Make public treasury timestamps UTC-explicit

[attaboy11]

Bounty #655

Summary

• add a shared public_utc_timestamp() serializer for public API timestamps
• apply explicit Z UTC timestamps to treasury proposals, proposal challenges, pending payout proposal rows, account pending payouts, activity pending payouts, and treasury status capacity timing fields
• update coverage so pending payout and treasury status timestamps preserve the explicit UTC marker

Why

Live public APIs currently expose execution-critical pending payout / treasury proposal timestamps without a timezone marker, which makes delayed payout execution windows easy to misread as local time. This keeps the stored DB values unchanged and only makes the public serialization explicit.

Validation

• .venv/bin/pytest -> 591 passed, 1 warning
• .venv/bin/ruff check app/serializers.py app/treasury.py tests/test_account_routes.py tests/test_activity.py tests/test_treasury_proposals.py
• .venv/bin/ruff format --check app/serializers.py app/treasury.py tests/test_account_routes.py tests/test_activity.py tests/test_treasury_proposals.py
• .venv/bin/mypy app
• git diff --check

Out of scope: no payout/proof/ledger/wallet/exchange/cash-out behavior changes.

Summary by CodeRabbit

• Chores
  • API timestamps now consistently use ISO-8601 with explicit UTC ("Z") across treasury, proposal, bounty, challenge, pending payout, and reserve-related responses.
• Tests
  • Test suite updated to assert and enforce the new UTC/ISO timestamp formatting; one test adjusted to reflect these timestamp expectations.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: d8ec8cd0-5abc-4d31-8f9c-754620ec1bdb

📥 Commits

Reviewing files that changed from the base of the PR and between 8e436ff and aeb6160.

📒 Files selected for processing (3)

• app/serializers.py
• tests/test_api_mcp.py
• tests/test_serializers.py

---

📝 Walkthrough

Walkthrough

This PR standardizes datetime representation across treasury and account APIs by introducing a public_utc_timestamp serializer that normalizes datetimes to UTC and formats them as ISO-8601 strings with trailing Z. The serializer is applied to proposal, challenge, bounty, and payout fields; tests are updated accordingly.

Changes

UTC Timestamp Serialization

Layer / File(s)	Summary
UTC Timestamp Serializer Definition and Serializer Function Updates app/serializers.py	public_utc_timestamp(value: datetime) -> str normalizes naive datetimes to UTC and emits ISO-8601 strings with trailing Z. Applied in _proposal_summary, _pending_activity_row, and pending_payouts_for_account to replace .isoformat() for proposed_at/executes_after.
Treasury API Response UTC Formatting app/treasury.py	Import public_utc_timestamp and use it for challenge created_at, proposal timestamps (proposed_at, executes_after, executed_at), projected capacity events (at), pending-create bounty timestamps (proposed_at, executes_after, capacity_releases_at), next_capacity_release_at, and recent reserve created_at/expires_at.
Account Routes Test Assertions for Payout Timestamps tests/test_account_routes.py	Import public_utc_timestamp and update assertions for pending_summary["next_executes_after"] and each pending payout proposed_at/executes_after to use the helper and enforce Z suffix.
Activity Test Assertions for Pending Payouts tests/test_activity.py	Import public_utc_timestamp and update pending payout assertions to expect proposed_at/executes_after formatted via the helper and assert executes_after ends with Z.
Treasury Proposals Test Assertions for Status and Capacity Events tests/test_treasury_proposals.py	Import public_utc_timestamp and update many treasury status tests to expect UTC-formatted proposed_at, executes_after, capacity_releases_at, projected at events, next_projected_capacity_release_at, and reserve created_at/expires_at with Z suffix.
MCP API Test Adjustments tests/test_api_mcp.py	Import public_utc_timestamp and use it to assert returned award created_at in MCP bounty payloads.
Bounty Serializer Tests Updated tests/test_serializers.py	Assert serialized bounty and award created_at strings end with Z; replace a removed malformed-proof test with one that checks explicit UTC timestamp formatting.

• Possibly related PRs:
  • ramimbo/mergework#330: Previously extracted/shared public serialization helpers; related changes to app/serializers.py.
  • ramimbo/mergework#332: Related normalization of serialized datetime fields to UTC ISO-8601.

🚥 Pre-merge checks | ✅ 6

✅ Passed checks (6 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Make public treasury timestamps UTC-explicit' directly names the changed surface and clearly summarizes the main change across the changeset.
Description check	✅ Passed	The description covers all required sections with sufficient detail: summary of changes, rationale (Why), validation results, scope clarification, and bounty reference. All test checkboxes are addressed in the validation section.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Mergework Public Artifact Hygiene	✅ Passed	No prohibited claims found. Documentation describes MRWK as native coin. PR contains only timestamp serialization changes with no investment, price, or cash-out claims.
Bounty Pr Focus	✅ Passed	PR applies UTC-Z timestamp serialization to treasury proposals, challenges, payouts, and capacity fields as stated. All objectives verified; changes scoped to timestamp formatting only.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[bitdamii]

Reviewed current head 8e436ff71178744be76be52704fb6022f38bc502 as a non-author for the review bounty.

Evidence:

• Inspected the new public_utc_timestamp() helper and every treasury/account/activity surface changed by this PR: proposal summaries, account pending payouts, activity pending payouts, treasury proposal/challenge serialization, capacity projection events, and recent reserve windows.
• Verified the conversion path treats the app's stored naive UTC datetimes as UTC, normalizes aware datetimes to UTC, and emits an explicit Z suffix instead of ambiguous timezone-less ISO strings.
• Checked the patch against current origin/main; git diff --check is clean and git merge-tree --write-tree origin/main HEAD produced b6d4196b9880126dcea645faec6b95f5c67f263b without conflicts.
• Local validation passed: targeted pytest coverage for account/activity/treasury timestamp surfaces was 7 passed; ruff check passed; ruff format --check passed; python -m compileall -q app passed.
• GitHub shows the PR as CLEAN with Quality/readiness/docs/image checks successful and CodeRabbit successful.

I did not find any blocking issue in the current head.

[attaboy11]

Follow-up pushed in aeb6160 to cover the remaining direct bounty API timestamp surfaces from the live ambiguity report.

What changed:

• bounty_to_dict() now serializes created_at with the shared explicit UTC Z marker.
• bounty_awards_to_dict() now does the same for accepted award proof timestamps exposed through bounty detail/MCP responses.
• Added focused serializer/MCP assertions so bounty row and award history timestamps stay explicit UTC.

Validation run locally on aeb6160:

• .venv/bin/python -m pytest -q -> 592 passed, 1 warning in 11.77s
• .venv/bin/ruff check app/serializers.py tests/test_serializers.py tests/test_api_mcp.py -> passed
• .venv/bin/ruff format --check app/serializers.py tests/test_serializers.py tests/test_api_mcp.py -> passed
• .venv/bin/mypy app -> passed
• git diff --check -> passed

No ledger, payout, wallet, transfer, exchange, bridge, or private account behavior changed.

[bitdamii]

Follow-up review on updated current head aeb6160e138566515fa944ef79f708a5eeddabbf after the author pushed aeb6160.

Additional evidence checked:

• Inspected the follow-up diff from 8e436ff71178744be76be52704fb6022f38bc502 to aeb6160e138566515fa944ef79f708a5eeddabbf; it extends public_utc_timestamp() to direct bounty_to_dict().created_at and bounty_awards_to_dict().created_at surfaces.
• Confirmed the added serializer/MCP assertions cover bounty row timestamps and accepted award history timestamps with explicit UTC Z output.
• Re-ran local validation on the updated head: targeted timestamp/account/activity/treasury/serializer/MCP pytest selection was 10 passed; ruff check passed; ruff format --check passed; python -m compileall -q app passed; git diff --check origin/main...HEAD was clean; git merge-tree --write-tree origin/main HEAD produced clean tree 6532678dd02a606f0a29ed49f15cdb5e9832592e.
• GitHub still reports the PR as CLEAN with Quality/readiness/docs/image checks successful and CodeRabbit successful.

I still do not see a blocker in the updated current head.