[codex] Reject oversized API integer strings

[rounaksalim95]

Summary

• Catch Python integer string conversion failures in the shared JSON integer parser
• Return controlled 400 validation errors for oversized numeric strings instead of a 500
• Add admin bounty API regression coverage for required and optional integer fields

Bounty #292

Validation

• uv run pytest tests/test_security.py::test_admin_bounty_api_rejects_fractional_integer_fields
• uv run ruff check .
• uv run mypy app
• uv run pytest

Summary by CodeRabbit

• Bug Fixes

  • Strengthened integer parsing for API inputs so invalid conversions consistently return a clear 400 error ("must be an integer").

• Tests

  • Expanded tests to ensure fractional, oversized, and extremely long string numeric fields are rejected with the same 400 validation response.

[coderabbitai]

Caution

Review failed

Failed to post review comments

📝 Walkthrough

Walkthrough

The _parse_int function now catches ValueError when converting strings to integers and returns HTTP 400 with a field-specific "must be an integer" message. Tests were extended to assert the API rejects oversized digit-strings for issue_number and max_awards.

Changes

Integer Parsing Validation

Layer / File(s)	Summary
Integer parsing error handling and validation app/main.py, tests/test_security.py	_parse_int wraps int(clean) in try/except to catch ValueError and return HTTP 400 with a field-specific "must be an integer" message. Tests extend test_admin_bounty_api_rejects_fractional_integer_fields to validate error responses for oversized digit-strings in issue_number and max_awards fields.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• ramimbo/mergework#302: Both PRs focus on the admin bounty API rejecting invalid issue_number inputs by adjusting _parse_int error handling and extending test_admin_bounty_api_rejects_fractional_integer_fields.
• ramimbo/mergework#300: Both PRs update app/main.py integer-validation for bounty/ledger identifier inputs to improve handling of non-integer strings.

Suggested reviewers

• MolhamHamwi
• weilixiong
• TateLyman

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding rejection logic for oversized integer strings in the API parser.
Description check	✅ Passed	The description covers the key objectives, includes evidence of validation testing, and references the associated bounty, but lacks detail in some template sections.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[TateLyman]

Requesting changes because the branch currently fails the repository format gate.

Evidence checked:

• Inspected app/main.py and tests/test_security.py; the intent is focused on catching Python int() digit-limit ValueError for oversized integer strings before admin bounty creation.
• Ran uv run pytest tests/test_security.py::test_admin_bounty_api_rejects_fractional_integer_fields -q -> 1 passed.
• Ran uv run ruff check app/main.py tests/test_security.py -> passed.
• Ran uv run ruff format --check app/main.py tests/test_security.py -> failed with Would reformat: app/main.py.

Please run Ruff format on app/main.py and push the formatted diff; after that this should be ready for the rest of the usual checks.

[weilixiong]

✅ Reviewed:

Files: app/main.py (try/except int() for oversized strings in _parse_int, same HTTP 400), tests/test_security.py (oversized string regression tests)

Checked: 9*5000 string→int overflow now caught by ValueError→400 instead of 500. Existing fractional tests preserved. Both issue_number and max_awards paths covered.

CI: ✅ quality/readiness/docs/image

Risk: LOW — 2 files, input validation hardening, +20/−1

[rounaksalim95]

Rebased PR #312 onto current origin/main and kept both integer validation paths covered.

Conflict resolution:

• Preserved the merged oversized Python int issue-number coverage (issue_number is too large).
• Kept this PR's oversized numeric string coverage for both issue_number and max_awards (must be an integer).

Validation:

• uv run pytest tests/test_security.py::test_admin_bounty_api_rejects_fractional_integer_fields -q -> 1 passed
• uv run ruff check app/main.py tests/test_security.py -> passed
• uv run mypy app -> passed
• uv run ruff check . -> passed
• uv run pytest -> 274 passed, 2 warnings
• git diff --check origin/main...HEAD -> passed

[rounaksalim95]

Pushed a formatting-only update for the hosted CI failure.

Root cause: CI passed tests but failed ruff format --check . because app/main.py needed formatting after the rebase.

Validation after formatting:

• uv run ruff format --check . -> 37 files already formatted
• uv run pytest tests/test_security.py::test_admin_bounty_api_rejects_fractional_integer_fields -q -> 1 passed
• uv run ruff check app/main.py tests/test_security.py -> passed
• git diff --check -> passed