fix(nlp-service): return generic 500 detail to prevent credential leakage

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

nlp-service/main.py

@@ -50,4 +50,4 @@ def parse(request: ParseRequest) -> ParseResponse:
     try:
         return extract(request.query, request.lang)
     except Exception as exc:
-        raise HTTPException(status_code=500, detail=str(exc)) from exc
+        raise HTTPException(status_code=500, detail="internal error") from exc

nlp-service/test_main.py

@@ -79,3 +79,17 @@ def test_parse_all_languages(client):
         r = client.post("/parse", json={"query": query, "lang": lang})
         assert r.status_code == 200, f"Failed for lang={lang}"
         assert r.json()["dateTo"] == "1920-12-31", f"Wrong dateTo for lang={lang}"
+
+
+def test_parse_internal_exception_does_not_leak_detail(client, monkeypatch):
+    """500 errors must return generic message — never expose internal details."""
+    import main as main_module
+
+    def _boom(query, lang):
+        raise RuntimeError("postgresql://archive_user:s3cr3t@db:5432/family_archive_db")
+
+    monkeypatch.setattr(main_module, "extract", _boom)
+    r = client.post("/parse", json={"query": "test", "lang": "de"})
+    assert r.status_code == 500
+    assert "s3cr3t" not in r.text
+    assert r.json()["detail"] == "internal error"