pook/compliancebot
1
0
Fork 0
Code Issues 1.1k Pull requests 82 Projects Releases Packages Wiki Activity Actions

Add error response sanitizer stripping stack traces and internals from API output #364

New issue
Closed
opened 2026-04-10 12:53:29 -04:00 by pook · 1 comment
pook commented 2026-04-10 12:53:29 -04:00
Owner
Copy link

Create a sanitization layer that ensures all error JSON responses sent to clients contain only safe fields (message, code, correlationId). Strip stack traces, internal file paths, Prisma error details, and any env variable values that might leak. Wrap this in a utility at src/lib/sanitizeError.ts used by the global error handler. Acceptance criteria: utility function maps known error types to safe public messages, no stack trace in any 4xx/5xx response body, test confirms Prisma errors and generic errors are sanitized.

Generated by CEO Planner (priority: 3)

Create a sanitization layer that ensures all error JSON responses sent to clients contain only safe fields (message, code, correlationId). Strip stack traces, internal file paths, Prisma error details, and any env variable values that might leak. Wrap this in a utility at src/lib/sanitizeError.ts used by the global error handler. Acceptance criteria: utility function maps known error types to safe public messages, no stack trace in any 4xx/5xx response body, test confirms Prisma errors and generic errors are sanitized. --- *Generated by CEO Planner (priority: 3)*
pook commented 2026-04-10 14:47:42 -04:00
Author
Owner
Copy link

Bulk-closed 2026-04-10 during pipeline triage.

Context: CEO agent had created 100 open agent-task issues against compliancebot, largely duplicates of each other and of the 50 currently-open PRs. Root cause traced to a git-push race in agent-worker executor (dispatch jobs collided on branch agent/dispatch/* because jobId prefix truncated to literal "dispatch"). Fix deployed: runId is now threaded from Paperclip shim through /dispatch → TaskJob → executor, and branches are keyed on a 12-char unique run key.

What to do next:

  1. Triage the 50 open PRs at https://192.168.183.110:3000/pook/compliancebot/pulls — many are ready to merge
  2. CEO should halt new task creation until open PRs drop below 10
  3. Surviving kept issues: #313, #314, #315, #341, #342, #350, #351, #352 (PR review/merge tasks)

This issue was superseded, not abandoned. Reopen if still relevant after PR triage.

Bulk-closed 2026-04-10 during pipeline triage. **Context:** CEO agent had created 100 open agent-task issues against compliancebot, largely duplicates of each other and of the 50 currently-open PRs. Root cause traced to a git-push race in agent-worker executor (dispatch jobs collided on branch `agent/dispatch/*` because jobId prefix truncated to literal "dispatch"). Fix deployed: runId is now threaded from Paperclip shim through /dispatch → TaskJob → executor, and branches are keyed on a 12-char unique run key. **What to do next:** 1. Triage the 50 open PRs at https://192.168.183.110:3000/pook/compliancebot/pulls — many are ready to merge 2. CEO should halt new task creation until open PRs drop below 10 3. Surviving kept issues: #313, #314, #315, #341, #342, #350, #351, #352 (PR review/merge tasks) This issue was superseded, not abandoned. Reopen if still relevant after PR triage.
pook closed this issue 2026-04-10 14:47:43 -04:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feat/ux-remediation
master
agent-task/681
agent-task/mount-billing-api-prefix
agent-task/772
agent-task/769
agent-task/760
agent-task/756
agent-task/757
agent-task/703
agent-task/702
agent-task/688
agent-task/684
agent-task/683
agent-task/674
agent-task/668
feat/simple-health-endpoint
agent-task/663
agent-task/658
agent-task/653
agent-task/651
feat/api-billing-checkout
agent-task/650
agent-task/641
agent-task/639
agent-task/638
feat/login-brute-force-protection
agent-task/634
feat/generate-retry-tests
agent-task/625
agent-task/622-validate-openai-responses
agent-task/615-csrf-token-validation
agent-task/614
agent-task/612
agent-task/611
agent-task/606
agent-task/597
agent-task/596
agent-task/588
agent-task/583
agent-task/575
agent-task/574
agent-task/571
agent-task/570
agent-task/562
agent-task/561
agent-task/556-npm-audit-fix
agent-task/537
agent-task/533
agent-task/524
agent-task/518
agent-task/517
agent-task/516
agent-task/513
agent-task/512
agent-task/508
feat/llm-error-handling-tests
agent-task/483
feat/openai-retry-502
agent-task/478
agent-task/477
feat/csrf-double-submit
agent-task/468
feat/error-handler-middleware
feat/global-request-timeout
agent-task/454
agent-task/453
agent-task/449
feat/llm-timeout-504
feat/sanitize-generate-inputs
fix/body-limit-1mb-test
feat/openai-error-handling
agent-task/426
agent-task/425
agent-task/421
agent-task/420
agent-task/419
agent-task/408
agent-task/406
agent-task/407
feat/zod-generate-validation
agent-task/401
agent-task/397
agent-task/391
agent-task/390
feat/https-redirect-middleware
agent-task/388
agent-task/360
feat/generate-1mb-body-limit
feat/request-timeout
feat/checkout-rate-limit
feat/webhook-rate-limit
feat/centralized-error-handler
agent-task/345
agent-task/342
agent-task/341
agent-task/337
feat/generate-rate-limit
agent-task/332
agent-task/331
agent-task/329
agent-task/325
agent-task/324
feat/single-stage-dockerfile
feat/jest-typecheck-ci-gate
feat/rebase-open-prs-script
fix/unblock-pr-pipeline
agent-task/251
feat/deploy-migrations-on-startup
agent-task/247
agent-task/242
agent-task/241
agent-task/236
fix/close-duplicate-issues
agent-task/237
agent-task/235
agent-task/232
agent-task/231
agent-task/228
agent-task/227
agent-task/222
agent-task/221
feat/stripe-checkout-endpoint
fix/134-sanitize-ai-output
agent-task/212
agent-task/211
test/export-render-unit-tests
agent-task/206
agent-task/205
feat/download-token-utility
feat/security-headers-v2
agent-task/196
fix/env-var-validation
feat/health-endpoint-tests
feat/cors-middleware
agent-task/185
agent-task/184
agent-task/180
feat/pr-triage-workflow
agent-task/177
feat/dockerfile-deploy
feature/131-api-key-auth
feat/graceful-shutdown
agent-task/170
feat/pr-triage-script
agent-task/166
feat/ccpa-privacy-policy
feat/auto-migrate-on-startup
feat/auto-rebase-workflow
feat/openai-timeout-guard
agent-task/154
agent-task/155
feat/body-size-limit-generate
feat/health-endpoint
ci/pr-checks
agent-task/145
feat/startup-env-validation
agent-task/141
feat/stripe-document-checkout
fix/116-sanitize-ai-generated-content
feat/document-validation-41
feat/api-key-auth-middleware
feature/document-generator-unit-tests
feature/openai-retry-logic
feature/auto-merge-script
feature/ci-auto-labeling
fix/llm-response-null-checks
feat/generate-smoke-tests
feature/request-logging-middleware
feature/csrf-protection
feature/request-id-middleware
feature/cors-allowlist
feature/rate-limit-generate
feature/citation-scanner-and-disclaimer
feature/input-length-validation
feat/ci-quality-gate
fix/stripe-webhook-raw-body
feat/ci-pr-checks
fix/webhook-raw-body-preservation
feat/ci-workflow
feature/71-raw-body-webhook
feature/template-rendering-tests
feature/stripe-document-webhook
feat/security-headers
feat/stripe-webhook-raw-body
feat/startup-migrations
feature/ai-generation-timeout
feature/dependency-audit-ci
feat/webhook-idempotency
feature/body-size-limit
feature/startup-env-validation
ci/add-pr-pipeline
feature/auth-middleware
feature/ccpa-optout-endpoint
feature/async-document-generation
feature/stripe-checkout-paywall
feature/post-generation-validation
feature/llm-retry-mechanism
feature/document-history
feature/prometheus-metrics
feature/dpa-document-type
feature/input-validation-sanitization
feature/document-email-send
feature/api-health-endpoint
No results found.
Labels
Clear labels   
agent-task

Task for autonomous agent execution

  
agent-task

Paperclip autonomous agent task

No labels
agent-task
agent-task
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
pook/compliancebot#364
No description provided.