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

app/treasury_routes.py (1)

1-1: ⚠️ Potential issue | 🟠 Major

Blocker: required checks for this Python change aren’t runnable here (mypy/pytest missing)

• ruff format --check . ✅ (87 files already formatted; all checks passed)
• ruff check . ✅ (all checks passed)
• mypy app ❌ (python: No module named mypy)
• pytest ❌ (pytest: command not found)

Please ensure mypy app and pytest run successfully in the PR/CI environment per the repo guidelines.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 27179010-e8aa-40ce-a7eb-cff099261a17

📥 Commits

Reviewing files that changed from the base of the PR and between b3c0054 and eb86b41.

📒 Files selected for processing (2)

• app/treasury_routes.py
• tests/test_treasury_proposals.py

[chinook1001]

Reviewed current head eb86b41ca74fa046cbe02435ee2044ec01693741 after the follow-up commits.

I approve this updated version. The earlier filter-normalization concern is addressed on the current head: _normalized_filter() now checks CONTROL_CHAR_RE against the raw query value before strip().lower(), so control-character-padded filters are rejected instead of normalized into accepted values.

Evidence checked:

• Inspected app/treasury_routes.py, app/treasury.py, tests/test_treasury_proposals.py, docs/admin-runbook.md, docs/agent-guide.md, and docs/api-examples.md.
• Verified status and action filters are restricted to explicit allowlists and compose with limit while preserving newest-first ordering.
• Verified raw control-character test coverage for status=%09pending and action=%C2%85create_bounty, plus invalid enum coverage for unsupported status/action values.
• Verified proposal/challenge dictionaries now expose detail URLs, and executed proposals expose executed_ledger_url only when an executed ledger sequence exists.
• Checked hosted PR metadata: current head matches the reviewed commit, PR is mergeable/clean, and Quality, readiness, docs, and image checks is green.

Local validation:

• ./.venv/bin/python -m pytest tests/test_treasury_proposals.py tests/test_docs_public_urls.py -q -> 57 passed, 1 Starlette/httpx deprecation warning.
• ./.venv/bin/python scripts/docs_smoke.py -> docs smoke ok.
• ./.venv/bin/python -m ruff check app/treasury.py app/treasury_routes.py tests/test_treasury_proposals.py -> passed.
• ./.venv/bin/python -m ruff format --check app/treasury.py app/treasury_routes.py tests/test_treasury_proposals.py -> already formatted.
• git diff --check origin/main...HEAD -> clean.

Verdict: APPROVED — the current head fixes the raw-control-character filter issue and the API/docs additions are covered by targeted tests. No private data, credentials, wallet material, production mutation, price/exchange/bridge claims, or fabricated payout claims used.

[xingxi0614-cpu]

Reviewed current head eb86b41ca74fa046cbe02435ee2044ec01693741.

I am requesting changes for mergeability rather than for the filter implementation itself. The follow-up commit appears to address the earlier raw-control-character concern by checking CONTROL_CHAR_RE before strip().lower(), and the PR includes regression coverage for status=%09pending and action=%C2%85create_bounty.

Evidence checked:

• Inspected the current PR diff for app/treasury.py, app/treasury_routes.py, tests/test_treasury_proposals.py, docs/admin-runbook.md, docs/agent-guide.md, and docs/api-examples.md.
• Verified the current PR metadata reports mergeable=CONFLICTING / mergeStateStatus=DIRTY.
• Reproduced the current-base merge conflict with a local merge-tree against current origin/main; the conflict is in docs/api-examples.md.
• Verified hosted checks are green on the PR head: Quality, readiness, docs, and image checks passed, and CodeRabbit passed/skipped without a current blocker.

Required follow-up:

• Please rebase or merge current main, resolve the docs/api-examples.md conflict, and rerun the relevant docs/API checks on the rebased head.

Verdict: REQUEST CHANGES until the current-base conflict is resolved. I did not run local tests because the branch does not currently merge cleanly onto main. No private data, credentials, wallet material, production mutation, price/exchange/bridge claims, or fabricated payout claims used.

[ramimbo]

Needs current-base refresh before maintainer review. This branch is currently conflicting/dirty against main; please rebase, resolve conflicts, rerun the relevant checks, and confirm the work still has a live scope/payment path. Closed or exhausted bounty references will not be stretched retroactively.

[attaboy11]

Reviewed current head eb86b41ca74fa046cbe02435ee2044ec01693741 against current origin/main 41c2e64d5cc666ac4850631fc37bac609b1e7c3e.

The implementation checks out locally, but the branch still needs a rebase/merge refresh before it is mergeable. I reproduced the conflict with:

• git merge-tree --write-tree origin/main HEAD -> content conflict in docs/api-examples.md

The conflict is in the treasury examples block: current main adds the GET /api/v1/treasury/status example and the treasury-status explanatory paragraph, while this PR adds the status/action proposal-filter curl examples plus the proposal_url / executed_ledger_url response-field note. The non-lossy resolution looks like keeping the new treasury/status line and paragraph from main, while retaining this PR two proposal-filter examples and response-field note in the same Read proposals section.

Local checks run on the current PR head before attempting any merge resolution:

• python -m pytest tests/test_treasury_proposals.py tests/test_docs_public_urls.py -q -> 57 passed, 1 Starlette/httpx deprecation warning
• python -m ruff check app/treasury.py app/treasury_routes.py tests/test_treasury_proposals.py -> passed
• python -m ruff format --check app/treasury.py app/treasury_routes.py tests/test_treasury_proposals.py -> already formatted
• python scripts/docs_smoke.py -> docs smoke ok
• git diff --check origin/main...HEAD -> clean

So my requested follow-up is narrow: rebase or merge current main, resolve only docs/api-examples.md by preserving both docs additions, then rerun the same targeted docs/API checks on the refreshed head. No private data, credentials, wallet material, production mutation, price/exchange/bridge claims, or fabricated payout claims used.

[aglichandrap]

Review: Add treasury proposal filters and links (PR #639)

Files inspected: app/treasury.py, app/treasury_routes.py, tests/test_treasury_proposals.py, docs/admin-runbook.md, docs/agent-guide.md, docs/api-examples.md

Behavior checked:

• proposal_url field added to proposal_to_dict and challenge_to_dict — consistent with existing URL pattern
• executed_ledger_url returns None for pending proposals, populated after execution — correct lifecycle
• New status and action filters use TREASURY_STATUSES and TREASURY_ACTIONS constants — no magic strings
• CONTROL_CHAR_RE imported for input validation on filter params — good security practice
• Tests cover: proposal detail includes proposal_url, executed_ledger_url is None when pending
• Docs updated consistently across admin-runbook, agent-guide, and api-examples

CI status: Mergeable state is dirty — branch needs rebase onto current main.

Finding: proposal_url is hardcoded as a relative path without API host prefix. Consistent with existing API patterns but clients need to prepend base URL.

Verdict: Clean, focused PR. Small scope, well-tested. The dirty merge state is the only blocker — a rebase should fix it.

[Gwani-28]

Reviewed PR #639 at current head eb86b41ca74fa046cbe02435ee2044ec01693741.

Blocker: this PR is currently not mergeable against origin/main because the merge tree conflicts in two docs files:

• docs/admin-runbook.md
• docs/api-examples.md

Evidence:

• GitHub reports the PR merge state as DIRTY.
• git merge-tree --write-tree origin/main HEAD exits non-zero and reports content conflicts in docs/admin-runbook.md and docs/api-examples.md.
• The code-side changes look scoped to proposal filters/links: proposal_url, executed_ledger_url, status/action filters, and validation for raw control characters.
• I inspected app/treasury.py, app/treasury_routes.py, the docs updates, and tests/test_treasury_proposals.py.

Validation on the PR head still passes:

• .venv/bin/python -m pytest tests/test_treasury_proposals.py tests/test_bounty_api.py tests/test_api_mcp.py -q -> 128 passed, 1 warning.
• .venv/bin/ruff check app/treasury.py app/treasury_routes.py tests/test_treasury_proposals.py -> passed.
• .venv/bin/ruff format --check app/treasury.py app/treasury_routes.py tests/test_treasury_proposals.py -> passed, 3 files already formatted.
• .venv/bin/python scripts/docs_smoke.py -> docs smoke ok.
• git diff --check origin/main...HEAD -> clean.

Suggested maintainer action: rebase/merge current main and resolve the two documentation conflicts, then rerun the focused treasury proposal tests and docs smoke. I would not merge this PR in its current state because the conflict blocks integration even though the PR head itself tests cleanly.

[JONASXZB]

Reviewed current head eb86b41ca74fa046cbe02435ee2044ec01693741 against current origin/main 0eb12a384da80cacf669b0fb98dc06afefbbd2e3.

Requesting changes because the branch is still not mergeable and the PR still needs a live-scope/payment-path refresh before maintainers can safely act on it. Evidence:

• GitHub reports mergeable_state=dirty for the current head.
• git merge-tree --write-tree origin/main HEAD exits non-zero with content conflicts in docs/admin-runbook.md and docs/api-examples.md. The non-lossy docs resolution should keep current main's https://api.mrwk.online examples, /api/v1/treasury/status coverage, executor/finalization/admin-token warnings, and availability metadata text while also retaining this PR's proposal status/action filter examples plus proposal_url / executed_ledger_url response-field note.
• The PR body still references /claim #597. A live bounty preflight on 2026-06-01 shows source issue #597 is availability_state=pending_payouts_full, effective_awards_remaining=0, effective_available_mrwk=0, with 6 pending payout proposals. That matches the maintainer's request to confirm a live scope/payment path before review/merge; please clarify or refresh the bounty reference after rebasing so the PR does not present an effectively unavailable bounty as claimable.

Implementation-side checks look good on the PR head before the merge conflict:

• inspected app/treasury.py, app/treasury_routes.py, tests/test_treasury_proposals.py, docs/admin-runbook.md, docs/agent-guide.md, and docs/api-examples.md;
• verified proposal_url / executed_ledger_url serialization, bounded status and action allowlists, raw control-character rejection before trim/lower normalization, and no payout/ledger mutation path changes beyond response metadata/filtering;
• ran MERGEWORK_DATABASE_URL=sqlite:////tmp/mergework-pr639-review-test.sqlite python -m pytest tests/test_treasury_proposals.py -q -> 33 passed, 1 warning;
• ran python scripts/docs_smoke.py, targeted Ruff check/format, python -m mypy app/treasury.py app/treasury_routes.py, and a local treasury proposal filter/link smoke;
• hosted status is green for this head (CodeRabbit: success; Quality, readiness, docs, and image checks: success).

So the remaining blocker is current-base refresh plus bounty-path clarification, not the core filter/link implementation.

[Jorel97]

Reviewed current head eb86b41ca74fa046cbe02435ee2044ec01693741 against current origin/main 2a69dd04c541272d2d2cbd4d54f3b6531a87b175 as a non-author.

The PR-head implementation still looks focused and its targeted checks pass, but I am requesting changes because this branch is now materially stale against current main and the original bounty path is no longer live.

Current blockers:

• GitHub reports mergeStateStatus: DIRTY.
• git merge-tree --write-tree origin/main HEAD exits non-zero against current main and reports content conflicts in all six touched files: app/treasury.py, app/treasury_routes.py, docs/admin-runbook.md, docs/agent-guide.md, docs/api-examples.md, and tests/test_treasury_proposals.py.
• This is broader than the earlier docs-only conflict state. A refresh needs to preserve current main's newer treasury proposal filtering/recipient/bounty-id behavior and finalization/admin docs while retaining this PR's useful proposal URL / executed ledger URL response additions if maintainers still want them.
• The PR body still says Refs #597 and /claim #597, but a live bounty lookup now shows ramimbo/mergework#597 is status=paid, availability_state=paid, awards_remaining=0, and effective_awards_remaining=0. Please refresh or remove the stale claim path so the PR does not present an exhausted bounty as currently claimable.

Implementation-side evidence on the PR head before merge resolution:

• Inspected app/treasury.py, app/treasury_routes.py, docs/admin-runbook.md, docs/agent-guide.md, docs/api-examples.md, and tests/test_treasury_proposals.py.
• Verified the PR-head code adds proposal_url, executed_ledger_url, status / action filters, raw control-character rejection before trim/lower normalization, and focused treasury proposal coverage.
• Hosted Quality/readiness/docs/image and CodeRabbit are successful for this head.

Validation run locally on this head:

• PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 python -m pytest tests/test_treasury_proposals.py tests/test_docs_public_urls.py -q -> 57 passed, 1 existing Starlette/httpx warning.
• ruff check app/treasury.py app/treasury_routes.py tests/test_treasury_proposals.py -> passed.
• ruff format --check app/treasury.py app/treasury_routes.py tests/test_treasury_proposals.py -> 3 files already formatted.
• python -m mypy app/treasury.py app/treasury_routes.py -> success.
• python scripts/docs_smoke.py -> docs smoke ok.
• git diff --check origin/main...HEAD -> clean.

No private data, credentials, wallet material, production mutation, payout/proof/ledger execution, exchange, bridge, cash-out, price behavior, or fabricated payout claims were used or changed.

[vondutchi]

Reviewed current head eb86b41ca74fa046cbe02435ee2044ec01693741 as a non-author against refreshed origin/main 6d324f048319a84cf4b9972d31e6cb81cd4ba036 (merge-base 1e424d21e0921d5fa56829d6d1d305262ccee46d).

The treasury proposal filter/link implementation still validates on the PR head, but this branch is substantially out of date against current main.

Evidence checked:

• Inspected the current six-file diff: app/treasury.py, app/treasury_routes.py, docs/admin-runbook.md, docs/agent-guide.md, docs/api-examples.md, and tests/test_treasury_proposals.py.
• .venv/bin/python -m pytest tests/test_treasury_proposals.py -q -> 33 passed, 1 warning in 1.45s.
• .venv/bin/python scripts/docs_smoke.py -> docs smoke ok.
• .venv/bin/ruff check app/treasury.py app/treasury_routes.py tests/test_treasury_proposals.py -> all checks passed.
• .venv/bin/ruff format --check app/treasury.py app/treasury_routes.py tests/test_treasury_proposals.py -> 3 files already formatted.
• .venv/bin/mypy app/treasury.py app/treasury_routes.py -> Success: no issues found in 2 source files.
• git diff --check origin/main...HEAD passed.
• Current-base mergeability is blocked: git merge-tree --write-tree origin/main HEAD exits non-zero with content conflicts in app/treasury.py, app/treasury_routes.py, docs/admin-runbook.md, docs/agent-guide.md, and docs/api-examples.md; merge-tree output included tree 58a3d80e8588b9f023bd8d11b8db023a94c56f0b. GitHub reports mergeStateStatus=DIRTY.
• Hosted status rollup shows Quality, readiness, docs, and image checks successful and CodeRabbit successful on the PR head.

Requested follow-up: rebase/merge current main, resolve the treasury/docs conflicts, and rerun focused treasury proposal tests plus docs smoke before merge. No private data, wallet material, payout execution, treasury mutation, exchange, bridge, cash-out, or price behavior was used.

[ramimbo]

Maintainer queue pass 2026-06-02: closing as stale/superseded. main already has treasury proposal filters and proposal detail links in the API/runbook, and this branch remains dirty against current main with repeated requested-changes for mergeability. #597 is exhausted, so there is no live payment path here. If a distinct current gap remains, please open a fresh focused PR against a live bounty.