fix(webapp): stop writer DB connectivity errors leaking to trigger() API clients

[d-cs]

Summary

During trigger() worker-queue resolution, getWorkerQueue wrapped any error from getDefaultWorkerGroupForProject into a client-facing ServiceValidationError (HTTP 422) carrying error.message. That method runs project.findFirst on the writer; when the writer is unreachable Prisma throws a connection error (P1001) whose message includes the database host, and that raw message was returned to the API client and surfaced in the run view via the SDK's TriggerApiError.

It also mis-classifies a transient outage: a 422 is not retried by the SDK, so triggers failed permanently instead of riding out a brief writer blip.

Design

This is the only place on the trigger path that folds a caught error's message into a client-facing error — every other DB failure on the path propagates to the route's generic 500 handler (scrubbed, and retried by the SDK). So the fix is local:

• Add isInfrastructureError() — true for Prisma connection-level failures (the DB-unreachable family: P1001/P1002/P1008/P1017, plus the init/panic/unknown client error classes), false for query/validation errors (e.g. P2002).
• At the wrap site, rethrow infrastructure errors so they reach the generic 500 handler (no raw message, and retryable). Genuine domain failures (e.g. "Project not found.") still become a 422.

Only P1001 ("can't reach database server") has been observed in practice; the rest of the connection family is included as same-class forward-proofing.

Test plan

• Unit: isInfrastructureError classifies a P1001 (incl. the Prisma 6.x PrismaClientKnownRequestError shape) and init errors as infrastructure; P2002 and a plain Error as not
• getWorkerQueue rethrows a P1001 unchanged instead of wrapping it in a ServiceValidationError; still wraps a domain failure as a ServiceValidationError — RED on current code, GREEN after
• (optional) toxiproxy e2e: trigger with the writer cut → HTTP 500 generic body, no DB host in the response

[changeset-bot]

⚠️ No Changeset found

Latest commit: 269af87

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 3f85f8e9-a248-4d64-950f-0d504eb8029f

📥 Commits

Reviewing files that changed from the base of the PR and between 1b0f2c7 and 57604d8.

📒 Files selected for processing (5)

• .server-changes/trigger-worker-queue-db-error-leak.md
• apps/webapp/app/runEngine/concerns/queues.server.ts
• apps/webapp/app/utils/prismaErrors.ts
• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (13)

• GitHub Check: webapp / 🧪 Unit Tests: Webapp (1, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (9, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (8, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (3, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (5, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (10, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (2, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (7, 10)
• GitHub Check: e2e-webapp / 🧪 E2E Tests: Webapp
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (4, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (6, 10)
• GitHub Check: typecheck / typecheck
• GitHub Check: Analyze (javascript-typescript)

🧰 Additional context used

📓 Path-based instructions (11)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{ts,tsx}: Use types over interfaces for TypeScript
Avoid using enums; prefer string unions or const objects instead

Import from @trigger.dev/sdk when writing Trigger.dev tasks. Never use @trigger.dev/sdk/v3 or deprecated client.defineJob

Files:

• apps/webapp/app/runEngine/concerns/queues.server.ts
• apps/webapp/app/utils/prismaErrors.ts
• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

{packages/core,apps/webapp}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use zod for validation in packages/core and apps/webapp

Files:

• apps/webapp/app/runEngine/concerns/queues.server.ts
• apps/webapp/app/utils/prismaErrors.ts
• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use function declarations instead of default exports

**/*.{ts,tsx,js,jsx}: Prefer static imports over dynamic imports. Only use dynamic import() when circular dependencies cannot be resolved, code splitting is needed for performance, or the module must be loaded conditionally at runtime
Import subpaths only from packages/core (@trigger.dev/core), never import from the root

Files:

• apps/webapp/app/runEngine/concerns/queues.server.ts
• apps/webapp/app/utils/prismaErrors.ts
• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/otel-metrics.mdc)

**/*.ts: When creating or editing OTEL metrics (counters, histograms, gauges), ensure metric attributes have low cardinality by using only enums, booleans, bounded error codes, or bounded shard IDs
Do not use high-cardinality attributes in OTEL metrics such as UUIDs/IDs (envId, userId, runId, projectId, organizationId), unbounded integers (itemCount, batchSize, retryCount), timestamps (createdAt, startTime), or free-form strings (errorMessage, taskName, queueName)
When exporting OTEL metrics via OTLP to Prometheus, be aware that the exporter automatically adds unit suffixes to metric names (e.g., 'my_duration_ms' becomes 'my_duration_ms_milliseconds', 'my_counter' becomes 'my_counter_total'). Account for these transformations when writing Grafana dashboards or Prometheus queries

Files:

• apps/webapp/app/runEngine/concerns/queues.server.ts
• apps/webapp/app/utils/prismaErrors.ts
• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

apps/webapp/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/webapp.mdc)

apps/webapp/**/*.{ts,tsx}: Access environment variables through the env export of env.server.ts instead of directly accessing process.env
Use subpath exports from @trigger.dev/core package instead of importing from the root @trigger.dev/core path

Use named constants for sentinel/placeholder values (e.g. const UNSET_VALUE = '__unset__') instead of raw string literals scattered across comparisons

Files:

• apps/webapp/app/runEngine/concerns/queues.server.ts
• apps/webapp/app/utils/prismaErrors.ts
• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

apps/webapp/**/*.server.ts

📄 CodeRabbit inference engine (apps/webapp/CLAUDE.md)

apps/webapp/**/*.server.ts: Never use request.signal for detecting client disconnects. Use getRequestAbortSignal() from app/services/httpAsyncStorage.server.ts instead, which is wired directly to Express res.on('close') and fires reliably
Access environment variables via env export from app/env.server.ts. Never use process.env directly
Always use findFirst instead of findUnique in Prisma queries. findUnique has an implicit DataLoader that batches concurrent calls and has active bugs even in Prisma 6.x (uppercase UUIDs returning null, composite key SQL correctness issues, 5-10x worse performance). findFirst is never batched and avoids this entire class of issues

Files:

• apps/webapp/app/runEngine/concerns/queues.server.ts

**/*.{js,ts,tsx,jsx,css,json,md}

📄 CodeRabbit inference engine (AGENTS.md)

Use Prettier for code formatting and run pnpm run format before committing

Files:

• apps/webapp/app/runEngine/concerns/queues.server.ts
• apps/webapp/app/utils/prismaErrors.ts
• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

**/*.{test,spec}.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use vitest for all tests in the Trigger.dev repository

Files:

• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

apps/webapp/**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/webapp.mdc)

Do not import env.server.ts directly or indirectly into test files; instead pass environment-dependent values through options/parameters to make code testable

For testable code, never import env.server.ts in test files. Pass configuration as options instead (e.g., realtimeClient.server.ts takes config as constructor arg, realtimeClientGlobal.server.ts creates singleton with env config)

Files:

• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.test.{ts,tsx}: Never mock anything in tests - use testcontainers instead
Test files should be placed next to source files (e.g., MyService.ts -> MyService.test.ts)

Files:

• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

**/*.test.{js,ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.test.{js,ts,tsx}: Test files should live beside the files under test and use descriptive describe and it blocks
Use vitest for unit testing
Tests should avoid mocks or stubs and use helpers from @internal/testcontainers when Redis or Postgres are needed

Files:

• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

🧠 Learnings (11)

📚 Learning: 2026-05-14T14:54:39.095Z

Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3545
File: .server-changes/agent-view-sessions.md:10-10
Timestamp: 2026-05-14T14:54:39.095Z
Learning: In the `trigger.dev` repository, do not flag inconsistent dot vs slash notation in route/path strings inside `.server-changes/*.md` files. These markdown files are consumed verbatim into the changelog, so the mixed notation (e.g., `resources.orgs.../runs.$runParam/...`) is intentional and should be preserved as-is.

Applied to files:

• .server-changes/trigger-worker-queue-db-error-leak.md

📚 Learning: 2026-03-22T13:26:12.060Z

Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3244
File: apps/webapp/app/components/code/TextEditor.tsx:81-86
Timestamp: 2026-03-22T13:26:12.060Z
Learning: In the triggerdotdev/trigger.dev codebase, do not flag `navigator.clipboard.writeText(...)` calls for `missing-await`/`unhandled-promise` issues. These clipboard writes are intentionally invoked without `await` and without `catch` handlers across the project; keep that behavior consistent when reviewing TypeScript/TSX files (e.g., usages like in `apps/webapp/app/components/code/TextEditor.tsx`).

Applied to files:

• apps/webapp/app/runEngine/concerns/queues.server.ts
• apps/webapp/app/utils/prismaErrors.ts
• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

📚 Learning: 2026-03-22T19:24:14.403Z

Learnt from: matt-aitken
Repo: triggerdotdev/trigger.dev PR: 3187
File: apps/webapp/app/v3/services/alerts/deliverErrorGroupAlert.server.ts:200-204
Timestamp: 2026-03-22T19:24:14.403Z
Learning: In the triggerdotdev/trigger.dev codebase, webhook URLs are not expected to contain embedded credentials/secrets (e.g., fields like `ProjectAlertWebhookProperties` should only hold credential-free webhook endpoints). During code review, if you see logging or inclusion of raw webhook URLs in error messages, do not automatically treat it as a credential-leak/secrets-in-logs issue by default—first verify the URL does not contain embedded credentials (for example, no username/password in the URL, no obvious secret/token query params or fragments). If the URL is credential-free per this project’s conventions, allow the logging.

Applied to files:

• apps/webapp/app/runEngine/concerns/queues.server.ts
• apps/webapp/app/utils/prismaErrors.ts
• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

📚 Learning: 2026-05-18T08:21:27.694Z

Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3632
File: apps/webapp/sentry.server.ts:4-21
Timestamp: 2026-05-18T08:21:27.694Z
Learning: When handling Prisma error P1001 ("Can't reach database server") in TypeScript, don’t assume a single error shape. Prisma can surface P1001 via two different error classes/fields: `PrismaClientKnownRequestError` exposes it as `err.code === "P1001"` (common during mid-query connection drops), while `PrismaClientInitializationError` exposes it as `err.errorCode === "P1001"` (common on client startup failure). Therefore, predicates should use `err.code === "P1001" || err.errorCode === "P1001"`. Do not flag `err.code === "P1001"` as “unreachable/never matches,” as it is expected in production.

Applied to files:

• apps/webapp/app/runEngine/concerns/queues.server.ts
• apps/webapp/app/utils/prismaErrors.ts
• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

📚 Learning: 2026-05-18T08:21:27.694Z

Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3632
File: apps/webapp/sentry.server.ts:4-21
Timestamp: 2026-05-18T08:21:27.694Z
Learning: When handling Prisma errors for P1001 ("Can't reach database server"), do not assume it only appears under a single property name. Prisma may surface P1001 via either `PrismaClientKnownRequestError` (`err.code === "P1001"`, e.g., mid-query connection drops) or `PrismaClientInitializationError` (`err.errorCode === "P1001"`, e.g., client startup connection failure). To reliably detect the condition, check `err.code === "P1001" || err.errorCode === "P1001"`, and avoid review rules that would incorrectly flag `err.code === "P1001"` as unreachable/never-matching.

Applied to files:

• apps/webapp/app/runEngine/concerns/queues.server.ts
• apps/webapp/app/utils/prismaErrors.ts
• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

📚 Learning: 2026-05-05T09:38:02.512Z

Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3523
File: apps/webapp/app/routes/api.v3.batches.ts:178-181
Timestamp: 2026-05-05T09:38:02.512Z
Learning: When reviewing code that catches `ServiceValidationError` in `*.server.ts` files, do not blindly forward `error.status` to HTTP responses, because SVEs may be thrown with non-default statuses (e.g., 400/500) and forwarding them can cause client-visible behavioral regressions (e.g., surfacing 500s to clients). Prefer a safe default response status of `error.status ?? 422`, but only after confirming via the reachable call graph that the caught `ServiceValidationError` instances are expected to carry those non-default statuses; otherwise, normalize to `422` to avoid unexpected client-visible 5xx behavior.

Applied to files:

• apps/webapp/app/runEngine/concerns/queues.server.ts

📚 Learning: 2026-05-12T21:04:05.815Z

Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3542
File: apps/webapp/app/components/sessions/v1/SessionStatus.tsx:1-3
Timestamp: 2026-05-12T21:04:05.815Z
Learning: In this Remix + TypeScript codebase, do not flag a server/client boundary violation when a file imports only types from a module matching `*.server`.

Specifically, it’s safe to import types using `import type { Foo } from "*.server"` or `import { type Foo } from "*.server"` because TypeScript erases type-only imports at compile time and they emit no JavaScript, so they won’t cross the Remix server/client bundle boundary.

Only raise the boundary concern for value imports (e.g., `import { Foo }` without `type`, or `import Foo`), since those produce JavaScript output.

Applied to files:

• apps/webapp/app/runEngine/concerns/queues.server.ts
• apps/webapp/app/utils/prismaErrors.ts
• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

📚 Learning: 2026-06-04T18:16:35.386Z

Learnt from: nicktrn
Repo: triggerdotdev/trigger.dev PR: 3836
File: apps/supervisor/src/backpressure/backpressureMonitor.ts:3-5
Timestamp: 2026-06-04T18:16:35.386Z
Learning: When reviewing TypeScript in this repo, apply the rule “prefer type aliases over interfaces” only to data/object shapes and union/intersection type modeling. If an interface is being used as a behavioral contract for collaborators to implement (e.g., method-shape interfaces that define required behavior, such as `BackpressureLogger` / `BackpressureSignalSource` in `apps/supervisor/src/backpressure/backpressureMonitor.ts`), keep it as an `interface` and do not flag it as a type-alias-vs-interface violation.

Applied to files:

• apps/webapp/app/runEngine/concerns/queues.server.ts
• apps/webapp/app/utils/prismaErrors.ts
• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

📚 Learning: 2026-05-07T12:25:18.271Z

Learnt from: d-cs
Repo: triggerdotdev/trigger.dev PR: 3531
File: apps/webapp/test/sentryTraceContext.server.test.ts:9-47
Timestamp: 2026-05-07T12:25:18.271Z
Learning: In the triggerdotdev/trigger.dev webapp test suite, it is acceptable to leave `createInMemoryTracing()` calls that register a global `NodeTracerProvider` without `afterEach`/`afterAll` teardown. Do not flag this as a test-ordering risk when the code follows the established pattern used across webapp tests (e.g., replication service/benchmark/backfiller tests). This is considered safe because `trace.getActiveSpan()` when called outside a `context.with(...)` block reads `AsyncLocalStorage.getStore()` (undefined when no `run()` scope exists), so it falls back to `ROOT_CONTEXT` with no attached span—regardless of which provider is registered.

Applied to files:

• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

📚 Learning: 2026-05-28T20:02:10.647Z

Learnt from: myftija
Repo: triggerdotdev/trigger.dev PR: 3772
File: apps/webapp/test/findOrCreateBackgroundWorker.test.ts:1-1
Timestamp: 2026-05-28T20:02:10.647Z
Learning: In the triggerdotdev/trigger.dev monorepo, for the `apps/webapp` package use the established convention of storing Vitest tests (unit, integration, and e2e) under `apps/webapp/test/` rather than colocating them next to source files. Do not flag files located in `apps/webapp/test/` as violating any rule that says to colocate tests with source.

Applied to files:

• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

📚 Learning: 2026-05-18T14:40:02.173Z

Learnt from: ericallam
Repo: triggerdotdev/trigger.dev PR: 3658
File: packages/core/src/v3/realtimeStreams/manager.test.ts:1-147
Timestamp: 2026-05-18T14:40:02.173Z
Learning: In the triggerdotdev/trigger.dev repo, the policy “Never mock anything — use testcontainers instead” should only be enforced for integration tests that interact with real external services (e.g., Redis, Postgres) via actual infrastructure. For unit tests that exercise pure in-memory logic (e.g., cache semantics) it is OK to stub collaborators such as `ApiClient` using Vitest (`vi.fn()`) to assert call counts or control behavior. Do not flag `vi.fn()`-based `ApiClient` stubs in unit tests as violations of the testcontainers policy.

Applied to files:

• apps/webapp/test/prismaErrors.test.ts
• apps/webapp/test/queueManagerWorkerQueue.test.ts

🔇 Additional comments (11)

apps/webapp/app/utils/prismaErrors.ts (1)

1-40: LGTM!

apps/webapp/test/prismaErrors.test.ts (4)

6-14: LGTM!

---

16-19: LGTM!

---

21-27: LGTM!

---

29-31: LGTM!

apps/webapp/app/runEngine/concerns/queues.server.ts (2)

18-18: LGTM!

---

398-410: LGTM!

apps/webapp/test/queueManagerWorkerQueue.test.ts (3)

8-10: LGTM!

---

13-40: LGTM!

---

42-52: LGTM!

.server-changes/trigger-worker-queue-db-error-leak.md (1)

1-7: LGTM!

---

Walkthrough

This PR prevents database infrastructure errors from leaking to API clients. It introduces a utility function that classifies Prisma errors as infrastructure-level (unreachable database, timeouts, connection failures) or application-level. The queue manager's error handling is updated to re-throw infrastructure errors unchanged so they reach the generic 500 handler, while application errors remain wrapped in domain-specific responses. Tests verify both the classification logic and the updated error handling path. A changelog entry documents the fix.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description covers the problem statement, design/fix rationale, and test plan. However, it does not follow the repository's required template structure with the checklist, explicit changelog section, and screenshots placeholder.	Restructure the description to match the required template, including the checklist items, explicit 'Changelog' section, and 'Screenshots' section (even if empty).

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately describes the main change: preventing writer DB connectivity errors from leaking to trigger() API clients through HTTP 422 errors.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/trigger-writer-db-error-leak

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@trigger.dev/build

npm i https://pkg.pr.new/@trigger.dev/build@9cd4618

trigger.dev

npm i https://pkg.pr.new/trigger.dev@9cd4618

@trigger.dev/core

npm i https://pkg.pr.new/@trigger.dev/core@9cd4618

@trigger.dev/plugins

npm i https://pkg.pr.new/@trigger.dev/plugins@9cd4618

@trigger.dev/python

npm i https://pkg.pr.new/@trigger.dev/python@9cd4618

@trigger.dev/react-hooks

npm i https://pkg.pr.new/@trigger.dev/react-hooks@9cd4618

@trigger.dev/redis-worker

npm i https://pkg.pr.new/@trigger.dev/redis-worker@9cd4618

@trigger.dev/rsc

npm i https://pkg.pr.new/@trigger.dev/rsc@9cd4618

@trigger.dev/schema-to-json

npm i https://pkg.pr.new/@trigger.dev/schema-to-json@9cd4618

@trigger.dev/sdk

npm i https://pkg.pr.new/@trigger.dev/sdk@9cd4618

commit: 9cd4618

[devin-ai-integration]

Devin Review found 1 potential issue.

View 2 additional findings in Devin Review.

[devin-ai-integration]

🚩 Non-infrastructure Prisma errors (e.g. P2002) still have their message forwarded to clients via ServiceValidationError

If getDefaultWorkerGroupForProject throws a non-infrastructure PrismaClientKnownRequestError (e.g. P2002 unique constraint violation), it will still be wrapped in ServiceValidationError(error.message) on line 409 and returned to the API client with its raw Prisma message. These messages typically don't contain hostnames or connection strings, so the security risk is lower than infrastructure errors. However, they could still expose internal schema details (table names, constraint names). This is a pre-existing pattern — the PR is specifically scoped to the infrastructure error leak that was observed in production. A broader fix could wrap all non-domain Prisma errors generically, but that's a separate concern.

---

Was this helpful? React with 👍 or 👎 to provide feedback.