🛡️ Sentinel: [MEDIUM] Fix error message information leak

[seonghobae]

🚨 Severity: MEDIUM
💡 Vulnerability: Unsanitized error objects and raw IPC event payloads were being passed to console.error and console.warn in the job runner. This could lead to information leakage (e.g., exposing stack traces or internal payload structures) in production logs.
🎯 Impact: Exposing stack traces or raw internal state could give an attacker insights into the application's backend or IPC structure, violating the principle of least privilege in logging.
🔧 Fix: Sanitized the console outputs to only log the error message string (error instanceof Error ? error.message : "Unknown error") and removed the raw event payload from the warning log.
✅ Verification: Ran npm run test --workspace=apps/desktop which passed, confirming no regression in functionality while successfully stripping the leaked object reference.

---

PR created automatically by Jules for task 677716722448640005 started by @seonghobae

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[opencode-agent]

OpenCode Review Overview

• Head SHA: dea7e7f093a414b037a08fff53fdecb248e62a01
• Workflow run: 27894133931
• Workflow attempt: 1
• Gate result: APPROVE (approval step)

Pull request overview

Reviewed changes in job_runner.ts with structural exploration. The diff corrects a typo in a console.warn message and does not introduce regressions. No failed checks or vulnerabilities detected.

Findings

No blocking findings from OpenCode's independent review.

Verification

• Review source: independent OpenCode review of the current checkout, focused changed hunks, and current-head GitHub Check evidence.
• Structural exploration: completed before approval; if structural exploration, changed-file inspection, or evidence completeness is missing, OpenCode must not approve.
• Result: APPROVE
• Reason: No source-backed blockers found; structural exploration completed.

Gate evidence

• Head SHA: dea7e7f093a414b037a08fff53fdecb248e62a01
• Workflow run: 27894133931
• Workflow attempt: 1

[opencode-agent]

Pull request overview

Reviewed changes in job_runner.ts with structural exploration. The diff corrects a typo in a console.warn message and does not introduce regressions. No failed checks or vulnerabilities detected.

Findings

No blocking findings from OpenCode's independent review.

Verification

• Review source: independent OpenCode review of the current checkout, focused changed hunks, and current-head GitHub Check evidence.
• Structural exploration: completed before approval; if structural exploration, changed-file inspection, or evidence completeness is missing, OpenCode must not approve.
• Result: APPROVE
• Reason: No source-backed blockers found; structural exploration completed.

Gate evidence

• Head SHA: dea7e7f093a414b037a08fff53fdecb248e62a01
• Workflow run: 27894133931
• Workflow attempt: 1