Limit account accepted-work rows

[alan747271363-art]

Summary

• Add bounded limit=1..200 support to /api/v1/accounts/{account}/accepted-work.
• Apply the same accepted-work row cap to the public /accounts/{account} page while leaving transaction history unchanged.
• Keep accepted-work summary totals full-account, and document the default 100-row limit.

Bounty #799
Source report: #798 (comment)

Validation

• python -m pytest tests\test_account_routes.py::test_account_accepted_work_routes_honor_limit -q
• python -m pytest tests\test_account_routes.py tests\test_account_validation.py -q
• python -m ruff check app\accounts.py tests\test_account_routes.py
• python -m ruff format --check app\accounts.py tests\test_account_routes.py
• python -m mypy app\accounts.py
• python scripts\docs_smoke.py
• git diff --check
• git merge-tree --write-tree origin/main HEAD

Notes

The existing summary remains uncapped so agents can reconcile full-account totals even when callers request only recent rows.

Summary by CodeRabbit

• New Features

  • Account accepted-work endpoints (API and HTML) support a configurable limit (1–200, default 100) to control how many results are returned; pages and API responses now enforce that limit.

• Documentation

  • API examples updated to show limit usage and clarify that summary totals still reflect full account history.

• Tests

  • Added tests to verify limiting behavior and validation for invalid or repeated limit parameters.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 3950a184-ec86-4aa2-bbef-a9afcc4f4f61

📥 Commits

Reviewing files that changed from the base of the PR and between 8d77908 and 432d6e0.

📒 Files selected for processing (1)

• tests/test_account_routes.py

---

📝 Walkthrough

Walkthrough

Adds a bounded limit query parameter (1–200, default 100) to accepted-work endpoints. Handlers validate canonical and repeated limit values, pass limit to context builders that slice accepted-work rows server-side, and tests/docs updated accordingly.

Changes

Accepted-work list limiting

Layer / File(s)	Summary
Constants and validation utilities app/accounts.py	ACCOUNT_ACCEPTED_WORK_DEFAULT_LIMIT (100) and ACCOUNT_ACCEPTED_WORK_MAX_LIMIT (200) added; Annotated and reject_noncanonical_int_query_param imports added.
Context builders apply limits app/accounts.py	account_accepted_work_context gains limit and slices accepted_work to [:limit]; account_page_context gains accepted_work_limit and returns a sliced accepted_work and the exposed limit.
HTTP endpoints with limit validation app/accounts.py	/api/v1/accounts/{account}/accepted-work and /accounts/{account} accept limit query param, validate for non-canonical and repeated parameters, bound by max limit, and pass it into context builders.
Tests and user documentation tests/test_account_routes.py, docs/api-examples.md	New test test_account_accepted_work_routes_honor_limit seeds multiple accepted-work proofs and verifies limit=1 returns only the latest row, limit=200 returns all rows, and invalid inputs (non-canonical, repeated, out-of-range) return HTTP 400 with expected details; docs example updated to ?limit=10 and documents range/default.

Possibly related PRs

• ramimbo/mergework#730: Also modifies app/accounts.py and the account context payload.
• ramimbo/mergework#306: Introduced the /api/v1/accounts/{account}/accepted-work endpoint that this PR extends with limit.

🚥 Pre-merge checks | ✅ 6

✅ Passed checks (6 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Limit account accepted-work rows' directly names the core surface change (accepted-work row limiting) and accurately reflects the main modification across app/accounts.py, tests, and docs.
Description check	✅ Passed	The description covers the main change objectives, references Bounty #799 with source link, includes validation steps (pytest, ruff, mypy, docs smoke), and provides notes on design rationale. All required sections are present and substantive.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Mergework Public Artifact Hygiene	✅ Passed	No investment, price, cash-out, off-ramp, or fabricated payout claims in docs, code comments, or tests. Limit parameter documented neutrally without MRWK valuation or tradability claims.
Bounty Pr Focus	✅ Passed	PR changes match stated bounty scope: adds limit parameter (1–200) to accepted-work endpoints with validation, preserves uncapped summaries, includes comprehensive test coverage.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[laughlife]

Reviewed current head 8d77908a24a36259965a3122e2ba21067e1d7d56 as a non-author.

Scope checked:

• app/accounts.py: added limit handling for /api/v1/accounts/{account}/accepted-work and /accounts/{account} with default 100, max 200, repeated-query rejection, and canonical positive integer validation before passing the limit into the account accepted-work contexts.
• tests/test_account_routes.py: covers the source report behavior: limit=1 caps returned accepted-work rows while keeping full summary totals, account page output only shows the latest limited row, limit=01 is rejected, and repeated page limit is rejected.
• docs/api-examples.md: documents the accepted-work endpoint limit=1..200 behavior and that summary totals still cover full history.

Local validation on this head:

• uv run --extra dev pytest tests/test_account_routes.py::test_account_accepted_work_routes_honor_limit -q -> 1 passed, 1 existing Starlette/httpx warning.
• uv run --extra dev pytest tests/test_account_routes.py -q -> 8 passed, 1 existing Starlette/httpx warning.
• uv run --extra dev ruff check app/accounts.py tests/test_account_routes.py docs/api-examples.md -> passed.
• uv run --extra dev ruff format --check app/accounts.py tests/test_account_routes.py -> 2 files already formatted.
• uv run --extra dev mypy app/accounts.py -> success.
• uv run --extra dev python scripts/docs_smoke.py -> docs smoke ok.
• git diff --check origin/main...HEAD -> clean.
• git merge-tree origin/main HEAD -> clean tree 92d0d6a47cde4f21536581571c1792b652a5488e.

Hosted Quality, readiness, docs, and image checks is successful on the current head. CodeRabbit was still pending when I reviewed, so I did not count it as completed evidence. No actionable issues found in the focused limit fix.

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 81915976-53ef-4d21-a58b-8f1793e623ce

📥 Commits

Reviewing files that changed from the base of the PR and between d4d0e48 and 8d77908.

📒 Files selected for processing (3)

• app/accounts.py
• docs/api-examples.md
• tests/test_account_routes.py

[laughlife]

Current-head review for 432d6e03694d01393f57a139d64a1390883a8191.

I rechecked this PR after the new boundary-test commit made my earlier approval stale. The implementation still keeps the accepted-work summary totals on the full account history while capping the returned/listed accepted-work rows, and the added boundary assertions cover limit=200, limit=0, limit=201, non-canonical limit=01, and repeated page limit values.

Validation I ran locally:

• uv run --extra dev pytest tests/test_account_routes.py::test_account_accepted_work_routes_honor_limit -q -> 1 passed, 1 existing Starlette/httpx warning.
• uv run --extra dev pytest tests/test_account_routes.py -q -> 8 passed, 1 existing Starlette/httpx warning.
• uv run --extra dev ruff check app/accounts.py tests/test_account_routes.py docs/api-examples.md -> passed.
• uv run --extra dev ruff format --check app/accounts.py tests/test_account_routes.py -> passed.
• uv run --extra dev mypy app/accounts.py -> passed.
• uv run --extra dev python scripts/docs_smoke.py -> passed.
• git diff --check origin/main...HEAD -> clean.
• git merge-tree origin/main HEAD -> clean tree 97e237683fc8590d9a684b418af61d469561b3bc.

The hosted Quality/readiness/docs check is successful. CodeRabbit was still pending at review time, so I am not counting that as completed evidence.

[xiefuzheng713-alt]

Reviewed PR #864 at current head 432d6e03694d01393f57a139d64a1390883a8191 as a non-author.

I inspected app/accounts.py, tests/test_account_routes.py, and docs/api-examples.md. The change keeps the accepted-work summary as full account history while capping returned/rendered rows with a bounded limit=1..200, uses the existing repeated/non-canonical query guards on both the API and account page, and documents the new default/max behavior. The regression covers the latest-row slice, max limit, too-low/too-high bounds, non-canonical 01, and repeated limit values.

Validation:

• uv run --extra dev pytest tests/test_account_routes.py -q -> 8 passed, 1 existing Starlette/httpx warning.
• uv run --extra dev pytest tests/test_account_routes.py tests/test_docs_public_urls.py -q -> 43 passed, 1 existing Starlette/httpx warning.
• uv run --extra dev ruff check app/accounts.py tests/test_account_routes.py docs/api-examples.md -> passed.
• uv run --extra dev ruff format --check app/accounts.py tests/test_account_routes.py -> 2 files already formatted.
• uv run --extra dev mypy app/accounts.py -> success.
• uv run --extra dev python scripts/docs_smoke.py -> docs smoke ok.
• git diff --check origin/main...HEAD -> clean.
• git merge-tree --write-tree origin/main HEAD -> clean tree 97e237683fc8590d9a684b418af61d469561b3bc.

GitHub state checked before review: mergeStateStatus=CLEAN; hosted Quality/readiness/docs/image and CodeRabbit statuses are successful. I saw prior human approval on this head, so this is submitted as an independent current-head evidence review, not as first-review eligibility evidence.

Scope checked: public account accepted-work row limiting only. No private data, secrets, wallet material, payout execution, treasury mutation, ledger mutation, bridge/exchange/cash-out, MRWK price behavior, or issue mutation was used.

[tudorian95]

Reviewed current head 432d6e03694d01393f57a139d64a1390883a8191 for Bounty #838.

What I checked:

• Inspected the focused diff in app/accounts.py, tests/test_account_routes.py, and docs/api-examples.md.
• Confirmed the live production before-state is still reproducible with harmless GETs: GET /api/v1/accounts/github:likeacloud7/accepted-work and ?limit=1 both returned 8 accepted-work rows, and GET /accounts/github:likeacloud7?limit=1 still showed 8 ledger/proof rows inside the Accepted work section.
• In Docker/uv on a fresh checkout of this PR head:
  • uv run --extra dev pytest tests/test_account_routes.py::test_account_accepted_work_routes_honor_limit -q -> 1 passed, 1 existing Starlette/httpx warning.
  • uv run --extra dev pytest tests/test_account_routes.py tests/test_account_validation.py -q -> 52 passed, 1 existing warning.
  • uv run --extra dev ruff check app/accounts.py tests/test_account_routes.py -> passed.
  • uv run --extra dev ruff format --check app/accounts.py tests/test_account_routes.py -> passed.
  • uv run --extra dev mypy app/accounts.py -> success.
  • uv run --extra dev python scripts/docs_smoke.py -> docs smoke ok.
  • git diff --check -> clean.
• git merge-tree --write-tree origin/main HEAD succeeded with tree 97e237683fc8590d9a684b418af61d469561b3bc.
• GitHub reports the current head as MERGEABLE.
• Overlap checked: this PR overlaps the API half of #865 and conflicts if #865 is merged first, but #864 has distinct current-head value because it also covers the public account page and documents the default row cap. Maintainers should land/rebase only one combined accepted-work-limit path if both remain open.

I did not find a current-head blocker against origin/main; the remaining concern is coordination with the overlapping #865 work.