fix(api): sanitize block heights in account builders

[jony376]

Summary

Closes #2187

Sanitize block heights and event indices across the account API builders so negative or non-finite values never leak into summary, activity, history, or event payloads.

What Changed

• Add a toBlockNumber helper in account-events.mjs for finite, non-negative block positions.
• Apply it in formatAccountEvent, formatAccountActivity, buildAccountSummary, and formatAccountDay.
• Add unit coverage for negative and non-finite inputs.

Registry Safety

• No secrets, PATs, wallet data, private dashboards, private URLs, or validator-local state.
• Generated artifacts were produced by repo scripts, not hand-edited.
• R2-only/high-churn detail artifacts are not committed.
• Public API/OpenAPI/schema changes are intentional and documented.

Validation

• npm run check
• npm run validate
• npm run validate:schemas
• npm run validate:api
• npm run validate:openapi
• npm run validate:types
• npm run validate:artifact-budgets
• npm run validate:docs
• npm run validate:intake
• npm run validate:workflows
• npm run worker:test
• npm run test:coverage
• npm run scan:public-safety
• git diff --check

Focused tests (not run locally — no Node 22 in this environment):

• npx vitest run tests/account-events.test.mjs

[superagent-security]

Superagent didn't find any vulnerabilities or security issues in this PR.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.29%. Comparing base (de10d72) to head (0079044).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2188      +/-   ##
==========================================
+ Coverage   93.22%   93.29%   +0.07%     
==========================================
  Files          52       52              
  Lines        8123     8119       -4     
  Branches     2978     2973       -5     
==========================================
+ Hits         7573     7575       +2     
  Misses         96       96              
+ Partials      454      448       -6     

Files with missing lines	Coverage Δ
src/account-events.mjs	86.31% <100.00%> (+2.81%)	⬆️

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gittensory-orb]

Tip

🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩

✅ Gittensory review — safe to merge

2 files · 1 AI reviewers · no blockers · readiness 55/100 · CI green · clean

✅ Approved — safe to merge

Review summary
Adds a `toBlockNumber` helper that coerces block heights and event indices to non-negative integers (or null), and threads it through `formatAccountEvent`, `formatAccountActivity`, `buildAccountSummary`, and `formatAccountDay`. The implementation is correct — null/undefined, NaN, ±Infinity, and negative values all become null; valid non-negative values are truncated to integer. Test coverage is targeted and meaningful, exercising every changed call site with representative bad inputs.

Signal	Result	Evidence
Code review	✅ No blockers	1 reviewers, synthesized
Linked issue	✅ Linked	#2187
Related work	⚠️ 3 scoped overlaps	Top overlaps are listed below; lower-confidence bulk is hidden.
Review load	❌ 8/20	Readiness component derived from cached public PR metadata and labels.
Validation evidence	❌ 5/25	Cached preflight status is hold.
Open PR queue	❌ 3/10	15 open PR(s), 13 likely reviewable, 2 unlinked.
Contributor context	✅ Confirmed Gittensor contributor	jony376; Gittensor profile; 400 PR(s), 32 issue(s).
Gate result	✅ Passing	No configured blocker found.

Nits — 5 non-blocking

• `buildAccountTransfers` (src/account-events.mjs, the `map` that builds `block_number`/`event_index`) still uses `r.block_number ?? null` and `r.event_index ?? null` — the same raw-passthrough pattern this PR removes everywhere else; a negative or non-finite value from a corrupted row would still leak through the transfer feed.
• The `eventInsertStatements` test comment reads '12 rows / 10 per statement' (tests/account-events.test.mjs) but `ROWS_PER_STMT` is 9, so it's 9+3 — pre-existing, but misleading if that file is touched again.
• Apply `toBlockNumber` to `block_number` and `event_index` inside `buildAccountTransfers` for consistency with the rest of the account builders.
• Add a one-word note to the `toBlockNumber` comment clarifying that block 0 (genesis) is intentionally allowed (`n >= 0`, not `n > 0`) to pre-empt future 'is this a bug?' questions.
• PR author also opened the linked issue — Link an issue that was opened by a different contributor, or provide a rationale for why this self-authored issue represents genuine discovery work.

Review context

• Author: jony376
• Role context: outside_contributor
• Public audience mode: oss maintainer
• Lane context: Repository registration is not available in the local Gittensory cache.
• Public profile languages: not available
• Official Gittensor activity: 400 PR(s), 32 issue(s).
• Related work: Items reference the same linked issue Account API builders leak negative block heights #2187. (issue #2187)
• Related work: Open PR work references issue Account API builders leak negative block heights #2187. (issue #2187)
• Related work: Items reference the same linked issue buildChainSigners leaks negative last_tx_block values #2183. (issue #2183, PR #2184)
• Additional title-only matches omitted; title-only overlap does not block.

Contributor next steps

• Review top overlaps.
• Add scope summary.
• Fix blocker.
• Expect slower review.
• Refresh registry data or choose a registered active repo.
• Check active issues and PRs before submitting.

Signal definitions

• Related work = same linked issue, overlapping active PRs, or title/path similarity.
• Review load = cached public PR metadata such as size labels, changed paths, and preflight status.
• Open PR queue = repo-wide review pressure; it is not a PR quality failure.
• Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.

Review details

Generated from public PR metadata and the diff. Advisory only; deterministic signals remain authoritative.

Adds a `toBlockNumber` helper that coerces block heights and event indices to non-negative integers (or null), and threads it through `formatAccountEvent`, `formatAccountActivity`, `buildAccountSummary`, and `formatAccountDay`. The implementation is correct — null/undefined, NaN, ±Infinity, and negative values all become null; valid non-negative values are truncated to integer. Test coverage is targeted and meaningful, exercising every changed call site with representative bad inputs.

Nits (4)

• `buildAccountTransfers` (src/account-events.mjs, the `map` that builds `block_number`/`event_index`) still uses `r.block_number ?? null` and `r.event_index ?? null` — the same raw-passthrough pattern this PR removes everywhere else; a negative or non-finite value from a corrupted row would still leak through the transfer feed.
• The `eventInsertStatements` test comment reads '12 rows / 10 per statement' (tests/account-events.test.mjs) but `ROWS_PER_STMT` is 9, so it's 9+3 — pre-existing, but misleading if that file is touched again.
• Apply `toBlockNumber` to `block_number` and `event_index` inside `buildAccountTransfers` for consistency with the rest of the account builders.
• Add a one-word note to the `toBlockNumber` comment clarifying that block 0 (genesis) is intentionally allowed (`n >= 0`, not `n > 0`) to pre-empt future 'is this a bug?' questions.

_{🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed}

---

💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

• Re-run Gittensory review