Avoid leaking raw backend error messages and stack details in the app error boundary

[mikewheeleer]

Harden the error boundary to avoid leaking raw error details

Description

src/app/error.tsx renders error.message verbatim to the user and console.errors the full error. Backend ApiError messages thrown by src/lib/apiClient.ts can contain internal details, and unconditional console logging in production is noisy and potentially sensitive. This issue makes user-facing error display safe and the logging environment-aware.

Requirements and context

• Repository scope: StableRoute-Org/Stableroute-frontend only.
• Show a generic, friendly message to users while preserving the existing digest for support correlation; only render the raw error.message in non-production (process.env.NODE_ENV !== "production").
• Gate console.error to development, or route it through a single small logger so production output is controlled.
• Keep the existing reset() button, layout, and #main-content/focus:outline-none accessibility behaviour.
• Do not render error content via any HTML-injection sink.

Suggested execution

• Fork the repo and create a branch
• git checkout -b security/error-handling-22-safe-error-boundary
• Implement changes
  • Write code in: src/app/error.tsx.
  • Write comprehensive tests in: create src/app/error.test.tsx asserting prod vs dev message rendering.
  • Add documentation: note the error-display policy in README.md.
  • Add JSDoc to any logger helper.
  • Validate no sensitive detail is shown in production mode.
• Test and commit

Test and commit

• Run npm run lint, npm test, and npm run build.
• Cover edge cases: production mode (generic), dev mode (detailed), empty message, and digest present.
• Include the full npm test output in the PR description.

Example commit message

security: redact error-boundary details and gate logging by environment

Guidelines

• Minimum 95 percent test coverage for impacted modules.
• Clear, reviewer-focused documentation.
• Timeframe: 96 hours.

Community & contribution rewards

• 💬 Join the StableRoute community on Discord for questions, reviews, and faster merges: https://discord.gg/37aCpusvx
• ⭐ This is a GrantFox OSS / Official Campaign task and may be rewarded. When your PR is merged you'll be prompted to rate the project — if this issue and the maintainers helped you ship, we'd be grateful for a 5-star rating. Clear questions in Discord and tidy, well-tested PRs are the fastest path to a merge and a reward.

[jaynomyaro]

Hi! I’m a full-stack developer with a strong blockchain background. I’d love to handle this issue and can deliver a clean, reliable solution. Kindly assign it to me.

[Menjay7]

Hi! I came across this issue and would love to work on it. I have experience with similar tasks and I'm confident I can investigate, implement a clean solution, and thoroughly test it before submitting a PR. If the issue is still open, I would appreciate it if you could assign it to me. Thank you!