Skip to content

OBS-001A3 — Remove raw frontend error objects from browser logs #142

Description

@daliu

Officer impact: None — this removes private diagnostic payloads without changing an officer or member task.

Officer documentation: None — no navigation, permission, collected field, or officer procedure changes. Engineering security/operations evidence must distinguish source containment from publication and live behavior.

Deployment evidence: Closure must record source/tests/merge, website publication, exact runmprc.com revision, Firebase deployment, outside-provider configuration, and live behavior separately.

Problem

The completed #118, #134, and #139 slices fail closed inside signup, Sentry, and Analytics, but #111's closure audit found four remaining browser console sinks that pass raw caught error objects to console; ErrorBoundary also passes the React component stack. Firebase/Auth/Firestore/App Check errors and rendering errors can contain email, token, provider-response, URL, form, or member-context values. The current tests do not inspect those console payloads.

Invariant

Application runtime console diagnostics may contain only fixed, low-cardinality outcome identifiers selected by source code. A caught error, message, stack, component stack, response, request, URL, form value, account/member value, or provider object must never be passed to a browser console method. Removing raw logging must not change the affected user flow or bypass #134's Sentry sanitizer.

Atomic outcome

Route the four raw frontend error-console paths through one fail-closed diagnostic helper with a closed outcome set. Add synthetic canary and whole-runtime-source tests proving raw console calls cannot recur. Preserve existing failure UI/state, promise behavior, and ErrorBoundary Sentry capture.

Exact implementation boundary

Excluded: Sentry sanitizer/config, Analytics, signup/profile/Auth Functions, Stripe/webhooks, Strava/OAuth, Firestore Rules, provider consoles, cookies/history, production data, and public/sitemap.xml.

Acceptance criteria

  • The render, verification-email, members-only fetch, and App Check initialization failure paths never pass a caught error or component stack to console.
  • The existing constant App Check-not-configured diagnostic also uses the same closed helper; no application/public runtime path calls console directly outside that helper.
  • Unknown, object, coercing, getter-backed, and sensitive-string diagnostic inputs fail closed without throwing or logging.
  • Synthetic email, phone, address, DOB, emergency-contact, token, request/response, URL/query/fragment, form, stack, and provider canaries are absent from serialized console arguments.
  • ErrorBoundary still passes the original error to OBS-001A1 — Disable Sentry replay and fail closed for personal data #134's Sentry wrapper, while its console output is one fixed identifier.
  • Identity registration, members-only loading/error state, Firebase resource initialization, local emulator isolation, and callback isolation remain unchanged.
  • Focused tests, the complete frontend suite, callback/release gates, strict changed-file lint, and diagnostic build pass on Node 20 with no production/provider traffic.
  • Engineering evidence states that source/merge do not prove website publication, exact runmprc.com, Firebase/provider configuration, console history, or live behavior.

Dependencies and coordination

Claim protocol

Creation is not a claim. Before editing, assign the issue, add status:in-progress, post CLAIMED by <canonical agent> at <UTC>; branch <branch>, and re-read comments. Earliest valid claim wins.

Metadata

Metadata

Assignees

Labels

area:firebaseFirebase services and dataarea:privacyPersonal data, consent, minimization, retention, and privacy operationsarea:webWeb application and hostingpriority:P1High-priority follow-upsize:SSmall focused issuetype:securitySecurity or privacy boundary

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions