Summary
Repository-wide dogfood review found many broad exception catches and raw ex.Message egress paths. Some are intentional top-level or best-effort boundaries, but they should be classified and normalized so user-facing diagnostics remain stable, bounded, and sanitized.
Evidence
Dogfood commands:
dotnet ./src/CodeIndex/bin/Debug/net8.0/cdidx.dll search --recipe risky-code/broad-exception-catch --path src/ --exclude-tests --count-by file --limit 120
dotnet ./src/CodeIndex/bin/Debug/net8.0/cdidx.dll search --recipe risky-code/raw-diagnostic-echo --path src/ --exclude-tests --count-by file --limit 80
Findings:
catch (Exception appears 203 times across 66 production files.- Top broad-catch files include
DbCommandRunner, ProgramRunner, McpToolHandlers, IndexCommandRunner, McpServer, ExportImportCommandRunner, GitHelper, GlobalToolLog, LspServer, DbPathResolver, DbWriter, hook/plugin paths, SymbolExtractionWorker, and HttpMcpTransport.
- Raw
ex.Message appears 46 times across 26 production files.
- Top raw-message files include
McpServer, QueryCommandRunner, DbCommandRunner, dry-run/full-scan/maintenance/update index runners, GitHelper, and FileIndexer.
Representative examples from the dogfood pass:
IndexCommandRunner uses multiple broad catches around metadata stamping, byte measurement, git exclude updates, and failed-run diagnostics.McpServer and McpToolHandlers have several protocol/tool boundary catches.QueryCommandRunner.WriteFindInvalidRegexError formats an invalid regex message with ex.Message.BoundedLineReader includes exception type and collapsed message in a user-visible unreadable-file reason.- Some hits already use redaction helpers, which should be classified as positive evidence rather than treated as defects.
Suggested triage model
Classify each hit as one of:
- top-level normalization boundary;
- cleanup/best-effort boundary;
- capability probe/fallback;
- diagnostic sanitizer/redactor boundary;
- worker/protocol boundary;
- unexpected broad catch that should be narrowed or rethrown.
Acceptance criteria
- Broad catches are classified and documented where intentionally retained.
- User-facing raw exception messages are bounded and sanitized, or replaced with stable categories/error codes.
- Cleanup/probe catches preserve actionable diagnostics where useful without leaking sensitive paths, SQL, command lines, or token-like values.
- Tests cover representative CLI, MCP, LSP, and indexing diagnostic paths.
Summary
Repository-wide dogfood review found many broad exception catches and raw
ex.Messageegress paths. Some are intentional top-level or best-effort boundaries, but they should be classified and normalized so user-facing diagnostics remain stable, bounded, and sanitized.Evidence
Dogfood commands:
Findings:
catch (Exceptionappears 203 times across 66 production files.DbCommandRunner,ProgramRunner,McpToolHandlers,IndexCommandRunner,McpServer,ExportImportCommandRunner,GitHelper,GlobalToolLog,LspServer,DbPathResolver,DbWriter, hook/plugin paths,SymbolExtractionWorker, andHttpMcpTransport.ex.Messageappears 46 times across 26 production files.McpServer,QueryCommandRunner,DbCommandRunner, dry-run/full-scan/maintenance/update index runners,GitHelper, andFileIndexer.Representative examples from the dogfood pass:
IndexCommandRunneruses multiple broad catches around metadata stamping, byte measurement, git exclude updates, and failed-run diagnostics.McpServerandMcpToolHandlershave several protocol/tool boundary catches.QueryCommandRunner.WriteFindInvalidRegexErrorformats an invalid regex message withex.Message.BoundedLineReaderincludes exception type and collapsed message in a user-visible unreadable-file reason.Suggested triage model
Classify each hit as one of:
Acceptance criteria