+++
title = 'Implement error handling — consistent {"error": "..."} envelope for 400/403/404/422/500'
priority = 5
status = "todo"
ticket_type = "task"
dependencies = ["f3dc74", "1f5bb5", "6e829e"]
+++

<context>
The `quotesdb` API is built with Axum + Tokio, targeting Cloudflare Workers via `workers-rs`. It serves JSON at `/api/*` endpoints and persists data to Cloudflare D1 (production) or a local SQLite file via Turso (development). Source lives in `src/bin/api/`.

Shared types and utilities are in `src/lib.rs` — code placed there must compile for both the host target and `wasm32-unknown-unknown`.

All error responses must use a consistent JSON envelope: `{"error": "message"}`. The API returns errors with appropriate HTTP status codes: 400 Bad Request, 403 Forbidden (wrong auth), 404 Not Found, 422 Unprocessable Entity (validation), 500 Internal Server Error.
</context>

<goal>
Implement an error type and Axum `IntoResponse` impl that serialises errors as `{"error": "..."}` with the correct HTTP status. Use this type consistently across all handlers — no handler should return raw strings or ad-hoc JSON error bodies.
</goal>

<constraints>
- All handler functions must return `Result<impl IntoResponse, ApiError>` (or equivalent).
- The error type should implement `From` conversions for `sqlx::Error`, `serde_json::Error`, and other common error types used in handlers.
- 500 errors must not leak internal details to the client — log the full error server-side, return a generic message to the client.
</constraints>

<skills>
Use `superpowers:test-driven-development` — write unit tests that verify each error variant serialises correctly.
Use `superpowers:verification-before-completion` before closing.
</skills>

<validation>
Run in order from the `quotesdb/` directory:

```sh
cargo fmt
cargo check
cargo clippy
cargo test
```
</validation>

<commit>
`feat(quotesdb): implement consistent error envelope type for all API responses`
</commit>