fix: replace error.message with generic "Internal server error" in all API catch blocks

Prevents leaking internal error details to clients across 7 route files:
health, candles, annotations, annotations/[id], upload, export, span-annotations/export.
Server-side console.error logging preserved for debugging.

Closes task 4.6.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/app/api/annotations/[id]/route.ts

@@ -43,8 +43,9 @@ export async function PATCH(
 
     return NextResponse.json(result[0]);
   } catch (error: any) {
+    console.error(error);
     return NextResponse.json(
-      { error: error.message || 'Failed to update annotation' },
+      { error: 'Internal server error' },
       { status: 500 }
     );
   }
@@ -79,8 +80,9 @@ export async function DELETE(
 
     return NextResponse.json({ success: true });
   } catch (error: any) {
+    console.error(error);
     return NextResponse.json(
-      { error: error.message || 'Failed to delete annotation' },
+      { error: 'Internal server error' },
       { status: 500 }
     );
   }

src/app/api/annotations/route.ts

@@ -30,8 +30,9 @@ export async function GET(request: NextRequest) {
 
     return NextResponse.json(normalized);
   } catch (error: any) {
+    console.error(error);
     return NextResponse.json(
-      { error: error.message || 'Failed to fetch annotations' },
+      { error: 'Internal server error' },
       { status: 500 }
     );
   }
@@ -82,8 +83,9 @@ export async function POST(request: NextRequest) {
       timestamp: row.timestamp instanceof Date ? Math.floor(row.timestamp.getTime() / 1000) : row.timestamp,
     }, { status: 201 });
   } catch (error: any) {
+    console.error(error);
     return NextResponse.json(
-      { error: error.message || 'Failed to create annotation' },
+      { error: 'Internal server error' },
       { status: 500 }
     );
   }
@@ -130,8 +132,9 @@ export async function DELETE(request: NextRequest) {
       deleted: result.length,
     });
   } catch (error: any) {
+    console.error(error);
     return NextResponse.json(
-      { error: error.message || 'Failed to delete annotations' },
+      { error: 'Internal server error' },
       { status: 500 }
     );
   }

src/app/api/candles/route.ts

@@ -36,8 +36,9 @@ export async function GET(request: NextRequest) {
 
     return NextResponse.json(normalized);
   } catch (error: any) {
+    console.error(error);
     return NextResponse.json(
-      { error: error.message || 'Failed to fetch candles' },
+      { error: 'Internal server error' },
       { status: 500 }
     );
   }

src/app/api/export/route.ts

@@ -63,8 +63,9 @@ export async function GET(request: NextRequest) {
       },
     });
   } catch (error: any) {
+    console.error(error);
     return NextResponse.json(
-      { error: error.message || 'Failed to export annotations' },
+      { error: 'Internal server error' },
       { status: 500 }
     );
   }

src/app/api/health/route.ts

@@ -18,11 +18,12 @@ export async function GET(request: NextRequest) {
         await db.select().from(candles).limit(1);
         response.database = 'ok';
       } catch (dbError: any) {
+        console.error(dbError);
         return NextResponse.json(
           {
             status: 'error',
             database: 'failed',
-            message: dbError.message || 'Database check failed',
+            message: 'Internal server error',
           },
           { status: 503 }
         );
@@ -31,10 +32,11 @@ export async function GET(request: NextRequest) {
 
     return NextResponse.json(response);
   } catch (error: any) {
+    console.error(error);
     return NextResponse.json(
       {
         status: 'error',
-        message: error.message || 'Health check failed',
+        message: 'Internal server error',
       },
       { status: 500 }
     );

src/app/api/span-annotations/export/route.ts

@@ -120,7 +120,7 @@ export async function GET(request: NextRequest) {
   } catch (error: any) {
     console.error('Error exporting span annotations:', error);
     return NextResponse.json(
-      { error: error.message || 'Failed to export span annotations' },
+      { error: 'Internal server error' },
       { status: 500 }
     );
   }

src/app/api/upload/route.ts

@@ -168,27 +168,30 @@ export async function POST(request: NextRequest): Promise<NextResponse> {
               })
             );
           } catch (error: any) {
+            console.error(error);
             resolve(
               NextResponse.json(
-                { error: error.message || 'Failed to process CSV data' },
-                { status: 400 }
+                { error: 'Internal server error' },
+                { status: 500 }
               )
             );
           }
         },
         error: (error: any) => {
+          console.error(error);
           resolve(
             NextResponse.json(
-              { error: `CSV parsing error: ${error.message}` },
-              { status: 400 }
+              { error: 'Internal server error' },
+              { status: 500 }
             )
           );
         },
       });
     });
   } catch (error: any) {
+    console.error(error);
     return NextResponse.json(
-      { error: error.message || 'Internal server error' },
+      { error: 'Internal server error' },
       { status: 500 }
     );
   }