audit: Error handling and logging practices

[Snider]

Audit: Error Handling & Logging

Review error handling patterns and logging practices.

Error Handling

1. Exception Handling

   • Are exceptions caught appropriately?
   • Generic catches hiding bugs?
   • Error information leakage?

2. Error Recovery

   • Graceful degradation?
   • Retry logic with backoff?
   • Circuit breaker patterns?

3. User-Facing Errors

   • Helpful without exposing internals?
   • Consistent error format?
   • Localization support?

4. API Errors

   • Standard error response format?
   • Appropriate HTTP status codes?
   • Error codes for clients?

Logging

1. What is Logged

   • Security events (auth, access)?
   • Errors with context?
   • Performance metrics?

2. What Should NOT be Logged

   • Passwords/tokens
   • PII without consent
   • Full credit card numbers

3. Log Quality

   • Structured logging (JSON)?
   • Correlation IDs?
   • Log levels used correctly?

4. Log Security

   • Injection-safe?
   • Tamper-evident?
   • Retention policy?

Output

Save to AUDIT-ERROR-HANDLING.md

[google-labs-jules]

Jules is on it. When finished, you will see another comment and be able to review a PR.

[google-labs-jules]

Ready for a review! A PR has been created.