Align submit_work_proof MCP contract

[SYZBZ]

Summary

• reject undeclared submit_work_proof MCP arguments instead of silently ignoring them
• align the advertised submit_work_proof input schema with the runtime selector rules so repo is only valid with issue_number
• add focused regression coverage for both the schema contract and undeclared argument rejection

Bounty #799

Source reports:

• MRWK bounty: 75 MRWK - live verification and bug reports, round 1 #656 (comment)
• MRWK bounty: 75 MRWK - live verification and bug reports, round 1 #656 (comment)

Production evidence before fix

• POST https://api.mrwk.online/mcp tools/call submit_work_proof with {"format":"json","unexpected":"ignored"} returned a successful structured result instead of invalid tool arguments.
• POST https://api.mrwk.online/mcp tools/call submit_work_proof with {"formta":"json"} returned successful generic text guidance instead of invalid tool arguments.
• tools/list advertised additionalProperties: false, but the schema did not encode the runtime rule that repo only works with issue_number and not with bounty_id.

Validation

• uv run --extra dev python -m pytest tests/test_api_mcp.py tests/test_mcp_tools.py -q -> 116 passed, 1 warning
• ruff check app/mcp.py app/mcp_tools.py tests/test_api_mcp.py tests/test_mcp_tools.py -> passed
• ruff format --check app/mcp.py app/mcp_tools.py tests/test_api_mcp.py tests/test_mcp_tools.py -> passed
• uv run --extra dev python -m mypy app -> success
• uv run --extra dev python scripts/docs_smoke.py -> docs smoke ok
• git diff --check -- app/mcp.py app/mcp_tools.py tests/test_api_mcp.py -> clean
• git merge-tree --write-tree origin/main HEAD -> clean tree abda6f4c7b8cc6d19c1ef4bc0fd2711b121cfce1

Scope

• limited to the public MCP submit_work_proof contract
• no payout execution, treasury mutation, wallet mutation, transfer signing, admin-token behavior, bridge/exchange/cash-out behavior, MRWK price behavior, or private data handling changed

Summary by CodeRabbit

• Bug Fixes & Improvements
  • Improved input validation for the work proof submission tool to enforce stricter relationships between submission fields.
  • The tool now rejects unexpected parameters and prevents invalid argument combinations from being processed.
  • These enhancements strengthen data integrity, improve system reliability, and prevent potential misuse of the submission functionality.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 858394aa-9c4e-4f2f-9c84-7a714811ee30

📥 Commits

Reviewing files that changed from the base of the PR and between d4d0e48 and 400fbba.

📒 Files selected for processing (3)

• app/mcp.py
• app/mcp_tools.py
• tests/test_api_mcp.py

---

📝 Walkthrough

Walkthrough

The PR tightens the submit_work_proof MCP tool's input validation by adding explicit schema constraints via allOf composition and enforcing allowed argument fields at runtime. The schema now declares conditional rules for bounty_id, issue_number, and repo relationships. A new validation helper rejects undeclared argument keys. Tests verify both the schema structure and runtime rejection of extra arguments.

Changes

MCP Tool Input Validation

Layer / File(s)	Summary
Schema constraints and validation rules app/mcp.py, tests/test_api_mcp.py	submit_work_proof inputSchema moves from a simple not constraint to an allOf composition with if/then rules: disallows both bounty_id and issue_number together, requires issue_number and forbids bounty_id when repo is present, and forbids repo when bounty_id is present. Test assertions updated to validate the new allOf/if-then structure.
Runtime enforcement and undeclared-argument rejection app/mcp_tools.py, tests/test_api_mcp.py	require_known_fields helper validates that only bounty_id, issue_number, repo, and format keys are accepted, raising ValueError for unknown fields. Invoked in submit_work_proof handler. New parametrized test verifies extra/undeclared argument keys trigger MCP error -32602 response.

Possibly related issues

• #794: Addresses schema/runtime drift by modifying submit_work_proof's inputSchema and adding runtime argument validation with accompanying tests.
• #844: Aligns submit_work_proof tool's listed inputSchema with runtime validation by rejecting undeclared arguments and providing safer error handling.
• #710: Directly overlaps with PR focus on submit_work_proof input schema and validation tightening in app/mcp.py and app/mcp_tools.py.

Possibly related PRs

• ramimbo/mergework#398: Modifies app/mcp_tools.py's submit_work_proof argument-validation behavior for mutual exclusivity and repo/issue scoping.
• ramimbo/mergework#345: Modifies the same submit_work_proof inputSchema in app/mcp.py and corresponding test assertions in tests/test_api_mcp.py.
• ramimbo/mergework#351: Updates submit_work_proof argument constraints around repo/issue_number/bounty_id relationships.

🚥 Pre-merge checks | ✅ 6

✅ Passed checks (6 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title directly names the changed surface (submit_work_proof MCP contract alignment) and reflects the main objective of the PR.
Description check	✅ Passed	Description covers all key template sections: summary, evidence (both issues and production behavior), validation results, and scope clarification. All test checks are documented as passed.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Mergework Public Artifact Hygiene	✅ Passed	PR contains only technical MCP schema changes with no investment, price, cash-out, payout claims, or security details exposed.
Bounty Pr Focus	✅ Passed	Diff matches stated files with +64/-2 changes, includes test evidence with 4 parametrized test cases covering undeclared arguments, and limits scope to MCP submit_work_proof contract only.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[xiefuzheng713-alt]

Reviewed current head 400fbba82a98c60557f7cc79a10d42b41f3ac6ae for Bounty #838 review evidence.

I inspected the focused diff in app/mcp.py, app/mcp_tools.py, and tests/test_api_mcp.py. The schema change keeps additionalProperties: false, preserves the existing bounty_id vs issue_number mutual exclusion, and now advertises the runtime selector contract that repo only applies with issue_number. The runtime change rejects undeclared submit_work_proof arguments before selecting generic or bounty-specific guidance, so typoed fields such as formta and extra fields such as unexpected no longer silently fall through.

I also reproduced the live behavior before this fix with read-only MCP calls against production: submit_work_proof with {format:json,unexpected:ignored} still returned generic structured guidance, and {formta:json} still returned generic text guidance instead of invalid tool arguments.

Local validation on this head:

• uv run --extra dev pytest tests/test_api_mcp.py::test_mcp_submit_work_proof_rejects_invalid_bounty_selectors tests/test_api_mcp.py::test_mcp_submit_work_proof_rejects_undeclared_arguments tests/test_api_mcp.py::test_mcp_tools_list_and_call -q -> 16 passed, 1 warning.
• uv run --extra dev pytest tests/test_api_mcp.py tests/test_mcp_tools.py -q -> 116 passed, 1 warning.
• uv run --extra dev ruff check app/mcp.py app/mcp_tools.py tests/test_api_mcp.py tests/test_mcp_tools.py -> passed.
• uv run --extra dev ruff format --check app/mcp.py app/mcp_tools.py tests/test_api_mcp.py tests/test_mcp_tools.py -> passed.
• uv run --extra dev mypy app/mcp.py app/mcp_tools.py -> success.
• uv run --extra dev python scripts/docs_smoke.py -> docs smoke ok.
• git diff --check origin/main...HEAD -> clean.
• git merge-tree --write-tree origin/main HEAD -> clean tree 547aa5801115e47661ee37b737f7aa64bd435dfe.
• GitHub hosted Quality, readiness, docs, and image checks is SUCCESS on this head.

Duplicate/eligibility check: scripts/review_bounty_candidates.py --repo ramimbo/mergework --reviewer xiefuzheng713-alt --format text reports PR #856 as candidate_for_fresh_review with no current-head human review found. I do not see an overlapping open useful PR for this exact submit_work_proof unknown-argument/schema-contract fix.

No issues found in the reviewed scope.