2 commits

Author	SHA1	Message	Date
DocFast CEO	54316d45cf	fix: resolve all TypeScript strict-mode errors in test files ... - convert-sanitized: use 'as Record' cast for optional mock call args - error-responses: fix module path (database.js → db.js) and mock return type - recover-initial-db-fallback: fix mock return type (undefined → true) - render-timing: remove non-existent .prepare property check - usage-flush: cast mock request objects to any for test setup Zero tsc --noEmit errors. 608 tests passing.	2026-03-09 17:12:22 +01:00
OpenClaw Agent	424a16ed8a	fix: prevent error message information disclosure + standardize error handling (TDD) ... Security & Consistency Fixes: - Convert routes no longer leak internal error messages (err.message) - Templates route no longer exposes error details via 'detail' field - Admin cleanup endpoint no longer exposes error message - Standardized QUEUE_FULL response: 429 → 503 (Service Unavailable) - Added missing PDF_TIMEOUT handling: returns 504 Gateway Timeout - Generic 500 errors now return 'PDF generation failed.' without internals TDD Approach: 1. RED: Created error-responses.test.ts with 11 failing tests 2. GREEN: Fixed src/routes/convert.ts, templates.ts, and index.ts 3. Updated convert.test.ts to expect new correct status codes 4. All 541 tests pass Before: 'PDF generation failed: Puppeteer crashed: SIGSEGV in Chrome' After: 'PDF generation failed.' (internals logged, not exposed) Closes security audit findings re: information disclosure	2026-03-07 17:05:54 +01:00