Refs #576: Reject control chars in payout notes

[xingxi0614-cpu]

Refs #576

Summary

Reject raw control characters in admin payout note values before trimming them into public verifier metadata.

This keeps values such as these from being accepted as clean notes during bounty payout proposal creation:

• note="<tab>verified manually"
• note="verified manually\x85"

Blank whitespace-only notes are still omitted, and ordinary space-padded notes are still trimmed before being stored.

Distinctness

This is limited to the admin payout API note field before it becomes verifier/proposal metadata. It does not overlap the existing #576 slices for attempt source_url, MRWK amount strings, treasury proposal fields, webhook identities, wallet material, account/wallet/bounty filters, MCP arguments, JSON integers, forwarded proto headers, or deploy settings.

Validation

• focused note-control regression: 3 passed
• note behavior slice including blank/trimmed notes: 5 passed
• tests/test_security.py: 57 passed, 1 warning
• full test suite: 496 passed, 1 warning
• ruff check on changed files: passed
• ruff format-check on changed files: passed
• mypy app/bounty_api.py: success
• docs smoke: ok
• git diff --check: clean
• clean merge-tree against current origin/main, PR Refs #576: Reject control chars in treasury proposals #621, and PR Refs #576: Reject C1 controls in deploy settings #623
• submission quality gate: PASS

Safety

No private data, secrets, admin token values, wallet material, production mutation, price/liquidity/exchange/bridge/off-ramp claims, or fabricated payout claims are included.

Summary by CodeRabbit

• Bug Fixes
  • Control character validation for note fields now runs on raw input before whitespace processing.
  • Note content is truncated to a maximum of 240 characters when non-empty.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: d7e5a4d8-c220-48ac-99e8-d261a101ee73

📥 Commits

Reviewing files that changed from the base of the PR and between 0708f8a and 365095e.

📒 Files selected for processing (2)

• app/bounty_api.py
• tests/test_security.py

---

📝 Walkthrough

Walkthrough

This PR adjusts note field validation in the bounty payout API. Control-character validation now runs against the raw input before whitespace stripping, and the note is included in the result only if the stripped value is non-empty. The security test is expanded to parameterized form, covering multiple control-character cases.

Changes

Note Field Validation

Layer / File(s)	Summary
Note validation in api_pay_bounty app/bounty_api.py	api_pay_bounty validates control characters against raw input before stripping whitespace, then includes the stripped note in the result only if non-empty and under 240 characters.
Control-character validation tests tests/test_security.py	test_admin_payout_api_rejects_control_character_note becomes a parameterized test covering multiline, tabbed, and DEL-like control characters, verifying consistent 400 rejection across all variants.

🚥 Pre-merge checks | ✅ 6

✅ Passed checks (6 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly names the changed surface (control character rejection in payout notes) and references the related issue.
Description check	✅ Passed	The description covers the summary, evidence of validation testing, safety considerations, and scope boundaries; all critical sections are present and substantive.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Mergework Public Artifact Hygiene	✅ Passed	No investment, price, cash-out, fabricated payout claims, or private security details found. Code change is purely technical input validation for control characters in admin payout notes.
Bounty Pr Focus	✅ Passed	Changes limited to payout note field: control char validation on raw input before stripping, parameterized test with three scenarios, no unrelated modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[barnacleagent-svg]

PR Review — #627

PR: #627
Author: @xingxi0614-cpu
Head SHA: 365095e

Files Changed (2 files)

• : Moved control-char check before strip() so raw note is checked, not trimmed note
• : Parametrized test to cover
  , , and � control chars

CI Status

Quality/readiness/docs/image checks: completed/success

Code Review

• Fix is correct: checking raw_note before strip() ensures tab/� at start/end are caught
• Parameterized test cleanly covers all three control patterns
• No side effects, no stale references

Verdict

APPROVE — Ready for merge.