Skip to content

fix: remove PII console.log from edit-resolution handler#80

Open
bmersereau wants to merge 5 commits into
willchen96:mainfrom
bmersereau:fix/71-remove-pii-logging
Open

fix: remove PII console.log from edit-resolution handler#80
bmersereau wants to merge 5 commits into
willchen96:mainfrom
bmersereau:fix/71-remove-pii-logging

Conversation

@bmersereau
Copy link
Copy Markdown

@bmersereau bmersereau commented May 13, 2026
edited
Loading

Summary

  • Removed all console.log calls from the handleEditResolution handler that emitted userId, documentId, editId, and internal state at INFO level
  • These were written during development; in production they link user identities to legal document activity in any log aggregator, conflicting with data minimization under GDPR
  • console.error calls in other handlers (storage, conversion) are untouched — those are genuine failure signals
  • Also excludes src/**/__tests__/** from TypeScript compilation so test-only ESM syntax doesn't break the build
  • Restores error handling for both document_edits UPDATE calls that were silently swallowed after log removal
  • Fixes test isolation (was searching for wrong function name resolveEditHandler, now correctly targets handleEditResolution)

Closes #71
Closes #86
Closes #94

Changes

  • backend/src/routes/documents.ts — all console.log statements removed from handleEditResolution; DB error handling restored for both UPDATE calls
  • backend/tsconfig.json — test directories excluded from tsc include
  • backend/src/lib/__tests__/editResolutionLogging.test.ts — 3 static-analysis tests verifying no PII in handler source; function name corrected

Test plan

  • Static analysis tests: no console.log with userId/editId/documentId in handler
  • Build and typecheck pass

@bmersereau bmersereau mentioned this pull request May 13, 2026
Open
@bmersereau bmersereau mentioned this pull request May 13, 2026
Open
amal66 added a commit to amal66/mike that referenced this pull request May 25, 2026
@amal66
fix(chapter-06): remove console logs and avoid PII in logs
91f9548 
Chapter: 06 - Privacy-aware logging.

Plain-English map:
Replace ad hoc console logging with structured logger calls and remove log
lines that exposed user/document activity identifiers.

Why it matters:
Legal-document activity is sensitive. Logs often flow to third-party systems,
so they should contain only what is useful for debugging and operations.

Principle:
Minimize sensitive data. Treat logs as production data, not scratch paper.

Precedent borrowed:
Upstream PR willchen96#80 and GDPR-style data-minimization practice.

Upstream base: willchen96/mike@d39f580.
Original local commit: 9398be6.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

1 participant

@bmersereau