[codex] Redact sensitive profile and resume logs

[ifanatics-media]

Summary

• remove debug logging of full profile update payloads, validation data, and wallet addresses
• stop logging raw resume text previews and parsed contact/location fields during resume import
• address review feedback by removing remaining resume PII from parser/import debug logs and dropping raw text from _debug

Fixes #274.

Why

These paths handle profile data, wallet addresses, and resume/contact details. Dumping those values to server logs creates avoidable privacy exposure for routine user actions.

Validation

• node_modules/.bin/tsc.cmd --noEmit
• git diff --check -- src/lib/resume-parser.ts src/app/api/profile/import/route.ts
• No dedicated src/app/api/profile/import/route.test.ts exists in this repo.

Note: corepack pnpm install --frozen-lockfile installed dependencies, but the repo postinstall script failed under PowerShell because it invokes Unix-style pnpm/true commands. TypeScript validation was run directly after install.

[greptile-apps]

Greptile Summary

This PR removes debug console.log statements from profile update and resume import paths that were emitting raw PII — full profile bodies, validation payloads, wallet addresses, raw resume text, and parsed contact/location fields — to server logs.

• src/app/api/profile/route.ts: Four log statements dumping the full request body, validation result, and wallet addresses before/after the Supabase write are removed without any functional change.
• src/lib/resume-parser.ts: Raw resume text preview (both the 2 000-char console.log and the 1 500-char _debug.text_preview field) is removed; the OpenAI result log is narrowed to counts and a boolean name-presence flag.
• src/app/api/profile/import/route.ts: The post-parse log is converted to boolean presence indicators, and text_preview is dropped from the development-only debug response — resolving both findings from the previous review.

Confidence Score: 5/5

Safe to merge — all changes are pure log removals with no functional logic altered.

Every changed line is either deleting a console.log call or replacing a raw value with a boolean/count indicator. No business logic, auth flow, data persistence, or API contract is touched. The one minor gap (email/phone excluded from the has_contact boolean) affects only debug output accuracy and carries no runtime risk.

No files require special attention; the minor has_contact gap in import/route.ts is isolated to a debug log field.

Important Files Changed

Filename	Overview
src/app/api/profile/route.ts	Removed four console.log statements that dumped raw profile body, validation output, and wallet addresses — straightforward and safe
src/lib/resume-parser.ts	Removed raw text preview log and text_preview from the _debug payload; changed OpenAI log to boolean presence flags — previously flagged issues resolved
src/app/api/profile/import/route.ts	Log converted to boolean flags; text_preview removed from dev debug block; has_contact check omits email/phone making it misleadingly false for email-only resumes

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[PUT /api/profile] --> B[Parse request body]
    B --> C[Schema validation]
    C -->|Before PR| D1[log full body + wallet_addresses]
    C -->|After PR| D2[No log]
    D1 --> E[Supabase update]
    D2 --> E
    E -->|Before PR| F1[log saved wallet_addresses]
    E -->|After PR| F2[No log]

    G[POST /api/profile/import] --> H[parseResumeFile]
    H --> H1[Extract text from PDF/DOCX]
    H1 -->|Before PR| I1[log raw text 2000 chars]
    H1 -->|After PR| I2[No log]
    I1 --> J[parseWithOpenAI]
    I2 --> J
    J -->|Before PR| K1[log full_name, location, contact]
    J -->|After PR| K2[log counts + has_full_name boolean]
    K1 --> L[Return with text_preview 1500 chars in _debug]
    K2 --> M[Return — no text_preview]

Loading

_{Reviews (2): Last reviewed commit: "Finish redacting resume import debug dat..." | Re-trigger Greptile}