fix(webapp): close replay-route infra leak and log infra errors once

- api.v1.runs.$runParam.replay.ts returned a raw error.message; route it
  through clientSafeErrorMessage so infra errors are obfuscated like the
  other patched routes.
- Tag an infra error when the client extension logs it at the statement
  level, and skip it in the $transaction-boundary loggers, so a single
  failure is logged exactly once instead of twice inside a transaction.

Author: d-cs

apps/webapp/app/db.server.ts

@@ -14,6 +14,7 @@ import { logger } from "./services/logger.server";
 import { isValidDatabaseUrl } from "./utils/db";
 import {
   captureInfrastructureErrors,
+  infraErrorAlreadyLogged,
   logTransactionInfrastructureError,
 } from "./utils/prismaErrors";
 import { singleton } from "./utils/singleton";
@@ -87,6 +88,11 @@ async function $transactionInner<R>(
         prisma,
         (client) => fn(client, span),
         (error) => {
+          // Skip if the client extension already logged this at the statement
+          // level — only commit-time errors that bypass it are logged here.
+          if (infraErrorAlreadyLogged(error)) {
+            return;
+          }
           logger.error("prisma.$transaction error", {
             code: error.code,
             meta: error.meta,

apps/webapp/app/routes/api.v1.runs.$runParam.replay.ts

@@ -8,6 +8,7 @@ import { logger } from "~/services/logger.server";
 import { ReplayTaskRunService } from "~/v3/services/replayTaskRun.server";
 import { findRunByIdWithMollifierFallback } from "~/v3/mollifier/readFallback.server";
 import { sanitizeTriggerSource } from "~/utils/triggerSource";
+import { clientSafeErrorMessage } from "~/utils/prismaErrors";
 
 const ParamsSchema = z.object({
   /* This is the run friendly ID */
@@ -145,7 +146,7 @@ export async function action({ request, params }: ActionFunctionArgs) {
         },
         run: runParam,
       });
-      return json({ error: error.message }, { status: 400 });
+      return json({ error: clientSafeErrorMessage(error) }, { status: 400 });
     } else {
       logger.error("Failed to replay run", { error: JSON.stringify(error), run: runParam });
       return json({ error: JSON.stringify(error) }, { status: 400 });

apps/webapp/app/utils/prismaErrors.ts

@@ -43,6 +43,25 @@ export function isInfrastructureError(error: unknown): boolean {
   return false;
 }
 
+// One-shot marker so a single infra error is logged exactly once: the client
+// extension (statement level) tags it, and the $transaction-boundary loggers
+// skip a tagged error rather than logging the same failure a second time.
+const INFRA_ERROR_LOGGED: unique symbol = Symbol("prismaInfraErrorLogged");
+
+function markInfraErrorLogged(error: unknown): void {
+  if (typeof error === "object" && error !== null) {
+    (error as Record<symbol, unknown>)[INFRA_ERROR_LOGGED] = true;
+  }
+}
+
+export function infraErrorAlreadyLogged(error: unknown): boolean {
+  return (
+    typeof error === "object" &&
+    error !== null &&
+    (error as Record<symbol, unknown>)[INFRA_ERROR_LOGGED] === true
+  );
+}
+
 // Logs infrastructure failures (P1xxx-class, see isInfrastructureError) and
 // rethrows the ORIGINAL error: callers branch on error.code, and this fires
 // per-statement inside transactions, so converting it would break that.
@@ -66,6 +85,7 @@ export function captureInfrastructureErrors<T extends PrismaClient>(
               message: error instanceof Error ? error.message : String(error),
               stack: error instanceof Error ? error.stack : undefined,
             });
+            markInfraErrorLogged(error);
           }
 
           throw error;
@@ -76,14 +96,15 @@ export function captureInfrastructureErrors<T extends PrismaClient>(
 }
 
 // Logs infrastructure errors that reach the $transaction boundary WITHOUT a
-// Prisma error code (e.g. PrismaClientInitializationError). Coded errors are
-// already logged by transac()'s callback, so they are skipped here to avoid
-// double-logging. Returns whether it logged.
+// Prisma error code (e.g. PrismaClientInitializationError). Coded errors there
+// are already logged by transac()'s callback, and errors that bubbled up from a
+// statement were already logged (and tagged) by the client extension — both are
+// skipped here to avoid double-logging. Returns whether it logged.
 export function logTransactionInfrastructureError(
   error: unknown,
   log: ErrorLogger = logger
 ): boolean {
-  if (!isInfrastructureError(error) || isPrismaKnownError(error)) {
+  if (!isInfrastructureError(error) || isPrismaKnownError(error) || infraErrorAlreadyLogged(error)) {
     return false;
   }
 

apps/webapp/test/prismaInfrastructureErrorCapture.test.ts

@@ -4,6 +4,7 @@ import { Prisma, PrismaClient } from "@trigger.dev/database";
 import {
   captureInfrastructureErrors,
   clientSafeErrorMessage,
+  infraErrorAlreadyLogged,
   logTransactionInfrastructureError,
 } from "~/utils/prismaErrors";
 
@@ -117,6 +118,13 @@ describe("captureInfrastructureErrors", () => {
       expect(log.captured[0].message).toBe("prisma infrastructure error");
       expect(log.captured[0].fields?.operation).toBe("findFirst");
       expect(log.captured[0].fields?.model).toBe("SecretStore");
+
+      // Dedupe: the extension tagged it, so a $transaction-boundary logger
+      // seeing the same error must NOT log it a second time.
+      expect(infraErrorAlreadyLogged(error)).toBe(true);
+      const boundaryLog = capturingLogger();
+      expect(logTransactionInfrastructureError(error, boundaryLog)).toBe(false);
+      expect(boundaryLog.captured).toHaveLength(0);
     } finally {
       await unreachable.$disconnect();
     }