Skip to content

Add CI lint rule: ban raw error interpolation in console.warn/error under scripts/ and evals/ #2

Description

@mollyretter

PR #1's F1 blocker was a (err as Error).message interpolated directly into a console.warn call inside a CI eval file (skills/panel-review/evals/precision.eval.ts:148), leaking raw Braintrust SDK error bodies (auth details, 429 payloads) to public GitHub Actions logs. The fix was straightforward but the pattern recurs naturally: any new script or eval file that adds a catch block will face the same temptation.

A lint rule — either an ESLint no-restricted-syntax entry or a lightweight grep check in the CI validate job — that flags .message interpolation inside console.warn/console.error (and console.log for completeness) under scripts/ and skills/*/evals/ would catch this class of bug before review.

Wire it into the existing npm run ci step so it runs on every PR alongside validate-skills and vitest.

Context: Origin in docs/build-logs/panel-review-pr-1.md (Retro #1). Canonical privacy rule in CLAUDE.md.


🤖 Filed by Claude Code from the panel-review PR #1 retro.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions