P2: Verify error masking; make masking explicit (#177)#195
Open
dkijania wants to merge 1 commit into
Open
Conversation
Yoga masks unexpected errors by default, but nothing guaranteed it stayed on or proved internals don't leak. - Set `maskedErrors: true` explicitly in the Yoga config so the production posture is intentional and can't be silently disabled. - Extract `buildYoga` from `buildServer` so the server's exact config is unit-testable. - Add tests proving a DB error carrying a password/connection string is returned to the client as a generic "Unexpected error." with no internals in the payload, while ordinary GraphQL validation errors still surface verbatim. Closes #177. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01QSuak9smCHbp4N17xjjLF6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
Part of the production-readiness epic (#163). Closes #177.
Yoga masks unexpected errors by default, but nothing in the repo guaranteed it stayed on or proved that internal details don't leak.
Changes
maskedErrors: trueset explicitly in the Yoga config — the production posture is now intentional and can't be silently turned off by a future edit.buildYogafrombuildServerso the server's exact config is unit-testable (without binding a port).db_clientwhose query throwsconnection to server failed: password=topsecret→ the client receives a genericUnexpected error.and the payload contains nopassword/topsecret/internal text.Testing
npm run build/npm run lint/npx prettier --debug-check .— cleannpm run test:unit— all pass (2 new masking assertions)🤖 Generated with Claude Code