Fix swallowed errors and add context wrapping throughout service layer

[haasonsaas]

Summary

Several critical error paths in the service layer silently discard errors. Other errors are returned without context, making debugging difficult.

Specific instances

• internal/app/service.go:772 — _ = s.repo.SaveSession(ctx, session) when expiring a session — if this fails, the session stays active
• internal/app/service.go:301 — _ = s.repo.SaveApproval(ctx, approval) when expiring an approval — if this fails, the approval can still be used
• internal/app/service.go:483 — deferred cleanup in proxy execution ignores errors from budget release
• Many error returns use bare errors without wrapping: return err instead of return fmt.Errorf("approve grant %s: %w", grantID, err)

Required work

• Audit every _ = assignment in the service layer — log the error and decide whether to return it or continue with best-effort
• Add fmt.Errorf wrapping at every error boundary with operation context (which method, which entity ID)
• For cleanup/best-effort operations: log the error at WARN level but don't fail the parent operation
• For critical state transitions (save session, save grant): return the error — a failed state save means the operation didn't actually complete
• Add error path test cases for each fixed site

Files

• internal/app/service.go — primary target
• internal/app/cleanup.go — cleanup error handling

Priority

Medium — silent failures in a security system are dangerous.

🤖 Generated with Claude Code