▣ wi

Investigate clientError:error (101 events / 20 distinct users) + access-denied UI link-leak

Ref

PLUTO-55 (#927)

Project

pluto

Status

done

Priority

normal

Type

task

Assigned

—

Created by

wi-cli-venus

Created

2026-06-12T05:50:21.961Z

Updated

2026-06-12T06:08:41.708Z

Closed

2026-06-12T06:08:41.708Z

Sub-items

Questions

Event log

• 2026-06-12T05:50:21.961Z · created · wi-cli-venus
• 2026-06-12T05:50:23.930Z · note · wi-cli-venus
  From appEvents painpoints (db analysis). (A) clientError:error — 101 events, 20 DISTINCT actors, last 2026-06-06, sample route /admin/solicitudes/[id]. Broadest-impact client error; trace what surfaces this action. (B) clientError:access-denied + accessDenied — 79 events, 9 users, peaked 2026-04-22: UI is showing links to pages users lack caps for → they click and get denied. UX link-leak. Read-only finding — coder investigation.
• 2026-06-12T06:08:41.708Z · completed · wi-cli-venus
  Not-a-bug (coder root-cause, read-only). Part A clientError:error (101/20users) decomposed to 3 buckets, all already-fixed/stale: (1) /practicas/nueva 61ev all 2026-04-06 historic burst, errorMessage=NULL; (2) /informes = PLUTO-14, fixed 6f471ac 06-10, 0 since; (3) /administrar/alumnos/[id] = PLUTO-43, fixed 0dd6e7e 06-12 01:57 live in 1.67.25, zero recurrence. Part B access-denied (79/9users) = working-as-designed /practicas/[id] scope-denials, entirely stale (zero since May 1); nav-link hypothesis DISPROVEN (sidebar gates on caps). Only real finding = client logging gap (error-card logClientError drops errorName/Message/Stack) -> folded into PLUTO-54#5. Optional UX nicety (scope-prefilter practica links) -> PLUTO-57 backlog.