Skip to content

fix(review): make submitter-reputation burst/AI-spend defense install-wide (or confirmed-miner-aware) using the existing official_miner_detections cache #4513

Description

@JSONbored

Context

A maintainer review-stack × Autonomous Miner System (AMS) integration audit (2026-07-09) found that the review stack's only per-actor AI-cost/abuse throttle is scoped per-repo, so a fleet identity spreading submissions thinly across many repos in one install never trips it.

Evidence

  • src/review/submitter-reputation.ts:144-152DEFAULT_REPUTATION_CONFIG (minSample 5, windowDays 90); getSubmitterReputation's query (lines ~223-258) filters WHERE project = ? AND submitter = ? — repo-scoped.
  • src/review/reputation-wire.ts:35-36REPUTATION_BURST_SUBMISSION_FLOOR=8 / REPUTATION_BURST_MAX_MERGED=1, evaluated against that one repo's rows only.
  • src/queue/processors.ts (submitter-reputation call sites) all pass project: args.repoFullName — confirmed repo-scoped everywhere it's called.
  • By contrast, src/review/unlinked-issue-guardrail.ts's hasRecentAuditEventForOtherTarget (via src/db/repositories.ts) already does the equivalent cross-repo, actor-keyed lookup for a different feature — proving the pattern already exists in this codebase, just wasn't applied here.
  • migrations/0012_official_miner_detection_cache.sqlofficial_miner_detections is keyed login TEXT PRIMARY KEY, i.e. genuinely global per install, but has zero references from submitter-reputation.ts/reputation-wire.ts.

Why this matters for the Autonomous Miner System

A single fleet identity that spreads a handful of gate-passing-but-low-value PRs across dozens of repos in the same self-hosted install never accumulates enough same-repo samples to read as "burst" or "low" anywhere — so the reputation defense never fires for it, and every one of its submissions burns full paid AI-review spend indefinitely. This is exactly the "built for occasional single-repo human abuse, not a coordinated, thinly-spread, machine-paced submitter" gap the AMS roadmap's own "slop-at-scale paradox" concern anticipates.

Deliverables

  • Add an install-wide (cross-repo, per-login) aggregate view of submitter reputation, reusing the cross-repo lookup pattern already proven in unlinked-issue-guardrail.ts
  • Make the burst/low-sample thresholds miner-aware — either by consulting the existing official_miner_detections cache, or by aggregating across repos for any actor once presence is detected in enough distinct repos in a short window
  • Tests: fleet-spread-thin-across-many-repos scenario now triggers the burst/downgrade path; existing single-repo human behavior unchanged
  • Docs: reputation config reference update noting the install-wide dimension

Surfaced by a maintainer review-stack × AMS integration audit (2026-07-09). Related: #2345 (miner-side self-plagiarism throttle across the miner's own repos — same "install-wide, not per-repo" theme, opposite direction), #2350 (fleet-wide anti-farming detector).

Metadata

Metadata

Assignees

No one assigned

    Labels

    gittensor:bugGittensor-scored bug fix — scores a 0.05x multiplier.orbGittensory Orb related - maintainer self-hosting analytics.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions