CodeQL 5: refactor(ClinicalScheduler): catch specific exceptions in services

[rlorenzo]

Summary

Closes ~39 of 43 cs/catch-of-all-exceptions alerts in web/Areas/ClinicalScheduler/Services/**. Replaces blanket catch (Exception) with a when filter that restricts to the exception families these service methods actually need to wrap (DbUpdateException, SqlException, InvalidOperationException, OperationCanceledException) per the CLAUDE.md convention.

Why 4 broad catches are kept

Four catches wrap fire-and-forget post-transaction work - email notifications and audit logging that must run after a successful DB change and must not roll the change back. The EmailNotificationTest.RemoveInstructorScheduleAsync_EmailServiceFails_StillCompletesRemoval test enforces this resilience contract by throwing a raw Exception from the mocked email service and asserting that the schedule removal still succeeds. These four sites are kept broad and explicitly annotated:

#pragma warning disable CA1031 // Intentional broad catch: post-transaction work (email/audit notifications) must not roll back the successful database changes above.
catch (Exception postTransactionEx)
#pragma warning restore CA1031

CodeQL will still flag these four; they're known-intentional and can be dismissed in the dashboard.

Files changed

• InstructorScheduleService.cs - 1 catch narrowed
• PersonService.cs - 6 catches narrowed
• RotationService.cs - 7 catches narrowed
• ScheduleAuditService.cs - 3 catches narrowed
• ScheduleEditService.cs - 9 narrowed, 4 kept broad with pragma
• SchedulePermissionService.cs - 8 catches narrowed
• StudentScheduleService.cs - 1 catch narrowed
• WeekService.cs - 4 catches narrowed

Context

Fifth in the CodeQL N: cleanup series (after #189, #190, #191, #192).

Test plan

• npm run test:backend - 1946 tests passing (including the email-failure resilience test)
• npm run verify:build - clean (0 errors)
• Pre-commit lint+test+verify all passed
• CodeQL workflow on this PR shows ~39 of the 43 ClinicalScheduler/Services catch-of-all alerts closed

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🏷️ Required labels (at least one) (1)

• review-ready

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: cb927c0a-3a60-4fcc-945a-1681c1ad7d61

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codeql/5-clinicalscheduler-exceptions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Bundle Report

Bundle size has no change ✅

[codecov-commenter]

Codecov Report

❌ Patch coverage is 0% with 39 lines in your changes missing coverage. Please review.
✅ Project coverage is 42.96%. Comparing base (38de1ad) to head (aeaf341).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
.../ClinicalScheduler/Services/ScheduleEditService.cs	0.00%	9 Missing ⚠️
...calScheduler/Services/SchedulePermissionService.cs	0.00%	8 Missing ⚠️
...reas/ClinicalScheduler/Services/RotationService.cs	0.00%	7 Missing ⚠️
.../Areas/ClinicalScheduler/Services/PersonService.cs	0.00%	6 Missing ⚠️
...eb/Areas/ClinicalScheduler/Services/WeekService.cs	0.00%	4 Missing ⚠️
...ClinicalScheduler/Services/ScheduleAuditService.cs	0.00%	3 Missing ⚠️
...calScheduler/Services/InstructorScheduleService.cs	0.00%	1 Missing ⚠️
...inicalScheduler/Services/StudentScheduleService.cs	0.00%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #193   +/-   ##
=======================================
  Coverage   42.96%   42.96%           
=======================================
  Files         877      877           
  Lines       51468    51468           
  Branches     4802     4802           
=======================================
  Hits        22113    22113           
  Misses      28831    28831           
  Partials      524      524           

Flag	Coverage Δ
backend	43.04% <0.00%> (ø)
frontend	41.34% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.