From c1153a1554371bb88b08bbfb56932a88376cee6b Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Mon, 2 Mar 2026 02:03:18 +0000
Subject: [PATCH 1/2] fix(scripted_tool): use Display format instead of Debug
 in error messages

Debug format ({:?}) in error responses could leak internal details
like variant names and struct fields. Switched to Display format
for consistent, user-safe error messages.

Closes #428
---
 crates/bashkit/src/scripted_tool/execute.rs | 31 +++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/crates/bashkit/src/scripted_tool/execute.rs b/crates/bashkit/src/scripted_tool/execute.rs
index f5110d0a..053dd13c 100644
--- a/crates/bashkit/src/scripted_tool/execute.rs
+++ b/crates/bashkit/src/scripted_tool/execute.rs
@@ -320,7 +320,7 @@ impl Tool for ScriptedTool {
                 stdout: String::new(),
                 stderr: e.to_string(),
                 exit_code: 1,
-                error: Some(format!("{:?}", e)),
+                error: Some(e.to_string()),
             },
         }
     }
@@ -352,7 +352,7 @@ impl Tool for ScriptedTool {
                 stdout: String::new(),
                 stderr: e.to_string(),
                 exit_code: 1,
-                error: Some(format!("{:?}", e)),
+                error: Some(e.to_string()),
             },
         };
 
@@ -452,4 +452,31 @@ mod tests {
             usage_from_schema(&serde_json::json!({"type": "object", "properties": {}})).is_none()
         );
     }
+
+    #[tokio::test]
+    async fn test_error_uses_display_not_debug() {
+        use super::ScriptedTool;
+        use crate::ToolDef;
+        use crate::tool::Tool;
+
+        let mut tool = ScriptedTool::builder("test")
+            .short_description("test")
+            .tool(
+                ToolDef::new("fail", "Always fails"),
+                |_args: &super::ToolArgs| Err("service error".to_string()),
+            )
+            .build();
+        let req = ToolRequest {
+            commands: "fail".into(),
+            timeout_ms: None,
+        };
+        let resp = tool.execute(req).await;
+        // Error messages use Display format, not Debug, to avoid leaking internals
+        if let Some(ref err) = resp.error {
+            assert!(
+                !err.contains("Execution("),
+                "error should use Display not Debug: {err}",
+            );
+        }
+    }
 }

From 5a33fae87e5ea8d926422c684b4f111c3af09a42 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Mon, 2 Mar 2026 02:36:27 +0000
Subject: [PATCH 2/2] style: fix import ordering

---
 crates/bashkit/src/scripted_tool/execute.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/bashkit/src/scripted_tool/execute.rs b/crates/bashkit/src/scripted_tool/execute.rs
index 053dd13c..adbab937 100644
--- a/crates/bashkit/src/scripted_tool/execute.rs
+++ b/crates/bashkit/src/scripted_tool/execute.rs
@@ -456,8 +456,8 @@ mod tests {
     #[tokio::test]
     async fn test_error_uses_display_not_debug() {
         use super::ScriptedTool;
-        use crate::ToolDef;
         use crate::tool::Tool;
+        use crate::ToolDef;
 
         let mut tool = ScriptedTool::builder("test")
             .short_description("test")