Add MCP bounty filters

[g8rr5dg2p7-svg]

Bounty #284

Summary

• Adds optional status, q, and limit arguments to the MCP list_bounties tool.
• Keeps the default MCP behavior as open bounties only, ordered newest first, capped at 25.
• Lets agents inspect paid or closed bounty state and search by repo/title/acceptance text or issue number without scraping REST pages.
• Updates the MCP tool description so agents can discover the available filters through tools/list.

Exact MCP behavior

• list_bounties with {} still returns open bounty rows only.
• list_bounties with { "status": "paid", "q": "proof", "limit": 1 } returns matching paid bounty rows through the same JSON-RPC text content wrapper.
• list_bounties with { "status": "closed", "q": "286" } can find a closed bounty by GitHub issue number.
• Invalid status, non-string query text, zero limit, or limit above 100 return the existing JSON-RPC invalid-arguments error path.

Verification

• .venv/bin/python -m pytest tests/test_api_mcp.py::test_mcp_tools_list_and_call tests/test_api_mcp.py::test_mcp_list_bounties_filters_status_query_and_limit tests/test_api_mcp.py::test_mcp_list_bounties_rejects_invalid_filters -q -> 7 passed
• .venv/bin/python -m pytest tests/test_api_mcp.py -q -> 47 passed, 1 warning
• .venv/bin/python -m pytest -q -> 215 passed, 2 warnings
• .venv/bin/ruff check . -> all checks passed
• .venv/bin/ruff format --check . -> 37 files already formatted
• .venv/bin/python -m mypy app -> success
• .venv/bin/python scripts/docs_smoke.py -> docs smoke ok
• .venv/bin/python scripts/check_agents.py -> AGENTS.md ok
• git diff --check -> clean

No private keys, wallet material, deployment credentials, payout details, private vulnerability details, or price claims are included.

Summary by CodeRabbit

• New Features
  • Bounty listing now supports optional filtering by status (open, paid, closed), text search capabilities, and customizable result limits (1–100, default 25) instead of showing only open bounties with a fixed limit.

[TateLyman]

Thanks for adding MCP-side bounty filters. I found one blocker: the new MCP q path reintroduces the oversized numeric search crash that PR #285 just fixed for the REST/page search path.

In _call_mcp_tool() the new branch does:

issue_number = int(query_text) if query_text.isdigit() else None
...
Bounty.issue_number == issue_number

For a very large digit-only query, Python can create the int, but SQLite cannot bind it to an INTEGER column. Direct repro on this PR head:

client.post('/mcp', json={
    'jsonrpc': '2.0',
    'id': 1,
    'method': 'tools/call',
    'params': {
        'name': 'list_bounties',
        'arguments': {'q': '9' * 40},
    },
})

Observed: OverflowError: Python int too large to convert to SQLite INTEGER escapes the request path.

Expected: the MCP filter should behave like the public bounty search path after PR #285: keep text matching, but skip the exact issue-number predicate when the numeric string exceeds the signed SQLite integer range.

Evidence checked:

• Inspected the new list_bounties MCP filter branch in app/main.py and compared it to the public bounty search overflow fix.
• Inspected the new MCP filter tests in tests/test_api_mcp.py; current invalid-filter tests cover status, non-string q, and limit bounds, but not oversized numeric q.
• Ran the targeted MCP filter tests: ./.venv/bin/python -m pytest tests/test_api_mcp.py::test_mcp_list_bounties_filters_status_query_and_limit tests/test_api_mcp.py::test_mcp_list_bounties_rejects_invalid_filters -q -> 6 passed.
• Ran the direct TestClient repro above; it raises OverflowError.
• Ran ./.venv/bin/ruff check app/main.py tests/test_api_mcp.py, ./.venv/bin/ruff format --check app/main.py tests/test_api_mcp.py, and git diff --check -> passed.
• Checked hosted Quality, readiness, docs, and image checks -> passing, so this needs a new regression.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 818abb6e-1a2c-4b2d-b642-c492d821d2e2

📥 Commits

Reviewing files that changed from the base of the PR and between 1eb4c77 and e621d31.

📒 Files selected for processing (2)

• app/main.py
• tests/test_api_mcp.py

---

📝 Walkthrough

Walkthrough

The list_bounties MCP tool now accepts optional status, q, and limit filters. Tool registration advertises these filters; implementation validates and applies them, with status defaulting to open and limit capped at 100. Tests comprehensively verify filtering behavior and error handling for invalid arguments.

Changes

MCP list_bounties filtering

Layer / File(s)	Summary
Tool description and filter implementation app/main.py	The tool description in the MCP tools/list response now advertises status, q, and limit filters. The _call_mcp_tool implementation adds validation helpers and updates the database query to apply optional status filtering (defaulting to open), optional query text filtering (SQL LIKE on repo/title/acceptance plus numeric issue-number matching), and a validated limit (capped at 100) instead of the previous fixed open+25 query.
Filtering behavior and validation tests tests/test_api_mcp.py	Test assertion confirms the tool description includes the filter-descriptor text. New comprehensive tests verify default open-only results, status/query/limit combinations for open/paid/closed bounties, and empty results for oversized queries. Parameterized tests confirm that invalid filter arguments (unsupported status, non-string status, invalid q, out-of-range limit) are rejected with MCP error code -32602 and message invalid tool arguments over HTTP 200.

Sequence Diagram

sequenceDiagram
  participant Client
  participant MCPHandler
  participant Database
  Client->>MCPHandler: call list_bounties(status, q, limit)
  MCPHandler->>MCPHandler: validate status, q, limit
  MCPHandler->>Database: query bounties with filters
  Database->>Database: apply status filter (default open)
  Database->>Database: apply q filter (LIKE + numeric)
  Database->>Database: apply limit (max 100)
  Database-->>MCPHandler: filtered bounties
  MCPHandler-->>Client: list_bounties results

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

A bounty tool now filters bright,
With status, query, limits tight,
Tests hop through each bounty state,
Validating filters—simply great! 🐰✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title clearly and concisely describes the main change: adding filters (status, q, limit) to the MCP bounty listing tool.
Description check	✅ Passed	The description includes all required template sections: Summary with clear bullet points, Evidence of what this addresses, comprehensive Test Evidence with verification results, and Related bounty reference. All content is complete and specific.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[g8rr5dg2p7-svg]

Updated in e621d31.

Changes after review:

• Rebased onto current upstream main.
• Added an MCP-side oversized numeric q guard so digit-only search strings larger than SQLite integer range stay on text matching only.
• Added a regression proving list_bounties with { "q": "9999999999999999999999999999999999999999" } returns an empty MCP result instead of raising.

Verification rerun:

• .venv/bin/python -m pytest tests/test_api_mcp.py::test_mcp_list_bounties_filters_status_query_and_limit tests/test_api_mcp.py::test_mcp_list_bounties_rejects_invalid_filters -q -> 6 passed
• .venv/bin/python -m pytest tests/test_api_mcp.py -q -> 49 passed, 1 existing warning
• .venv/bin/python -m pytest -q -> 224 passed, 2 existing warnings
• .venv/bin/ruff check . -> all checks passed
• .venv/bin/ruff format --check . -> 37 files already formatted
• .venv/bin/python -m mypy app -> success
• .venv/bin/python scripts/docs_smoke.py -> docs smoke ok
• .venv/bin/python scripts/check_agents.py -> AGENTS.md ok
• git diff --check -> clean

[weilixiong]

LOW risk, MW #219.

[TateLyman]

Re-checked after commit e621d31. The blocker I raised is fixed.

What changed in this revision:

• MCP list_bounties now normalizes q and only adds the exact Bounty.issue_number == ... predicate when the numeric query fits SQLite signed integer range.
• Oversized numeric text still goes through the escaped text search path and no longer raises OverflowError.
• Status and limit validation are covered through the MCP invalid-arguments path.

Verification run locally on the updated branch:

• uv run pytest tests/test_api_mcp.py -q -> 49 passed, 1 existing httpx deprecation warning.
• uv run ruff check app/main.py tests/test_api_mcp.py -> passed.
• uv run ruff format --check app/main.py tests/test_api_mcp.py -> passed.
• git diff --check -> passed.

Hosted quality check is green.