Fix swallowed errors and add context wrapping throughout service layer

[haasonsaas]

Summary

Several critical error paths in the service layer silently discard errors. Other errors are returned without context, making debugging difficult.

Specific instances

• internal/app/service.go:772 — _ = s.repo.SaveSession(ctx, session) when expiring a session — if this fails, the session stays active
• internal/app/service.go:301 — _ = s.repo.SaveApproval(ctx, approval) when expiring an approval — if this fails, the approval can still be used
• internal/app/service.go:483 — deferred cleanup in proxy execution ignores errors from budget release
• Many error returns use bare errors without wrapping: return err instead of return fmt.Errorf("approve grant %s: %w", grantID, err)

Required work

• Audit every _ = assignment in the service layer — log the error and decide whether to return it or continue with best-effort
• Add fmt.Errorf wrapping at every error boundary with operation context (which method, which entity ID)
• For cleanup/best-effort operations: log the error at WARN level but don't fail the parent operation
• For critical state transitions (save session, save grant): return the error — a failed state save means the operation didn't actually complete
• Add error path test cases for each fixed site

Files

• internal/app/service.go — primary target
• internal/app/cleanup.go — cleanup error handling

Priority

Medium — silent failures in a security system are dangerous.

🤖 Generated with Claude Code

[haasonsaas]

Already fixed on current main.

I rechecked the service-layer sites this issue called out against origin/main on April 14, 2026:

• the _ = s.repo.SaveSession(...) and _ = s.repo.SaveApproval(...) sites are gone
• internal/app no longer contains _ = assignments on main
• the affected service-layer error returns are now context-wrapped instead of returned bare

I also revalidated with go test ./... -count=1 in the repo. Closing this as stale/already implemented.