fix: enforce tracked-repo allowlist on repo-scoped API routes

[glorydavid03023]

Summary

• Enforce assertTrackedRepo on remaining repo-scoped API routes (issues/pulls lists, meta, badges, validations, author feeds, related-prs index).
• Enforce assertTrackedRepo on GET /api/gt/repos/.../miners and .../prs (partial fix for bug: /api/gt/repos proxy uses privileged PAT with no repo allowlist - authenticated users can read any accessible private repo #141).
• Completes allowlist coverage started in fix: reject requests for repos not in the tracked allowlist #142 without duplicating those routes.

Test plan

• CI: pnpm run lint and pnpm build
• Tracked repo: GET /api/repos/<owner>/<name>/issues returns 200
• Untracked repo: same path returns 404
• Tracked repo: GET /api/gt/repos/<owner>/<name>/miners returns 200

[coderabbitai]

📝 Walkthrough

Walkthrough

Two API routes under /api/gt/repos/[owner]/[name]/ now validate that the requested repository is in the tracked/allowed list before processing requests. The miners and PRs endpoints each import assertTrackedRepo and invoke it at the start of their GET handlers, returning immediately if the repo is denied access.

Changes

Repo Allowlist Access Control

Layer / File(s)	Summary
Miners route access control src/app/api/gt/repos/[owner]/[name]/miners/route.ts	Imports assertTrackedRepo and adds an early authorization check in GET that validates the requested owner/name, returning immediately if the repo is not allowed.
PRs route access control src/app/api/gt/repos/[owner]/[name]/prs/route.ts	Imports assertTrackedRepo and adds an early authorization check in GET that validates the owner/name against the allowlist, denying access to untracked repos.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• MkDev11/gittensor-hub#142: Implements the same assertTrackedRepo access control pattern across other /api/gt/repos/[owner]/[name] endpoints (contents, readme, contributing, health routes).

Poem

🐰 Two routes now stand guard with care,
assertTrackedRepo checks what's there,
No sneaky repos slip on through—
Only tracked ones pass the queue! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	The PR implements the proposed fix from issue #141 by validating owner/name against the tracked repo list on the miners and prs routes, matching the expected behavior.
Out of Scope Changes check	✅ Passed	Both route changes directly address issue #141 by adding the assertTrackedRepo check; no unrelated modifications are present.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and concisely describes the main change: enforcing an allowlist check on repo-scoped API routes for miners and PRs.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[MkDev11]

Please add screenshots