fix(sync-service): redact internal exception details from 500 responses

[robacourt]

Summary

Uncaught exceptions in the shape-serving plug no longer leak the full Elixir stacktrace to HTTP clients.

Addresses security advisory GHSA-p869-vmqw-939q.

Problem

When an uncaught exception reached the error handler in ServeShapePlug, the full Elixir stacktrace was serialized via Exception.format/2 and returned to the HTTP client in the 500 response body. For example:

{
  "error": "** (Postgrex.Error) ERROR 42601 (syntax_error) at query: SELECT ...\n    (electric 1.x.x) lib/electric/shapes/querying.ex:44: Electric.Shapes.Querying.query/3\n    (db_connection 2.6.0) lib/db_connection.ex:1855: DBConnection.execute/4"
}

This exposed internal module paths, function names, line numbers, library versions, and partial database query text to any caller.

Solution

The catch-all handle_specific_error/3 clause in lib/electric/plug/serve_shape_plug.ex now returns a generic "Internal server error" message instead of the formatted exception.

No observability is lost: the full detail is still recorded server-side via OpenTelemetry.record_exception/3 in handle_error/4, and the error.type span attribute (assigned from :error_str) is retained. The more specific error clauses (e.g. DBConnection.ConnectionError → "Database is unreachable") already returned static messages and are unchanged.

Test Plan

• New test "500 response body redacts internal exception details" raises an exception whose message mimics leaked internals and asserts the 500 body is exactly {"error": "Internal server error"} with no Postgrex / query text / function name leaking through.
• Full serve_shape_plug_test.exs suite passes (51 tests, 0 failures).

---

Generated with Claude Code

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.73%. Comparing base (5060b49) to head (b07a0de).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4556      +/-   ##
==========================================
- Coverage   56.94%   56.73%   -0.21%     
==========================================
  Files         376      361      -15     
  Lines       40163    39567     -596     
  Branches    11128    11127       -1     
==========================================
- Hits        22869    22448     -421     
+ Misses      17223    17048     -175     
  Partials       71       71              

Flag	Coverage Δ
electric-telemetry	?
elixir	?
packages/agents	70.53% <ø> (ø)
packages/agents-mcp	77.54% <ø> (ø)
packages/agents-mobile	71.42% <ø> (ø)
packages/agents-runtime	80.24% <ø> (ø)
packages/agents-server	74.17% <ø> (+0.21%)	⬆️
packages/agents-server-ui	5.66% <ø> (ø)
packages/electric-ax	46.42% <ø> (ø)
packages/experimental	87.73% <ø> (ø)
packages/react-hooks	86.48% <ø> (ø)
packages/start	82.83% <ø> (ø)
packages/typescript-client	91.83% <ø> (ø)
packages/y-electric	56.05% <ø> (ø)
typescript	56.73% <ø> (+0.03%)	⬆️
unit-tests	56.73% <ø> (-0.21%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

This PR has been released! 🚀

The following packages include changes from this PR:

• @core/sync-service@1.7.0

Thanks for contributing to Electric!