[{"id":92,"repo":"ramimbo/mergework","issue_number":644,"issue_url":"https://github.com/ramimbo/mergework/issues/644","title":"MRWK bounty: 300 MRWK - reject C1 control characters across input validators","reward_mrwk":"300","available_mrwk":"0","reserved_mrwk":"300","max_awards":1,"awards_paid":1,"awards_remaining":0,"effective_available_mrwk":"0","effective_awards_remaining":0,"pending_payout_awards":0,"pending_payout_proposals":[],"pending_close_proposal":null,"availability_state":"paid","availability_note":"This bounty is paid; no awards are available for new submissions.","submission_requirements":{"submission_mode":"pr_or_evidence","submission_url_kind":"github_pr_or_public_evidence_url","expected_artifact":"focused PR, issue, report, or evidence URL","attempt_endpoint_applicability":"recommended_before_submission","reference_formats":["Bounty #644","Refs #644"],"claim_command":"/claim","attempt_endpoint":"/api/v1/bounties/92/attempts","evidence_required":["focused PR, issue, report, or evidence URL","short verification summary","tests, command output, screenshots, or reproduction steps when relevant"],"acceptance_trigger":"maintainer_mrwk_accepted_label_or_admin_payout","public_metadata_must_avoid":["private keys","seed material","secrets","deployment credentials","private vulnerability details","price claims"],"next_actions":[{"id":"choose_open_bounty","required":true,"text":"Do not open or claim new work for this bounty unless a maintainer reopens it."},{"id":"check_duplicate_scope","required":true,"text":"Confirm no active claim or duplicate PR already covers the same scope."},{"id":"keep_scope_focused","required":true,"text":"Keep changes directly tied to one bounty issue."},{"id":"include_bounty_reference","required":true,"text":"Include Bounty #644 or Refs #644 in the submission."},{"id":"include_review_evidence","required":true,"text":"Include reviewable validation evidence before claiming."},{"id":"wait_for_maintainer_acceptance","required":true,"text":"Payment requires mrwk:accepted or an admin payout; merge or CI alone is not acceptance."}]},"status":"paid","acceptance":"Accepted PR rejects C1 control characters before normalization, trimming, or parsing on the affected public/admin/API paths identified by current reviews, including admin webhook status filtering, wallet transfer nonce/integer parsing, and bounty list status/sort filtering. The fix should use shared validation where practical, keep clean inputs working, and include regression tests with at least one C1 example such as U+0085 on the relevant paths.","created_at":"2026-05-31T10:46:19.660548Z","active_attempt_count":0,"active_attempt_warnings":["bounty is paid","bounty has no award slots remaining"],"attempt_endpoint":"/api/v1/bounties/92/attempts"}]