fix(api): mask error.message in proxy, upload, and langsmith routes

[Copilot]

Four API routes return error.message verbatim in 500 responses, leaking internal hostnames, ports, filesystem paths, and API key fragments to clients. Admin routes already mask these — proxy/upload/langsmith routes do not.

Changes

• New shared helper frontend/src/lib/api/error-response.ts:

export function internalErrorResponse(error: unknown, context: string) {
  console.error(`[api] ${context}`, error);
  return NextResponse.json({ error: "Internal server error" }, { status: 500 });
}

• Replaced raw error.message exposure in:
  • api/[..._path]/route.ts — proxy catch block
  • api/upload/route.ts — user upload catch block
  • api/admin/upload/route.ts — admin upload catch block
  • api/langsmith/runs/route.ts — LangSmith query catch block

Full stack traces remain in server logs via console.error.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• checkpoint.prisma.io
  • Triggering command: /opt/hostedtoolcache/node/24.14.1/x64/bin/node /opt/hostedtoolcache/node/24.14.1/x64/bin/node /home/REDACTED/work/langgraph-chat-ui/langgraph-chat-ui/frontend/node_modules/.pnpm/prisma@5.22.0/node_modules/prisma/build/child {"product":"prisma","version":"5.22.0","cli_install_type":"local","information":"","local_timestamp":"2026-04-16T06:47:23Z","project_hash":"8b888558","cli_path":"/home/REDACTED/work/langgraph-chat-ui/langgraph-chat-ui/frontend/node_modules/prisma/build/inde (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)