[MAIN-IMP] Add error logging and hide sensitive configs from individual jobs

[moda20]

Improvements:

• [Error handling] : Added sysLog error logging when job initialization fails to improve debugging visibility
• [security] : Introduced job_hidden property to use when passing configuration to jobs, without the sensitive data being decrypted
• [refactoring] : Added proxies to system categories map for better config organization

Notes

• [impact] : The job_hidden property ensures that sensitive configuration like MASTER_ENCRYPTION_KEY is not passed to job execution contexts, improving security isolation

How Has This Been Tested?

Related Issues

Screenshots (if applicable)

Additional Context

[coderabbitai]

Warning

Review limit reached

@moda20, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 58 minutes and 44 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7e562ddc-0f66-4029-bcae-a3b67c5f815c

📥 Commits

Reviewing files that changed from the base of the PR and between 444f2de and 51c7017.

📒 Files selected for processing (1)

• src/config/config.service.ts

📝 Walkthrough

Walkthrough

This PR implements filtering of sensitive configuration properties from job execution contexts. The encryption.masterKey is marked as job-hidden in the schema and filtered from job configuration during setup via an updated config service function. Enhanced error logging is added for job startup failures.

Changes

Job-Safe Configuration Filtering

Layer / File(s)	Summary
Config type and schema definition src/types/models/config.ts, src/config/config.ts	FlattenedProperties type gains optional job_hidden?: boolean field. The encryption.masterKey schema entry is marked with job_hidden: true to exclude it from job contexts.
Config service filtering logic src/config/config.service.ts	getConvictSchemaProperties function signature adds withJobHiddenProperties?: boolean (default true). When set to false, entries marked with job_hidden are deleted from returned properties.
Job consumer configuration integration src/jobConsumer/jobConsumer.ts	Imports updated config helpers (getConvictSchemaProperties, ObjectifyFlattenedProperties). During preRun, replaces config.getProperties() with filtered config by calling getConvictSchemaProperties with encryptedValues: false, withJobHiddenProperties: false and wrapping with ObjectifyFlattenedProperties.
Job startup error logging src/initialization/jobsManager.ts	fullStartAJob error path now emits SysLogEvent with job name, serialized error detail, and eventName: "JOB_START_ERROR" in addition to existing error logging.
Utility formatting src/utils/convictUtils.ts	categoriesMap.system array reformatted from single-line to multi-line for readability.

Estimated Code Review Effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A key locked away from prying jobs,
Configuration flows, no more sloppy drops,
Secrets hidden safe, the schema now knows,
When job_hidden flies, the encryption code goes! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the two main changes: error logging for job initialization failures and filtering sensitive configs from jobs via the job_hidden property.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch improvement/add-a-log-for-errors-loading-jobs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/config/config.service.ts`:
- Around line 71-75: The code dereferences propertiesValues[pvk].job_hidden
after potentially deleting entries and never populates job_hidden from the
schema, causing runtime crashes and a non-functional filter; update the logic in
the function handling propertiesValues (the block using variables
propertiesValues, pvk and the withJobHiddenProperties flag) to (1) populate a
job_hidden boolean on each property from the schema before any deletions, (2)
check job_hidden via a safe accessor (or guard) before dereferencing, and (3)
perform deletion/filtering based on job_hidden when withJobHiddenProperties is
false by removing entries first or skipping them rather than dereferencing
deleted objects so the filter actually excludes hidden keys without causing
crashes.

In `@src/initialization/jobsManager.ts`:
- Around line 61-67: The JOB_START_ERROR logging currently calls
JSON.stringify(d, ...) where d is the result from
ScheduleJobManager.startJobById and may be non-serializable; wrap the
serialization in a safe guard (try/catch) and fall back to a safe representation
(e.g., util.inspect(d) or a simple string like "<unserializable payload>") so
the logger (sysLog.error) never throws and the original job.start failure is
preserved; update the code around sysLog.error and the JSON.stringify(d, null,
4) usage (referencing sysLog, LogEventNames.SysLogEvent, JOB_START_ERROR,
job.getName(), and ScheduleJobManager.startJobById) to use the safe-serialized
value instead.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: d61cfa96-c69f-4fdc-8ba3-cf4d010c1d9d

📥 Commits

Reviewing files that changed from the base of the PR and between 4d3eb50 and 444f2de.

📒 Files selected for processing (6)

• src/config/config.service.ts
• src/config/config.ts
• src/initialization/jobsManager.ts
• src/jobConsumer/jobConsumer.ts
• src/types/models/config.ts
• src/utils/convictUtils.ts