fix(upstream): validate issue number shape before Number() constructor in parseGitHubIssueUrl

[galuis116]

Add regex validation to parseGitHubIssueUrl in src/upstream/ruleset.ts to ensure the issue number consists only of digits before Number() conversion. This prevents partial parsing of malformed issue numbers like '123abc' which could lead to unexpected behavior.

Changes

• Added /^\d+$/ regex check before Number() conversion in parseGitHubIssueUrl
• Added comprehensive unit tests covering edge cases (malformed URLs, partial numeric strings, valid URLs)
• Ensures fail-closed behavior for malformed input

Fixes #1719

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.58%. Comparing base (6228967) to head (53a37ab).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1720   +/-   ##
=======================================
  Coverage   95.58%   95.58%           
=======================================
  Files         204      204           
  Lines       22314    22315    +1     
  Branches     8066     8067    +1     
=======================================
+ Hits        21329    21330    +1     
  Misses        408      408           
  Partials      577      577           

Files with missing lines	Coverage Δ
src/upstream/ruleset.ts	98.51% <100.00%> (+<0.01%)	⬆️

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gittensory-orb]

Caution

🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥🟥

🛑 Gittensory review result - reject/close recommended

_{Review updated: 2026-06-29 12:39:50 UTC}

2 files · 1 AI reviewer · 1 blocker · readiness 55/100 · CI green · blocked

🛑 Suggested Action - Reject/Close

• AI reviewers agree on a likely critical defect: test/unit/parse-github-issue-url.test.ts:4 reimplements parseGitHubIssueUrl locally instead of importing or exercising the production function, so this is a fabricated test that will not catch regressions in src/upstream/ruleset.ts. — Resolve the flagged defect, or override if the AI reviewers are mistaken, then re-run the gate.

Review summary
The production change in src/upstream/ruleset.ts:1085 adds the right fail-closed guard for non-digit issue numbers before converting with Number(). The implementation itself is narrowly scoped and matches the PR description, but the new unit test is not wired to the production parser. As written, the test suite can pass while parseGitHubIssueUrl in src/upstream/ruleset.ts regresses, so the PR does not actually cover the behavior it claims to protect.

Blockers

• test/unit/parse-github-issue-url.test.ts:4 reimplements parseGitHubIssueUrl locally instead of importing or exercising the production function, so this is a fabricated test that will not catch regressions in src/upstream/ruleset.ts.

Nits — 4 non-blocking

• nit: src/upstream/ruleset.ts:1086 still accepts digit strings that exceed JavaScript's safe integer range; consider Number.isSafeInteger(number) if this parser must preserve exact issue identifiers.
• test/unit/parse-github-issue-url.test.ts:4 should import the real parser if it can be exported safely, or exercise the public ruleset path that calls parseGitHubIssueUrl so the src/upstream/ruleset.ts:1085 branch is hit.
• src/upstream/ruleset.ts:1086 can be tightened to `Number.isSafeInteger(number)` alongside `Number.isInteger(number)` if oversized numeric path segments should fail closed.
• Readiness score is below the configured threshold — Use the readiness panel as advisory maintainer context; the score does not block this PR.

Why this is blocked

• test/unit/parse-github-issue-url.test.ts:4 reimplements parseGitHubIssueUrl locally instead of importing or exercising the production function, so this is a fabricated test that will not catch regressions in src/upstream/ruleset.ts.

Signal	Result	Evidence
Code review	❌ 1 blocker	1 reviewer
Linked issue	✅ Linked	#1719
Related work	⚠️ 2 scoped overlaps	Top overlaps are listed below; lower-confidence bulk is hidden.
Review load	❌ 8/20	Readiness component derived from cached public PR metadata and labels; size label size:XS.
Validation evidence	❌ 5/25	Cached preflight status is hold.
Open PR queue	❌ 3/10	21 open PR(s), 9 likely reviewable, 12 unlinked.
Contributor context	✅ Confirmed Gittensor contributor	galuis116; Gittensor profile; 1550 PR(s), 157 issue(s).
Gate result	❌ Blocking	Repo-configured hard blocker found.

Review context

• Author: galuis116
• Role context: outside_contributor
• Public audience mode: oss maintainer
• Lane context: Repository registration is not available in the local Gittensory cache.
• Public profile languages: JavaScript, Dart, TypeScript, Python, C++, HTML, MDX, Rust
• Official Gittensor activity: 1550 PR(s), 157 issue(s).
• Related work: Items reference the same linked issue fix(upstream): validate issue number shape before Number() constructor in parseGitHubIssueUrl #1719. (issue #1719)
• Related work: Open PR work references issue fix(upstream): validate issue number shape before Number() constructor in parseGitHubIssueUrl #1719. (issue #1719)

Contributor next steps

• Review top overlaps.
• Add scope summary.
• Fix blocker.
• Expect slower review.
• Refresh registry data or choose a registered active repo.
• Check active issues and PRs before submitting.

Signal definitions

• Related work = same linked issue, overlapping active PRs, or title/path similarity.
• Review load = cached public PR metadata such as size labels, changed paths, and preflight status.
• Open PR queue = repo-wide review pressure; it is not a PR quality failure.
• Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.

_{🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed}

---

💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

• Re-run Gittensory review