Symptom
When execDbtCompileInline in packages/dbt-tools/src/dbt-cli.ts fails (the spawned dbt compile --inline <sql> exits non-zero, is killed by signal, or times out), the thrown error message embeds the full user-provided SQL via Node's Command failed: <dbt-path> compile --inline '<entire SQL>' … format.
This means the user's full query — potentially containing PII literals, secrets, large strings, or anything templated into the SQL — leaks into logs, error trackers, and any UI surface that displays the error.
Root cause
The final throw in execDbtCompileInline uses e.message directly:
} catch (e) {
throw new Error(
`Could not compile inline SQL in any format (JSON, heuristic, or plain text). ` +
`Last error: ${e instanceof Error ? e.message : String(e)}`,
)
}Node's execFile rejection produces err.message = "Command failed: <dbt-path> compile --inline '<entire SQL>' --output json --log-format json" for both exit-code failures and signal/timeout kills. That message is then echoed verbatim into the wrapped error.
Expected
The error message should surface the exit status (or signal name) without embedding the command line.
Suggested fix
Route the catch through the existing fallbackExitMessage helper in the same file. Cleanest path is the shared runWithErrorBubbling(args, label) extraction proposed in the sibling issue for execDbtCompile / execDbtCompileInline error surfacing.
History
This predates the execDbtShow redaction work in #933. The same leak surface was closed in execDbtShow via fallbackExitMessage, but the sibling function still has the original behavior.
Symptom
When
execDbtCompileInlineinpackages/dbt-tools/src/dbt-cli.tsfails (the spawneddbt compile --inline <sql>exits non-zero, is killed by signal, or times out), the thrown error message embeds the full user-provided SQL via Node'sCommand failed: <dbt-path> compile --inline '<entire SQL>' …format.This means the user's full query — potentially containing PII literals, secrets, large strings, or anything templated into the SQL — leaks into logs, error trackers, and any UI surface that displays the error.
Root cause
The final throw in
execDbtCompileInlineusese.messagedirectly:Node's
execFilerejection produceserr.message = "Command failed: <dbt-path> compile --inline '<entire SQL>' --output json --log-format json"for both exit-code failures and signal/timeout kills. That message is then echoed verbatim into the wrapped error.Expected
The error message should surface the exit status (or signal name) without embedding the command line.
Suggested fix
Route the catch through the existing
fallbackExitMessagehelper in the same file. Cleanest path is the sharedrunWithErrorBubbling(args, label)extraction proposed in the sibling issue forexecDbtCompile/execDbtCompileInlineerror surfacing.History
This predates the
execDbtShowredaction work in #933. The same leak surface was closed inexecDbtShowviafallbackExitMessage, but the sibling function still has the original behavior.