fix(server): sanitize error responses to prevent stack trace exposure

[cliffhall]

Summary

Resolves the 11 open CodeQL js/stack-trace-exposure alerts in server/src/index.ts. Each was a spot where a raw caught error object was handed to res.json(...), which can leak internal error details (including stack-trace-derived data) to clients.

The fix introduces a small sendErrorResponse(res, status, message) helper that returns a generic sanitized JSON body, and replaces every flagged call site with it. Full error objects continue to be logged server-side via the existing console.error calls, so debuggability is unchanged.

Alerts addressed

• #19 — line 512 (GET /mcp catch)
• #22 — line 599 (POST /mcp outer catch)
• #23 — line 630 (DELETE /mcp catch)
• #25 — line 739 (/stdio catch)
• #27 — line 790 (/sse 404 branch)
• #28 — line 794 (/sse ECONNREFUSED branch)
• #29 — line 797 (/sse generic 500)
• #30 — line 827 (/message catch)
• #43 — line 903 (/config catch)
• #51 — line 95 (sendProxiedUnauthorized fallback)
• #52 — line 548 (POST /mcp inner catch)

Incidental fix

The /sse handler's ECONNREFUSED branch was missing a return, so after sending its 500 it fell through to the generic Error in /sse route branch and attempted a second response on the already-sent headers. Added the missing return since the sanitization pass touched those lines anyway.

Behavior changes

• Clients no longer receive raw serialized Error objects on 4xx/5xx failures from /mcp, /stdio, /sse, /message, or /config. They now receive { "error": "<generic message>" }.
• sendProxiedUnauthorized no longer takes an error parameter — the upstream-capture path was already ignoring it, and the fallback path now returns a plain { error: "Unauthorized" } instead of JSON-encoding the caught exception.
• Server-side logs are unchanged — every site still logs the full error via console.error before responding.

Test plan

• npm run build-server passes (tsc)
• npm run prettier-fix clean
• Manually verify an error path (e.g. connect /mcp to an unreachable URL) returns { "error": "Internal server error" } rather than a serialized exception, and that console.error still logs full details server-side
• Manually verify OAuth 401 forwarding from an upstream MCP server still returns the captured WWW-Authenticate header and body (the non-fallback path in sendProxiedUnauthorized)

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This PR addresses CodeQL js/stack-trace-exposure findings in the server by ensuring Express routes no longer serialize raw caught Error objects into HTTP JSON responses, reducing the risk of leaking stack traces/internal details to clients.

Changes:

• Added a sendErrorResponse(res, status, message) helper to return sanitized { error: "<message>" } responses.
• Replaced multiple res.status(...).json(error) call sites across /mcp, /stdio, /sse, /message, and /config with sanitized responses.
• Fixed a /sse error-path fallthrough by adding a missing return after responding in the ECONNREFUSED branch.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.