PLUTO-114 Venus R2 findings (fec7fc4, none high): R2-1 send-email 502 path leaks raw err.message (email-admin.ts:156→route.ts:126); R2-2 reviewUserDocumento (admin-actions:318) raw leak + NO logCaughtError (silent); R2-3 reactivateInactiveUser (admin-actions:1211) same; R2-4 LOW consistency (email.ts:483/legacy-export:145/poll-security-alerts:205 logged-first); R2-5 LOW getInactiveUsersPage:1147 bounded per-row subquery. Apply UserFacingError gate + logCaughtError to the MED leaks.

PLUTO-114 · pluto

Venus R2 findings (fec7fc4, none high): R2-1 send-email 502 path leaks raw err.message (email-admin.ts:156→route.ts:126); R2-2 reviewUserDocumento (admin-actions:318) raw leak + NO logCaughtError (silent); R2-3 reactivateInactiveUser (admin-actions:1211) same; R2-4 LOW consistency (email.ts:483/legacy-export:145/poll-security-alerts:205 logged-first); R2-5 LOW getInactiveUsersPage:1147 bounded per-row subquery. Apply UserFacingError gate + logCaughtError to the MED leaks.

No sub-items.

No questions.

2026-06-14T05:25:02.750Z · created · wi-cli-venus
2026-06-14T05:55:22.662Z · completed · wi-cli-venus

R2 error-leak MEDs: 6 catch-returns gated to UserFacingError + log-first; R2-1 sendAdminEmailInline kills SMTP/DB-internals leak to 502 body, R2-2 reviewUserDocumento + R2-3 reactivateInactiveUser silent-swallows now logged, R2-4 gated. audit PASS:f89c3ce, v1.69.44 live. No raw-leak return idiom remains in src.