Skip to content

WEB-PRIVACY-001A: redact public Shop catalog failures#255

Merged
daliu merged 1 commit into
mainfrom
codex/issue-254-shop-error-redaction
Jul 14, 2026
Merged

WEB-PRIVACY-001A: redact public Shop catalog failures#255
daliu merged 1 commit into
mainfrom
codex/issue-254-shop-error-redaction

Conversation

@daliu

@daliu daliu commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Closes #254

Outcome

The public /shop route now treats a rejected catalog read as untrusted. It discards the rejection and shows exactly We could not load the shop right now. Please try again later. in an assertive atomic alert.

Loading ends on failure. Genuine empty catalogs and successful product displays remain unchanged.

Safety invariant

  • never bind, inspect, coerce, render, store, or log a rejected catalog value
  • show only the fixed source-owned sentence to an anonymous visitor
  • do not misreport a failed read as an empty catalog
  • preserve successful and genuine-empty catalog behavior
  • tests use only made-up values and mocks with no Firebase or provider network access

Verification

Old-source red proof:

  • 6 passed / 2 intended failures
  • the raw private canary reached the public page
  • a hostile message getter executed and prevented a safe result

Final local proof on Node 20:

  • focused actual-App Shop route: 8/8
  • full frontend: 12 suites / 263 tests
  • TypeScript no-emit: passed
  • lint safety: unchanged at 106 files / 123 reviewed legacy errors / 7 warnings
  • SPA navigation: 11/11
  • workflow, release, Firebase-readback, and artifact safety: 42/42
  • diagnostic production build: passed
  • git diff --check: passed
  • exact three-path diff SHA-256: b86151e38c269d0b5f2b1f741a225abe95164e90d0d1eefb54751c10354d0eaf
  • independent security/privacy, frontend/accessibility, and officer/scope reviews: PASS

Scope

Only:

Open commerce #249/#246 paths are disjoint and untouched.

Officer impact: Visitors and officers receive one plain retry-later instruction without database, provider, account, endpoint, or technical detail.
Officer documentation: docs/officers/EVENTS_SHOP_MEMBERS.md, section Public Shop catalog failure privacy — SOURCE ONLY, NOT LIVE.
Deployment evidence: None yet. This pull request changes source, tests, and documentation only. No release workflow, production website, runmprc.com, Firebase, database permissions, provider configuration, production data, migration, or live-behavior action occurred.

Residual risk

This source slice does not publish the website, deploy or verify Firebase, change catalog permissions, configure a provider, or prove live behavior. Those require a separately approved protected release and exact revision checks.

@netlify

netlify Bot commented Jul 14, 2026

Copy link
Copy Markdown

Deploy Preview for luminous-fox-7c393f ready!

Name Link
🔨 Latest commit 04a0faf
🔍 Latest deploy log https://app.netlify.com/projects/luminous-fox-7c393f/deploys/6a55f00aac43f700082866f8
😎 Deploy Preview https://deploy-preview-255--luminous-fox-7c393f.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@daliu daliu merged commit e9c741a into main Jul 14, 2026
9 checks passed
@daliu daliu deleted the codex/issue-254-shop-error-redaction branch July 14, 2026 08:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

WEB-PRIVACY-001A — Redact public Shop catalog-load failures

1 participant