PR #1's F1 blocker was a (err as Error).message interpolated directly into a console.warn call inside a CI eval file (skills/panel-review/evals/precision.eval.ts:148), leaking raw Braintrust SDK error bodies (auth details, 429 payloads) to public GitHub Actions logs. The fix was straightforward but the pattern recurs naturally: any new script or eval file that adds a catch block will face the same temptation.
A lint rule — either an ESLint no-restricted-syntax entry or a lightweight grep check in the CI validate job — that flags .message interpolation inside console.warn/console.error (and console.log for completeness) under scripts/ and skills/*/evals/ would catch this class of bug before review.
Wire it into the existing npm run ci step so it runs on every PR alongside validate-skills and vitest.
Context: Origin in docs/build-logs/panel-review-pr-1.md (Retro #1). Canonical privacy rule in CLAUDE.md.
🤖 Filed by Claude Code from the panel-review PR #1 retro.
PR #1's F1 blocker was a
(err as Error).messageinterpolated directly into aconsole.warncall inside a CI eval file (skills/panel-review/evals/precision.eval.ts:148), leaking raw Braintrust SDK error bodies (auth details, 429 payloads) to public GitHub Actions logs. The fix was straightforward but the pattern recurs naturally: any new script or eval file that adds a catch block will face the same temptation.A lint rule — either an ESLint
no-restricted-syntaxentry or a lightweight grep check in the CIvalidatejob — that flags.messageinterpolation insideconsole.warn/console.error(andconsole.logfor completeness) underscripts/andskills/*/evals/would catch this class of bug before review.Wire it into the existing
npm run cistep so it runs on every PR alongsidevalidate-skillsandvitest.Context: Origin in
docs/build-logs/panel-review-pr-1.md(Retro #1). Canonical privacy rule inCLAUDE.md.🤖 Filed by Claude Code from the
panel-reviewPR #1 retro.