Implement GET /bounties/:id bounty detail

[automaton365-sys]

Adds a public bounty detail endpoint at returning:

• bounty fields
• creator info (uid=0(root) gid=0(root) groups=0(root), , )
• assignee info when assigned
• current

Also includes tests for success and 404 cases.

Fixes #21
/claim #21

[devasign-app]

🟠 AI Code Review Results

Status: Changes Needed
Confidence: 100%

---

🟠 Merge Score: 65/100

🔴 █████████████░░░░░░░ 65%

Recommendation: ❌ This PR needs significant improvements before it should be merged.

The PR correctly implements the bounty detail endpoint and includes good test coverage. However, it introduces a performance issue by making two separate database queries instead of an optimized single query. This should be addressed before merging.

💡 Code Suggestions (1)

🟡 Medium Priority (1)

1. packages/api/src/routes/bounties.ts (Line 131)
   ⚡ The current implementation makes two separate database queries to fetch bounty details and the application count. This can be optimized into a single, more efficient query.

💭 Reasoning: Combining the two database calls into one reduces network latency and database load, improving the API endpoint's performance. This can be achieved using a subquery with Drizzle ORM's extras feature.

Suggested Code:

bountiesRouter.get('/:id', async (c) => {
    const id = c.req.param('id');
    const result = await db.query.bounties.findFirst({
        where: eq(bounties.id, id),
        with: {
            creator: {
                columns: {
                    id: true,
                    username: true,
                    avatarUrl: true,
                },
            },
            assignee: {
                columns: {
                    id: true,
                    username: true,
                    avatarUrl: true,
                },
            },
        },
        extras: {
            applicationCount: sql<number>`(select count(*) from ${applications} where ${applications.bountyId} = ${bounties.id})`.as('application_count'),
        },
    });

    if (!result) {
        return c.json({ error: 'Bounty not found' }, 404);
    }

    const { application_count, ...bounty } = result;

    return c.json({
        ...bounty,
        applicationCount: Number(application_count),
    });
});

📊 Review Metadata

• Processing Time: 99s
• Analysis Date: 3/3/2026, 11:52:45 AM

🤖 This review was generated by AI. While we strive for accuracy, please use your judgment when applying suggestions.

💬 Questions about this review? Open an issue or contact support.

[devasign-app]

❌ PR Review Failed

---

Error Details

The PR review system encountered an error while analyzing this pull request:

Follow-up review failed: Gemini API rate limit exceeded. Please review manually.

What to do next

1. Manual Review: Please proceed with manual code review
2. Retry: A review can be triggered by the repo maintainer commenting 'review'
3. Support: If this error persists, please contact support

---

🤖 This is an automated error message from the PR review system.

💬 Need help? Open an issue or contact support.