Production has minimal logging and user-friendly errors

Severity: Recommended

Check automatically:

1. Check production workflow for log level settings:

   grep -A 20 -i "prod" .github/workflows/*.yml | grep -i "LOG_LEVEL\|DEBUG\|VERBOSE"
   

2. Check for error handling configuration:

   find . -name "*.ts" -o -name "*.js" -o -name "*.tsx" | head -100 | xargs grep -l "errorHandler\|ErrorBoundary\|custom.*error" 2>/dev/null
   

3. Check for debug mode disabled in production configs:

   grep -r "DEBUG\|STACK_TRACE\|VERBOSE" .env.production .env.prod 2>/dev/null
   

4. Check framework-specific error configs:

   grep -r "showStackTrace\|exposeStackTrace\|debug.*false" . --include="*.config.*" 2>/dev/null
   

Ask user:

• What log level runs in production? (info, warn, error)
• Are stack traces hidden from end users?
• Do users see friendly error messages or raw exceptions?

Pass criteria:

• Production log level is info/warn/error (not debug/verbose)
• Stack traces not exposed to end users
• User-facing errors are friendly ("Something went wrong") not technical
• Debug mode explicitly disabled

Fail criteria:

• Debug/verbose logging in production (performance + security risk)
• Stack traces visible to users (information disclosure)
• Raw exception messages shown to users

Evidence to capture:

• Production log level setting
• Error handling approach (custom error pages, error boundaries)
• Confirmation stack traces are internal only

Cross-reference with:

• ENV-005 (contrast with dev verbose logging)
• Section 19 (Sentry - errors should go there, not to users)

---