You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Officer impact: None — this removes private diagnostic payloads without changing an officer or member task.
Officer documentation: None — no navigation, permission, collected field, or officer procedure changes. Engineering security/operations evidence must distinguish source containment from publication and live behavior.
Deployment evidence: Closure must record source/tests/merge, website publication, exact runmprc.com revision, Firebase deployment, outside-provider configuration, and live behavior separately.
Problem
The completed #118, #134, and #139 slices fail closed inside signup, Sentry, and Analytics, but #111's closure audit found four remaining browser console sinks that pass raw caught error objects to console; ErrorBoundary also passes the React component stack. Firebase/Auth/Firestore/App Check errors and rendering errors can contain email, token, provider-response, URL, form, or member-context values. The current tests do not inspect those console payloads.
Invariant
Application runtime console diagnostics may contain only fixed, low-cardinality outcome identifiers selected by source code. A caught error, message, stack, component stack, response, request, URL, form value, account/member value, or provider object must never be passed to a browser console method. Removing raw logging must not change the affected user flow or bypass #134's Sentry sanitizer.
Atomic outcome
Route the four raw frontend error-console paths through one fail-closed diagnostic helper with a closed outcome set. Add synthetic canary and whole-runtime-source tests proving raw console calls cannot recur. Preserve existing failure UI/state, promise behavior, and ErrorBoundary Sentry capture.
Excluded: Sentry sanitizer/config, Analytics, signup/profile/Auth Functions, Stripe/webhooks, Strava/OAuth, Firestore Rules, provider consoles, cookies/history, production data, and public/sitemap.xml.
Acceptance criteria
The render, verification-email, members-only fetch, and App Check initialization failure paths never pass a caught error or component stack to console.
The existing constant App Check-not-configured diagnostic also uses the same closed helper; no application/public runtime path calls console directly outside that helper.
Unknown, object, coercing, getter-backed, and sensitive-string diagnostic inputs fail closed without throwing or logging.
Synthetic email, phone, address, DOB, emergency-contact, token, request/response, URL/query/fragment, form, stack, and provider canaries are absent from serialized console arguments.
Identity registration, members-only loading/error state, Firebase resource initialization, local emulator isolation, and callback isolation remain unchanged.
Focused tests, the complete frontend suite, callback/release gates, strict changed-file lint, and diagnostic build pass on Node 20 with no production/provider traffic.
Engineering evidence states that source/merge do not prove website publication, exact runmprc.com, Firebase/provider configuration, console history, or live behavior.
Creation is not a claim. Before editing, assign the issue, add status:in-progress, post CLAIMED by <canonical agent> at <UTC>; branch <branch>, and re-read comments. Earliest valid claim wins.
Officer impact: None — this removes private diagnostic payloads without changing an officer or member task.
Officer documentation: None — no navigation, permission, collected field, or officer procedure changes. Engineering security/operations evidence must distinguish source containment from publication and live behavior.
Deployment evidence: Closure must record source/tests/merge, website publication, exact
runmprc.comrevision, Firebase deployment, outside-provider configuration, and live behavior separately.Problem
The completed #118, #134, and #139 slices fail closed inside signup, Sentry, and Analytics, but #111's closure audit found four remaining browser console sinks that pass raw caught error objects to
console;ErrorBoundaryalso passes the React component stack. Firebase/Auth/Firestore/App Check errors and rendering errors can contain email, token, provider-response, URL, form, or member-context values. The current tests do not inspect those console payloads.Invariant
Application runtime console diagnostics may contain only fixed, low-cardinality outcome identifiers selected by source code. A caught error, message, stack, component stack, response, request, URL, form value, account/member value, or provider object must never be passed to a browser console method. Removing raw logging must not change the affected user flow or bypass #134's Sentry sanitizer.
Atomic outcome
Route the four raw frontend error-console paths through one fail-closed diagnostic helper with a closed outcome set. Add synthetic canary and whole-runtime-source tests proving raw console calls cannot recur. Preserve existing failure UI/state, promise behavior, and
ErrorBoundarySentry capture.Exact implementation boundary
src/services/monitoring/clientDiagnostics.ts(new)src/services/monitoring/clientDiagnostics.test.ts(new)src/components/ErrorBoundary.tsxsrc/services/identity/Identity.tssrc/components/MembersOnly.jsxsrc/services/firebase/FirebaseResources.tsSECURITY.mdandOPERATIONS_RUNBOOK.mdExcluded: Sentry sanitizer/config, Analytics, signup/profile/Auth Functions, Stripe/webhooks, Strava/OAuth, Firestore Rules, provider consoles, cookies/history, production data, and
public/sitemap.xml.Acceptance criteria
console.consoledirectly outside that helper.ErrorBoundarystill passes the original error to OBS-001A1 — Disable Sentry replay and fail closed for personal data #134's Sentry wrapper, while its console output is one fixed identifier.runmprc.com, Firebase/provider configuration, console history, or live behavior.Dependencies and coordination
Claim protocol
Creation is not a claim. Before editing, assign the issue, add
status:in-progress, postCLAIMED by <canonical agent> at <UTC>; branch <branch>, and re-read comments. Earliest valid claim wins.