Sanitize health diagnostic errors to avoid exception detail exposure

[Copilot]

The health endpoints were surfacing raw exception text through runtime diagnostics, which exposed internal paths and environment details. This change limits those responses to stable diagnostic error codes while preserving useful health state.

• Health diagnostics redaction

  • Normalize runtime diagnostic failures to safe error codes instead of returning exception strings.
  • Apply the sanitization path across memory, CPU, GPU, and queue-related health diagnostics.
  • Preserve warning/availability semantics so failures remain visible without leaking internals.

• Failure-path cleanup

  • Treat memory snapshot read failures as explicit diagnostic warnings rather than passing through raw error payloads.
  • Normalize known safe codes consistently, including mixed-case and whitespace-variant inputs.

• Regression coverage

  • Add focused tests for sanitized diagnostic payloads to ensure exception text is not exposed from health responses.
  • Cover both exception objects and string-based diagnostic errors.

def _sanitize_diagnostic_error(raw_error: Any, fallback: str) -> Optional[str]:
    if raw_error is None:
        return None
    if isinstance(raw_error, str):
        normalized = raw_error.strip().lower()
        if normalized in _SAFE_DIAGNOSTIC_ERROR_CODES:
            return normalized
    return fallback

Summary by Sourcery

Sanitize health diagnostic error reporting to avoid exposing raw exception details while preserving health state semantics.

Bug Fixes:

• Redact raw exception messages from memory, CPU, and GPU health diagnostics, replacing them with stable error codes.
• Treat memory snapshot read failures as explicit warning payloads instead of leaking underlying error content.

Enhancements:

• Introduce a shared helper and whitelist of safe diagnostic error codes for normalizing health diagnostic failures.

Tests:

• Add regression tests to verify that health diagnostic payloads only expose safe error codes and no internal exception or path details.

[sourcery-ai]

Reviewer's Guide

Introduces a centralized sanitization helper for health diagnostics so CPU, GPU, and memory health endpoints emit stable, whitelisted error codes instead of raw exception strings, and adds tests to lock in the new behavior.

Sequence diagram for health diagnostics using sanitized error codes

sequenceDiagram
    actor Client
    participant HealthEndpoint
    participant CpuSnapshot as _cpu_snapshot
    participant GpuSnapshot as _gpu_snapshot
    participant MemorySnapshot as _memory_snapshot
    participant Sanitize as _sanitize_diagnostic_error

    Client->>HealthEndpoint: GET /health

    HealthEndpoint->>CpuSnapshot: _cpu_snapshot()
    CpuSnapshot->>Sanitize: _sanitize_diagnostic_error(exc, cpu_load_unavailable)
    Sanitize-->>CpuSnapshot: error_code or cpu_load_unavailable
    CpuSnapshot-->>HealthEndpoint: CPU payload with error code

    HealthEndpoint->>GpuSnapshot: _gpu_snapshot()
    GpuSnapshot->>Sanitize: _sanitize_diagnostic_error(gpu_runtime.error, gpu_runtime_unavailable)
    Sanitize-->>GpuSnapshot: error_code or gpu_runtime_unavailable
    GpuSnapshot-->>HealthEndpoint: GPU payload with error code

    HealthEndpoint->>MemorySnapshot: _memory_snapshot()
    MemorySnapshot->>Sanitize: _sanitize_diagnostic_error(exc or snapshot.error, memory_snapshot_unavailable)
    Sanitize-->>MemorySnapshot: error_code or memory_snapshot_unavailable
    MemorySnapshot-->>HealthEndpoint: memory payload with warning and error code

    HealthEndpoint-->>Client: Aggregated health response with only whitelisted error codes

Loading

File-Level Changes

Change	Details	Files
Centralize and apply diagnostic error sanitization across memory, CPU, and GPU health snapshots.	Define a _SAFE_DIAGNOSTIC_ERROR_CODES set of allowed diagnostic error codes. Introduce _sanitize_diagnostic_error to normalize string errors (trim + lowercase) and return only whitelisted codes or a provided fallback. Use _sanitize_diagnostic_error when handling exceptions in _linux_memory_snapshot, _windows_memory_snapshot, and CPU load acquisition to avoid returning raw exception text. Refactor _cpu_snapshot to track an error_code instead of free-form error_message and emit only sanitized error codes. Update _gpu_snapshot to derive a sanitized GPU error code from get_gpu_runtime_info() and default unavailable responses to a safe GPU error code.	backend/main.py
Adjust memory snapshot health semantics so failures become explicit warning payloads with sanitized error codes.	Treat missing or error-bearing memory snapshots as a warning payload with available=False, state='warning', and a stable Korean note message. Attach a sanitized error field to the memory warning payload when an underlying snapshot error exists, defaulting to memory_snapshot_unavailable. Ensure both Linux and Windows memory snapshot failure paths feed into the unified warning payload instead of returning raw error structures.	backend/main.py
Add regression tests to ensure health diagnostics never expose raw exception details and only emit whitelisted error codes.	Add test_health_diagnostics_sanitization.py that dynamically loads selected functions from backend/main.py via AST to avoid import-time side effects. Test _sanitize_diagnostic_error behavior for exception objects, safe string codes (including case and whitespace variants), and None inputs. Verify _memory_snapshot converts underlying snapshot errors into warning payloads with the memory_snapshot_unavailable code and no path leakage. Verify _cpu_snapshot and _gpu_snapshot emit only safe error codes (cpu_load_unavailable, gpu_runtime_unavailable) and do not include underlying file/device paths in the error strings.	tests/test_health_diagnostics_sanitization.py

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[parkcheolhong]

부조종사님 수고했어~

[sourcery-ai]

Hey - I've left some high level feedback:

• SAFE_DIAGNOSTIC_ERROR_CODES is duplicated in the tests rather than imported from the module, which risks drift if new codes are added or existing ones are renamed; consider exposing and importing the constant instead of redefining it.
• _memory_snapshot currently re-sanitizes the error field from the platform-specific snapshot helpers even though those helpers already call _sanitize_diagnostic_error, which is harmless but introduces some redundant work and could be simplified by assuming the helpers always return a safe error code.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- SAFE_DIAGNOSTIC_ERROR_CODES is duplicated in the tests rather than imported from the module, which risks drift if new codes are added or existing ones are renamed; consider exposing and importing the constant instead of redefining it.
- _memory_snapshot currently re-sanitizes the error field from the platform-specific snapshot helpers even though those helpers already call _sanitize_diagnostic_error, which is harmless but introduces some redundant work and could be simplified by assuming the helpers always return a safe error code.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[parkcheolhong]

감사합니다.

[Copilot]

Pull request overview

Redacts runtime health diagnostic error details so health endpoints return stable, non-sensitive error codes (instead of raw exception strings that can leak internal paths/environment details).

Changes:

• Add _sanitize_diagnostic_error + _SAFE_DIAGNOSTIC_ERROR_CODES to normalize/whitelist diagnostic error outputs.
• Apply sanitization to memory snapshot exception handling and CPU/GPU health snapshots.
• Add regression tests ensuring health diagnostic payloads only expose safe error codes (and not exception/path strings).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
backend/main.py	Introduces a safe error-code sanitizer and applies it to memory/CPU/GPU health diagnostics to prevent exception detail exposure.
tests/test_health_diagnostics_sanitization.py	Adds tests that validate diagnostic error redaction behavior for exception objects and string-based errors.