Found in PR #80 (fix/71-remove-pii-logging)
Severity: Minor
backend/src/lib/__tests__/editResolutionLogging.test.ts attempts to isolate the handler function body before scanning for PII logging:
const handlerStart = src.indexOf("async function resolveEditHandler");
const handlerEnd = src.indexOf('"/:documentId/edits/:editId/accept"');
const handlerSrc =
handlerStart !== -1 && handlerEnd !== -1
? src.slice(handlerStart, handlerEnd)
: src;The actual function name in documents.ts is handleEditResolution, not resolveEditHandler. Because handlerStart === -1, the test always falls back to scanning the entire source file (handlerSrc = src).
The tests still pass and still catch PII logging anywhere in the file, but the stated isolation (limiting the scan to just the handler body) silently never executes. If PII logging is added elsewhere in documents.ts, these tests will catch it unexpectedly; if PII logging is added inside the handler, the false safety of "we check just the handler" is gone.
Fix:
const handlerStart = src.indexOf("async function handleEditResolution");
Found in PR #80 (fix/71-remove-pii-logging)
Severity: Minor
backend/src/lib/__tests__/editResolutionLogging.test.tsattempts to isolate the handler function body before scanning for PII logging:The actual function name in
documents.tsishandleEditResolution, notresolveEditHandler. BecausehandlerStart === -1, the test always falls back to scanning the entire source file (handlerSrc = src).The tests still pass and still catch PII logging anywhere in the file, but the stated isolation (limiting the scan to just the handler body) silently never executes. If PII logging is added elsewhere in
documents.ts, these tests will catch it unexpectedly; if PII logging is added inside the handler, the false safety of "we check just the handler" is gone.Fix: