Commits on Jun 5, 2026

1. fix(webapp): stop API auth failures leaking the controller's raw erro… …

   …r string
   
   Auth controllers (the OSS RBAC fallback and the cloud RBAC plugin) return an
   `error` string on failure that the apiBuilder forwarded verbatim into the
   response body. A controller can conflate an infrastructure failure with an
   auth rejection — when the database is unreachable the plugin's key lookup
   throws a Prisma error ("Can't reach database server at <prod RDS hostname>")
   and returns it as the auth error. The SDK then surfaced that string in the
   customer's run view via TriggerApiError, leaking internal infra detail.
   
   This evaded the two prior leak fixes because both were scoped to exceptions
   on 5xx responses; this leak is a returned value on a 4xx through the auth
   channel.
   
   Sanitize at the single auth chokepoint: derive the client message purely
   from the status (401 -> "Invalid credentials", 403 -> "Forbidden") and log
   the controller's raw string server-side. Applied to both the bearer bridge
   and the PAT path. Status codes, body shape, and machine-readable fields are
   unchanged; only the human-readable message text changes.
   
   Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

   

   d-cs and claude committed Jun 5, 2026
   Configuration menu

   • View commit details
   • Copy full SHA for 2bd1bf6
   • Browse repository at this point

   Copy the full SHA

   2bd1bf6 View commit details

   Browse the repository at this point in the history