Enforce safe-error message policy on all API routes via errorMessagePolicy

[mikewheeleer]

Description

src/errors/errorMessagePolicy and safeErrors.ts define safe client messages, but routes registered in router.ts/app.ts may still leak internal details on unhandled errors. Add a centralized error-handling middleware that maps all errors through the policy.

Requirements and context

• Add a terminal Express error handler that converts any error into an AppError-shaped safe response.
• Internal details logged (redacted) but never returned; include a correlation ID in responses for support.
• Acceptance: errorMessagePolicy.integration.test.ts asserts unknown errors, appError.ts errors, and validation errors all return safe bodies with correct status codes.

Suggested execution

• Fork the repo and create a branch:
  • git checkout -b security/central-error-handler
• Implement changes:
  • src/errors/safeErrors.ts
  • Tests: src/errors/errorMessagePolicy.integration.test.ts
  • Docs: docs/API.md
  • Include TSDoc/NatSpec-style doc comments
  • Validate security assumptions (input validation, auth, signature verification, secret redaction, idempotency)

Test and commit

• Run tests: npm test (coverage: npm run test:ci)
• Cover edge cases
• Include test output and security notes in the PR

Example commit message

feat(errors): enforce safe-error policy via central handler

Guidelines

• Minimum 95% line coverage on new/changed code
• No secrets in repo; use .env + deployment secrets only
• Clear documentation
• Timeframe: 96 hours from assignment

[Jayking40]

@Jayking40 has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

I'd like to work on this issue. I have strong experience with typescript, express, redis, jest and can deliver a clean, well-tested implementation.

My approach:

1. Analyze the existing codebase and understand the current architecture
2. Implement the solution following project conventions and patterns
3. Write comprehensive tests and ensure all existing tests pass
4. Submit a clean PR with clear documentation

ETA: within 24 hours

I'm available to start immediately and can provide regular progress updates.

GitHub: @Jayking40

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Jayking40 to this issue.

[drips-wave]

Congratulations, @Jayking40! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @Jayking40: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊