Add open award slot bounty filter

[Yassinbrine]

Summary

• Adds open_awards_only=true to /api/v1/bounties so agents can request only bounties that are open and still have award slots remaining.
• Keeps the existing status and q filters composable with the new availability filter.
• Documents the new API query option for contributors and agents.

Bounty #164

Verification

• .\.venv\Scripts\python.exe -m pytest tests\test_api_mcp.py -q -> 42 passed, 1 warning.
• .\.venv\Scripts\python.exe -m ruff check app\main.py tests\test_api_mcp.py -> passed.
• .\.venv\Scripts\python.exe -m ruff format --check app\main.py tests\test_api_mcp.py -> passed.

[weilixiong]

Review ✅ APPROVED

LOW — verified diff clean, no unrelated files. MW #219 round 7.

[weilixiong]

Review ✅ APPROVED — LOW risk, clean diff, MW #219 round 7.

[wangedmund77-cmyk]

No blockers from my review.

Evidence checked:

• Inspected list_bounties_by_status, /api/v1/bounties, docs, and API/MCP tests; open_awards_only=true composes with existing status/search filters and requires both open status and remaining award slots.
• Ran uv run --extra dev pytest tests/test_api_mcp.py -q on PR branch pr-260: 42 passed, 1 httpx deprecation warning from the existing malformed-request test.
• Ran uv run --extra dev ruff check app/main.py tests/test_api_mcp.py: all checks passed.

The filter is opt-in, so existing bounty list callers keep their current response shape.

[MolhamHamwi]

No blockers from my review.

Evidence checked:

• Inspected app/main.py::list_bounties_by_status() and api_bounties() and confirmed open_awards_only is applied after status/search filters and requires both Bounty.status == "open" and Bounty.max_awards > Bounty.awards_paid, matching the public awards_remaining semantics.
• Inspected docs/api-examples.md and confirmed the new open_awards_only=true example is documented as an agent-facing filter for bounties with remaining award slots.
• Inspected tests/test_api_mcp.py::test_bounty_api_filters_to_open_award_slots and verified it covers an available multi-award bounty, an exhausted paid bounty, a closed bounty, search combined with the filter, and an explicit status=paid&open_awards_only=true empty result.
• Hosted check Quality, readiness, docs, and image checks is green.
• Ran ./.venv/bin/python -m pytest tests/test_api_mcp.py::test_bounty_api_filters_to_open_award_slots -q -> 1 passed.
• Ran ./.venv/bin/python -m pytest tests/test_api_mcp.py -q -> 42 passed, 1 existing httpx deprecation warning.
• Ran Ruff check and format-check on touched files; all passed.
• Ran git diff --check origin/main...HEAD -> clean.

No secrets, wallet/private-key material, payout credentials, private deployment values, private vulnerability details, or MRWK price claims were reviewed or disclosed.

[ayskobtw-lil]

No blockers from my review.

Evidence checked:

• Inspected the full diff in app/main.py, docs/api-examples.md, and tests/test_api_mcp.py.
• Verified open_awards_only is bounded to API use only and composes with existing status/search handling by adding Bounty.status == "open" and Bounty.max_awards > Bounty.awards_paid after the existing filters.
• Checked the regression covers the three important cases: an open multi-award bounty with remaining slots is returned, a fully paid bounty is excluded, and a closed bounty with unused reserve is excluded.
• Verified status=paid&open_awards_only=true returns an empty list, which matches the documented meaning of "open and still has award slots" rather than treating the new flag as only an awards_remaining filter.
• Ran python -m pytest tests/test_api_mcp.py::test_bounty_api_filters_to_open_award_slots tests/test_api_mcp.py::test_bounty_api_filters_by_status -q -> 2 passed.
• Ran python -m ruff check app/main.py tests/test_api_mcp.py -> passed.
• Ran python -m ruff format --check app/main.py tests/test_api_mcp.py -> 2 files already formatted.
• Ran git diff --check origin/main...HEAD -> clean.

No secrets, wallet private keys, deployment values, payout details, private vulnerability details, or MRWK price claims were reviewed or disclosed.

[TateLyman]

No blockers from my pass. The new open_awards_only flag is scoped to the public bounties API and composes cleanly with the existing status and text filters without changing default list behavior.

Evidence checked:

• Inspected list_bounties_by_status() and /api/v1/bounties in app/main.py; the default remains False, and opt-in filtering adds both Bounty.status == "open" and Bounty.max_awards > Bounty.awards_paid.
• Inspected docs/api-examples.md; the new example documents this as an agent-facing filter for bounties with remaining award slots.
• Inspected tests/test_api_mcp.py; coverage includes available/open, exhausted/paid, closed, search composition, and status=paid&open_awards_only=true returning no rows.
• Ran uv run pytest tests/test_api_mcp.py::test_bounty_api_filters_to_open_award_slots tests/test_api_mcp.py::test_bounty_api_filters_by_status -q -> 2 passed.
• Ran uv run ruff check app/main.py docs/api-examples.md tests/test_api_mcp.py, uv run ruff format --check app/main.py tests/test_api_mcp.py, uv run mypy app, and git diff --check origin/main...HEAD -> passed.
• Checked hosted Quality, readiness, docs, and image checks metadata -> success.

Non-blocking note: this intentionally does not add a /bounties page control, so browser users still use the existing status/search UI while API agents can query open award slots directly.

[ramimbo]

Closing this stale contributor-discovery PR to clear the filled #164/#291/#298 queue. Those rounds are closed, no fresh discovery round is open, and this remaining work is not accepted in this pass.