Redact route error responses and production logs (M3, M4)
M3: routes no longer return raw Postgres error messages to clients.
The 24 sites of the
if (error) return void res.status(500).json({ detail: error.message });
pattern across chat, projects, documents, tabular, workflows, user, and
tabular review-creation now use the sendServerError helper. The full
error is logged server-side with context; the client receives a
generic message.
M4: console.log calls in routes/documents.ts and lib/chatTools.ts
migrated to devLog. devLog is a no-op when NODE_ENV=production, so
document content excerpts, storage paths, and edit-resolution payloads
no longer leak to stdout in production. console.error retained where
appropriate.
Also removed backend/bun.lock and frontend/bun.lock. PIP standardises
on npm.
| Repository | cpatpa/PIP |
|---|---|
| Author | Claude <noreply@anthropic.com> |
| Authored | |
| Parents | a46810a5 |
| Stats | 10 files changed , +87 , -3571 |
| Part of | Phase 1 - security audit hardening |
Capture this commit into my fork
Download a Markdown prompt that tells Claude how to port this
exact commit into your working tree. Run it via
claude -p < capture-commit-35712cbe.md
from inside the repo you want the change in.