fix: Address review comments - don't expose exception details

- Log database exceptions server-side with g.log.exception()
- Return generic "Database connection failed" message to client
- Add comment explaining db.remove() connection pool cleanup
- Update test to expect generic error message

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: cfsmp3

mod_health/controllers.py

@@ -3,7 +3,7 @@
 from datetime import datetime
 from typing import Any, Dict, Tuple
 
-from flask import Blueprint, current_app, jsonify
+from flask import Blueprint, current_app, g, jsonify
 
 mod_health = Blueprint('health', __name__)
 
@@ -19,10 +19,12 @@ def check_database() -> Dict[str, Any]:
         from database import create_session
         db = create_session(current_app.config['DATABASE_URI'])
         db.execute('SELECT 1')
+        # remove() returns the scoped session's connection to the pool
         db.remove()
         return {'status': 'ok'}
     except Exception as e:
-        return {'status': 'error', 'message': str(e)}
+        g.log.exception('Health check database connection failed')
+        return {'status': 'error', 'message': 'Database connection failed'}
 
 
 def check_config() -> Dict[str, Any]:

tests/test_health/test_controllers.py

@@ -109,7 +109,8 @@ def test_check_database_failure(self):
                 mock_session.side_effect = Exception('Connection refused')
                 result = check_database()
                 self.assertEqual(result['status'], 'error')
-                self.assertIn('Connection refused', result['message'])
+                # Generic message returned (actual exception logged server-side)
+                self.assertEqual(result['message'], 'Database connection failed')
 
     def test_check_config_success(self):
         """Test check_config returns ok when config is complete."""