security: prevent exception details from leaking in API error responses

[Vchen7629]

Summary

• Fixes security: Avoid leaking raw exception messages in API 500 error responses (CodeQL) #1588, fixed 4 instances of api error responses from leaking exception details for better security

Summary by CodeRabbit

• Bug Fixes
  • API endpoints now return standardized, non-sensitive error messages on failures, preventing exposure of internal exception details and improving security and consistency across settings and onboarding operations.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 18b36bee-6912-4159-a1c4-c245d0f38681

📥 Commits

Reviewing files that changed from the base of the PR and between 7506f60 and 7e357b6.

📒 Files selected for processing (1)

• src/api/settings/endpoints.py

🚧 Files skipped from review as they are similar to previous changes (1)

• src/api/settings/endpoints.py

---

Walkthrough

This PR hardens error handling in four FastAPI endpoints in src/api/settings/endpoints.py: handlers now call logger.exception(...) and return generic JSON error messages instead of echoing internal exception text.

Changes

Error handling and error message redaction

Layer / File(s)	Summary
Exception handling and error message redaction across settings endpoints src/api/settings/endpoints.py	get_settings, update_settings, onboarding, and rollback_onboarding exception handlers switch from logger.error to logger.exception and replace exception text in response bodies with generic safe messages. Telemetry emission in update_settings is preserved.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related issues

• #1588: Same CodeQL finding — removes str(e) from 500 responses and logs full stack traces instead.
• #1589: Implements the same remediation pattern across the settings endpoints flagged previously.

Suggested labels

bug

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: preventing exception details from leaking in API error responses, which is exactly what the code changes accomplish.
Linked Issues check	✅ Passed	The PR addresses the primary objectives of issue #1588 by replacing exception handlers at the four flagged lines to log full details server-side while returning generic error messages to clients.
Out of Scope Changes check	✅ Passed	The PR focuses narrowly on fixing the four CodeQL-flagged locations as specified in issue #1588, deliberately deferring five additional instances for separate handling to keep the diff focused.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/api/settings/endpoints.py`:
- Around line 785-789: The current exception handler that logs via
logger.exception(...) and returns JSONResponse({"error": "Failed to update
settings"}, status_code=500) swallows raised HTTPException instances; modify the
exception handling in the update-settings route (the block that calls
TelemetryClient.send_event and returns the 500 JSONResponse) to add an explicit
"except HTTPException: raise" before the generic "except Exception" so any
previously raised HTTPException (e.g., 403/422) is re-raised and preserved; keep
the existing logger.exception, TelemetryClient.send_event, and JSONResponse
behavior only in the generic exception branch.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b340f8ca-1878-4fa5-ba3b-94d2881c9ce2

📥 Commits

Reviewing files that changed from the base of the PR and between 03f1c91 and 7506f60.

📒 Files selected for processing (1)

• src/api/settings/endpoints.py

[Vchen7629]

While fixing the flagged lines, I noticed 5 additional instances of the same pattern in this file (lines 1200, 1283, 1319, 1625, 1663). Would you like me to include those in this PR, or handle them separately to keep the diff small?