Refs #406: Honor activity feed limit

[GHX5T-SOL]

Refs #406

Summary:

• Adds a bounded limit query parameter to /api/v1/activity and /activity.
• Uses it to cap the returned/rendered recent accepted-work rows.
• Keeps aggregate totals and contributor summaries based on the full matching accepted-work set.

Evidence:

• Live public read before the fix: GET https://api.mrwk.ltclab.site/api/v1/activity?limit=1 returned recent: 100, the same as limit=3 and limit=200.
• Live public read before the fix: GET https://api.mrwk.ltclab.site/api/v1/activity?limit=1&q=github%3AGHX5T-SOL returned all 9 matching recent rows.
• Open PR search for activity-limit work returned no matching PR, and bounty Prefill linked wallet on claim form #66 had no active attempts at preflight.

Validation:

• uv run --extra dev python -m pytest tests/test_activity.py tests/test_activity_routes.py -q -> 4 passed
• uv run --extra dev python -m pytest -q -> 414 passed
• uv run --extra dev ruff check app/activity.py app/serializers.py tests/test_activity.py -> passed
• uv run --extra dev ruff format --check app/activity.py app/serializers.py tests/test_activity.py -> 3 files already formatted
• uv run --extra dev python -m mypy app -> success, no issues found in 30 source files
• uv run --extra dev python scripts/docs_smoke.py -> docs smoke ok
• git diff --check -> clean
• git diff --no-ext-diff | gitleaks stdin --no-banner --redact --exit-code 1 -> no leaks found

No secrets, private data, wallet material, signatures, production mutation, price claims, exchange claims, liquidity claims, or off-ramp claims were used.

Summary by CodeRabbit

• New Features

  • Added a limit query parameter to activity endpoints to control how many recent activities are returned (range: 1–100, default: 100).

• Bug Fixes

  • Endpoints now validate limit and reject out-of-range values; recent results are capped to the requested size while aggregate totals remain complete.

• Tests

  • Updated tests to cover pagination behavior and limit validation.

• Documentation

  • API docs clarified q filtering and limit behavior.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: c343f9cc-754d-466a-af44-12b40385d888

📥 Commits

Reviewing files that changed from the base of the PR and between 32d6427 and 2f55311.

📒 Files selected for processing (1)

• tests/test_docs_public_urls.py

---

📝 Walkthrough

Walkthrough

The activity API accepts a validated limit query parameter (1..100, default 100). Handlers pass limit to activity_context as recent_limit, which is forwarded to activity_to_dict and used to slice the returned "recent" list.

Changes

Activity pagination limit parameter

Layer / File(s)	Summary
Route parameter acceptance and propagation app/activity.py	Added Annotated import to enable FastAPI query constraints. Updated both /api/v1/activity and /activity route handlers to accept a validated limit query parameter (1..100, default 100) and pass it to activity_context via a new recent_limit parameter.
Serializer limit application app/serializers.py	activity_to_dict function signature now includes a recent_limit parameter (default 100). The "recent" activity list is sliced using this parameter instead of a hardcoded [:100].
Test pagination behavior tests/test_activity.py	Test assertions verify that /api/v1/activity?limit=1 returns unchanged totals with a single recent activity, and that /api/v1/activity?limit=0 and /api/v1/activity?limit=101 are rejected with HTTP 422 validation error.
Documentation and doc-test updates docs/api-examples.md, tests/test_docs_public_urls.py	Docs updated to describe q filter fields and the limit parameter semantics (default 100, allowed 1–100) and to clarify that recent is sorted by newest ledger sequence and capped to the requested limit; doc tests updated with a ?limit=25 example and descriptive statements.

• Possibly related PRs:
  • ramimbo/mergework#441: Also adds and validates a limit query parameter on a public endpoint and caps returned "recent" rows.

🚥 Pre-merge checks | ✅ 6

✅ Passed checks (6 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately names the changed surface: honoring a limit parameter in the activity feed.
Description check	✅ Passed	The description covers all required sections: summary of changes, evidence of the issue and solution, and comprehensive validation evidence including test results, linting, and type checking.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Mergework Public Artifact Hygiene	✅ Passed	PR introduces no investment, price, cash-out, or payout claims; maintains compliant MRWK description as native project coin; focuses only on technical API pagination documentation.
Bounty Pr Focus	✅ Passed	PR focuses on issue #406 with changes to only five stated files. All modifications match objectives; boundary tests validate limit boundaries; documentation complete; no unrelated scope creep.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 8633b087-ff8d-4e57-86c8-a83497bbbb19

📥 Commits

Reviewing files that changed from the base of the PR and between d8532d4 and a7aa384.

📒 Files selected for processing (3)

• app/activity.py
• app/serializers.py
• tests/test_activity.py

[GHX5T-SOL]

Addressed CodeRabbit’s boundary-test request in 7f7ef967d5d5d4e64021b0865383587f7d569bec.

Change:

• Added GET /api/v1/activity?limit=101 assertion to lock the upper bound alongside the existing limit=0 lower-bound regression.

Validation:

• PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 /tmp/gitted-bin/uv run --extra dev python -m pytest tests/test_activity.py -q -> 3 passed.
• PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 /tmp/gitted-bin/uv run --extra dev python -m pytest -q -> 414 passed.
• /tmp/gitted-bin/uv run --extra dev ruff check tests/test_activity.py -> passed.
• /tmp/gitted-bin/uv run --extra dev ruff format --check tests/test_activity.py -> 1 file already formatted.
• PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 /tmp/gitted-bin/uv run --extra dev python scripts/docs_smoke.py -> docs smoke ok.
• git diff --check -> clean.
• staged diff Gitleaks -> no leaks found.

[jtc268]

Reviewed current head a7aa384bd8477bfd872e7573783b38307eecfa7e.

I would hold this for one public-docs gap before merge: the PR adds a public limit query parameter to both /api/v1/activity and /activity with Query(ge=1, le=100), but docs/api-examples.md still documents only the optional q parameter and the example curls omit limit. The project instructions say docs should be updated when public behavior changes, and an API reader would not learn the default/bounds or that limit slices only the recent rows while totals and contributor rollups still use all matching proof-backed activity.

Suggested fix: add one curl example such as /api/v1/activity?limit=25 and a short sentence that limit defaults to 100, accepts 1..100, and limits the returned recent payment rows.

Validation on this head:

• uv run --extra dev python -m pytest tests/test_activity.py -q -> 3 passed
• uv run --extra dev python scripts/docs_smoke.py -> docs smoke ok
• git diff --check origin/main...HEAD -> clean

[GHX5T-SOL]

Addressed the public docs request and the follow-up docs-range assertion warning.

Changes:

• 7bdf15fb0b892cb88d1a0dbb76d8e9a3d1e19943 documents /api/v1/activity?limit=25, the default 100, accepted range 1..100, and that limit only slices recent rows while totals/contributor rollups still cover all matching proof-backed payments.
• 32d642779acf65e4b1a79bc837133c9cedde9a89 adds docs regression assertions for the new limit example and behavior text.
• 2f55311e5a0d4aec43a5674da5314c200440ce5e adds the explicit docs regression assertion for the documented 1 to 100 accepted range.

Validation on 2f55311e5a0d4aec43a5674da5314c200440ce5e:

• PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 /tmp/gitted-bin/uv run --extra dev python -m pytest tests/test_docs_public_urls.py::test_api_examples_document_activity_response_shape -q -> 1 passed.
• PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 /tmp/gitted-bin/uv run --extra dev python -m pytest tests/test_activity.py -q -> 3 passed.
• PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 /tmp/gitted-bin/uv run --extra dev python -m pytest -q -> 414 passed.
• PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 /tmp/gitted-bin/uv run --extra dev python scripts/docs_smoke.py -> docs smoke ok.
• /tmp/gitted-bin/uv run --extra dev ruff check tests/test_docs_public_urls.py -> passed.
• /tmp/gitted-bin/uv run --extra dev ruff format --check tests/test_docs_public_urls.py -> 1 file already formatted.
• git diff upstream/main...HEAD --check -> clean.
• gitleaks git --log-opts upstream/main..HEAD --no-banner --redact --verbose -> no leaks found.
• GitHub Quality, readiness, docs, and image checks -> success on run 26492800171.

Current readback: CodeRabbit status is pending on the latest head; no additional source change was made beyond the docs assertion.

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 238cd423-bc2f-474d-a3f6-62f7010bfbd2

📥 Commits

Reviewing files that changed from the base of the PR and between 7bdf15f and 32d6427.

📒 Files selected for processing (1)

• tests/test_docs_public_urls.py

[rebel117]

Reviewed PR #495 at current head for Bounty #447.

Checked files: app/activity.py, app/serializers.py, docs/api-examples.md, tests/test_activity.py, tests/test_docs_public_urls.py.

Evidence:

• Ran the diff against upstream/main and inspected all 5 changed files.
• Confirmed activity_to_dict signature change propagates correctly through activity_context to both API and HTML routes.
• Verified the Annotated[int, Query(ge=1, le=100)] constraint matches the documented range and prevents the limit=0 and limit=101 edge cases covered by the new tests.
• Checked that recent[:recent_limit] replaces the old hard-coded recent[:100] without changing behavior when limit is omitted (defaults to 100).
• Confirmed the doc update mentions limit defaults to 100, accepts 1–100, and clarifies that only recent rows are affected.
• Checked the new test assertions: limited_payload["totals"] equals the unfiltered totals (limit does not affect aggregates), invalid_limit returns 422, invalid_high_limit returns 422.
• Ran scripts/docs_smoke.py mentally — the new limit examples in docs/api-examples.md are plain text additions, no link changes, so existing link checks are unaffected.

Verdict: Clean, focused PR. No blockers found. The change is backwards-compatible (default behavior preserved) and the test coverage is solid.

[GHX5T-SOL]

Added the final docs-range assertion requested by CodeRabbit in 2f55311e5a0d4aec43a5674da5314c200440ce5e.

Change:

• tests/test_docs_public_urls.py now asserts that docs/api-examples.md documents the accepted activity limit range: 1 to 100.

Validation on 2f55311e5a0d4aec43a5674da5314c200440ce5e:

• PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 uv run --extra dev python -m pytest tests/test_docs_public_urls.py tests/test_activity.py tests/test_activity_routes.py -q -> 27 passed.
• PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 uv run --extra dev python -m pytest -q -> 414 passed.
• uv run --extra dev ruff check tests/test_docs_public_urls.py tests/test_activity.py app/activity.py app/serializers.py -> passed.
• uv run --extra dev ruff format --check tests/test_docs_public_urls.py tests/test_activity.py -> 2 files already formatted.
• PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 uv run --extra dev python -m mypy app -> success, no issues in 30 source files.
• PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 uv run --extra dev python scripts/docs_smoke.py -> docs smoke ok.
• git diff --check -> clean.
• git diff --no-ext-diff origin/main | gitleaks stdin --no-banner --redact --exit-code 1 -> no leaks found.
• GitHub Quality, readiness, docs, and image checks -> success on run 26492800171.

No secrets or private data are included.

[Zejia]

No blockers from my current-head pass.

I reviewed head 2f55311e5a0d4aec43a5674da5314c200440ce5e. The original docs gap from the earlier review is now covered: docs/api-examples.md documents /api/v1/activity?limit=25, the default 100, the 1..100 range, and that the limit only slices recent rows while totals and contributor rollups still cover all matching proof-backed payments.

Code path checked:

• /api/v1/activity and /activity both accept limit: Query(ge=1, le=100) and pass it through activity_context(..., recent_limit=limit).
• activity_to_dict() still builds totals/contributors from the full matched row set, then applies recent[:recent_limit] only at the returned recent list.
• Tests cover limit=1, lower bound limit=0, upper bound limit=101, and the docs text/range assertions.

Validation:

• python -m pytest tests/test_activity.py tests/test_activity_routes.py tests/test_docs_public_urls.py::test_api_examples_document_activity_response_shape -q -> 5 passed
• python -m pytest -q -> 414 passed
• python scripts/docs_smoke.py -> docs smoke ok
• python -m ruff check app/activity.py app/serializers.py tests/test_activity.py tests/test_docs_public_urls.py -> passed
• python -m ruff format --check app/activity.py app/serializers.py tests/test_activity.py tests/test_docs_public_urls.py -> 4 files already formatted
• python -m mypy app -> success
• git diff --check origin/main...HEAD -> clean

[IsaacOdeimor]

Reviewed PR #495 against the activity limit behavior and docs updates.

Evidence checked:

• Inspected app/activity.py: both /api/v1/activity and /activity now accept limit: Query(ge=1, le=100) with default 100 and pass it through as recent_limit.
• Inspected app/serializers.py: activity_to_dict(..., recent_limit=100) still builds totals/contributors from all matching rows, then applies recent[:recent_limit] only to the returned recent list.
• Inspected tests/test_activity.py: covers limit=1, lower bound limit=0, and upper bound limit=101.
• Inspected docs/api-examples.md and tests/test_docs_public_urls.py: docs now describe default 100, accepted 1 to 100, and that only recent is limited.

Local verification on the PR branch:

• python -m pytest tests/test_docs_public_urls.py -q -> 23 passed.
• python -m pytest tests/test_activity.py -q could not collect in this Windows environment because sqlalchemy is not installed; attempted dependency install timed out before sqlalchemy became available.

No blocker found from static review. The route validation, serializer behavior, and docs assertions line up with the intended API contract.