fix: surface swallowed errors across storage and MCP layers (#18)

josephgoksu · web-flow · commit 3aa1197b4ebe · 2026-02-25T08:44:19.000Z
- task_store: log corrupt JSON instead of silently discarding (7 scan
  fields + 3 clarify session fields + 4 draft_state unmarshal sites)
- sqlite: replace blind _, _ migration pattern with column-existence
  checks so real ALTER TABLE errors get logged
- policy/audit: log corrupt input JSON in both scan methods
- mcp/handlers: log GetProjectRoot failures in explain and simplify
  handlers instead of silently using empty base path
diff --git a/internal/mcp/handlers.go b/internal/mcp/handlers.go
@@ -4,6 +4,7 @@ package mcp
 import (
 	"context"
 	"fmt"
+	"log/slog"
 	"os"
 	"path/filepath"
 	"strings"
@@ -153,7 +154,10 @@ func handleCodeExplain(ctx context.Context, repo *memory.Repository, params Code
 	}
 
 	// Get base path for source code fetching
-	basePath, _ := config.GetProjectRoot()
+	basePath, err := config.GetProjectRoot()
+	if err != nil {
+		slog.Debug("GetProjectRoot failed in explain handler", "error", err)
+	}
 
 	appCtx := app.NewContextForRole(repo, llm.RoleQuery)
 	appCtx.BasePath = basePath
@@ -267,7 +271,10 @@ func handleCodeSimplify(ctx context.Context, repo *memory.Repository, params Cod
 
 	// If file_path provided, read the file content
 	if filePath != "" && code == "" {
-		projectRoot, _ := config.GetProjectRoot()
+		projectRoot, err := config.GetProjectRoot()
+		if err != nil {
+			slog.Debug("GetProjectRoot failed in simplify handler", "error", err)
+		}
 
 		// Validate path to prevent traversal attacks
 		resolvedPath, err := validateAndResolvePath(filePath, projectRoot)
diff --git a/internal/memory/sqlite.go b/internal/memory/sqlite.go
@@ -4,6 +4,7 @@ import (
 	"database/sql"
 	"encoding/json"
 	"fmt"
+	"log/slog"
 	"os"
 	"path/filepath"
 	"strings"
@@ -57,17 +58,35 @@ func NewSQLiteStore(basePath string) (*SQLiteStore, error) {
 		return nil, fmt.Errorf("init schema: %w", err)
 	}
 
-	// Migrations - ignore errors for columns that already exist
-	_, _ = db.Exec(`ALTER TABLE tasks ADD COLUMN complexity TEXT DEFAULT 'medium'`)
-
-	// Interactive planning migrations (phases support)
-	_, _ = db.Exec(`ALTER TABLE plans ADD COLUMN draft_state TEXT`)
-	_, _ = db.Exec(`ALTER TABLE plans ADD COLUMN generation_mode TEXT DEFAULT 'batch'`)
-	_, _ = db.Exec(`ALTER TABLE tasks ADD COLUMN phase_id TEXT REFERENCES phases(id) ON DELETE SET NULL`)
+	// Migrations — add columns only if they don't already exist
+	migrateAddColumn(db, "tasks", "complexity", `ALTER TABLE tasks ADD COLUMN complexity TEXT DEFAULT 'medium'`)
+	migrateAddColumn(db, "plans", "draft_state", `ALTER TABLE plans ADD COLUMN draft_state TEXT`)
+	migrateAddColumn(db, "plans", "generation_mode", `ALTER TABLE plans ADD COLUMN generation_mode TEXT DEFAULT 'batch'`)
+	migrateAddColumn(db, "tasks", "phase_id", `ALTER TABLE tasks ADD COLUMN phase_id TEXT REFERENCES phases(id) ON DELETE SET NULL`)
 
 	return store, nil
 }
 
+// migrateAddColumn adds a column if it doesn't already exist.
+// Logs real errors instead of silently swallowing them.
+func migrateAddColumn(db *sql.DB, table, column, ddl string) {
+	var exists int
+	err := db.QueryRow(
+		`SELECT COUNT(*) FROM pragma_table_info(?) WHERE name = ?`,
+		table, column,
+	).Scan(&exists)
+	if err != nil {
+		slog.Warn("migration check failed", "table", table, "column", column, "error", err)
+		return
+	}
+	if exists > 0 {
+		return // already migrated
+	}
+	if _, err := db.Exec(ddl); err != nil {
+		slog.Warn("migration failed", "table", table, "column", column, "error", err)
+	}
+}
+
 // initSchema creates the database tables if they don't exist.
 func (s *SQLiteStore) initSchema() error {
 	schema := `
diff --git a/internal/memory/task_store.go b/internal/memory/task_store.go
@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"log"
+	"log/slog"
 	"strings"
 	"time"
 
@@ -156,9 +157,11 @@ func (s *SQLiteStore) CreatePlan(p *task.Plan) error {
 	// Serialize draft state if present
 	var draftStateJSON interface{}
 	if p.DraftState != nil {
-		if data, err := json.Marshal(p.DraftState); err == nil {
-			draftStateJSON = string(data)
+		data, err := json.Marshal(p.DraftState)
+		if err != nil {
+			return fmt.Errorf("marshal draft_state: %w", err)
 		}
+		draftStateJSON = string(data)
 	}
 
 	if _, err = tx.Exec(`
@@ -207,7 +210,9 @@ func (s *SQLiteStore) GetPlan(id string) (*task.Plan, error) {
 	}
 	if draftStateJSON.Valid && draftStateJSON.String != "" {
 		var draftState task.PlanDraftState
-		if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err == nil {
+		if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err != nil {
+			slog.Warn("corrupt draft_state JSON", "plan", p.ID, "error", err)
+		} else {
 			p.DraftState = &draftState
 		}
 	}
@@ -257,7 +262,9 @@ func (s *SQLiteStore) ListPlans() ([]task.Plan, error) {
 		}
 		if draftStateJSON.Valid && draftStateJSON.String != "" {
 			var draftState task.PlanDraftState
-			if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err == nil {
+			if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err != nil {
+				slog.Warn("corrupt draft_state JSON", "plan", p.ID, "error", err)
+			} else {
 				p.DraftState = &draftState
 			}
 		}
@@ -459,7 +466,9 @@ func (s *SQLiteStore) GetClarifySession(id string) (*task.ClarifySession, error)
 	session.CreatedAt, _ = time.Parse(time.RFC3339, createdAt)
 	session.UpdatedAt, _ = time.Parse(time.RFC3339, updatedAt)
 	if currentQuestionsJSON.Valid && currentQuestionsJSON.String != "" {
-		_ = json.Unmarshal([]byte(currentQuestionsJSON.String), &session.CurrentQuestions)
+		if err := json.Unmarshal([]byte(currentQuestionsJSON.String), &session.CurrentQuestions); err != nil {
+			slog.Warn("corrupt current_questions JSON", "session", session.ID, "error", err)
+		}
 	}
 
 	return &session, nil
@@ -571,10 +580,14 @@ func (s *SQLiteStore) ListClarifyTurns(sessionID string) ([]task.ClarifyTurn, er
 		turn.MaxRoundsReached = maxRoundsReachedInt == 1
 		turn.CreatedAt, _ = time.Parse(time.RFC3339, createdAt)
 		if questionsJSON.Valid && questionsJSON.String != "" {
-			_ = json.Unmarshal([]byte(questionsJSON.String), &turn.Questions)
+			if err := json.Unmarshal([]byte(questionsJSON.String), &turn.Questions); err != nil {
+				slog.Warn("corrupt questions JSON", "turn", turn.ID, "error", err)
+			}
 		}
 		if answersJSON.Valid && answersJSON.String != "" {
-			_ = json.Unmarshal([]byte(answersJSON.String), &turn.Answers)
+			if err := json.Unmarshal([]byte(answersJSON.String), &turn.Answers); err != nil {
+				slog.Warn("corrupt answers JSON", "turn", turn.ID, "error", err)
+			}
 		}
 		turns = append(turns, turn)
 	}
@@ -648,25 +661,39 @@ func scanTaskRow(row taskRowScanner) (task.Task, error) {
 	}
 
 	if acJSON.Valid && acJSON.String != "" {
-		_ = json.Unmarshal([]byte(acJSON.String), &t.AcceptanceCriteria)
+		if err := json.Unmarshal([]byte(acJSON.String), &t.AcceptanceCriteria); err != nil {
+			slog.Warn("corrupt acceptance_criteria JSON", "task", t.ID, "error", err)
+		}
 	}
 	if vsJSON.Valid && vsJSON.String != "" {
-		_ = json.Unmarshal([]byte(vsJSON.String), &t.ValidationSteps)
+		if err := json.Unmarshal([]byte(vsJSON.String), &t.ValidationSteps); err != nil {
+			slog.Warn("corrupt validation_steps JSON", "task", t.ID, "error", err)
+		}
 	}
 	if keywordsJSON.Valid && keywordsJSON.String != "" {
-		_ = json.Unmarshal([]byte(keywordsJSON.String), &t.Keywords)
+		if err := json.Unmarshal([]byte(keywordsJSON.String), &t.Keywords); err != nil {
+			slog.Warn("corrupt keywords JSON", "task", t.ID, "error", err)
+		}
 	}
 	if queriesJSON.Valid && queriesJSON.String != "" {
-		_ = json.Unmarshal([]byte(queriesJSON.String), &t.SuggestedAskQueries)
+		if err := json.Unmarshal([]byte(queriesJSON.String), &t.SuggestedAskQueries); err != nil {
+			slog.Warn("corrupt suggested_ask_queries JSON", "task", t.ID, "error", err)
+		}
 	}
 	if filesJSON.Valid && filesJSON.String != "" {
-		_ = json.Unmarshal([]byte(filesJSON.String), &t.FilesModified)
+		if err := json.Unmarshal([]byte(filesJSON.String), &t.FilesModified); err != nil {
+			slog.Warn("corrupt files_modified JSON", "task", t.ID, "error", err)
+		}
 	}
 	if expectedFilesJSON.Valid && expectedFilesJSON.String != "" {
-		_ = json.Unmarshal([]byte(expectedFilesJSON.String), &t.ExpectedFiles)
+		if err := json.Unmarshal([]byte(expectedFilesJSON.String), &t.ExpectedFiles); err != nil {
+			slog.Warn("corrupt expected_files JSON", "task", t.ID, "error", err)
+		}
 	}
 	if gitBaselineJSON.Valid && gitBaselineJSON.String != "" {
-		_ = json.Unmarshal([]byte(gitBaselineJSON.String), &t.GitBaseline)
+		if err := json.Unmarshal([]byte(gitBaselineJSON.String), &t.GitBaseline); err != nil {
+			slog.Warn("corrupt git_baseline JSON", "task", t.ID, "error", err)
+		}
 	}
 
 	return t, nil
@@ -1144,7 +1171,9 @@ func (s *SQLiteStore) SearchPlans(query string, status task.PlanStatus) ([]task.
 		}
 		if draftStateJSON.Valid && draftStateJSON.String != "" {
 			var draftState task.PlanDraftState
-			if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err == nil {
+			if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err != nil {
+				slog.Warn("corrupt draft_state JSON", "plan", p.ID, "error", err)
+			} else {
 				p.DraftState = &draftState
 			}
 		}
@@ -1190,7 +1219,9 @@ func (s *SQLiteStore) GetActivePlan() (*task.Plan, error) {
 	}
 	if draftStateJSON.Valid && draftStateJSON.String != "" {
 		var draftState task.PlanDraftState
-		if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err == nil {
+		if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err != nil {
+			slog.Warn("corrupt draft_state JSON", "plan", p.ID, "error", err)
+		} else {
 			p.DraftState = &draftState
 		}
 	}
diff --git a/internal/policy/audit.go b/internal/policy/audit.go
@@ -4,6 +4,7 @@ import (
 	"database/sql"
 	"encoding/json"
 	"fmt"
+	"log/slog"
 	"time"
 
 	"github.com/google/uuid"
@@ -202,7 +203,9 @@ func (s *AuditStore) scanDecision(row *sql.Row) (*PolicyDecision, error) {
 	d.Violations = ParseViolations(violationsJSON)
 	if inputJSON != "" && inputJSON != "{}" {
 		var input any
-		if err := json.Unmarshal([]byte(inputJSON), &input); err == nil {
+		if err := json.Unmarshal([]byte(inputJSON), &input); err != nil {
+			slog.Warn("corrupt policy decision input JSON", "id", d.DecisionID, "error", err)
+		} else {
 			d.Input = input
 		}
 	}
@@ -238,7 +241,9 @@ func (s *AuditStore) scanDecisionRows(rows *sql.Rows) (*PolicyDecision, error) {
 	d.Violations = ParseViolations(violationsJSON)
 	if inputJSON != "" && inputJSON != "{}" {
 		var input any
-		if err := json.Unmarshal([]byte(inputJSON), &input); err == nil {
+		if err := json.Unmarshal([]byte(inputJSON), &input); err != nil {
+			slog.Warn("corrupt policy decision input JSON", "id", d.DecisionID, "error", err)
+		} else {
 			d.Input = input
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ import (`
`6`	`6`	`"errors"`
`7`	`7`	`"fmt"`
`8`	`8`	`"log"`
	`9`	`+ "log/slog"`
`9`	`10`	`"strings"`
`10`	`11`	`"time"`
`11`	`12`
`@@ -156,9 +157,11 @@ func (s SQLiteStore) CreatePlan(p task.Plan) error {`
`156`	`157`	`// Serialize draft state if present`
`157`	`158`	`var draftStateJSON interface{}`
`158`	`159`	`if p.DraftState != nil {`
`159`		`- if data, err := json.Marshal(p.DraftState); err == nil {`
`160`		`- draftStateJSON = string(data)`
	`160`	`+ data, err := json.Marshal(p.DraftState)`
	`161`	`+ if err != nil {`
	`162`	`+ return fmt.Errorf("marshal draft_state: %w", err)`
`161`	`163`	`}`
	`164`	`+ draftStateJSON = string(data)`
`162`	`165`	`}`
`163`	`166`
`164`	`167`	if _, err = tx.Exec(`
`@@ -207,7 +210,9 @@ func (s SQLiteStore) GetPlan(id string) (task.Plan, error) {`
`207`	`210`	`}`
`208`	`211`	`if draftStateJSON.Valid && draftStateJSON.String != "" {`
`209`	`212`	`var draftState task.PlanDraftState`
`210`		`- if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err == nil {`
	`213`	`+ if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err != nil {`
	`214`	`+ slog.Warn("corrupt draft_state JSON", "plan", p.ID, "error", err)`
	`215`	`+ } else {`
`211`	`216`	`p.DraftState = &draftState`
`212`	`217`	`}`
`213`	`218`	`}`
`@@ -257,7 +262,9 @@ func (s *SQLiteStore) ListPlans() ([]task.Plan, error) {`
`257`	`262`	`}`
`258`	`263`	`if draftStateJSON.Valid && draftStateJSON.String != "" {`
`259`	`264`	`var draftState task.PlanDraftState`
`260`		`- if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err == nil {`
	`265`	`+ if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err != nil {`
	`266`	`+ slog.Warn("corrupt draft_state JSON", "plan", p.ID, "error", err)`
	`267`	`+ } else {`
`261`	`268`	`p.DraftState = &draftState`
`262`	`269`	`}`
`263`	`270`	`}`
`@@ -459,7 +466,9 @@ func (s SQLiteStore) GetClarifySession(id string) (task.ClarifySession, error)`
`459`	`466`	`session.CreatedAt, _ = time.Parse(time.RFC3339, createdAt)`
`460`	`467`	`session.UpdatedAt, _ = time.Parse(time.RFC3339, updatedAt)`
`461`	`468`	`if currentQuestionsJSON.Valid && currentQuestionsJSON.String != "" {`
`462`		`- _ = json.Unmarshal([]byte(currentQuestionsJSON.String), &session.CurrentQuestions)`
	`469`	`+ if err := json.Unmarshal([]byte(currentQuestionsJSON.String), &session.CurrentQuestions); err != nil {`
	`470`	`+ slog.Warn("corrupt current_questions JSON", "session", session.ID, "error", err)`
	`471`	`+ }`
`463`	`472`	`}`
`464`	`473`
`465`	`474`	`return &session, nil`
`@@ -571,10 +580,14 @@ func (s *SQLiteStore) ListClarifyTurns(sessionID string) ([]task.ClarifyTurn, er`
`571`	`580`	`turn.MaxRoundsReached = maxRoundsReachedInt == 1`
`572`	`581`	`turn.CreatedAt, _ = time.Parse(time.RFC3339, createdAt)`
`573`	`582`	`if questionsJSON.Valid && questionsJSON.String != "" {`
`574`		`- _ = json.Unmarshal([]byte(questionsJSON.String), &turn.Questions)`
	`583`	`+ if err := json.Unmarshal([]byte(questionsJSON.String), &turn.Questions); err != nil {`
	`584`	`+ slog.Warn("corrupt questions JSON", "turn", turn.ID, "error", err)`
	`585`	`+ }`
`575`	`586`	`}`
`576`	`587`	`if answersJSON.Valid && answersJSON.String != "" {`
`577`		`- _ = json.Unmarshal([]byte(answersJSON.String), &turn.Answers)`
	`588`	`+ if err := json.Unmarshal([]byte(answersJSON.String), &turn.Answers); err != nil {`
	`589`	`+ slog.Warn("corrupt answers JSON", "turn", turn.ID, "error", err)`
	`590`	`+ }`
`578`	`591`	`}`
`579`	`592`	`turns = append(turns, turn)`
`580`	`593`	`}`
`@@ -648,25 +661,39 @@ func scanTaskRow(row taskRowScanner) (task.Task, error) {`
`648`	`661`	`}`
`649`	`662`
`650`	`663`	`if acJSON.Valid && acJSON.String != "" {`
`651`		`- _ = json.Unmarshal([]byte(acJSON.String), &t.AcceptanceCriteria)`
	`664`	`+ if err := json.Unmarshal([]byte(acJSON.String), &t.AcceptanceCriteria); err != nil {`
	`665`	`+ slog.Warn("corrupt acceptance_criteria JSON", "task", t.ID, "error", err)`
	`666`	`+ }`
`652`	`667`	`}`
`653`	`668`	`if vsJSON.Valid && vsJSON.String != "" {`
`654`		`- _ = json.Unmarshal([]byte(vsJSON.String), &t.ValidationSteps)`
	`669`	`+ if err := json.Unmarshal([]byte(vsJSON.String), &t.ValidationSteps); err != nil {`
	`670`	`+ slog.Warn("corrupt validation_steps JSON", "task", t.ID, "error", err)`
	`671`	`+ }`
`655`	`672`	`}`
`656`	`673`	`if keywordsJSON.Valid && keywordsJSON.String != "" {`
`657`		`- _ = json.Unmarshal([]byte(keywordsJSON.String), &t.Keywords)`
	`674`	`+ if err := json.Unmarshal([]byte(keywordsJSON.String), &t.Keywords); err != nil {`
	`675`	`+ slog.Warn("corrupt keywords JSON", "task", t.ID, "error", err)`
	`676`	`+ }`
`658`	`677`	`}`
`659`	`678`	`if queriesJSON.Valid && queriesJSON.String != "" {`
`660`		`- _ = json.Unmarshal([]byte(queriesJSON.String), &t.SuggestedAskQueries)`
	`679`	`+ if err := json.Unmarshal([]byte(queriesJSON.String), &t.SuggestedAskQueries); err != nil {`
	`680`	`+ slog.Warn("corrupt suggested_ask_queries JSON", "task", t.ID, "error", err)`
	`681`	`+ }`
`661`	`682`	`}`
`662`	`683`	`if filesJSON.Valid && filesJSON.String != "" {`
`663`		`- _ = json.Unmarshal([]byte(filesJSON.String), &t.FilesModified)`
	`684`	`+ if err := json.Unmarshal([]byte(filesJSON.String), &t.FilesModified); err != nil {`
	`685`	`+ slog.Warn("corrupt files_modified JSON", "task", t.ID, "error", err)`
	`686`	`+ }`
`664`	`687`	`}`
`665`	`688`	`if expectedFilesJSON.Valid && expectedFilesJSON.String != "" {`
`666`		`- _ = json.Unmarshal([]byte(expectedFilesJSON.String), &t.ExpectedFiles)`
	`689`	`+ if err := json.Unmarshal([]byte(expectedFilesJSON.String), &t.ExpectedFiles); err != nil {`
	`690`	`+ slog.Warn("corrupt expected_files JSON", "task", t.ID, "error", err)`
	`691`	`+ }`
`667`	`692`	`}`
`668`	`693`	`if gitBaselineJSON.Valid && gitBaselineJSON.String != "" {`
`669`		`- _ = json.Unmarshal([]byte(gitBaselineJSON.String), &t.GitBaseline)`
	`694`	`+ if err := json.Unmarshal([]byte(gitBaselineJSON.String), &t.GitBaseline); err != nil {`
	`695`	`+ slog.Warn("corrupt git_baseline JSON", "task", t.ID, "error", err)`
	`696`	`+ }`
`670`	`697`	`}`
`671`	`698`
`672`	`699`	`return t, nil`
`@@ -1144,7 +1171,9 @@ func (s *SQLiteStore) SearchPlans(query string, status task.PlanStatus) ([]task.`
`1144`	`1171`	`}`
`1145`	`1172`	`if draftStateJSON.Valid && draftStateJSON.String != "" {`
`1146`	`1173`	`var draftState task.PlanDraftState`
`1147`		`- if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err == nil {`
	`1174`	`+ if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err != nil {`
	`1175`	`+ slog.Warn("corrupt draft_state JSON", "plan", p.ID, "error", err)`
	`1176`	`+ } else {`
`1148`	`1177`	`p.DraftState = &draftState`
`1149`	`1178`	`}`
`1150`	`1179`	`}`
`@@ -1190,7 +1219,9 @@ func (s SQLiteStore) GetActivePlan() (task.Plan, error) {`
`1190`	`1219`	`}`
`1191`	`1220`	`if draftStateJSON.Valid && draftStateJSON.String != "" {`
`1192`	`1221`	`var draftState task.PlanDraftState`
`1193`		`- if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err == nil {`
	`1222`	`+ if err := json.Unmarshal([]byte(draftStateJSON.String), &draftState); err != nil {`
	`1223`	`+ slog.Warn("corrupt draft_state JSON", "plan", p.ID, "error", err)`
	`1224`	`+ } else {`
`1194`	`1225`	`p.DraftState = &draftState`
`1195`	`1226`	`}`
`1196`	`1227`	`}`