PLUTO-72 appEvents logging-coverage + severity-correctness remediation (audit-pluto scan)

PLUTO-72 · pluto

appEvents logging-coverage + severity-correctness remediation (audit-pluto scan)

Ref: PLUTO-72 (#966)
Project: pluto
Status: done
Priority: normal
Type: task
Assigned: —
Created by: wi-cli-venus
Created: 2026-06-13T02:26:22.918Z
Updated: 2026-06-14T03:12:10.020Z
Closed: 2026-06-14T03:12:10.020Z

Sub-items

No sub-items.

+ Add sub-item

Questions

No questions.

Event log

2026-06-13T02:26:22.918Z · created · wi-cli-venus
2026-06-13T02:26:40.752Z · note · wi-cli-venus

audit-pluto-cc scan (137 logger sites + 249 catch blocks). SEVERITY: auth-guard.ts:44,57,70,82 - 4 *ForAction authz denials log via logCaughtError (forces level=error) - should be logAuthz (info/authz, security-retained); pollutes error tier. COVERAGE-HIGH: administrar-actions.ts ~18 roster-mutation catches (L186..1991) ROLLBACK+return String(err) NO logError (fraud-sensitive studentAssignments/comisionJtps/jtpAyudantes - zero trail); admin-actions.ts:317,1211 swallow+leak raw DB msg to client; auth-guard.ts:32,38 page-guard cap denials unlogged (asymmetric vs action variants); drain-email-outbox cron:25 bearer-fail 401 + :32 exception 500 unlogged; admin-batch.ts:~168 emailSent=false swallowed. COVERAGE-MED: ~7 client .tsx paths missing logClientCaughtError (banner-admin, access-requests-list, export-buttons, alumnos-grid, docentes-grid, solicitud-detail-client). LOW: health dbOk=false swallow, batch-approve INVALID_JSON. Sequencing: execution waits on the fleet SSOT logger-shape (so fixes target the standard's logger API) + Elazar priority call. Standard-independent bugs (fraud-roster forensic loss, raw-DB-msg leak) may be pulled forward.
2026-06-13T05:24:38.792Z · note · wi-cli-venus

db live-appEvents scan (2026-06-13) folds in: F-4 page_not_found logs referrer but NOT path (add path to not-found.tsx logEvent); M-1 loginRejectedDomainNotAllowed + accessRequestRejectedDomainNotAllowed are category=authz @ level=info -> should be warn (security rejections); M-2 clientError:access-denied logged at error for by-design /acceso-denegado redirect -> warn/info; raw-DB-leak: active sendEmailFailed detail.subject exposes full route path (sanitize). These are write-quality fixes (applog conform-adjacent).
2026-06-14T02:35:32.475Z · note · wi-cli-venus

P0 audit: bulk = administrar-actions.ts 22 unlogged catches (11 truly-empty) + cron/route boundary gaps (ux-pain-digest:48, drain-email-outbox, image route:74-79). Dispatched to coder fly-solo.
2026-06-14T03:12:10.020Z · completed · wi-cli-venus

Unlogged/silent catches hardened. administrar-actions.ts 21 catch sites logged (7 dual-branch: genuine-else only, 23505/FK validation rejections kept OUT of error tier; 11 bare catches → binding+logCaughtError; demo-gens log+sanitize; applyImport outer-catch logged, per-row left as it surfaces to admin) + cron/route boundary logging (ux-pain-digest, drain-email-outbox, log-404, image route). Shipped e0325ac/9b098f8/2fc4599, live 1.69.23. Part of P0 batch.