From 159817185d16f60c5f8c9b21efb31c98f5dfc63a Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Sun, 28 Jun 2026 23:31:27 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[MEDIUM]=20?=
 =?UTF-8?q?Fix=20stack=20trace=20leakage=20in=20upstream=20telemetry?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Conditionally strips `error.stack` based on `process.env.NODE_ENV !== 'production'` in `vessel/src/app/api/raven-chat/enrichmentPhase.ts` and `vessel/src/app/api/raven-chat/upstreamContext.ts`.
- Prevents potential information disclosure of internal file paths and structures in production.
---
 vessel/src/app/api/raven-chat/enrichmentPhase.ts | 2 +-
 vessel/src/app/api/raven-chat/upstreamContext.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/vessel/src/app/api/raven-chat/enrichmentPhase.ts b/vessel/src/app/api/raven-chat/enrichmentPhase.ts
index c4ce7fa34..756f0e732 100644
--- a/vessel/src/app/api/raven-chat/enrichmentPhase.ts
+++ b/vessel/src/app/api/raven-chat/enrichmentPhase.ts
@@ -39,7 +39,7 @@ function describeEnrichmentError(error: unknown): Record<string, unknown> {
     record.status = error.status;
     record.retryAfterMs = error.retryAfterMs;
   }
-  if (error instanceof Error && error.stack) {
+  if (error instanceof Error && error.stack && process.env.NODE_ENV !== 'production') {
     record.stackTop = error.stack.split('\n').slice(0, 4).join('\n');
   }
   return record;
diff --git a/vessel/src/app/api/raven-chat/upstreamContext.ts b/vessel/src/app/api/raven-chat/upstreamContext.ts
index abfabd46c..5df5f73dc 100644
--- a/vessel/src/app/api/raven-chat/upstreamContext.ts
+++ b/vessel/src/app/api/raven-chat/upstreamContext.ts
@@ -109,7 +109,7 @@ function describeUpstreamFetchError(error: unknown): Record<string, unknown> {
     if (maybeStatus.status !== undefined) record.status = maybeStatus.status;
     if (maybeStatus.retryAfterMs !== undefined) record.retryAfterMs = maybeStatus.retryAfterMs;
   }
-  if (error instanceof Error && error.stack) {
+  if (error instanceof Error && error.stack && process.env.NODE_ENV !== 'production') {
     record.stackTop = error.stack.split('\n').slice(0, 4).join('\n');
   }
   return record;