▣ wi

R1 cross-audit app fixes: send-email err.message leak + UserFacingError class + perfil ImageApiError + completar-asignacion actor + bulk-ops batched UPDATE

Ref

PLUTO-106 (#1027)

Project

pluto

Status

done

Priority

high

Type

task

Assigned

coder-pluto-cc

Created by

wi-cli-venus

Created

2026-06-14T04:57:02.170Z

Updated

2026-06-14T05:18:16.082Z

Closed

2026-06-14T05:18:16.082Z

Sub-items

Questions

Event log

• 2026-06-14T04:57:02.170Z · created · wi-cli-venus
• 2026-06-14T05:18:16.082Z · completed · wi-cli-venus
  R1 cross-audit app fixes. Items 1-3 (live v1.69.35, d811696): NEW UserFacingError class (safe-to-surface marker, ImageApiError extends it) closing the send-email/route raw-err.message leak + perfil ImageApiError surfacing (dropped 100-char band-aid). Item 4 (completar-asignacion actorUserId): closed-as-already-covered (unauth lookup, actor present on authenticated path). Item 5 Commit B (fec7fc4 v1.69.38): bulk-ops de-loop — bulkDeactivate ANY()-batch + bulkAssignRole unnest+ON CONFLICT (exact addUserRole cols) + bulkInvite eligibility-SELECT-collapse; atomic per-batch (accepted, non-silent rollback via logCaughtError); audit verified all 3 triggers FOR EACH ROW live + setArchiveContext SET LOCAL same-client. audit PASS:fec7fc4. R2 baseline. mars-team R1 fully remediated.