fix(sse): address review feedback - security and missing events

ComBba · ComBba · commit 86d39efd468f · 2026-02-10T00:35:47.000+09:00
Fixes based on Gemini and CodeRabbit reviews:

1. [CRITICAL] Add 'enrichment_error' to CRITICAL_EVENT_TYPES
   - Prevents error events from being silently dropped when buffer full

2. [SECURITY] Remove raw exception from SSE error messages (3 files)
   - Prevents leaking sensitive info (e.g., GitHub tokens in git clone errors)
   - Generic 'internal error' message sent to client, full error logged server-side

3. [BUG] Add missing complete event for empty docs case in rag_enrich.py
   - Previously SSE subscribers would remain stuck in 'in progress' state

4. [IMPROVE] code_analysis_enrich.py: reflect actual status in message
   - Message now shows 'complete', 'partial', or 'skipped' accurately
diff --git a/backend/app/graph/nodes/code_analysis_enrich.py b/backend/app/graph/nodes/code_analysis_enrich.py
@@ -107,7 +107,7 @@ async def code_analysis_enrich(
                     sommelier="code_analysis",
                     event_type="enrichment_complete",
                     progress_percent=100,
-                    message=f"Code analysis complete ({files_count} files)",
+                    message=f"Code analysis {status} ({files_count} files analyzed)",
                 ),
             )
 
@@ -138,7 +138,7 @@ async def code_analysis_enrich(
                     sommelier="code_analysis",
                     event_type="enrichment_error",
                     progress_percent=100,
-                    message=f"Code analysis failed: {e}",
+                    message="Code analysis failed due to an internal error.",
                 ),
             )
         return {
diff --git a/backend/app/graph/nodes/rag_enrich.py b/backend/app/graph/nodes/rag_enrich.py
@@ -164,6 +164,17 @@ async def rag_enrich(
     try:
         docs = _build_documents_from_context(repo_context)
         if not docs:
+            if evaluation_id:
+                event_channel.emit_sync(
+                    evaluation_id,
+                    create_sommelier_event(
+                        evaluation_id=evaluation_id,
+                        sommelier="rag",
+                        event_type="enrichment_complete",
+                        progress_percent=100,
+                        message="RAG enrichment complete (no documents)",
+                    ),
+                )
             return {
                 "rag_context": {"query": query, "chunks": [], "error": None},
             }
@@ -214,7 +225,7 @@ async def rag_enrich(
                     sommelier="rag",
                     event_type="enrichment_error",
                     progress_percent=100,
-                    message=f"RAG enrichment failed: {e}",
+                    message="RAG enrichment failed due to an internal error.",
                 ),
             )
         return {
diff --git a/backend/app/graph/nodes/web_search_enrich.py b/backend/app/graph/nodes/web_search_enrich.py
@@ -160,7 +160,7 @@ async def web_search_enrich(
                     sommelier="web_search",
                     event_type="enrichment_error",
                     progress_percent=100,
-                    message=f"Web search failed: {e}",
+                    message="Web search failed due to an internal error.",
                 ),
             )
         return {
diff --git a/backend/app/services/event_channel.py b/backend/app/services/event_channel.py
@@ -40,6 +40,7 @@
     "evaluation_complete",
     "evaluation_error",
     "technique_error",
+    "enrichment_error",
 }
 TRANSFER_LOOP_INTERVAL_SECONDS = 0.01
 TRANSFER_BATCH_SIZE = 10

Original file line number	Diff line number	Diff line change
`@@ -160,7 +160,7 @@ async def web_search_enrich(`
`160`	`160`	`sommelier="web_search",`
`161`	`161`	`event_type="enrichment_error",`
`162`	`162`	`progress_percent=100,`
`163`		`- message=f"Web search failed: {e}",`
	`163`	`+ message="Web search failed due to an internal error.",`
`164`	`164`	`),`
`165`	`165`	`)`
`166`	`166`	`return {`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@`
`40`	`40`	`"evaluation_complete",`
`41`	`41`	`"evaluation_error",`
`42`	`42`	`"technique_error",`
	`43`	`+ "enrichment_error",`
`43`	`44`	`}`
`44`	`45`	`TRANSFER_LOOP_INTERVAL_SECONDS = 0.01`
`45`	`46`	`TRANSFER_BATCH_SIZE = 10`