fix(github): normalize public_repos/followers from the users API with finiteCount

[RenzoMXD]

Summary

fetchPublicContributorProfile (src/github/public.ts) passed public_repos and followers straight from the GitHub users API response into PublicContributorProfile:

publicRepos: user.public_repos,
followers: user.followers,

The same module already normalizes the analogous repo-stat counts from the repos API through the finiteCount helper:

stargazers_count: finiteCount(body.stargazers_count),
forks_count: finiteCount(body.forks_count),

where finiteCount returns 0 for anything that is not a finite, non-negative number. The user-profile counts are the same class of external GitHub-API field but were not normalized, so a null/string/non-finite value (some account shapes, or a BYOK proxy) would propagate as a non-number onto the contributor-evidence surface.

Fix

Apply the existing finiteCount to publicRepos and followers for consistency with the repo-stat path. No behavior change for any well-formed response -- a valid count is returned unchanged and 0 stays 0.

Scope

• The PR title follows type(scope): short summary Conventional Commit format.
• This PR is focused and does not mix unrelated backend, UI, MCP, docs, dependency, and deploy changes.
• This follows CONTRIBUTING.md and does not reintroduce GitHub Pages, VitePress, site/, or CNAME.
• I linked an issue (fix(github): normalize public_repos/followers from the users API with finiteCount #1710).

Validation

• git diff --check
• npm run actionlint
• npm run db:migrations:check
• npm run typecheck
• npm run test:coverage -- test/unit/adapters.test.ts 8/8 pass; the changed finiteCount call sites are covered (both arms: a valid count via the existing oktofeesh1 stub, and null/string via the new nullcounts stub).

Targeted run:

npx vitest run test/unit/adapters.test.ts
# 8/8 passed

Safety

• No secrets, wallet details, hotkeys, coldkeys, user PATs, private keys, raw trust scores, private rankings, or private maintainer evidence are exposed.
• Public GitHub text stays sanitized, low-noise, and does not imply compensation guarantees or optimization tactics.
• No auth, cookie, CORS, GitHub App, Cloudflare, or session changes -- a pure-function normalization on advisory metadata using a helper already in the file.
• No UI changes.
• No docs/changelog changes.

UI Evidence

Not applicable -- backend normalization on advisory metadata with no visible UI, frontend, docs, or extension surface.

Closes #1710

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.59%. Comparing base (774761a) to head (de4339a).
⚠️ Report is 8 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1711   +/-   ##
=======================================
  Coverage   95.58%   95.59%           
=======================================
  Files         204      204           
  Lines       22313    22313           
  Branches     8065     8065           
=======================================
+ Hits        21328    21329    +1     
  Misses        408      408           
+ Partials      577      576    -1     

Files with missing lines	Coverage Δ
src/github/public.ts	96.72% <ø> (+1.63%)	⬆️

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gittensory-orb]

Tip

🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩

✅ Gittensory review — safe to merge

2 files · 1 AI reviewer · no blockers · readiness 55/100 · CI green · clean

✅ Approved — safe to merge

Review summary
This change correctly routes GitHub users API count fields through the existing finiteCount normalizer before exposing them on PublicContributorProfile. The runtime behavior is aligned with the repo-stat path, and malformed external values now degrade to 0 instead of leaking non-number values. The most notable gap is that the declared response type still says these fields are numeric even though the code now intentionally treats them as untrusted input.

Nits — 6 non-blocking

• nit: src/github/public.ts:25 still types public_repos and followers as number, but this change is specifically defending against null/string/non-finite API values, so those fields should be typed as unknown or widened to document the real contract.
• nit: test/unit/adapters.test.ts:111 claims the valid-count arm is covered by the oktofeesh1 stub, but that test does not assert publicRepos or followers, so the positive path is only incidentally exercised.
• src/github/public.ts:25: Change GitHubUserResponse.public_repos and followers to unknown so finiteCount is clearly guarding an external boundary rather than a supposedly numeric field.
• test/unit/adapters.test.ts:111: Extend the oktofeesh1 expectation to include publicRepos: 12 and followers: 3 so both valid and invalid normalization paths are asserted directly.
• PR author also opened the linked issue — Link an issue that was opened by a different contributor, or provide a rationale for why this self-authored issue represents genuine discovery work.
• Readiness score is below the configured threshold — Use the readiness panel as advisory maintainer context; the score does not block this PR.

Signal	Result	Evidence
Code review	✅ No blockers	1 reviewer
Linked issue	✅ Linked	#1710
Related work	⚠️ 3 scoped overlaps	Top overlaps are listed below; lower-confidence bulk is hidden.
Review load	❌ 8/20	Readiness component derived from cached public PR metadata and labels; size label size:XS.
Validation evidence	❌ 5/25	Cached preflight status is hold.
Open PR queue	❌ 3/10	18 open PR(s), 8 likely reviewable, 10 unlinked.
Contributor context	✅ Confirmed Gittensor contributor	RenzoMXD; Gittensor profile; 44 PR(s), 10 issue(s).
Gate result	✅ Passing	No configured blocker found.

Review context

• Author: RenzoMXD
• Role context: outside_contributor
• Public audience mode: oss maintainer
• Lane context: Repository registration is not available in the local Gittensory cache.
• Public profile languages: TypeScript, Python, Rust, C++, JavaScript, Scala, Clojure, Go
• Official Gittensor activity: 44 PR(s), 10 issue(s).
• Related work: Items reference the same linked issue fix(github): normalize public_repos/followers from the users API with finiteCount #1710. (issue #1710)
• Related work: Open PR work references issue fix(github): normalize public_repos/followers from the users API with finiteCount #1710. (issue #1710)
• Related work: Titles/paths share 3 meaningful terms. (PR #1727)
• Additional title-only matches omitted; title-only overlap does not block.

Contributor next steps

• Review top overlaps.
• Add scope summary.
• Fix blocker.
• Expect slower review.
• Refresh registry data or choose a registered active repo.
• Check active issues and PRs before submitting.

Signal definitions

• Related work = same linked issue, overlapping active PRs, or title/path similarity.
• Review load = cached public PR metadata such as size labels, changed paths, and preflight status.
• Open PR queue = repo-wide review pressure; it is not a PR quality failure.
• Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.

_{🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed}

---

💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

• Re-run Gittensory review